Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

White Smoke Translator and Antimalware Doctor


  • Please log in to reply
14 replies to this topic

#1 fullmetal_Angel

fullmetal_Angel

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 18 December 2010 - 10:20 AM

Good morning Bleepingcomputer! Last night the strangest thing happened, I found out that White Smoke Translator and Antimalware Doctor had installed itself on my computer; placing 4 new icons on my desktop: Buy Whitesmoke Translator, Launch Whitesmoke Translator, FREE MUSIC, and Press to Smile. (Admittedly, once I figured out that I seem to be infected with something nasty, I wanted to press said button to smile). As soon as I noticed all this, I unplugged my internet connection as a precaution. I am running Windows XP edition on my desktop. I did try to restart the computer in safemode but when I tell it to do so, it attempts to load but then goes back to the loading mode screen. There are several processes running in my task manager that I have no idea what they are:

iobin700release.exe
iotercwaffm.exe
WhiteSmokeDictRegistration.exe
WSTrayDictMode.exe

What I've tried so far:
- To open in safe mode : failed
- Ran Malwarebytes' Anti-Malware : first time said it cleaned 8 problems. Second time said it cleaned 2 problems. Attempting a 3rd time to see what i get
- CCleaner to try and fix registry issues
- Ad-Aware : didn't find anything
- Attempted to run AVG but apparently that's now missing off my computer
- Attempted to put Avast! on my desktop via jump drive : Avast! either won't full load onto my desktop or it is corrupted because it won't scan
- Add/Remove Programs: Attempted to remove Antimalware Doctor via this but when I hit remove, it just brings up the Antimalware Doctor screen and then freezes Add Remove Programs (Whitesmoke doesn't even show here)
- Attempted to use System restore: i get a popup stating "System Restore has been turned off by group policy. To turn on System Restore, contact your domain Administrator"

I have windows on a separate drive from my two other drives and my portable drive. I came here hoping someone might be able to help. Thanks a ton in advance!

~Fullmetal

Edit: 3rd scan of Malwarebytes' Anti-Malware found the same two things again:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVerison\Uninstall\Antimalware Doctor
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc

Edited by fullmetal_Angel, 18 December 2010 - 11:24 AM.


BC AdBot (Login to Remove)

 


#2 DaViD_MiLLs

DaViD_MiLLs

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 18 December 2010 - 11:08 AM

You did the right thing not connecting to the Internet. It will try and reinfect when you get online. My boss' first attempt at removing this virus took him 4 hours to find it all and get it deleted. By the third time it took him 1 hour and some change. I haven't gotten to work on a machine infected with it yet. I'm not comfortable enough to delete registry items as I'm still learning.

Best I can do for you is have him post how he got rid of it Monday, if he's able to do so. I know this doesn't help you now but hopefully he can give you some instructions. Like I said, he removed it from three computers Friday so he might be able to help you if he has time Monday.

Hopefully you'll be able to get rid of it before then though.

#3 fullmetal_Angel

fullmetal_Angel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 18 December 2010 - 11:26 AM

Thank you! Any help is very welcomed!

#4 DaViD_MiLLs

DaViD_MiLLs

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 18 December 2010 - 12:31 PM

http://www.bleepingcomputer.com/forums/topic367957.html/page__pid__2061349#entry2061349

Actually, after reading this thread I think there are people here who can offer much more help than just posting instructions for removal. This person seems to have the same problem as you do, following the instructions listed on this page will probably help you get this removed before Monday. :wink:

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:57 PM

Posted 18 December 2010 - 01:57 PM

You should never follow specific instructions provided to someone else especially if they were given in the Virus, Trojan, Spyware, and Malware Removal Logs forum. Those instructions were most likely given under the guidance of a trained staff helper to fix that particular member's problems, NOT YOURS after careful evaluation of the malware involved. Before taking any action, the helper must investigate the nature of the infection and then formulate a fix for the victim. Although your problem may be similar, the solution could be different based on the kind of hardware, software, system requirements, etc. and the presence of other malware which means the degree of infection can vary. Using someone else's fix instructions could lead to disastrous problems with your operating system.

The WhiteSmoke web site indicates it makes English grammar correction software, translation software, and other specialized English writing tools. However, many users have reported they did not know how WhiteSmoke was downloaded or installed. From our investigation and dealings with this software we are also finding many cases of it with a TDSS rootkit infection. So depending on the severity of system infection will determine how the disinfection process goes.

