FightinTxAg Posted October 14, 2010 ID:327026 Share Posted October 14, 2010 A bug is rerouting links (like Google search results) to urls. ESET NOD32 wouldn't find malware or virus, but ballons do appear with blocked websites, even when IE isn't open. Malwarebytes finds the Rogue.Antivirus2010, but doesn't seem to be able to effectively get rid of it.DDS (Ver_10-10-10.03) - NTFSx86 Run by Jackie at 0:01:16.67 on Thu 10/14/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.125 [GMT -5:00]AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Jackie\Desktop\Defogger.exeC:\Documents and Settings\Jackie\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllEB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exemRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservicemRun: [<NO NAME>] mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/WirelessmRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscriptIE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllNotify: AtiExtEvent - Ati2evxx.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll============= SERVICES / DRIVERS ===============R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-6-10 34312]R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-6-10 468224]R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2010-1-3 88192]S0 vcucpne;vcucpne;c:\windows\system32\drivers\uisha.sys --> c:\windows\system32\drivers\uisha.sys [?]S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2008-4-14 3584]=============== Created Last 30 ================2010-10-14 04:54:36 54016 ----a-w- c:\windows\system32\drivers\ynyaejh.sys2010-10-13 04:04:20 -------- d-----w- c:\docume~1\jackie\applic~1\Malwarebytes2010-10-13 04:04:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-10-13 04:03:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-10-13 04:03:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2010-10-13 04:03:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-10-09 22:40:52 -------- d-----w- c:\windows\system32\wbem\repository\FS2010-10-09 22:40:52 -------- d-----w- c:\windows\system32\wbem\Repository2010-10-09 06:55:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software2010-09-17 02:18:57 5632 ----a-w- c:\windows\system32\ptpusb.dll2010-09-17 02:18:55 159232 ----a-w- c:\windows\system32\ptpusd.dll2010-09-17 02:18:54 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys2010-09-17 02:18:54 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys==================== Find3M ====================2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll============= FINISH: 0:02:34.64 ===============Ark___Attach.zipmbam_log_2010_10_13__23_54_31_.txt Link to post Share on other sites More sharing options...
Maniac Posted October 14, 2010 ID:327051 Share Posted October 14, 2010 Hello FightinTxAg! Welcome to Malwarebytes' Anti-Malware Forums!My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following: The process of cleaning your system may take some time, so please be patient.Follow my instructions step by step if there is a problem somewhere, stop and tell me.Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!If you don't know or can't understand something please ask. Do not install or uninstall any software or hardware, while work on.Keep me informed about any changes.Your system is infected, because your antivirus protection is cracked and it's old version.Step 1Please, uninstall the following applications:Adobe Acrobat 8 Professional - English, Fran?ais, DeutschAdobe Acrobat 8.1.0 ProfessionalESET NOD32 AntivirusNOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever upYou can read, how to do this here:Windows XPWindows VistaWindows 7Step 2I suggest you to uninstall TuneUp Utilities 2008 . About these types of programs:http://miekiemoes.blogspot.com/2008/02/reg...weaking_13.htmlStep 3Go into C:\Program Files\Malwarebytes' Anti-Malware and you will see a file called mbam.exe Right click on it and drop down to Rename change the name to firefox.com From mbam.exe to firefox.com . Please, restart your computer.Step 4Launch Malwarebytes' Anti-MalwareGo to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.In your next reply, please include these log(s):Malwarebytes' Anti-Malware loga new fresh DDS log only Link to post Share on other sites More sharing options...
