Jump to content

oconnell565

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Could be nothing or only temporary, but PC seems a little faster at the moment. FRST fix log is attached. Took forever to complete chkdsk. Details are here: Log Name: Application Source: Microsoft-Windows-Wininit Date: 8/24/2015 1:00:37 PM Event ID: 1001 Task Category: None Level: Information Keywords: Classic User: N/A Computer: Ravenclaw Description: Checking file system on C: The type of the file system is NTFS. Volume label is Gateway. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 401152 file records processed. File verification completed. 1218 large file records processed. 0 bad file records processed. 0 EA records processed. 110 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 521796 index entries processed. Index verification completed. CHKDSK is scanning unindexed files for reconnect to their original directory. 1 unindexed files scanned. Recovering orphaned file carboniteservice_V5.7.4390_Ee0000102_A000007FEFD24B3DD_T1437254944.dmp (92) into directory file 133414. There is no DOS file name attribute in file 0x5c. Correcting minor file name errors in file 92. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 401152 file SDs/SIDs processed. Cleaning up 243 unused index entries from index $SII of file 0x9. Cleaning up 243 unused index entries from index $SDH of file 0x9. Cleaning up 243 unused security descriptors. Security descriptor verification completed. 60323 data files processed. CHKDSK is verifying Usn Journal... 37668184 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... Read failure with status 0xc00000b5 at offset 0x94cc3c4000 for 0xc000 bytes. Read failure with status 0xc00000b5 at offset 0x8c2b060000 for 0x10000 bytes. Read failure with status 0xc00000b5 at offset 0x7b40e28000 for 0x10000 bytes. Read failure with status 0xc00000b5 at offset 0x7b40e2a000 for 0x1000 bytes. Read failure with status 0xc00000b5 at offset 0x7b40bd8000 for 0x10000 bytes. Read failure with status 0xc00000b5 at offset 0x7b40e2b000 for 0x10000 bytes. Windows replaced bad clusters in file 78291 of name \Users\Mike\AppData\Local\MICROS~1\Windows\WebCache.old\WEBCAC~1.DAT. Read failure with status 0xc00000b5 at offset 0x73750d4000 for 0x10000 bytes. Read failure with status 0xc00000b5 at offset 0x73750e2000 for 0x1000 bytes. Windows replaced bad clusters in file 116432 of name \Windows\winsxs\AMD27E~1.227\mstscax.dll. Read failure with status 0xc00000b5 at offset 0x7700af4000 for 0x10000 bytes. Read failure with status 0xc00000b5 at offset 0x7700afe000 for 0x1000 bytes. Read failure with status 0xc00000b5 at offset 0x7700bcf000 for 0x10000 bytes. Read failure with status 0xc00000b5 at offset 0x7700bd9000 for 0x1000 bytes. Windows replaced bad clusters in file 121503 of name \PROGRA~1\MICROS~2\root\vfs\PROGRA~3\MICROS~1\Office15\APPVIS~2.DLL. Read failure with status 0xc00000b5 at offset 0x8393a7d000 for 0x10000 bytes. Read failure with status 0xc00000b5 at offset 0x8393a85000 for 0x1000 bytes. Read failure with status 0xc00000b5 at offset 0x8393a86000 for 0x10000 bytes. Read failure with status 0xc00000b5 at offset 0x8393a8a000 for 0x1000 bytes. Read failure with status 0xc00000b5 at offset 0x8393a86000 for 0x4000 bytes. Windows replaced bad clusters in file 336332 of name \Windows\MICROS~1.NET\assembly\GAC_MSIL\UIAUTO~1\V40_40~1.0__\UIAUTO~1.DLL. 401136 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 98409819 free clusters processed. Free space verification is complete. Adding 34 bad clusters to the Bad Clusters File. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. CHKDSK discovered free space marked as allocated in the volume bitmap. Windows has made corrections to the file system. 961977343 KB total disk space. 567636368 KB in 298223 files. 166184 KB in 60324 indexes. 136 KB in bad sectors. 535491 KB in use by the system. 65536 KB occupied by the log file. 393639164 KB available on disk. 4096 bytes in each allocation unit. 240494335 total allocation units on disk. 98409791 allocation units available on disk. Internal Info: 00 1f 06 00 9f 78 05 00 fa 70 09 00 00 00 00 00 .....x...p...... b4 4e 00 00 6e 00 00 00 00 00 00 00 00 00 00 00 .N..n........