The web site says the software can be removed through Add/Remove Programs or Programs and Features if using Vista/Windows 7 so check there first, highlight anything with the name "Whitesmoke", select Remove and restart the computer normally. This appears to work in most cases with the Whitesmoke Toolbar but not with the Translator.

Please post the complete results of your MBAM scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
  • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
    -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd


Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.

  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions if you're unsure how to unzip a file.
  • If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.<- Important!!
    Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Edited by quietman7, 18 December 2010 - 01:58 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 fullmetal_Angel

fullmetal_Angel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 18 December 2010 - 02:25 PM

Ok this is for the scan I ran last night when I first thought i was infected:

Malwarebytes' Anti-Malware 1.44
Database version: 3921
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/17/2010 10:11:02 PM
mbam-log-2010-12-17 (22-11-02).txt

Scan type: Full Scan (C:\|F:\|G:\|I:\|)
Objects scanned: 231620
Time elapsed: 1 hour(s), 7 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Lady Luck\Local Settings\Temp\iexplorer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lady Luck\Local Settings\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lady Luck\Local Settings\Temp\win32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\smss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system.exe (Worm.AutoRun) -> Quarantined and deleted successfully.


**This is the one I just ran a little bit ago**

Malwarebytes' Anti-Malware 1.44
Database version: 3921
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/18/2010 1:59:02 PM
mbam-log-2010-12-18 (13-59-02).txt

Scan type: Full Scan (C:\|F:\|G:\|I:\|)
Objects scanned: 230872
Time elapsed: 1 hour(s), 4 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


**************************************************
With these posted, I'm going to run the TDSSKiller.exe now... I will repost with what happens.

Thank you for your help... I can't even tell you how happy I am to be at least working on fixing my computer <3

#7 fullmetal_Angel

fullmetal_Angel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 18 December 2010 - 02:35 PM

Wow that thing is quick as lighting. It came back with:

System Scan Completed
Duration: 00:00:13
Infection: Not found

2010/12/18 14:36:48.0890 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/18 14:36:48.0890 ================================================================================
2010/12/18 14:36:48.0890 SystemInfo:
2010/12/18 14:36:48.0890
2010/12/18 14:36:48.0890 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/18 14:36:48.0890 Product type: Workstation
2010/12/18 14:36:48.0890 ComputerName: DARKSUCCUBUS
2010/12/18 14:36:48.0890 UserName: Lady Luck
2010/12/18 14:36:48.0890 Windows directory: C:\WINDOWS
2010/12/18 14:36:48.0890 System windows directory: C:\WINDOWS
2010/12/18 14:36:48.0890 Processor architecture: Intel x86
2010/12/18 14:36:48.0890 Number of processors: 2
2010/12/18 14:36:48.0890 Page size: 0x1000
2010/12/18 14:36:48.0890 Boot type: Normal boot
2010/12/18 14:36:48.0890 ================================================================================
2010/12/18 14:36:49.0750 Initialize success