FightinTxAg Posted October 15, 2010 Author ID:327441 Share Posted October 15, 2010 Hi Borislav,Thanks so much. I think with your help, I got the computer cleaned. Here is what I did:STEP 1I did everything you instructed, except I didn't uninstall Adobe Acrobat Professional. I don't have a backup disk, and it's an expensive program. So, I thought I'd see if I could get rid of the malware without dumping that software.I did uninstall "ESET NOD32 Antivirus" and "NOD32 v3.0.642."STEP 2I uninstalled "Tuneup Utilities 2008," as you suggested.STEP 3I renamed mbam.exe to firefox.comSTEP 4I restarted and ran a quick scan. It came out clean. Then, I restared and ran a full scan. This time it found a Trojan.FakeAlert infection. I asked Malwarebytes to remove this.I restarted again and ran a full scan that came back clean.Then, I ran DDS.Here is the DDS log:DDS (Ver_10-10-10.03) - NTFSx86 Run by Jackie at 20:56:26.56 on Thu 10/14/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.256 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Documents and Settings\Jackie\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllEB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exemRun: [<NO NAME>] mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/WirelessmRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [Malwarebytes Anti-Malware (reboot)] "c:\progra~1\malwar~1\FIREFOX.exe" /runcleanupscriptIE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllNotify: AtiExtEvent - Ati2evxx.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll============= SERVICES / DRIVERS ===============R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2010-1-3 88192]S0 vcucpne;vcucpne;c:\windows\system32\drivers\uisha.sys --> c:\windows\system32\drivers\uisha.sys [?]=============== Created Last 30 ================2010-10-14 23:34:23 -------- d-----w- c:\docume~1\jackie\locals~1\applic~1\ESET2010-10-13 04:04:20 -------- d-----w- c:\docume~1\jackie\applic~1\Malwarebytes2010-10-13 04:04:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-10-13 04:03:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-10-13 04:03:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2010-10-13 04:03:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-10-09 22:40:52 -------- d-----w- c:\windows\system32\wbem\repository\FS2010-10-09 22:40:52 -------- d-----w- c:\windows\system32\wbem\Repository2010-10-09 06:55:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software2010-09-17 02:18:57 5632 ----a-w- c:\windows\system32\ptpusb.dll2010-09-17 02:18:55 159232 ----a-w- c:\windows\system32\ptpusd.dll2010-09-17 02:18:54 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys2010-09-17 02:18:54 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys==================== Find3M ====================2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll============= FINISH: 20:57:35.92 ===============Here is the mbam log:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4825Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870210/14/2010 8:37:26 PMmbam-log-2010-10-14 (20-37-26).txtScan type: Full scan (C:\|)Objects scanned: 243291Time elapsed: 29 minute(s), 10 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
FightinTxAg Posted October 15, 2010 Author ID:327442 Share Posted October 15, 2010 Borislav,Please let me know if it looks like I have a clean bill of health. If so, do I need to use De-Fogger to "re-enable" drivers? Thanks!! Link to post Share on other sites More sharing options...
FightinTxAg Posted October 15, 2010 Author ID:327447 Share Posted October 15, 2010 Ok, my machine still has some malware. I'm still getting a lot of popups, and google search result links are still getting rerouted. Link to post Share on other sites More sharing options...
Maniac Posted October 15, 2010 ID:327495 Share Posted October 15, 2010 I did everything you instructed, except I didn't uninstall Adobe Acrobat Professional. I don't have a backup disk, and it's an expensive program. So, I thought I'd see if I could get rid of the malware without dumping that software.No problem!I restarted and ran a quick scan. It came out clean. Then, I restared and ran a full scan. This time it found a Trojan.FakeAlert infection. I asked Malwarebytes to remove this.I restarted again and ran a full scan that came back clean.You have post only one log file. Do what I say because right now I can not track what happened to you and I can not help you.Now:Please download Rootkit Unhooker and save it to your desktop.Double-click RKUnhookerLE.exe to run it.Click the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File > Save ReportSave the report somewhere you can find it, typically your desktop. Click CloseCopy the entire contents of the report and paste it in your next reply.Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?" Link to post Share on other sites More sharing options...
FightinTxAg Posted October 16, 2010 Author ID:327903 Share Posted October 16, 2010 Here's the log from Rootkit Unhooker:RkU Version: 3.8.388.590, Type LE (SR2)==============================================OS Name: Windows XPVersion 5.1.2600 (Service Pack 3)Number of processors #1==============================================>Drivers==============================================0xBF088000 C:\WINDOWS\System32\ati3duag.dll 2256896 bytes (ATI Technologies Inc. , ati3duag.dll)0xF6B6F000 C:\WINDOWS\system32\DRIVERS\w29n51.sys 2211840 bytes (Intel Link to post Share on other sites More sharing options...
Maniac Posted October 16, 2010 ID:328025 Share Posted October 16, 2010 The important driver was modified, so follow these instructions:Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.Click the Report button and copy/paste the contents of it into your next replyNote:It will also create a log in the C:\ directory. Link to post Share on other sites More sharing options...
