Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

whitesmoke plus maybe more


  • This topic is locked This topic is locked
2 replies to this topic

#1 kurio102

kurio102

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 13 December 2010 - 09:07 PM

My computer became infected with a whitesmoke translator program and I originally thought I had removed it until I started hearing audio without an actual audio or video playing. After several tries to rid my system of this issue, I went to a factory resetting with my Dell. After this the whitesmoke translator reinstalled itself automatically and the memory dump it was also causing constantly occurs more often now. It is also dumping in safe mode.


DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
Run by Chris at 18:31:42.10 on Sun 12/12/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.2256 [GMT -5:00]

AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~2\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Chris\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - C:\Program Files (x86)\McAfee\MSK\MskAPBho.dll
BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\mskapbho64.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\WINDOWS\System32\drivers\PxHlpa64.sys [2010-5-24 55280]
R1 vwififlt;Virtual WiFi Filter Driver;C:\WINDOWS\System32\drivers\vwififlt.sys [2009-7-13 59904]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\WINDOWS\System32\drivers\k57nd60a.sys [2010-5-24 320040]
S1 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\drivers\mfehidk.sys [2010-5-24 307400]
S2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2010-5-24 202752]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
S2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe [2010-5-24 359952]
S2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2010-5-24 155456]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-5-24 660800]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
S3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2010-5-24 606736]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\drivers\mfeavfk.sys [2010-5-24 102600]
S3 mfebopk;McAfee Inc. mfebopk;C:\WINDOWS\System32\drivers\mfebopk.sys [2010-5-24 41032]
S3 mferkdk;McAfee Inc. mferkdk;C:\WINDOWS\System32\drivers\mferkdk.sys [2010-5-24 40904]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\WINDOWS\System32\drivers\mfesmfk.sys [2010-5-24 49480]

=============== Created Last 30 ================

2010-12-12 12:23:53 -------- d-----w- C:\Users\Chris\AppData\Local\SupportSoft
2010-12-12 11:52:50 -------- d-----w- C:\Program Files (x86)\BitLord
2010-12-12 11:51:38 -------- d-----w- C:\Program Files (x86)\BRS
2010-12-12 11:51:38 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks
2010-12-12 11:51:37 -------- d-----w- C:\Program Files (x86)\AppInventor
2010-12-12 11:51:12 -------- d-----w- C:\Program Files (x86)\Activision
2010-12-12 11:51:07 -------- d-----w- C:\Program Files (x86)\AMD
2010-12-12 11:51:07 -------- d-----w- C:\Program Files (x86)\2K Sports
2010-12-12 11:51:07 -------- d-----w- C:\Matrix Games
2010-12-12 11:51:06 -------- d-----w- C:\GamesCampus
2010-12-12 11:47:28 -------- d-----w- C:\Program Files (x86)\whitesmoketoolbar
2010-12-12 11:44:35 -------- d-----w- C:\Users\Chris\AppData\Roaming\Dell
2010-12-12 11:41:41 -------- d-----w- C:\Users\Chris\AppData\Local\Stardock_Corporation
2010-12-12 11:41:35 -------- d-----w- C:\Users\Chris\AppData\Local\DataSafeOnline
2010-12-12 11:41:30 -------- d-----w- C:\Users\Chris\AppData\Local\ATI
2010-12-12 11:36:10 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-12 11:36:07 -------- d-----w- C:\Users\Chris\AppData\Local\VirtualStore
2010-12-12 11:09:10 -------- d-----w- C:\Emergency
2010-12-12 10:56:01 -------- d-----w- C:\Windows\SMINST

==================== Find3M ====================


============= FINISH: 18:32:12.57 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:48 PM

Posted 22 December 2010 - 09:56 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:48 PM

Posted 27 December 2010 - 08:03 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users