2010/12/18 14:26:07.0890 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/18 14:26:07.0890 ================================================================================
2010/12/18 14:26:07.0890 SystemInfo:
2010/12/18 14:26:07.0890
2010/12/18 14:26:07.0890 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/18 14:26:07.0890 Product type: Workstation
2010/12/18 14:26:07.0890 ComputerName: DARKSUCCUBUS
2010/12/18 14:26:07.0890 UserName: Lady Luck
2010/12/18 14:26:07.0890 Windows directory: C:\WINDOWS
2010/12/18 14:26:07.0890 System windows directory: C:\WINDOWS
2010/12/18 14:26:07.0890 Processor architecture: Intel x86
2010/12/18 14:26:07.0890 Number of processors: 2
2010/12/18 14:26:07.0890 Page size: 0x1000
2010/12/18 14:26:07.0890 Boot type: Normal boot
2010/12/18 14:26:07.0890 ================================================================================
2010/12/18 14:26:10.0093 Initialize success
2010/12/18 14:26:14.0890 ================================================================================
2010/12/18 14:26:14.0890 Scan started
2010/12/18 14:26:14.0890 Mode: Manual;
2010/12/18 14:26:14.0890 ================================================================================
2010/12/18 14:26:15.0250 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/18 14:26:15.0296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/18 14:26:15.0359 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/18 14:26:15.0421 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/18 14:26:15.0593 ALCXWDM (35045a23957a71ba649740741e69408c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/12/18 14:26:15.0734 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2010/12/18 14:26:15.0812 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/18 14:26:15.0953 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/18 14:26:16.0000 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/18 14:26:16.0078 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/18 14:26:16.0125 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/18 14:26:16.0171 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2010/12/18 14:26:16.0218 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2010/12/18 14:26:16.0265 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2010/12/18 14:26:16.0312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/18 14:26:16.0375 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/18 14:26:16.0421 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/18 14:26:16.0468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/18 14:26:16.0500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/18 14:26:16.0640 d2779020 (45bacf8b533e76984c706d1e22a1f022) C:\WINDOWS\TEMP\2F.tmp
2010/12/18 14:26:16.0781 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/18 14:26:16.0859 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/18 14:26:16.0937 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/18 14:26:16.0968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/18 14:26:17.0015 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/18 14:26:17.0078 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/18 14:26:17.0125 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys
2010/12/18 14:26:17.0156 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys
2010/12/18 14:26:17.0250 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/18 14:26:17.0296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/18 14:26:17.0328 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/18 14:26:17.0343 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/18 14:26:17.0390 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/18 14:26:17.0406 Suspicious service (NoAccess): fmvvpanr
2010/12/18 14:26:17.0468 fmvvpanr (3eecf557a66379e21e76413621c2bf5d) C:\WINDOWS\system32\drivers\fmvvpanr.sys
2010/12/18 14:26:17.0468 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\fmvvpanr.sys. md5: 3eecf557a66379e21e76413621c2bf5d
2010/12/18 14:26:17.0484 fmvvpanr - detected Locked service (1)
2010/12/18 14:26:17.0562 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/18 14:26:17.0593 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/18 14:26:17.0625 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/12/18 14:26:17.0656 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/18 14:26:17.0703 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/18 14:26:17.0828 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/18 14:26:18.0000 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/18 14:26:18.0078 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/18 14:26:18.0187 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/18 14:26:18.0218 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/18 14:26:18.0281 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/18 14:26:18.0343 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/18 14:26:18.0375 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/18 14:26:18.0406 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/18 14:26:18.0437 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/18 14:26:18.0468 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/18 14:26:18.0500 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/18 14:26:18.0531 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/18 14:26:18.0578 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2010/12/18 14:26:18.0625 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2010/12/18 14:26:18.0671 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/12/18 14:26:18.0765 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2010/12/18 14:26:18.0812 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2010/12/18 14:26:18.0859 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2010/12/18 14:26:18.0921 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/18 14:26:19.0000 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/18 14:26:19.0062 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/18 14:26:19.0093 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/18 14:26:19.0125 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/18 14:26:19.0203 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/18 14:26:19.0265 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/18 14:26:19.0328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/18 14:26:19.0359 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/18 14:26:19.0406 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/18 14:26:19.0437 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/18 14:26:19.0500 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/18 14:26:19.0546 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2010/12/18 14:26:19.0578 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/12/18 14:26:19.0609 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/18 14:26:19.0656 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/18 14:26:19.0687 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/18 14:26:19.0718 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/18 14:26:19.0750 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/18 14:26:19.0796 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/18 14:26:19.0828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/18 14:26:19.0859 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/18 14:26:19.0937 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/18 14:26:20.0000 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/18 14:26:20.0062 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/18 14:26:20.0125 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/18 14:26:20.0343 nv (f85e109844787668ce8aab54ef14362a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/18 14:26:20.0578 nvata (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys
2010/12/18 14:26:20.0609 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/12/18 14:26:20.0640 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/12/18 14:26:20.0687 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/18 14:26:20.0718 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/18 14:26:20.0765 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/18 14:26:20.0812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/18 14:26:20.0843 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/18 14:26:20.0890 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/18 14:26:20.0921 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/18 14:26:21.0000 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/18 14:26:21.0031 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/18 14:26:21.0265 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/18 14:26:21.0296 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/18 14:26:21.0328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/18 14:26:21.0359 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/18 14:26:21.0406 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/18 14:26:21.0562 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/18 14:26:21.0625 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/18 14:26:21.0671 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/18 14:26:21.0703 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/18 14:26:21.0734 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/18 14:26:21.0781 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/18 14:26:21.0828 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/18 14:26:21.0890 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/18 14:26:21.0968 RTCore32 (2c293f0f3295a599fb50d8fcf1fa6ded) C:\Program Files\EVGA Precision\RTCore32.sys
2010/12/18 14:26:22.0046 SANDRA (361094945053c2c04312ef2e5f14eeaf) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\Sandra.sys
2010/12/18 14:26:22.0109 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/12/18 14:26:22.0187 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/18 14:26:22.0234 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/18 14:26:22.0265 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/18 14:26:22.0312 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/12/18 14:26:22.0437 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/18 14:26:22.0500 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2010/12/18 14:26:22.0500 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2010/12/18 14:26:22.0515 sptd - detected Locked file (1)
2010/12/18 14:26:22.0562 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
2010/12/18 14:26:22.0609 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/18 14:26:22.0687 StMp3Rec (833ac40f6e7be17951d6d9a956829547) C:\WINDOWS\system32\Drivers\StMp3Rec.sys
2010/12/18 14:26:22.0750 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/18 14:26:22.0781 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/18 14:26:22.0953 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/18 14:26:23.0046 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/18 14:26:23.0078 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/18 14:26:23.0125 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/18 14:26:23.0156 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/18 14:26:23.0250 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/18 14:26:23.0343 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/18 14:26:23.0406 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/18 14:26:23.0453 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/18 14:26:23.0468 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/18 14:26:23.0500 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/18 14:26:23.0546 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/18 14:26:23.0593 uxpatch (628c632710ab55747cb5bcc68716be21) C:\WINDOWS\system32\drivers\uxpatch.sys
2010/12/18 14:26:23.0609 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/18 14:26:23.0703 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/18 14:26:23.0765 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/18 14:26:23.0828 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/12/18 14:26:23.0921 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/18 14:26:28.0125 ================================================================================
2010/12/18 14:26:28.0125 Scan finished
2010/12/18 14:26:28.0125 ================================================================================
2010/12/18 14:26:28.0140 Detected object count: 2
2010/12/18 14:29:52.0953 Locked service(fmvvpanr) - User select action: Skip
2010/12/18 14:29:52.0953 Locked file(sptd) - User select action: Skip
2010/12/18 14:35:49.0953 Deinitialize success