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" /> <EventID Qualifiers="16384">1001</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2015-08-24T20:00:37.000000000Z" /> <EventRecordID>108578</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>Ravenclaw</Computer> <Security /> </System> <EventData> <Data> Checking file system on C: The type of the file system is NTFS. Volume label is Gateway. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 401152 file records processed. File verification completed. 1218 large file records processed. 0 bad file records processed. 0 EA records processed. 110 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 521796 index entries processed. Index verification completed. CHKDSK is scanning unindexed files for reconnect to their original directory. 1 unindexed files scanned. Recovering orphaned file carboniteservice_V5.7.4390_Ee0000102_A000007FEFD24B3DD_T1437254944.dmp (92) into directory file 133414. There is no DOS file name attribute in file 0x5c. Correcting minor file name errors in file 92. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 401152 file SDs/SIDs processed. Cleaning up 243 unused index entries from index $SII of file 0x9. Cleaning up 243 unused index entries from index $SDH of file 0x9. Cleaning up 243 unused security descriptors. Security descriptor verification completed. 60323 data files processed. CHKDSK is verifying Usn Journal... 37668184 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... Read failure with status 0xc00000b5 at offset 0x94cc3c4000 for 0xc000 bytes. Read failure with status 0xc00000b5 at offset 0x8c2b060000 for 0x10000 bytes. Read failure with status 0xc00000b5 at offset 0x7b40e28000 for 0x10000 bytes. Read failure with status 0xc00000b5 at offset 0x7b40e2a000 for 0x1000 bytes. Read failure with status 0xc00000b5 at offset 0x7b40bd8000 for 0x10000 bytes. Read failure with status 0xc00000b5 at offset 0x7b40e2b000 for 0x10000 bytes. Windows replaced bad clusters in file 78291 of name \Users\Mike\AppData\Local\MICROS~1\Windows\WebCache.old\WEBCAC~1.DAT. Read failure with status 0xc00000b5 at offset 0x73750d4000 for 0x10000 bytes. Read failure with status 0xc00000b5 at offset 0x73750e2000 for 0x1000 bytes. Windows replaced bad clusters in file 116432 of name \Windows\winsxs\AMD27E~1.227\mstscax.dll. Read failure with status 0xc00000b5 at offset 0x7700af4000 for 0x10000 bytes. Read failure with status 0xc00000b5 at offset 0x7700afe000 for 0x1000 bytes. Read failure with status 0xc00000b5 at offset 0x7700bcf000 for 0x10000 bytes. Read failure with status 0xc00000b5 at offset 0x7700bd9000 for 0x1000 bytes. Windows replaced bad clusters in file 121503 of name \PROGRA~1\MICROS~2\root\vfs\PROGRA~3\MICROS~1\Office15\APPVIS~2.DLL. Read failure with status 0xc00000b5 at offset 0x8393a7d000 for 0x10000 bytes. Read failure with status 0xc00000b5 at offset 0x8393a85000 for 0x1000 bytes. Read failure with status 0xc00000b5 at offset 0x8393a86000 for 0x10000 bytes. Read failure with status 0xc00000b5 at offset 0x8393a8a000 for 0x1000 bytes. Read failure with status 0xc00000b5 at offset 0x8393a86000 for 0x4000 bytes. Windows replaced bad clusters in file 336332 of name \Windows\MICROS~1.NET\assembly\GAC_MSIL\UIAUTO~1\V40_40~1.0__\UIAUTO~1.DLL. 401136 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 98409819 free clusters processed. Free space verification is complete. Adding 34 bad clusters to the Bad Clusters File. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. CHKDSK discovered free space marked as allocated in the volume bitmap. Windows has made corrections to the file system. 961977343 KB total disk space. 567636368 KB in 298223 files. 166184 KB in 60324 indexes. 136 KB in bad sectors. 535491 KB in use by the system. 65536 KB occupied by the log file. 393639164 KB available on disk. 4096 bytes in each allocation unit. 240494335 total allocation units on disk. 98409791 allocation units available on disk. Internal Info: 00 1f 06 00 9f 78 05 00 fa 70 09 00 00 00 00 00 .....x...p...... b4 4e 00 00 6e 00 00 00 00 00 00 00 00 00 00 00 .N..n........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts. </Data> </EventData> </Event> Fixlog.txt
