Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bagle reinfection after ComboFix


  • This topic is locked This topic is locked
2 replies to this topic

#1 Marcio Jr.

Marcio Jr.

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 22 October 2009 - 04:17 PM

Hello Forum,

I have a problem with this Bagle/Rootkit infection.
I have a Toshiba Satellite S4757 running Windows XP 32bits SP2
My notebook got infected after downloading some malicious .EXE on eMule. At first it losts the Wireless zero configuration and there are a process named IEXPLORE.EXE (usually 2 instances of it) always running. Sometimes there is some 13451345134.exe (all numbers) process running too.
Besides I was not able to enter on Safe Mode, or run any AntiVirus/AntiSpy/AntiWHATEVER (invalid Win32 App) !

I manage to solve it using ComboFix. To do so, I downloaded it to Desktop with another name and them it removed a lot of files from ApplicationData/m and ApplicationData/drivers and reenabled the WlessZeroConf and the SafeBoot.
I also used CCleaner, UnHookExec and ATF-Cleaner to remove every line of the virus.

It worked for some days with NO PROBLEMS at all !!! The notebook was really, really fast !
But, yesterday it cracked again! :(

Now I just can't connect to any wireless network !
The Wireless Zero Configuration is working fine... I can see all the Networks available. It says that it is connected, but there is no IP, Gateway, etc.
The information screen is BLANK ! (I will post the pictures)
I can't enable the Windows Firewall also (I will post the pictures too).

Now, everytime I run the ComboFix, it founds some files at ApplicationData/drivers/downld.
After reboot the system automatically reenables the SystemRestore option.

I can run the exe files (like HiJackThis) and I can reboot on SafeMode. But, even on SafeMode with Network I can't connect my wireless network!
Pls help !!!

Thanks a lot.

Here is the DDS Log:
----

DDS (Ver_09-10-13.01) - NTFSx86
Run by Marcio Jr at 17:48:30,60 on qui 22/10/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1033.18.1918.1405 [GMT -3:00]


============== Running Processes ===============

C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\BrOffice.org 3\program\soffice.exe
C:\Program Files\BrOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Giganology\Gigaget\Gigaget.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Marcio Jr\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: GigagetIEHelper Class: {111caa23-6f4f-42ac-8555-b48c1d87bbab} - c:\windows\system32\gigagetbho_v10.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {afd3145c-0d62-4720-bf20-f51251ed8ffa} - c:\windows\system32\camoc.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - c:\program files\gbplugin\gbiehcef.dll
BHO: Burn4Free Toolbar Helper: {d187a56b-a33f-4cbe-9d77-459fc0bae012} - c:\program files\burn4free toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: AL2Spy Class: {dc200356-0864-4f66-8964-5d43a19300f5} - c:\docume~1\alluse~1\applic~1\autolo~1\AL2DLL.dll
TB: Burn4Free Toolbar: {4f11acbb-393f-4c86-a214-ff3d0d155cc3} - c:\program files\burn4free toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [Google Update] "c:\documents and settings\marcio jr\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Gigaget] "c:\program files\giganology\gigaget\GigagetShell.exe" /s
mRun: [BOC-427] c:\progra~1\comodo\cboclean\BOC427.exe
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\marcio~1\startm~1\programs\startup\broffi~1.lnk - c:\program files\broffice.org 3\program\quickstart.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Download All by Gigaget - c:\program files\giganology\gigaget\getallurl.htm
IE: &Download by Gigaget - c:\program files\giganology\gigaget\geturl.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {D04AA3F7-DEE7-479B-A153-24E6C36300C0} - {DC200356-0864-4F66-8964-5D43A19300F5} - c:\docume~1\alluse~1\applic~1\autolo~1\AL2DLL.dll
Trusted Zone: gov.br\internetbanking.caixa
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GbPluginCef - c:\program files\gbplugin\gbiehcef.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - c:\program files\gbplugin\gbiehcef.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\marcio~1\applic~1\mozilla\firefox\profiles\zgsnapa1.default\
FF - prefs.js: browser.startup.homepage - www.google.com/ig
FF - component: c:\documents and settings\marcio jr\application data\mozilla\firefox\profiles\zgsnapa1.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8874}\components\GbMzhAbn.dll
FF - plugin: c:\documents and settings\marcio jr\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\marcio jr\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\documents and settings\marcio jr\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2009-9-27 26776]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-9-30 59664]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2008-12-27 181120]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2008-12-27 51072]
R2 BOCore;BOCore;c:\program files\comodo\cboclean\BOCore.exe [2009-9-30 73464]
R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2008-11-5 53296]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2009-9-26 16896]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys --> c:\windows\system32\drivers\tclondrv.sys [?]
S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys --> c:\windows\system32\drivers\savonaccesscontrol.sys [?]
S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys --> c:\windows\system32\drivers\savonaccessfilter.sys [?]
S2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
S3 cxbu1wdm;OEM USB Smart Card Reader;c:\windows\system32\drivers\cxbu1wdm.sys [2009-1-13 93312]
S3 dpK00701;Driver Superior de Leitora de Impressão Digital, U.are.U®;c:\windows\system32\drivers\dpk00701.sys --> c:\windows\system32\drivers\dpK00701.sys [?]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2008-11-19 83496]
S3 Tomcat6;Apache Tomcat;c:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe [2008-7-21 57344]
S3 usbdpfp;Driver de Classe de Leitora de Impressão Digital, U.are.U®;c:\windows\system32\drivers\usbdpfp.sys --> c:\windows\system32\drivers\usbdpfp.sys [?]