Edited by fullmetal_Angel, 18 December 2010 - 02:41 PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:57 PM

Posted 18 December 2010 - 03:27 PM

Your Malwarebytes Anti-Malware log indicates you are using an older version (1.44) with with an outdated database that one does not include detection of WhiteSmoke. Please download and install the most current version (v1.50) from here.
You may have to reboot after updating in order to overwrite any "in use" protection module files.

The database shows 3921. Last I checked it was 5348.

Update the database through the program's interface <- preferable method. Then perform a new Full in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally will prevent Malwarebytes' from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

If malware is blocking you from updating, then manually download the database definitions from one of the following locations (they may not be the most current) and just double-click on mbam-rules.exe to install:

Please perform a scan with Eset Online Anti-virus Scanner.
  • This scan requires Internet Explorer to work. If using a different browser, you will be given the option to download and use the ESET Smart Installer.
  • Vista/Windows 7 users need to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

Edited by quietman7, 18 December 2010 - 03:29 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 fullmetal_Angel

fullmetal_Angel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 18 December 2010 - 03:34 PM

*sigh* Ok so I ran the TDSSKiller.exe again because it stated that I skipped something in the log when I read back over them. When I ran it again, I got the following (after I reloaded my computer and copied it to a jump drive... my computer now has Antivirus Scan: Protecting every second window up running a scan. It will not let me open ms paint or notepad to try and save a picture of what the program looks like. My computer is stating that these programs are infected) Here's the results of that last scan:

2010/12/18 15:18:26.0140 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/18 15:18:26.0140 ================================================================================
2010/12/18 15:18:26.0140 SystemInfo:
2010/12/18 15:18:26.0140
2010/12/18 15:18:26.0140 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/18 15:18:26.0140 Product type: Workstation
2010/12/18 15:18:26.0140 ComputerName: DARKSUCCUBUS
2010/12/18 15:18:26.0140 UserName: Lady Luck
2010/12/18 15:18:26.0140 Windows directory: C:\WINDOWS
2010/12/18 15:18:26.0140 System windows directory: C:\WINDOWS
2010/12/18 15:18:26.0140 Processor architecture: Intel x86
2010/12/18 15:18:26.0140 Number of processors: 2
2010/12/18 15:18:26.0140 Page size: 0x1000
2010/12/18 15:18:26.0140 Boot type: Normal boot
2010/12/18 15:18:26.0140 ================================================================================
2010/12/18 15:18:30.0703 Initialize success
2010/12/18 15:18:46.0281 ================================================================================
2010/12/18 15:18:46.0281 Scan started
2010/12/18 15:18:46.0281 Mode: Manual;
2010/12/18 15:18:46.0281 ================================================================================
2010/12/18 15:18:46.0828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/18 15:18:46.0875 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/18 15:18:46.0921 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/18 15:18:46.0984 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/18 15:18:47.0171 ALCXWDM (35045a23957a71ba649740741e69408c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/12/18 15:18:47.0296 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2010/12/18 15:18:47.0375 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/18 15:18:47.0515 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/18 15:18:47.0546 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/18 15:18:47.0609 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/18 15:18:47.0671 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/18 15:18:47.0718 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2010/12/18 15:18:47.0750 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2010/12/18 15:18:47.0796 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2010/12/18 15:18:47.0843 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/18 15:18:47.0906 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/18 15:18:47.0968 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/18 15:18:48.0000 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/18 15:18:48.0031 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/18 15:18:48.0203 d2779020 (45bacf8b533e76984c706d1e22a1f022) C:\WINDOWS\TEMP\2F.tmp
2010/12/18 15:18:48.0296 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/18 15:18:48.0359 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/18 15:18:48.0421 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/18 15:18:48.0453 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/18 15:18:48.0500 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/18 15:18:48.0578 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/18 15:18:48.0625 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys
2010/12/18 15:18:48.0687 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys
2010/12/18 15:18:48.0750 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/18 15:18:48.0796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/18 15:18:48.0828 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/18 15:18:48.0859 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/18 15:18:48.0890 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/18 15:18:48.0906 Suspicious service (NoAccess): fmvvpanr
2010/12/18 15:18:48.0968 fmvvpanr (3eecf557a66379e21e76413621c2bf5d) C:\WINDOWS\system32\drivers\fmvvpanr.sys
2010/12/18 15:18:48.0968 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\fmvvpanr.sys. md5: 3eecf557a66379e21e76413621c2bf5d
2010/12/18 15:18:48.0984 fmvvpanr - detected Locked service (1)
2010/12/18 15:18:49.0062 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/18 15:18:49.0078 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/18 15:18:49.0109 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/12/18 15:18:49.0140 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/18 15:18:49.0187 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/18 15:18:49.0281 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/18 15:18:49.0390 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/18 15:18:49.0421 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/18 15:18:49.0531 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/18 15:18:49.0578 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/18 15:18:49.0609 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/18 15:18:49.0640 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/18 15:18:49.0671 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/18 15:18:49.0703 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/18 15:18:49.0750 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/18 15:18:49.0781 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/18 15:18:49.0828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/18 15:18:49.0859 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/18 15:18:49.0906 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2010/12/18 15:18:49.0953 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2010/12/18 15:18:50.0015 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/12/18 15:18:50.0093 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2010/12/18 15:18:50.0125 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2010/12/18 15:18:50.0171 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2010/12/18 15:18:50.0218 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/18 15:18:50.0281 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/18 15:18:50.0296 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/18 15:18:50.0328 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/18 15:18:50.0359 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/18 15:18:50.0406 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/18 15:18:50.0468 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/18 15:18:50.0515 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/18 15:18:50.0546 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/18 15:18:50.0562 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/18 15:18:50.0593 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/18 15:18:50.0640 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/18 15:18:50.0671 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2010/12/18 15:18:50.0703 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/12/18 15:18:50.0734 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/18 15:18:50.0781 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/18 15:18:50.0796 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/18 15:18:50.0828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/18 15:18:50.0859 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/18 15:18:50.0890 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/18 15:18:50.0921 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/18 15:18:50.0968 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/18 15:18:51.0031 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/18 15:18:51.0062 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/18 15:18:51.0109 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/18 15:18:51.0171 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/18 15:18:51.0390 nv (f85e109844787668ce8aab54ef14362a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/18 15:18:51.0515 nvata (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys
2010/12/18 15:18:51.0562 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/12/18 15:18:51.0593 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/12/18 15:18:51.0640 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/18 15:18:51.0687 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/18 15:18:51.0734 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/18 15:18:51.0765 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/18 15:18:51.0812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/18 15:18:51.0843 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/18 15:18:51.0875 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/18 15:18:51.0937 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/18 15:18:51.0984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/18 15:18:52.0265 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/18 15:18:52.0296 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/18 15:18:52.0343 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/18 15:18:52.0390 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/18 15:18:52.0421 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/18 15:18:52.0578 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/18 15:18:52.0625 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/18 15:18:52.0656 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/18 15:18:52.0687 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/18 15:18:52.0718 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/18 15:18:52.0734 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/18 15:18:52.0781 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/18 15:18:52.0828 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/18 15:18:52.0921 RTCore32 (2c293f0f3295a599fb50d8fcf1fa6ded) C:\Program Files\EVGA Precision\RTCore32.sys
2010/12/18 15:18:52.0984 SANDRA (361094945053c2c04312ef2e5f14eeaf) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\Sandra.sys
2010/12/18 15:18:53.0062 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/12/18 15:18:53.0125 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/18 15:18:53.0171 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/18 15:18:53.0187 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/18 15:18:53.0234 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/12/18 15:18:53.0359 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/18 15:18:53.0421 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2010/12/18 15:18:53.0421 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2010/12/18 15:18:53.0437 sptd - detected Locked file (1)
2010/12/18 15:18:53.0468 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
2010/12/18 15:18:53.0515 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/18 15:18:53.0578 StMp3Rec (833ac40f6e7be17951d6d9a956829547) C:\WINDOWS\system32\Drivers\StMp3Rec.sys
2010/12/18 15:18:53.0625 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/18 15:18:53.0656 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/18 15:18:53.0796 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/18 15:18:53.0859 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/18 15:18:53.0921 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/18 15:18:53.0953 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/18 15:18:53.0984 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/18 15:18:54.0078 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/18 15:18:54.0156 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/18 15:18:54.0234 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/18 15:18:54.0265 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/18 15:18:54.0296 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/18 15:18:54.0328 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/18 15:18:54.0343 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/18 15:18:54.0406 uxpatch (628c632710ab55747cb5bcc68716be21) C:\WINDOWS\system32\drivers\uxpatch.sys
2010/12/18 15:18:54.0437 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/18 15:18:54.0500 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/18 15:18:54.0546 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/18 15:18:54.0593 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/12/18 15:18:54.0671 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/18 15:18:58.0953 ================================================================================
2010/12/18 15:18:58.0953 Scan finished
2010/12/18 15:18:58.0953 ================================================================================
2010/12/18 15:18:58.0968 Detected object count: 2
2010/12/18 15:19:08.0593 HKLM\SYSTEM\ControlSet001\services\fmvvpanr - will be deleted after reboot
2010/12/18 15:19:08.0609 HKLM\SYSTEM\ControlSet002\services\fmvvpanr - will be deleted after reboot
2010/12/18 15:19:08.0609 HKLM\SYSTEM\ControlSet003\services\fmvvpanr - will be deleted after reboot
2010/12/18 15:19:08.0609 C:\WINDOWS\system32\drivers\fmvvpanr.sys - will be deleted after reboot
2010/12/18 15:19:08.0609 Locked service(fmvvpanr) - User select action: Delete
2010/12/18 15:19:08.0609 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2010/12/18 15:19:08.0609 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2010/12/18 15:19:08.0609 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted after reboot
2010/12/18 15:19:08.0609 C:\WINDOWS\system32\Drivers\sptd.sys - will be deleted after reboot
2010/12/18 15:19:08.0609 Locked file(sptd) - User select action: Delete
2010/12/18 15:19:17.0015 Deinitialize success

