Microsoft
Software
Hardware
Network
Question : How do I clean Malware that is hijacking my browser search results?
My Google search results are hijacked in all three browsers installed on my PC, Firefox, Chrome and IE 8. I am also getting the "Congratulations You Won" and "Oh my god no way" audip ramdonly played.
Here's my HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:44:58 PM, on 7/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
xe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\system32\servic
es.exe
C:\WINDOWS\system32\lsass.
exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\System32\svchos
t.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spools
v.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileA
gent.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS
ervice.exe
C:\Program Files\Bonjour\mDNSResponde
r.exe
C:\WINDOWS\system32\cisvc.
exe
C:\Program Files\Drobo\Drobo Dashboard\Support\DDServic
e.exe
C:\Program Files\FarStone\DriveClone\
Client\cbp
\DCSchdler
.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkSe
rvice.exe
C:\WINDOWS\eHome\ehRecvr.e
xe
C:\WINDOWS\eHome\ehSched.e
xe
C:\Program Files\FarStone\DriveClone\
Client\Efb
\FBPAgent.
exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateServic
e.exe
C:\PROGRA~1\Iomega\System3
2\AppServi
ces.exe
C:\Program Files\Java\jre6\bin\jqs.ex
e
c:\Program Files\Common Files\LightScribe\LSSrvc.e
xe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPr
cSrv.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McS
vHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mf
evtps.exe
C:\WINDOWS\system32\nvsvc3
2.exe
C:\WINDOWS\system32\HPZipm
12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QB
CFMonitorS
ervice.exe
C:\WINDOWS\system32\svchos
t.exe
C:\Program Files\FarStone\DriveClone\
Client\DCN
TranProc.e
xe
C:\WINDOWS\system32\svchos
t.exe
C:\Program Files\Common Files\McAfee\SystemCore\mc
shield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mf
efire.exe
C:\WINDOWS\system32\wuaucl
t.exe
C:\WINDOWS\system32\dllhos
t.exe
C:\WINDOWS\system32\HDAudP
ropShortcu
t.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon
06.exe
C:\WINDOWS\SMINST\RECGUARD
.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\SMINST\RECGUARD
.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\NewTech Infosystems\Scheduler\Schd
lr32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.
exe
C:\WINDOWS\system32\RUNDLL
32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll
32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Com
munication
s_Helper.e
xe
C:\Program Files\Logitech\QuickCam\Qu
ickcam.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\McAfee.com\Agent\mca
gent.exe
C:\Program Files\iTunes\iTunesHelper.
exe
C:\WINDOWS\system32\ctfmon
.exe
C:\WINDOWS\System32\svchos
t.exe
C:\Program Files\Google\GoogleToolbar
Notifier\G
oogleToolb
arNotifier
.exe
C:\Documents and Settings\HP_Administrator\
Local Settings\Application Data\Google\Update\GoogleU
pdate.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\Malwarebytes' Anti-Malware\DCSmbam.exe
C:\Program Files\Common Files\NewTech Infosystems\Scheduler\Schd
lr32 .exe
C:\Program Files\Drobo\Drobo Dashboard\DroboDashboard.e
xe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QB
Update\qbu
pdate.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Com
munication
s_Helper .exe
C:\Program Files\Common Files\Java\Java Update\jusched .exe
C:\Program Files\Logitech\QuickCam\Qu
ickcam .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Google\GoogleToolbar
Notifier\G
oogleToolb
arNotifier
.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LV
ComSer.exe
C:\Program Files\Logitech\Logitech Vid\Vid .exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LV
ComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCI
Manager.ex
e
C:\Program Files\JGsoft\EditPadLite\E
ditPadLite
.exe
C:\Program Files\iPod\bin\iPodService
.exe
c:\PROGRA~1\mcafee\mpf\mpf
alert.exe
C:\Documents and Settings\HP_Administrator\
Desktop\DC
SHijackThi
s.exe
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Default_Page
_URL =
http://go.microsoft.com/fw
link/?Link
Id=69157
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Default_Sear
ch_URL =
http://go.microsoft.com/fw
link/?Link
Id=54896
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Page =
http://go.microsoft.com/fw
link/?Link
Id=54896
R0 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://go.microsoft.com/fw
link/?Link
Id=69157
R1 - HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\Internet Settings,ProxyOverride = *.local
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-F
CE54AD9C20
8} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-7
68834316C6
1} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhanc
er.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.d
ll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6
309F01C523
1} - C:\Program Files\Common Files\McAfee\SystemCore\Sc
riptSn.201
0051802100
8.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
F10577473F
7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.d
ll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C
E66B5AD205
D} - C:\Program Files\Google\GoogleToolbar
Notifier\5
.5.5126.18
36\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2
CD0E90A88F
F} - c:\progra~1\mcafee\sitead~
1\mcieplg.
dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9
C25C1C588A
9} - C:\Program Files\Java\jre6\bin\jp2ssv
.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-E
ABFE594F69
C} - C:\Program Files\Java\jre6\lib\deploy
\jqs\ie\jq
s_plugin.d
ll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0
E72E116A85
6} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-0
5D28BCF79F
5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D
2AAB95CABE
3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-0
09027A5CD4
F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.d
ll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-5
16ABECAE06
4} - c:\progra~1\mcafee\sitead~
1\mcieplg.
dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.
exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon
06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD
.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtr
ay.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.
dll,NvStar
tup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NTI Scheduler] "C:\Program Files\Common Files\NewTech Infosystems\Scheduler\Schd
lr32.exe" -s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.
exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTr
ay.dll,NvT
askbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSy
ncManager.
