Microsoft
Software
Hardware
Network
Question : How do I clean Malware that is hijacking my browser search results?
My Google search results are hijacked in all three browsers installed on my PC, Firefox, Chrome and IE 8. I am also getting the "Congratulations You Won" and "Oh my god no way" audip ramdonly played.
Here's my HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:44:58 PM, on 7/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
xe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\system32\servic
es.exe
C:\WINDOWS\system32\lsass.
exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\System32\svchos
t.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spools
v.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileA
gent.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS
ervice.exe
C:\Program Files\Bonjour\mDNSResponde
r.exe
C:\WINDOWS\system32\cisvc.
exe
C:\Program Files\Drobo\Drobo Dashboard\Support\DDServic
e.exe
C:\Program Files\FarStone\DriveClone\
Client\cbp
\DCSchdler
.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkSe
rvice.exe
C:\WINDOWS\eHome\ehRecvr.e
xe
C:\WINDOWS\eHome\ehSched.e
xe
C:\Program Files\FarStone\DriveClone\
Client\Efb
\FBPAgent.
exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateServic
e.exe
C:\PROGRA~1\Iomega\System3
2\AppServi
ces.exe
C:\Program Files\Java\jre6\bin\jqs.ex
e
c:\Program Files\Common Files\LightScribe\LSSrvc.e
xe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPr
cSrv.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McS
vHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mf
evtps.exe
C:\WINDOWS\system32\nvsvc3
2.exe
C:\WINDOWS\system32\HPZipm
12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QB
CFMonitorS
ervice.exe
C:\WINDOWS\system32\svchos
t.exe
C:\Program Files\FarStone\DriveClone\
Client\DCN
TranProc.e
xe
C:\WINDOWS\system32\svchos
t.exe
C:\Program Files\Common Files\McAfee\SystemCore\mc
shield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mf
efire.exe
C:\WINDOWS\system32\wuaucl
t.exe
C:\WINDOWS\system32\dllhos
t.exe
C:\WINDOWS\system32\HDAudP
ropShortcu
t.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon
06.exe
C:\WINDOWS\SMINST\RECGUARD
.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\SMINST\RECGUARD
.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\NewTech Infosystems\Scheduler\Schd
lr32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.
exe
C:\WINDOWS\system32\RUNDLL
32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll
32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Com
munication
s_Helper.e
xe
C:\Program Files\Logitech\QuickCam\Qu
ickcam.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\McAfee.com\Agent\mca
gent.exe
C:\Program Files\iTunes\iTunesHelper.
exe
C:\WINDOWS\system32\ctfmon
.exe
C:\WINDOWS\System32\svchos
t.exe
C:\Program Files\Google\GoogleToolbar
Notifier\G
oogleToolb
arNotifier
.exe
C:\Documents and Settings\HP_Administrator\
Local Settings\Application Data\Google\Update\GoogleU
pdate.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\Malwarebytes' Anti-Malware\DCSmbam.exe
C:\Program Files\Common Files\NewTech Infosystems\Scheduler\Schd
lr32 .exe
C:\Program Files\Drobo\Drobo Dashboard\DroboDashboard.e
xe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QB
Update\qbu
pdate.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Com
munication
s_Helper .exe
C:\Program Files\Common Files\Java\Java Update\jusched .exe
C:\Program Files\Logitech\QuickCam\Qu
ickcam .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Google\GoogleToolbar
Notifier\G
oogleToolb
arNotifier
.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LV
ComSer.exe
C:\Program Files\Logitech\Logitech Vid\Vid .exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LV
ComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCI
Manager.ex
e
C:\Program Files\JGsoft\EditPadLite\E
ditPadLite
.exe
C:\Program Files\iPod\bin\iPodService
.exe
c:\PROGRA~1\mcafee\mpf\mpf
alert.exe
C:\Documents and Settings\HP_Administrator\
Desktop\DC
SHijackThi
s.exe
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Default_Page
_URL =
http://go.microsoft.com/fw
link/?Link
Id=69157
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Default_Sear
ch_URL =
http://go.microsoft.com/fw
link/?Link
Id=54896
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Page =
http://go.microsoft.com/fw
link/?Link
Id=54896
R0 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://go.microsoft.com/fw
link/?Link
Id=69157
R1 - HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\Internet Settings,ProxyOverride = *.local
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-F
CE54AD9C20
8} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-7
68834316C6
1} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhanc
er.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.d
ll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6
309F01C523
1} - C:\Program Files\Common Files\McAfee\SystemCore\Sc
riptSn.201
0051802100
8.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
F10577473F
7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.d
ll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C
E66B5AD205
D} - C:\Program Files\Google\GoogleToolbar
Notifier\5
.5.5126.18
36\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2
CD0E90A88F
F} - c:\progra~1\mcafee\sitead~
1\mcieplg.
dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9
C25C1C588A
9} - C:\Program Files\Java\jre6\bin\jp2ssv
.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-E
ABFE594F69
C} - C:\Program Files\Java\jre6\lib\deploy
\jqs\ie\jq
s_plugin.d
ll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0
E72E116A85
6} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-0
5D28BCF79F
5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D
2AAB95CABE
3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-0
09027A5CD4
F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.d
ll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-5
16ABECAE06
4} - c:\progra~1\mcafee\sitead~
1\mcieplg.
dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.
exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon
06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD
.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtr
ay.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.
dll,NvStar
tup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NTI Scheduler] "C:\Program Files\Common Files\NewTech Infosystems\Scheduler\Schd
lr32.exe" -s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.
exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTr
ay.dll,NvT
askbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSy
ncManager.