#10 fullmetal_Angel

fullmetal_Angel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 18 December 2010 - 04:23 PM

ok I've been trying to do what you've said for forever, but I'm not able to. Anything I open (taskmgr, mbam-rules, firefox windows/tabs) it keeps telling me its infected and will not let me open it. I can't even open this page on my infected computer. What else should I try to do?

This is what it displays when I try to open even google.com on my computer in FireFox"

Internet Explorer Warning - visiting this web site may harm your computer!

Most likely causes:
- The website contains exploits that can launch a malicious code on your computer
- Suspicious network activity detected
- There might be an active spyware running on your computer

What you can try:
- Purchase for secure internet surfing (recommended) [link]
- Check your computer for viruses and malware [link]
(down arrow) more information [link]

Edited by fullmetal_Angel, 18 December 2010 - 04:28 PM.


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:57 PM

Posted 19 December 2010 - 12:26 AM

Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware for using RKill by Grinler or downloading a renamed version of mbam.exe. Important: Do not reboot your computer until after performing a scan with Malwarebyes'. A scan must be completed immediately after running RKill..

Note: You may have to make repeated attempts to use Rkill several times before it will run as some malware variants try to block it.

If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 agitated by viruses

agitated by viruses

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 19 December 2010 - 06:47 PM

Folks, I saw this thread and felt compelled to share: http://www.bleepingcomputer.com/virus-removal/remove-antimalware-doctor.

I've been working on the problem all day. I'm not a tech guy. Just a casual user of computers and trying to save my daughter's after getting the Antimalware Doctor virus. So, I probably didn't approach this as logically as someone with more experience, but I wanted to share...because I found help on the internet from others sharing.

It took some time, but appears to have worked. The RKill required three different downloads to fool the virus. Thereafter, I ran Malwarebytes while in normal operating mode. After 2 hrs (laptop is only 2 years old and is pretty fast, but my daughter has lots of stuff on it that needed to be scanned) with a full scan, 25 problems were identified. They were "removed" and the computer was restarted.

Unfortunately, the virus was still there on startup. So, I restarted in safe mode and ran Malwarebytes again. This time it identified 61 problems in about 25 minutes. Again, I removed them. The computer was again restarted and lo and behold there was no virus on startup.

I checked to see if IE worked. It didn't. Neither did Safari. So, I figured a system restore might work. However, something was preventing me from completing it. I still haven't solved that issue yet.

I then went to System in the Control Panel and tried to launch a Windows Update (because this very same virus profile in my wife's old laptop - never recovered after the kids were on the internet with it - didn't allow access to Microsoft's website). It worked! It installed IE 8 as part of the update. I figured I was home free with a new IE and default settings that would allow me to use it normally...however, it didn't work! Then I "diagnosed" the problem and determined there was an issue with proxy settings wherein the virus has checked a box in my LAN settings (Tools - Internet Options - connections tab - LAN settings button). Nothing was supposed to be checked (verfied by checking the settings on my nearby fully functioning laptop). Also, see: http://forums.malwarebytes.org/index.php?showtopic=33273.

Fortunately, I've been using my uninfected computer to search topics while working to cure the other one.

I'm off to try and fix Safari's access issues, see if I can do a system restore, and anything else to sterilize the laptop. I still have the "free music" and "press to smile" shortcuts on the desktop to eliminate....

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:57 PM

Posted 19 December 2010 - 08:48 PM

infections and severity of damage will vary. The longer malware remains on your system, the more time it has to download additional malicious files. Depending on the infection you are dealing with, it may take several efforts with different, the same or more powerful tools to do the job. Even then, with some types of malware infections, the task can be arduous and security tools may not find all the remnants.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Mighttuss

Mighttuss

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BEREA KY
  • Local time:01:57 PM

Posted 12 February 2012 - 02:41 AM

I worked for hours trying to remove this Whitesmoke. And I now have your answer.And mine as well. First your going to go to Windows Orb,(start) In the search bar for program ect on your PC ,type regedit. This is the Registry Edit. At the top left you will see File Edit so on. Click on Edit. Scroll down to were it says Find,click on it. Type in the find whitesmoke...Anything and every thing that shows Whitesmoke delete it. Delete the hole file. To delete the file right click and scroll to delete.

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:57 PM

Posted 12 February 2012 - 11:17 AM

You replied to a topic which is over a year old and this issue is not as common as it was at that time.

Your solution involves making changes to the Windows registry so I must include this note of CAUTION:. Always Create a New Restore Point and back up your registry before making any changes.

This is what Microsoft says about backing up the registry.

Before you make changes to a registry key or subkey, we recommend that you export, or make a backup copy, of the key or subkey. You can save the backup copy to a location you specify, such as a folder on your hard disk or a removable storage device. If you make changes that you want to undo, you can import the backup copy.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users