Results 1 to 6 of 6

Thread: Malware Remnant

  1. #1
    Member
    Join Date
    Jan 2012
    Posts
    3
    Points
    0

    Default Malware Remnant

    I believe I have the remnant of a Trojan, found and removed by my Mcafee Virus/Malware scanner. After the removal, any attempt to load a web page from a search results, labeled as "Ads by Google" or any direct entrance into Google (www.google.com/xxxxx------) produces 404 Not Found error, through any browser

    My Computer: HP Pavilion XL876
    XP Home SP3
    160GB HD / 90GB Free
    512MB Ram
    Attached Files

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Hi redF62,

    Welcome to help2go!

    Lets post the logs directly to the forum and avoid attachments, makes it a whole lot easier for everyone. I've gone ahead and done that for you. See instructions at end of logs please.


    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: v2012.01.30.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Fred Catman :: HPPAV [administrator]

    Protection: Enabled

    1/30/2012 6:39:12 PM
    mbam-log-2012-01-30 (18-39-12).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 212266
    Time elapsed: 46 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 01/30/2012 at 06:12 PM

    Application Version : 5.0.1142

    Core Rules Database Version : 8178
    Trace Rules Database Version: 5990

    Scan type : Quick Scan
    Total Scan Time : 00:23:45

    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 614
    Memory threats detected : 0
    Registry items scanned : 17638
    Registry threats detected : 0
    File items scanned : 27613
    File threats detected : 30

    Adware.Tracking Cookie
    C:\Documents and Settings\Fred Catman\Cookies\fred catman@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
    find-allyouneed.com [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    Google [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .fastclick.net [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    find-allyouneed.com [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    server.iad.liveperson.net [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .BurstMedia [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .fastclick.net [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]
    statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\FRED CATMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WAXWO69E.DEFAULT\COOKIES.SQLITE ]


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:46:31 PM, on 1/30/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\EZ-DUB\EZ-DUB.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Wireless Technology Corporation\IEEE 802.11g_Utility\ZDWlan.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\McAfee Online Backup\MOBKbackup.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\system32\rundll32.exe
    c:\progra~1\mcafee\viruss~1\mcvsmap.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = MetaCrawler
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MetaCrawler
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = forms - MetaCrawler
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = forms - MetaCrawler
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = MetaCrawler
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
    O2 - BHO: SpecialSavings - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\SpecialSavings\SpecialSavingsSinged.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120105214403.dll
    O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
    O2 - BHO: Searchcore Toolbar - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchcoredtx.dll (file missing)
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: UCS Shared Browser Helper Object - {F1D49A84-8656-43ce-AE3D-AABC1A12243E} - C:\WINDOWS\SYSTEM32\BHOUCS.DLL
    O3 - Toolbar: (no name) - {AACBDEE8-0813-4308-8121-94CB60848B2C} - (no file)
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Searchcore Toolbar - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchcoredtx.dll (file missing)
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Fred Catman\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'Default user')
    O4 - Global Startup: Color Calibration.lnk = C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
    O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: MagicTune3.5.lnk = C:\Program Files\SEC\MagicTune3.5_Client\MagicTuneTray.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: WLan Utility.lnk = C:\Program Files\Wireless Technology Corporation\IEEE 802.11g_Utility\ZDWlan.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\PROGRA~1\VIRTUA~1\CitiUCS.exe
    O9 - Extra button: SpecialSavings - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\SpecialSavings\SpecialSavingsSinged.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: Win32 Classes -
    O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60...ad/ppcwebi.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://212.105.78.59/cult.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1238537052436
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - HP Product Detection
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
    O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBKbackup.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 12692 bytes


    You have 2 Anti Virus programs running. I strongly suggest you remove McAfee Anti Virus and keep Microsoft Security Essentials. Use this tool to completely remove McAfee -------> http://www.appremover.com/

    The real-time protection of two antivirus programs may conflict with each other and cause the following:

    * False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    * Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
    * Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
    * Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.
    After you remove McAfee let us know how things are.

    Joe..
    Last edited by zep516; 01-31-2012 at 08:57 PM.

  3. #3
    Member
    Join Date
    Jan 2012
    Posts
    3
    Points
    0

    Default

    Thanks, removing Mcafee really boosted my computers performance. While troubleshooting I did'nt know I had both installed. However the same problem still persists. Google is completely blocked on this computer. I suspect now, it is a result of my registry cleaning and searching for malware.

  4. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    You're correct! Searching for Malware can lead you right to it, cleaning the registry is very risky indeed and may cause many more problems. I was hoping removing McAfee would resolve it. Because I'm currently in school for Malware Removal I can not pursue the matter. We are also down to 1 Expert here who at the moment as you can see is very busy. Would you like a link for another forum?, I think that's going to be best for you at this time.

    Lets try this before I send you off.

    Copy and paste the text in the code box below into Notepad.

    Code:
    @Echo on
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 1
    del %0
    Save as flush.bat to your desktop.
    Double-click flush.bat file to run it. Your computer will reboot.

    Note: For Windows Vista or Windows 7, right-click flush.bat and select "Run as Administrator".

    See if that helps.

    Next

    Clean out your temporary internet files and temp files.

    Download TFC by OldTimer http://oldtimer.geekstogo.com/TFC.exe to your desktop.

    Double-click TFC.exe to run it.

    Note: If you are running on Vista, right-click on the file and choose Run As Administrator

    TFC will close all programs when run, so make sure you have saved all your work before you begin.

    * Click the Start button to begin the cleaning process.
    * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
    * Please let TFC run uninterrupted until it is finished.

    Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

    One last thing if you use a router un-plug it for a while then replug it in.
    Last edited by zep516; 02-08-2012 at 05:53 PM.

  5. The Following User Says Thank You to zep516 For This Useful Post:


  6. #5
    Member
    Join Date
    Jan 2012
    Posts
    3
    Points
    0

    Default

    Thanks, I tried everything you suggested. I still had the problem. I bit the bullet, and restored from a previous full system image. I am back up and running. Thanks again for trying.

  7. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Most users don't have that option! I'm glad you're sorted out and running again.

    From all of us at the Help2Go team! You're welcome and happy surfing

    Joe.
    Last edited by zep516; 02-12-2012 at 11:41 AM.