FightinTxAg Posted October 16, 2010 Author ID:328336 Share Posted October 16, 2010 TDSSKiller found one infected file that it tried to cure. I rebooted and relaunched TDSSKiller. I clicked "Report" and this is what I got. 2010/10/16 18:37:54.0335 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:592010/10/16 18:37:54.0335 ================================================================================2010/10/16 18:37:54.0335 SystemInfo:2010/10/16 18:37:54.0335 2010/10/16 18:37:54.0335 OS Version: 5.1.2600 ServicePack: 3.02010/10/16 18:37:54.0335 Product type: Workstation2010/10/16 18:37:54.0335 ComputerName: LAPTOP2010/10/16 18:37:54.0335 UserName: Jackie2010/10/16 18:37:54.0335 Windows directory: C:\WINDOWS2010/10/16 18:37:54.0335 System windows directory: C:\WINDOWS2010/10/16 18:37:54.0335 Processor architecture: Intel x862010/10/16 18:37:54.0335 Number of processors: 12010/10/16 18:37:54.0335 Page size: 0x10002010/10/16 18:37:54.0335 Boot type: Normal boot2010/10/16 18:37:54.0335 ================================================================================2010/10/16 18:37:54.0632 Initialize success2010/10/16 18:38:19.0053 ================================================================================2010/10/16 18:38:19.0053 Scan started2010/10/16 18:38:19.0053 Mode: Manual;2010/10/16 18:38:19.0053 ================================================================================2010/10/16 18:38:19.0725 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys2010/10/16 18:38:19.0788 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys2010/10/16 18:38:19.0850 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys2010/10/16 18:38:19.0913 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys2010/10/16 18:38:19.0975 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys2010/10/16 18:38:20.0303 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys2010/10/16 18:38:20.0335 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys2010/10/16 18:38:20.0460 ati2mtag (8eb17cf829df300cc885651cfeaf931c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys2010/10/16 18:38:20.0553 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys2010/10/16 18:38:20.0632 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys2010/10/16 18:38:20.0663 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys2010/10/16 18:38:20.0725 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys2010/10/16 18:38:20.0757 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys2010/10/16 18:38:20.0803 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys2010/10/16 18:38:20.0850 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys2010/10/16 18:38:20.0897 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys2010/10/16 18:38:21.0007 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys2010/10/16 18:38:21.0085 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys2010/10/16 18:38:21.0225 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys2010/10/16 18:38:21.0335 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys2010/10/16 18:38:21.0460 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys2010/10/16 18:38:21.0507 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys2010/10/16 18:38:21.0553 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys2010/10/16 18:38:21.0647 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys2010/10/16 18:38:21.0710 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys2010/10/16 18:38:21.0772 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys2010/10/16 18:38:21.0803 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys2010/10/16 18:38:21.0913 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys2010/10/16 18:38:21.0960 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys2010/10/16 18:38:22.0022 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys2010/10/16 18:38:22.0053 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys2010/10/16 18:38:22.0100 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys2010/10/16 18:38:22.0178 GTIPCI21 (ca835331825599b938e37525796d3549) C:\WINDOWS\system32\DRIVERS\gtipci21.sys2010/10/16 18:38:22.0303 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys2010/10/16 18:38:22.0382 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS2010/10/16 18:38:22.0475 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys2010/10/16 18:38:22.0569 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys2010/10/16 18:38:22.0616 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys2010/10/16 18:38:22.0710 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys2010/10/16 18:38:22.0757 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys2010/10/16 18:38:22.0819 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys2010/10/16 18:38:22.0866 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys2010/10/16 18:38:22.0913 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys2010/10/16 18:38:22.0960 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys2010/10/16 18:38:23.0038 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys2010/10/16 18:38:23.0085 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys2010/10/16 18:38:23.0132 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys2010/10/16 18:38:23.0194 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys2010/10/16 18:38:23.0241 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys2010/10/16 18:38:23.0335 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys2010/10/16 18:38:23.0460 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys2010/10/16 18:38:23.0538 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys2010/10/16 18:38:23.0600 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys2010/10/16 18:38:23.0663 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys2010/10/16 18:38:23.0710 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys2010/10/16 18:38:23.0772 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys2010/10/16 18:38:23.0866 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys2010/10/16 18:38:23.0944 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys2010/10/16 18:38:23.0991 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys2010/10/16 18:38:24.0100 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys2010/10/16 18:38:24.0116 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys2010/10/16 18:38:24.0210 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys2010/10/16 18:38:24.0241 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys2010/10/16 18:38:24.0303 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys2010/10/16 18:38:24.0366 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys2010/10/16 18:38:24.0444 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys2010/10/16 