exe startup
O4 - HKLM\..\Run: [LogitechCommunicationsMan
ager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Com
munication
s_Helper.e
xe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Qu
ickcam.exe
" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mca
gent.exe" /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
.exe
O4 - HKCU\..\Run: [EPSON PictureMate PM 260] C:\WINDOWS\System32\spool\
DRIVERS\W3
2X86\3\E_F
ATICGA.EXE
/FU "C:\WINDOWS\TEMP\E_S83.tmp
" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbar
Notifier\G
oogleToolb
arNotifier
.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\
Local Settings\Application Data\Google\Update\GoogleU
pdate.exe"
/c
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBoos
ter 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaD
etector.ex
e (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaD
etector.ex
e (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: Drobo Dashboard.lnk = C:\Program Files\Drobo\Drobo Dashboard\DroboDashboard.e
xe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QB
Update\qbu
pdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
C9C571A826
3} - C:\PROGRA~1\MI1933~1\OFFIC
E11\REFIEB
AR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2
F5B1AA8452
2} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
2ba3849658
3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
2ba3849658
3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://www.excite.com
O15 - Trusted Zone:
http://*.turbotax.com
O15 - Trusted Zone:
http://www.vbgov.com
O16 - DPF: {17492023-C23A-453E-A040-C
7C580BBF70
0} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fw
link/?link
id=39204
O16 - DPF: {406B5949-7190-4245-91A9-3
0A17DE16AD
0} (Snapfish Activia) -
http://www.costcophotocent
er.com/Cos
tcoActivia
.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-F
FDE2BAC296
7} (DLM Control) -
http://dlm.tools.akamai.co
m/dlmanage
r/versions
/activex/d
lm-
activex
-2.2.4.1.c
ab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5
A1EDB1D8A2
1} (McAfee.com Operating System Class) -
http://download.mcafee.com
/molbin/sh
ared/mcins
ctl/4,0,0,
96/
mcinsct
l.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-D
C1FA91D2FC
3} (MUWebControl Class) -
http://update.microsoft.co
m/microsof
tupdate/v6
/V5Control
s/en/
x86/c
lient/muwe
b_site.cab
?117461356
9093
O16 - DPF: {82774781-8F4E-11D1-AB1C-0
000F8773BF
0} (DLC Class) -
https://transfers.ds.micro
soft.com/F
TM/Transfe
rSource/
gr
TransferCt
rl.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B
1E370AE754
9} -
http://us.mcafee.com/Apps/
WSC/en-us/
WscWlanSca
nnerCtrl.c
ab
O16 - DPF: {A90A5822-F108-45AD-8482-9
BC8B12DD53
9} (Crucial cpcScan) -
http://www.crucial.com/con
trols/cpcS
canner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D
8ABCA09EC0
9} (Get_ActiveX Control) -
https://h17000.www1.hp.com
/ewfrf-JAV
A/Secure/
H
PGetDownlo
adManager.
ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C
18E1ADA438
9} (DwnldGroupMgr Class) -
http://download.mcafee.com
/molbin/sh
ared/mcgdm
gr/1,0,0,2
6/
mcgdmgr.
cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-A
C9BF37916A
7} -
http://platformdl.adobe.co
m/NOS/getP
lusPlus/1.
6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-0
67394E91CC
5} - c:\progra~1\mcafee\sitead~
1\mcieplg.
dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-8
6486D72E74
9} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggablePro
tocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-5
3150405FD5
7} - mscoree.dll (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-0
67394E91CC
5} - c:\progra~1\mcafee\sitead~
1\mcieplg.
dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-0
0A0C90312E
1} - C:\WINDOWS\system32\browse
ui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3
078302C203
0} - C:\WINDOWS\system32\browse
ui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0
) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileA
gent.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0
) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileA
gent.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS
ervice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde
r.exe
O23 - Service: DCScheduler - Unknown owner - C:\Program Files\FarStone\DriveClone\
Client\cbp
\DCSchdler
SRVC.exe
O23 - Service: Drobo Dashboard Service (DDService) - Data Robotics, Inc. - C:\Program Files\Drobo\Drobo Dashboard\Support\DDServic
e.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkSe
rvice.exe
O23 - Service: File Backup Agent (FBAgent) - Farstone Technology Inc. - C:\Program Files\FarStone\DriveClone\
Client\Efb
\FBPAgent.
exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingServ
ice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\Google
Update.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterServi
ce.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
\1150\Inte
l 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateServic
e.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System3
2\AppServi
ces.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.ex
e
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.e
xe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LV
ComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPr
cSrv.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McS
vHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McS
vHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
vHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
vHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
vHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mco
ds.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
vHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\m
cshield.ex
e
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\m
fefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mf
evtps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc3
2.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm
12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QB
CFMonitorS
ervice.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FC
S\Intuit.Q
uickBooks.
FCS.exe
O23 - Service: DCNTranProc (Tran_Process_Proc) - Unknown owner - C:\Program Files\FarStone\DriveClone\
Client\DCN
TranProc.e
xe
--
End of file - 17883 bytes
Answer : How do I clean Malware that is hijacking my browser search results?
CAn you post Combofix's log.
Also run Tdsskiler>post log
http://support.kaspersky.c
om/viruses
/solutions
?qid=20828
0684
Hitman Pro>save Xml log to post
http://www.surfright.nl/en
/hitmanpro
Random Solutions
Need help building an Apache module
Formula/Cunction Needed
Error 105 net::ERR_NAME_NOT_RESOLVED
The server could not be found
SQL in C# code .. Reading Output Parameters.
Win 7 DPI Default 125% ??
visual studio 2010 not automatically rebuild
Form elements in Access 2000 in Windows 7 64 bit move and enlarge!
Multiple CAS, Multiple Sites
CSS problem