============== File Associations ===============

txtfile=c:\windows\NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-10-22 16:46 236,544 a------- c:\windows\PEV.exe
2009-10-22 15:20 <DIR> --d----- C:\CFichs31052C
2009-10-22 12:46 <DIR> --d----- C:\CFichs9219C
2009-10-22 11:57 <DIR> --d----- C:\CFichs21315C
2009-10-22 10:28 <DIR> --d----- C:\CFichs19495C
2009-10-22 02:33 <DIR> --d----- c:\program files\iso meta size
2009-10-22 02:33 <DIR> --d----- c:\program files\Ask Search Assistant
2009-10-22 02:33 359,040 a------- c:\windows\system32\drivers\tcpip.original
2009-10-19 03:02 <DIR> --d-h--- c:\docume~1\marcio~1\applic~1\drivers
2009-10-19 02:36 <DIR> --d----- C:\CFichs30627C
2009-10-18 20:39 <DIR> a-dshr-- C:\cmdcons
2009-10-18 20:38 <DIR> --d----- C:\CFichs
2009-10-18 20:22 161,792 a------- c:\windows\SWREG.exe
2009-10-18 20:22 98,816 a------- c:\windows\sed.exe
2009-10-15 21:12 0 a--shr-- C:\khv
2009-10-15 21:12 1,172 a--shr-- c:\windows\system32\autorun.in
2009-10-15 21:12 1,022 a--shr-- c:\windows\system32\autorun.i
2009-10-14 17:15 <DIR> --d----- C:\libs_java
2009-10-14 02:03 <DIR> --d----- c:\program files\MSECache
2009-10-12 15:30 <DIR> --d----- c:\docume~1\marcio~1\applic~1\Software
2009-10-12 15:30 <DIR> --d----- c:\program files\Quest Software
2009-10-12 15:30 <DIR> --d----- c:\program files\common files\Quest Shared
2009-10-11 11:28 54 a----r-- c:\windows\amunres.lsl
2009-10-08 11:11 <DIR> --d----- c:\program files\Apache Software Foundation
2009-10-08 10:58 <DIR> --d----- c:\docume~1\marcio~1\applic~1\Subversion
2009-10-08 10:53 <DIR> --d----- c:\program files\CollabNet Subversion Client
2009-10-08 10:50 <DIR> --d----- c:\documents and settings\marcio jr\.netbeans-derby
2009-10-08 10:48 <DIR> --d----- c:\documents and settings\marcio jr\.netbeans
2009-10-08 10:48 2 a------- c:\windows\TempWmicBatchFile.bat
2009-10-08 10:48 <DIR> --d----- c:\documents and settings\marcio jr\.netbeans-registration
2009-10-08 10:45 <DIR> --d----- c:\program files\glassfish-v3-prelude
2009-10-08 10:38 <DIR> --d----- c:\program files\glassfish-v2ur2
2009-10-08 10:13 <DIR> --d----- c:\program files\NetBeans 6.5
2009-10-08 09:36 <DIR> --d----- c:\documents and settings\marcio jr\.nbi
2009-10-08 09:36 <DIR> --d----- c:\docume~1\marcio~1\applic~1\SQL Developer
2009-10-08 09:30 <DIR> --d----- c:\documents and settings\marcio jr\Oracle
2009-10-03 00:59 130,320 a------- c:\windows\system32\DZIP32.DLL
2009-10-03 00:59 98,064 a------- c:\windows\system32\DUNZIP32.DLL
2009-10-03 00:59 4,734,976 a------- c:\windows\system32\Vfp9r.dll
2009-10-03 00:59 1,712,128 a------- c:\windows\system32\GDIPlus.dll
2009-10-03 00:59 659,456 a------- c:\windows\system32\SftTree_IX86_A_45.ocx
2009-10-03 00:59 1,187,840 a------- c:\windows\system32\Vfp9renu.dll
2009-10-03 00:59 57,330 a------- c:\windows\system32\RT32RV.dll
2009-10-03 00:59 24,290 a------- c:\windows\system32\RT32EDB.dll
2009-10-03 00:59 17,817 a------- c:\windows\system32\RTDW32.dll
2009-10-03 00:59 16,745 a------- c:\windows\system32\RTGNDLL.dll
2009-10-03 00:59 182 a------- c:\windows\system32\Config.fpw
2009-10-03 00:59 <DIR> --d----- c:\program files\Registry Tool
2009-10-01 22:45 <DIR> --d----- c:\program files\CCleaner
2009-10-01 22:04 <DIR> --d----- C:\!KillBox
2009-09-30 23:46 59,664 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-09-30 23:46 33,552 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-09-30 23:46 51,984 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-09-30 23:46 <DIR> --d----- c:\program files\ThreatFire
2009-09-30 23:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-30 22:37 22,528 a------- c:\windows\system32\wsock32.dlb
2009-09-30 22:37 205,560 a------- c:\windows\UNBOC.EXE
2009-09-30 22:37 212,728 a------- c:\windows\CMDLIC.DLL
2009-09-30 22:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BOC427
2009-09-30 22:37 8,090 a------- c:\windows\BOC427.INI
2009-09-30 22:37 <DIR> --d----- c:\program files\Comodo
2009-09-30 16:46 <DIR> --d----- c:\docume~1\marcio~1\applic~1\TeamViewer
2009-09-30 16:46 <DIR> --d----- c:\program files\TeamViewer
2009-09-30 16:46 <DIR> --d----- c:\documents and settings\marcio jr\temp
2009-09-28 14:43 0 a--shr-- C:\kht
2009-09-28 09:30 <DIR> --d----- c:\program files\sophos
2009-09-27 23:10 26,776 a------- c:\windows\system32\drivers\GbpKm.sys
2009-09-27 03:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-09-27 02:20 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-09-27 01:40 <DIR> --ds---- c:\documents and settings\marcio jr\UserData
2009-09-27 01:33 <DIR> --d----- c:\program files\ESET
2009-09-26 21:36 <DIR> --d----- C:\Sound Recorder
2009-09-26 21:13 <DIR> --d----- c:\program files\Sound Recorder
2009-09-26 19:50 <DIR> --d----- c:\program files\clamAV
2009-09-26 18:57 91,136 a------- c:\windows\system32\nmwcdcls.dll
2009-09-26 18:57 <DIR> --d----- c:\program files\Nokia
2009-09-26 18:10 16,896 a------- c:\windows\system32\drivers\VirtualAudio.sys
2009-09-26 18:10 <DIR> --d----- c:\program files\Aimersoft
2009-09-26 18:00 <DIR> --d----- c:\program files\4Easysoft Studio
2009-09-26 17:59 123,904 a------- c:\windows\system32\camoc.dll
2009-09-26 17:05 114,688 a------- c:\windows\system32\OdiOlDVR.dll
2009-09-26 17:05 86,016 a------- c:\windows\system32\STRDEVAPI.dll
2009-09-26 17:05 73,728 a------- c:\windows\system32\VNUSB.dll
2009-09-26 17:05 73,728 a------- c:\windows\system32\DW90USB.DLL
2009-09-26 17:05 53,248 a------- c:\windows\system32\OdiAPI.dll
2009-09-26 17:05 39,096 a------- c:\windows\system32\drivers\DW90USB.SYS
2009-09-26 17:05 38,496 a------- c:\windows\system32\drivers\VNUSB.sys
2009-09-26 16:53 <DIR> --d----- c:\docume~1\marcio~1\applic~1\BitTorrent
2009-09-26 16:53 <DIR> --d----- c:\program files\BitTorrent
2009-09-26 16:40 <DIR> --d----- c:\program files\Olympus
2009-09-26 15:57 <DIR> --d----- c:\program files\Turbo MP3 Recorder
2009-09-26 10:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Iso Web Bags Else
2009-09-26 10:35 <DIR> --d----- c:\docume~1\marcio~1\applic~1\iso meta size

==================== Find3M ====================

2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2008-11-29 13:31 454,656 a------- c:\program files\putty.exe

============= FINISH: 17:48:38,75 ===============



And here the RootRepeal Log:
---
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/22 17:58
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\DOCUME~1\MARCIO~1\LOCALS~1\Temp\catchme.sys
Address: 0xBA488000 Size: 31744 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB0B96000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5DA000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP5030
Image Path: \Driver\PCI_PNP5030
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xBA650000 Size: 6464 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAE312000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: spvx.sys
Image Path: spvx.sys
Address: 0xB9EA7000 Size: 1048576 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "TfSysMon.sys" at address 0xb9daaa1c

#: 063 Function Name: NtDeleteKey
Status: Hooked by "TfSysMon.sys" at address 0xb9daac10

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "TfSysMon.sys" at address 0xb9daacb6

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spvx.sys" at address 0xb9ec6ca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spvx.sys" at address 0xb9ec7030

#: 119 Function Name: NtOpenKey
Status: Hooked by "TfSysMon.sys" at address 0xb9daa90c

#: 160 Function Name: NtQueryKey
Status: Hooked by "spvx.sys" at address 0xb9ec7108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spvx.sys" at address 0xb9ec6f88

#: 247 Function Name: NtSetValueKey
Status: Hooked by "TfSysMon.sys" at address 0xb9daae52

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "TfSysMon.sys" at address 0xb9dacb30

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8a5811f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x87906500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x87906500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x87906500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x87906500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x87906500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x87906500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x87906500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x87906500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x87906500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x87906500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x87906500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x87906500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x87906500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87906500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x87906500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x87906500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x87906500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x87906500 Size: 121

Object: Hidden Code [Driver: ati2, IRP_MJ_CREATE]
Process: System Address: 0x8a32e1f8 Size: 121

Object: Hidden Code [Driver: ati2, IRP_MJ_CLOSE]
Process: System Address: 0x8a32e1f8 Size: 121

Object: Hidden Code [Driver: ati2, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a32e1f8 Size: 121

Object: Hidden Code [Driver: ati2, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a32e1f8 Size: 121

Object: Hidden Code [Driver: ati2, IRP_MJ_POWER]
Process: System Address: 0x8a32e1f8 Size: 121

Object: Hidden Code [Driver: ati2, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a32e1f8 Size: 121

Object: Hidden Code [Driver: ati2, IRP_MJ_PNP]
Process: System Address: 0x8a32e1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a40b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a40b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a40b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a40b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a40b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a40b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a40b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a40b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a40b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a40b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a40b1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x8a5821f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x8a5821f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a5821f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a5821f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x8a5821f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a5821f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x8a5821f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x8748a3d0 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x8748a3d0 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x8748a3d0 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x8748a3d0 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8748a3d0 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8748a3d0 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x8748a3d0 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8748a3d0 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x8748a3d0 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x8a5f31f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x8a5f31f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x8a5f31f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x8a5f31f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a5f31f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a5f31f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a5f31f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a5f31f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x8a5f31f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a5f31f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x8a5f31f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x8a42e1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x8a42e1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a42e1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a42e1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x8a42e1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a42e1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x8a42e1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8a5831f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8a5831f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8a5831f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a5831f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a5831f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a5831f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a5831f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8a5831f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8a5831f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a5831f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8a5831f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x895631f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x895631f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x895631f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x895631f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x895631f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x895631f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8a33f1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8a33f1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a33f1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a33f1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8a33f1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a33f1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8a33f1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8954e1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ浍瑓ࣀ໯, IRP_MJ_CREATE]
Process: System Address: 0x886201f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ浍瑓ࣀ໯, IRP_MJ_CLOSE]
Process: System Address: 0x886201f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ浍瑓ࣀ໯, IRP_MJ_READ]
Process: System Address: 0x886201f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ浍瑓ࣀ໯, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x886201f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ浍瑓ࣀ໯, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x886201f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ浍瑓ࣀ໯, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x886201f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ浍瑓ࣀ໯, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x886201f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ浍瑓ࣀ໯, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x886201f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ浍瑓ࣀ໯, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x886201f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ浍瑓ࣀ໯, IRP_MJ_SHUTDOWN]
Process: System Address: 0x886201f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ浍瑓ࣀ໯, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x886201f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ浍瑓ࣀ໯, IRP_MJ_CLEANUP]
Process: System Address: 0x886201f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ浍瑓ࣀ໯, IRP_MJ_PNP]
Process: System Address: 0x886201f8 Size: 121

==EOF==

Attached is the DDS "Attach" file
Here (http://rapidshare.com/files/296562968/After_bagle_-_Logs_Images.zip.html) you can download the HJT log, ComboFix log and some Screenshots of the Wireless and Firewall errors.

Thanks again ! :(

Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:32 AM

Posted 31 October 2009 - 11:15 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:32 AM

Posted 05 November 2009 - 12:26 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users