18:38:24.0522 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys2010/10/16 18:38:24.0553 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys2010/10/16 18:38:24.0585 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys2010/10/16 18:38:24.0631 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys2010/10/16 18:38:24.0710 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys2010/10/16 18:38:24.0788 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys2010/10/16 18:38:24.0897 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys2010/10/16 18:38:25.0006 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys2010/10/16 18:38:25.0038 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys2010/10/16 18:38:25.0131 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys2010/10/16 18:38:25.0210 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys2010/10/16 18:38:25.0272 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys2010/10/16 18:38:25.0381 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys2010/10/16 18:38:25.0460 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys2010/10/16 18:38:25.0491 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys2010/10/16 18:38:25.0725 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys2010/10/16 18:38:25.0756 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys2010/10/16 18:38:25.0819 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys2010/10/16 18:38:25.0960 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys2010/10/16 18:38:26.0038 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys2010/10/16 18:38:26.0069 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys2010/10/16 18:38:26.0100 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys2010/10/16 18:38:26.0147 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys2010/10/16 18:38:26.0241 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys2010/10/16 18:38:26.0288 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys2010/10/16 18:38:26.0366 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys2010/10/16 18:38:26.0397 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys2010/10/16 18:38:26.0710 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys2010/10/16 18:38:26.0913 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys2010/10/16 18:38:26.0991 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys2010/10/16 18:38:27.0085 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys2010/10/16 18:38:27.0147 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys2010/10/16 18:38:27.0319 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys2010/10/16 18:38:27.0381 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys2010/10/16 18:38:27.0444 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys2010/10/16 18:38:27.0522 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys2010/10/16 18:38:27.0647 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys2010/10/16 18:38:27.0678 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys2010/10/16 18:38:27.0803 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys2010/10/16 18:38:27.0881 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys2010/10/16 18:38:27.0960 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys2010/10/16 18:38:28.0006 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys2010/10/16 18:38:28.0038 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys2010/10/16 18:38:28.0116 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys2010/10/16 18:38:28.0178 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys2010/10/16 18:38:28.0256 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys2010/10/16 18:38:28.0288 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys2010/10/16 18:38:28.0319 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys2010/10/16 18:38:28.0381 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS2010/10/16 18:38:28.0428 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys2010/10/16 18:38:28.0491 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys2010/10/16 18:38:28.0553 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys2010/10/16 18:38:28.0725 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys2010/10/16 18:38:28.0897 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys2010/10/16 18:38:28.0991 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys2010/10/16 18:38:29.0053 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys2010/10/16 18:38:29.0303 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys2010/10/16 18:38:29.0334 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys2010/10/16 18:38:29.0413 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)2010/10/16 18:38:29.0444 ================================================================================2010/10/16 18:38:29.0444 Scan finished2010/10/16 18:38:29.0444 ================================================================================2010/10/16 18:38:29.0459 Detected object count: 12010/10/16 18:38:41.0037 \HardDisk0\MBR - will be cured after reboot2010/10/16 18:38:41.0037 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure2010/10/16 18:38:44.0990 Deinitialize success Link to post Share on other sites More sharing options...
Maniac Posted October 17, 2010 ID:328500 Share Posted October 17, 2010 How are things now? Link to post Share on other sites More sharing options...
FightinTxAg Posted October 17, 2010 Author ID:328818 Share Posted October 17, 2010 They seem to be a lot better. No more pop-ups or redirecting links.Am I clean? Should I do anything with Defogger to reenable? Link to post Share on other sites More sharing options...
Maniac Posted October 18, 2010 ID:329122 Share Posted October 18, 2010 Good! Last steps:Step 1To enable CD Emulation programs using DeFogger please perform these steps: Please download DeFogger to your desktop. Once downloaded, double-click on the DeFogger icon to start the tool. The application window will now appear. You should now click on the Enable button to enable your CD Emulation drivers When it prompts you whether or not you want to continue, please click on the Yes button to continue When the program has completed you will see a Finished! message. Click on the OK button to exit the program. If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.Step 2Please manually delete DDS, GMER, Defoggger, TDSSKiller and Rootkit Unhooker. Step 3Some malware preventions:http://forums.malwarebytes.org/index.php?showtopic=9365http://www.bleepingcomputer.com/tutorials/tutorial174.htmlSafe surfing! Link to post Share on other sites More sharing options...
LDTate Posted October 23, 2010 ID:332285 Share Posted October 23, 2010 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts