Malwarebytes, Mcafee and Spybot have all faild to find it, but I know it's there...

[Fudbucket]

Malwarebytes, Mcafee and Spybot have all faild to find it, but I'm deffinately infected with something. Internet is running slow, some pages fail to open and I can't upload pictures on E-Bay.

 

Here is my Hijackthis log file.

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 07:25:47, on 07/08/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 22.0 (en-GB)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\McAfee.com\Agent\mcagent.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
F:\WINDOWS\system32\mfevtps.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
F:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
F:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Mozilla Firefox\plugin-container.exe
f:\PROGRA~1\mcafee\SITEAD~1\saui.exe
F:\Program Files\eBay\Turbo Lister2\Tl.exe
F:\Documents and Settings\chris\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/howfytdl/{8DCB9213-E077-880D-0F37-10BDEC31EFF9}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=2&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s%s
R3 - URLSearchHook: SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - F:\Program Files\SimilarSites\similarsites.dll (file missing)
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - F:\Program Files\W3i\NetAssistant\NetAssistant.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - f:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - F:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - F:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - f:\PROGRA~1\mcafee\msk\mskapbho.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - f:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - F:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll (file missing)
O2 - BHO: NetAssistantBHO - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - F:\Program Files\W3i\NetAssistant\NetAssistant.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - F:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - F:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll (file missing)
O3 - Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - F:\Program Files\SimilarSites\similarsites.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - f:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] F:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [mcui_exe] "F:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [DivXMediaServer] F:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "F:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [spotify Web Helper] "G:\My Documents\set up progs\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = F:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - F:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - f:\PROGRA~1\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - F:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - F:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - F:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - F:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - F:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - F:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - F:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - F:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - F:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - F:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - F:\WINDOWS\system32\mfevtps.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - F:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11075 bytes
 

[Psychotic]

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply
 
 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

• Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  
  • Sections
  • IAT/EAT
  • Show All ( should be unchecked by default )
    

  [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.
  

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

[Fudbucket]

Are you sure the DDs dowload is safe? Mcafee keeps blocking it because it contains viruses, spyware and other potentially unwanted programs. The Gmer downloaded no problems.

[Psychotic]

You are within the official forum of a well known antimalware software development business - don´t worry, nobody in here would advice you to download malware!

[Fudbucket]

OK. Just thought I'd check. Here's the first one, I'll post the Gmer, as soon as it's ready.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by chris at 8:52:17 on 2013-08-07
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.1918.1180 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ================
.
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
F:\WINDOWS\system32\mfevtps.exe
F:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
F:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\McAfee.com\Agent\mcagent.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
F:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
G:\My Documents\set up progs\Data\SpotifyWebHelper.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
F:\Program Files\Mozilla Firefox\plugin-container.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
F:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
f:\PROGRA~1\mcafee\SITEAD~1\saui.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
F:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
F:\WINDOWS\system32\svchost.exe -k LocalService
F:\WINDOWS\system32\svchost.exe -k LocalService
F:\WINDOWS\system32\svchost.exe -k hpdevmgmt
F:\WINDOWS\System32\svchost.exe -k HPZ12
F:\WINDOWS\System32\svchost.exe -k HPZ12
F:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.


mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html


uURLSearchHooks: SimilarSites: {FE69C007-C452-4d3e-86D2-1730DF8BC871} -
uURLSearchHooks: {00000000-6E41-4FD3-8538-502F5495E5FC} - <orphaned>
uURLSearchHooks: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - <orphaned>
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
uURLSearchHooks: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - f:\program files\w3i\netassistant\NetAssistant.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - f:\program files\mcafee\siteadvisor\McIEPlg.dll
mURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mURLSearchHooks: SimilarSites: {FE69C007-C452-4d3e-86D2-1730DF8BC871} -
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - f:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - f:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: <No Name>: {53707962-6F74-2D53-2644-206D7942484F} - f:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - f:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - f:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -
BHO: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - f:\program files\w3i\netassistant\NetAssistant.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - f:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - f:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -
TB: SimilarSites: {FE69C007-C452-4d3e-86D2-1730DF8BC871} -
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - f:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: SimilarSites: {FE69C007-C452-4d3e-86D2-1730DF8BC871} -
uRun: [CTFMON.EXE] f:\windows\system32\ctfmon.exe
uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "f:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] "f:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "f:\program files\messenger\msmsgs.exe" /background
uRun: [spotify Web Helper] "g:\my documents\set up progs\data\SpotifyWebHelper.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [skyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroFilterCheck] f:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HP Software Update] f:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] f:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [mcui_exe] "f:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [DivXMediaServer] f:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "f:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [CTFMON.EXE] f:\windows\system32\CTFMON.EXE
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - f:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - f:\program files\mcafee security scan\3.0.318\SSScheduler.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - f:\program files\microsoft office\office\OSA9.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - f:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe


TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B3D88815-62C5-4B20-9881-2EAE2A9F68B3} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - f:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\program files\mcafee\siteadvisor\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages =  scecli scecli
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "f:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - f:\documents and settings\chris\application data\mozilla\firefox\profiles\a1o6t2e2.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search


FF - plugin: f:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: f:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: f:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: f:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: f:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: f:\windows\system32\npDeployJava1.dll
FF - plugin: f:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;f:\windows\system32\drivers\mfehidk.sys [2013-2-19 565888]
R1 mfetdi2k;McAfee Inc. mfetdi2k;f:\windows\system32\drivers\mfetdi2k.sys [2013-2-19 91640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;f:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-24 167784]
R2 McMPFSvc;McAfee Personal Firewall Service;f:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-24 167784]
R2 McNaiAnn;McAfee VirusScan Announcer;f:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-24 167784]
R2 McProxy;McAfee Proxy Service;f:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-24 167784]
R2 McShield;McAfee McShield;f:\program files\common files\mcafee\systemcore\mcshield.exe [2013-5-30 203840]
R2 mfefire;McAfee Firewall Core Service;f:\program files\common files\mcafee\systemcore\mfefire.exe [2013-5-30 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;f:\windows\system32\mfevtps.exe [2013-5-30 172416]
R3 cfwids;McAfee Inc. cfwids;f:\windows\system32\drivers\cfwids.sys [2013-5-30 60920]
R3 mfeavfk;McAfee Inc. mfeavfk;f:\windows\system32\drivers\mfeavfk.sys [2013-5-30 235264]
R3 mfefirek;McAfee Inc. mfefirek;f:\windows\system32\drivers\mfefirek.sys [2013-5-30 363080]
R3 mfendiskmp;mfendiskmp;f:\windows\system32\drivers\mfendisk.sys [2013-5-30 84904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 HipShieldK;McAfee Inc. HipShieldK;f:\windows\system32\drivers\HipShieldK.sys [2013-5-30 146872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;f:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 mfebopk;McAfee Inc. mfebopk;f:\windows\system32\drivers\mfebopk.sys [2013-5-30 65928]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;f:\windows\system32\drivers\mfendisk.sys [2013-5-30 84904]
S3 mferkdet;McAfee Inc. mferkdet;f:\windows\system32\drivers\mferkdet.sys [2013-5-30 92632]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;f:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== Created Last 30 ================
.
2013-07-22 05:17:08    --------    d-----w-    f:\documents and settings\all users\application data\McAfee Security Scan
2013-07-22 05:17:06    --------    d-----w-    f:\program files\McAfee Security Scan
2013-07-11 08:04:31    22856    ----a-w-    f:\windows\system32\drivers\mbam.sys
.
==================== Find3M  ====================
.
2013-07-22 05:17:04    71048    ----a-w-    f:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-22 05:17:04    692104    ----a-w-    f:\windows\system32\FlashPlayerApp.exe
2013-07-10 19:22:47    87608    ----a-w-    f:\documents and settings\chris\application data\inst.exe
2013-07-10 19:22:46    47360    ----a-w-    f:\documents and settings\chris\application data\pcouffin.sys
2013-07-09 07:00:02    867240    ----a-w-    f:\windows\system32\npDeployJava1.dll
2013-07-09 07:00:02    789416    ----a-w-    f:\windows\system32\deployJava1.dll
2013-06-07 22:55:44    385024    ----a-w-    f:\windows\system32\html.iec
2013-06-07 21:56:06    920064    ----a-w-    f:\windows\system32\wininet.dll
2013-06-07 21:56:06    43520    ----a-w-    f:\windows\system32\licmgr10.dll
2013-06-07 21:56:05    1469440    ------w-    f:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02    562688    ----a-w-    f:\windows\system32\qedit.dll
2013-06-04 01:40:45    1876736    ----a-w-    f:\windows\system32\win32k.sys
.
============= FINISH:  8:53:02.42 ===============
 

[Psychotic]

Please post up the attach.txt by DDS as well

[Fudbucket]

I think I've got it right this time.

ark.txt

attach.txt

[Psychotic]

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

MarketResearch
McAfee Security Scan Plus

Close the window.

 

 

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

[Fudbucket]

There was no program called MarketResearch in the add/remove programs list. I've done the rest though.

ComboFix.txt

[Psychotic]

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

CFScript.txt

[Fudbucket]

Done.

ComboFix.txt

[Psychotic]

Repeat with the following file:

 

 

CFScript.txt

[Fudbucket]

Done.

ComboFix.txt

[Psychotic]

Full System Scan with Malwarebytes Antimalware

• 
  If not existing, please download

Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

• Run Malwarebytes Antimalware
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location.
• The log can also be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Post that log back here.
  

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

[Fudbucket]

I've just started Malwarebytes, don't expect a quick responce, it took over five hours last time I used it. Can I run the other one now or do I need Malwarebytes to finish first?

[Fudbucket]

Here's the first one, I'll do the second in the morning.

[Fudbucket]

Sorry the upload failed.

mbam-log-2013-08-08 (18-56-33).txt

[Fudbucket]

Right, we're there.

esettxt.txt

[Psychotic]

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

• Run adwcleaner.exe.
• Hit delete.
• When the run is finished, it will open up a text file.
• Please post its contents within your next reply.
• You´ll find the log file at C:\AdwCleaner[s1].txt also.
  

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

• Save it to your desktop, start it and follow the instructions in the window.
• After the scan finished the (checkup.txt) will open. Copy its content to your thread.
  

 

CFScript.txt

[Fudbucket]

All done.

log.txt

AdwCleanerS1.txt

checkup.txt

[Psychotic]

Your system is clean now!

 

 

Mozilla Firefox out of date

Your Firefox browser is outdated. Please follow these instructions to update it:

• Get the actual firefox from here.
• Run setup and follow the instructions on your monitor.
• Report any problems you have with the update.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:
 

• In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
• In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
• In any case please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process
• If there is still something left please delete it manualy.

 

 

 

 

How to protect yourself
 

• System Updates
  Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
  Windows XP | Windows Vista |
  Windows 7 | windows 8
• Protection
  What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
  Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
• Up to date Software
  Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
  • Secunia Online Software Inspector - Checks if your software has updates available.
  • Filehippo Update Checkere - This tool also scans your computer for outdated software.
  • Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins in your Firefox browser.
• Backups
  There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice.
• Brains
  It's no joke! You really need one of those things. It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

[Fudbucket]

OK, well, thanks for trying, but it hasn't helped. The problems are still there and as bad as ever.

Any ideas on where or who I should try next would be much appreciated.

[Psychotic]

Then it isn´t malware related.

 

 

System File Check

For Windows XP:

• Press the Windows- and the R-key simultanously.
• Within the text box that jus opened, write cmd and hit Enter.
  

For Windows Vista/7:

• Press the Windows key to open the start menu.
• Don´t highlight anything, just write cmd.
• The start menu will offer you an entry named cmd.
• Right click it and select "run as administrator"
  

Within the opening window, write the following:

sfc /scannow

(See the blank within).

• Hit enter. Your system will be checked for damaged system files.
• Tell me the result of that scan in here (as the tool produces no log).
  

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!