exe startup
O4 - HKLM\..\Run: [LogitechCommunicationsMan
ager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Com
munication
s_Helper.e
xe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Qu
ickcam.exe
" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mca
gent.exe" /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
.exe
O4 - HKCU\..\Run: [EPSON PictureMate PM 260] C:\WINDOWS\System32\spool\
DRIVERS\W3
2X86\3\E_F
ATICGA.EXE
/FU "C:\WINDOWS\TEMP\E_S83.tmp
" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbar
Notifier\G
oogleToolb
arNotifier
.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\
Local Settings\Application Data\Google\Update\GoogleU
pdate.exe"
/c
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBoos
ter 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaD
etector.ex
e (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaD
etector.ex
e (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: Drobo Dashboard.lnk = C:\Program Files\Drobo\Drobo Dashboard\DroboDashboard.e
xe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QB
Update\qbu
pdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
C9C571A826
3} - C:\PROGRA~1\MI1933~1\OFFIC
E11\REFIEB
AR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2
F5B1AA8452
2} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
2ba3849658
3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
2ba3849658
3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://www.excite.com
O15 - Trusted Zone:
http://*.turbotax.com
O15 - Trusted Zone:
http://www.vbgov.com
O16 - DPF: {17492023-C23A-453E-A040-C
7C580BBF70
0} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fw
link/?link
id=39204
O16 - DPF: {406B5949-7190-4245-91A9-3
0A17DE16AD
0} (Snapfish Activia) -
http://www.costcophotocent
er.com/Cos
tcoActivia
.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-F
FDE2BAC296
7} (DLM Control) -
http://dlm.tools.akamai.co
m/dlmanage
r/versions
/activex/d
lm-
activex
-2.2.4.1.c
ab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5
A1EDB1D8A2
1} (McAfee.com Operating System Class) -
http://download.mcafee.com
/molbin/sh
ared/mcins
ctl/4,0,0,
96/
mcinsct
l.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-D
C1FA91D2FC
3} (MUWebControl Class) -
http://update.microsoft.co
m/microsof
tupdate/v6
/V5Control
s/en/
x86/c
lient/muwe
b_site.cab
?117461356
9093
O16 - DPF: {82774781-8F4E-11D1-AB1C-0
000F8773BF
0} (DLC Class) -
https://transfers.ds.micro
soft.com/F
TM/Transfe
rSource/
gr
TransferCt
rl.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B
1E370AE754
9} -
http://us.mcafee.com/Apps/
WSC/en-us/
WscWlanSca
nnerCtrl.c
ab
O16 - DPF: {A90A5822-F108-45AD-8482-9
BC8B12DD53
9} (Crucial cpcScan) -
http://www.crucial.com/con
trols/cpcS
canner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D
8ABCA09EC0
9} (Get_ActiveX Control) -
https://h17000.www1.hp.com
/ewfrf-JAV
A/Secure/
H
PGetDownlo
adManager.
ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C
18E1ADA438
9} (DwnldGroupMgr Class) -
http://download.mcafee.com
/molbin/sh
ared/mcgdm
gr/1,0,0,2
6/
mcgdmgr.
cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-A
C9BF37916A
7} -
http://platformdl.adobe.co
m/NOS/getP
lusPlus/1.
6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-0
67394E91CC
5} - c:\progra~1\mcafee\sitead~
1\mcieplg.
dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-8
6486D72E74
9} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggablePro
tocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-5
3150405FD5
7} - mscoree.dll (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-0
67394E91CC
5} - c:\progra~1\mcafee\sitead~
1\mcieplg.
dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-0
0A0C90312E
1} - C:\WINDOWS\system32\browse
ui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3
078302C203
0} - C:\WINDOWS\system32\browse
ui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0
) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileA
gent.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0
) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileA
gent.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS
ervice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde
r.exe
O23 - Service: DCScheduler - Unknown owner - C:\Program Files\FarStone\DriveClone\
Client\cbp
\DCSchdler
SRVC.exe
O23 - Service: Drobo Dashboard Service (DDService) - Data Robotics, Inc. - C:\Program Files\Drobo\Drobo Dashboard\Support\DDServic
e.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkSe
rvice.exe
O23 - Service: File Backup Agent (FBAgent) - Farstone Technology Inc. - C:\Program Files\FarStone\DriveClone\
Client\Efb
\FBPAgent.
exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingServ
ice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\Google
Update.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterServi
ce.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
\1150\Inte
l 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateServic
e.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System3
2\AppServi
ces.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.ex
e
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.e
xe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LV
ComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPr
cSrv.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McS
vHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McS
vHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
vHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
vHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
vHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mco
ds.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
vHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\m
cshield.ex
e
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\m
fefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mf
evtps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc3
2.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm
12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QB
CFMonitorS
ervice.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FC
S\Intuit.Q
uickBooks.
FCS.exe
O23 - Service: DCNTranProc (Tran_Process_Proc) - Unknown owner - C:\Program Files\FarStone\DriveClone\
Client\DCN
TranProc.e
xe
--
End of file - 17883 bytes
Answer : How do I clean Malware that is hijacking my browser search results?
CAn you post Combofix's log.
Also run Tdsskiler>post log
http://support.kaspersky.c
om/viruses
/solutions
?qid=20828
0684
Hitman Pro>save Xml log to post
http://www.surfright.nl/en
/hitmanpro
Random Solutions
sms gateway in asp.net
vbscript create shortcut script, not completing script, no errors, code attached
Sonicwall TZ 100 configuration
Hyperlink issues
HP SAN drive fail
Login script error. Access Denied
Intrusion Attempt on a Debian Etch system. Help needed
Finding the array id based on value of key.
Setting up Entourage 08 with Exchange 2007
Limit textbox to number of chars entered
