Jump to content

WhiteSmoke Translator Problem

bloodypupil
 Share

Recommended Posts

bloodypupil

bloodypupil

Posted
Posted

I have a laptop that's been having issues.

The main issue is the WhiteSmoke Translator that's been installed on the machine. This, of course, is redirecting any web browser being used to go to invalid sites suggesting a variety of links to try.

To further the issues with this machine, none of the programs I tried to get rid of via add/remove programs can be removed.

The machine is not moving at a snails pace, but it is slower than what it was before these problems started happening.

I've taken the first steps outlined in the "I'm infected - What do I do now" thread.

Thank you in advance.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by hope at 18:39:28 on 2011-11-07

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1760 [GMT -5:00]

.

AV: Trend Micro AntiVirus *Enabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}

SP: Trend Micro AntiVirus *Enabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\SMINST\BLService.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Users\Guest\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [ufSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\hope\appdata\roaming\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\program files\whitesmoketranslator\WSTrayDictMode.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{51A7A5FE-9E5B-4D3D-9A95-15ADAC12112C} : DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{AB122883-4A54-4567-9963-55FEE5BE6270} : DhcpNameServer = 192.168.2.1 208.59.247.45 208.59.247.46

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\hope\appdata\roaming\mozilla\firefox\profiles\6agpgsr1.default\

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-20 365952]

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-12-29 50192]

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-12-29 36368]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 GSRestartSvc;GSRestartSvc;"c:\programdata\geek squad\customizer\gsrestartsvc.exe" --> c:\programdata\geek squad\customizer\GSRestartSvc.exe [?]

S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]

S2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2011-10-9 677128]

S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-20 193840]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-11-07 23:24:34 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e9a200ea-773f-4806-9ddc-2949541e6ace}\offreg.dll

2011-11-07 21:57:12 -------- d-----w- c:\users\hope\appdata\local\temp

2011-11-07 21:43:23 -------- d-----w- C:\ComboFix

2011-11-07 20:36:02 -------- d-----w- c:\programdata\Malwarebytes

2011-11-07 20:35:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-02 04:22:52 98816 ----a-w- c:\windows\sed.exe

2011-11-02 04:22:52 518144 ----a-w- c:\windows\SWREG.exe

2011-11-02 04:22:52 256000 ----a-w- c:\windows\PEV.exe

2011-11-02 04:22:52 208896 ----a-w- c:\windows\MBR.exe

2011-11-02 03:43:41 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e9a200ea-773f-4806-9ddc-2949541e6ace}\mpengine.dll

2011-10-10 19:47:36 -------- d-----w- c:\users\hope\appdata\roaming\WhiteSmokeTranslator

2011-10-10 19:47:16 -------- d-----w- c:\program files\WhiteSmokeTranslator

2011-10-10 19:47:13 -------- d-----w- c:\program files\Conduit

2011-10-10 19:47:11 -------- d-----w- c:\users\hope\appdata\local\Conduit

2011-10-10 19:47:10 -------- d-----w- c:\program files\WhiteSmoke_Bar

2011-10-10 19:41:07 -------- d-----w- c:\users\hope\appdata\local\Avanquest_Software

2011-10-10 19:17:49 -------- d-----w- c:\users\hope\appdata\roaming\Avanquest

2011-10-10 19:17:22 -------- d-----w- c:\programdata\Avanquest

2011-10-10 19:17:22 -------- d-----w- c:\program files\Avanquest

2011-10-10 00:20:02 -------- d-----w- c:\programdata\STOPzilla!

2011-10-10 00:12:39 -------- d-----w- c:\programdata\Trend Micro

2011-10-10 00:10:45 -------- d-----w- c:\program files\Trend Micro

.

==================== Find3M ====================

.

2011-11-07 21:24:33 226280 ----a-w- c:\windows\system32\drivers\volsnap.sys

2011-11-02 03:42:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 18:40:31.95 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 8/28/2009 3:43:53 AM

System Uptime: 11/7/2011 6:23:44 PM (0 hours ago)

.

Motherboard: Wistron | | 303C

Processor: AMD Turion Dual-Core RM-75 | Socket A | 2200/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 287 GiB total, 194.561 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 1.823 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9

Adobe Shockwave Player

Adobe Shockwave Player 11.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

Atheros Driver Installation Program

Compatibility Pack for the 2007 Office system

Conexant HD Audio

CyberLink DVD Suite

CyberLink YouCam

Dell PC Suite

Download Updater (AOL LLC)

ESU for Microsoft Vista

HDAUDIO Soft Data Fax Modem with SmartCP

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Customer Experience Enhancements

HP Doc Viewer

HP DVD Play 3.7

HP Help and Support

HP Quick Launch Buttons 6.40 H2

HP Total Care Advisor

HP Total Care Setup

HP Update

HP User Guides 0118

HP Wireless Assistant

HPAsset component for HP Active Support Library

HPNetworkAssistant

Java Auto Updater

Java 6 Update 26

Java 6 Update 7

Juno Preloader

LabelPrint

LightScribe System Software 1.14.17.1

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Live Search Toolbar

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Works

MobileMe Control Panel

Mozilla Firefox 7.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee Reveal

My HP Games

NetWaiting

NetZero Preloader

Norton Internet Security

NVIDIA Drivers

Power2Go

PowerDirector

PVSonyDll

QuickTime

Realtek USB 2.0 Card Reader

Safari

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

SPORE Creature Creator Trial Edition

Synaptics Pointing Device Driver

Trend Micro AntiVirus

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Office 2007 (KB934528)

WhiteSmoke Bar Toolbar

WhiteSmokeTranslator

.

==== Event Viewer Messages From Past Week ========

.

11/7/2011 6:26:42 PM, Error: Service Control Manager [7023] - The wscsvc service terminated with the following error: The specified module could not be found.

11/7/2011 6:25:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP SRTSPX

11/7/2011 6:25:34 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

11/7/2011 6:25:34 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.

11/7/2011 6:25:34 PM, Error: Service Control Manager [7000] - The GSRestartSvc service failed to start due to the following error: The system cannot find the file specified.

11/7/2011 6:24:03 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

11/7/2011 4:55:00 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/7/2011 4:39:25 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).

11/2/2011 12:01:13 AM, Error: Service Control Manager [7034] - The Fix-It Utilities Process Monitor service terminated unexpectedly. It has done this 1 time(s).

11/1/2011 11:26:58 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 001F16E4741A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

11/1/2011 11:26:56 PM, Error: EventLog [6008] - The previous system shutdown at 9:40:09 PM on 10/29/2011 was unexpected.

.

==== End Of File ===========================

Link to post
Share on other sites
1PW

1PW

Posted
Posted

Hello bloodypupil: :welcome:

If you think your system is infected, here are the steps needed to get your computer cleaned:

Please read the following so that you can begin the cleaning process:

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the
General Malwarebytes' Anti-Malware Forum
, you need to start your own topic in the
Malware Removal - HijackThis Logs subforum
so a qualified expert can help you fix any malware related problems/infections you may have.

  • Please read and
    CAREFULLY FOLLOW
    the
    , skipping any steps you are unable to complete. Then post a
    .

  • After posting your new post, make sure under
    options
    , you select
    Track this topic
    and choose
    Immediate Email Notification
    , so that you're alerted when someone has replied to your post.

  • One of the
    there will give you one-on-one assistance when one becomes available.

  • Please refrain from making any further changes to your computer such as (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

NOTE:
Please DO NOT post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.
    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.

      Or

    • You may send a Private Message to a Moderator asking for assistance.

OPTION 2

Alternatively, as a paying customer, you can contact the help desk at
or
.

OPTION 3

If you would like to use our Malwarebytes Premium Services, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our
support site.

Please be patient, someone will assist you as soon as it is possible.

PS: Please use the Add-Reply.png button instead of other ones when you start replying. :)

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.