  2. Not noticeably different. Zoek scan (with anti-virus off) never completed. Last message was "Create Backups".
  3. Ran Zoek, but forgot to disable anti-virus. Took a couple hours and the results are attached. Disabled anti-virus, as I should have originally, and ran again. Been running for about 16 hours and not done. Status messages are here: ---------- Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Mike on Fri 08/21/2015 at 17:36:16.17. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Mike\Desktop\zoek.exe [scan all users] [script inserted] ===== Runcheck 17:40:24.39 ===== --- Create Environment Variables 17:40:30.92 --- Create System Restore Point 17:46:16.43 --- Checking Input 17:46:42.66 --- AU AppData Check 17:47:28.30 --- Remove From Windows Installer 17:47:47.99 --- Empty Folders Check 17:56:18.87 --- Registry HKLM Software Check 17:56:18.95 --- Quick Launch Shortcut Check 17:57:03.77 --- IE Startpage Check 17:57:45.46 --- Program Files DB Check 18:01:39.25 --- C:\Users\Default\AppData\Roaming DB Check 18:05:24.34 --- C:\Users\Default User\AppData\Roaming DB Check 18:05:24.34 --- C:\Users\Jason\AppData\Roaming DB Check 18:05:24.34 --- C:\Users\Jordan\AppData\Roaming DB Check 18:05:24.34 --- C:\Users\Matt\AppData\Roaming DB Check 18:05:24.34 --- C:\Users\Mike\AppData\Roaming DB Check 18:05:24.34 --- C:\Users\Terri\AppData\Roaming DB Check 18:05:24.34 --- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 18:05:24.34 --- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 18:05:24.34 --- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 18:05:24.34 --- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 18:05:24.34 --- C:\Users\Mike DB Check 18:21:37.53 --- C:\PROGRA~3 DB Check 18:30:56.66 --- C:\Users\Default\AppData\Local DB Check 18:34:42.97 --- C:\Users\Default User\AppData\Local DB Check 18:34:42.97 --- C:\Users\hedev\AppData\Local DB Check 18:34:42.97 --- C:\Users\Jason\AppData\Local DB Check 18:34:42.97 --- C:\Users\Jordan\AppData\Local DB Check 18:34:42.97 --- C:\Users\Matt\AppData\Local DB Check 18:34:42.97 --- C:\Users\Mike\AppData\Local DB Check 18:34:42.97 --- C:\Users\Public\AppData\Local DB Check 18:34:42.97 --- C:\Users\Terri\AppData\Local DB Check 18:34:42.97 --- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 18:34:42.97 --- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 18:34:42.97 --- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 18:34:42.97 --- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 18:34:42.97 --- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 18:49:36.85 --- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 18:50:29.88 --- Tasks DB Check 18:51:03.79 --- Downloads DB Check 18:51:25.25 --- C:\Users\Jason\AppData\LocalLow DB Check 18:51:55.47 --- C:\Users\Jordan\AppData\LocalLow DB Check 18:51:55.47 --- C:\Users\Matt\AppData\LocalLow DB Check 18:51:55.47 --- C:\Users\Mike\AppData\LocalLow DB Check 18:51:55.47 --- C:\Users\Terri\AppData\LocalLow DB Check 18:51:55.47 --- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 18:51:55.47 --- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 18:51:55.47 --- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 18:51:55.47 --- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 18:51:55.47 --- Tasks2 DB Check 18:59:58.49 --- Documents DB Check 19:02:25.99 --- C:\Users\Public\Desktop DB Check 19:03:30.10 --- C:\Users\Mike\Desktop DB Check 19:04:24.10 --- Services DB Check 19:05:12.12 --- FF prefs.js DB Check 19:11:19.96 --- Del by CLSID 19:12:14.79 --- Delete Services 19:16:59.68 --- Batch Commands 19:17:42.28 --- Firefox Extensions 19:18:01.32 --- Chrome Look 19:18:22.95 --- Create Backups 19:34:52.64 zoek-results.log zoek-results.txt
  4. My computer is incredibly slow almost all the time. Occasionally it operates as I would expect, but I can't find any specific reason. Not sure if there is a hardware issue involved. Launching applications can take 5 minutes. MS Office applications (2013) are particularly bad. Changing message in Outlook can easily cause it to be nonresponsive. A restart can take 10-15 minutes to get back to login screen. Malwarebytes' Threat Scan took almost 14 hrs. Scan logs are attached. Any help is appreciated. mbam.txt FRST.txt Addition.txt
  5. Update. Even with clean scans, Google searches continue to get hijacked. Now, new browser windows are opening. Connection settings have remained with no proxy required, but behavior remains.
  6. Sorry. The previously posted HijackThis log looked incomplete. I'm uploading an update. hijackthis.txt
  7. I'm dealing with a particularly nasty infection on my laptop. It started with "Antivir Solution Pro" giving alerts and pushing me to buy. I moved right away to scan with Malwarebytes, but I was prevented from running any application. A dialog came up telling me that that application was infected. I couldn't even start Task Manager. I managed to run a scan by logging off, turning off wireless, logging in as a different user, and immediately launching Malwarebytes. The scan found a number of infections. I removed most of them right away. The remainder were removed after reboot. A follow-up scan showed I was clean. After internet access was restored, the same behavior started again. I had an IE browser redirected to a porn site and knew there was still something going on. It set my Internet Options to use a proxy server. A run with (the real) Avira AntiVir Personal found another batch. They consist mostly of Trojans, Downloaders, Droppers, and FakeAlerts, but Avira found a couple of Worms and others. I'm attaching a couple of Malawarebytes logs and an Avira log. Also, a HijackThis log from after a clean scan by Malwarebytes. Any help would be appreciated. Thanks. mbam_log_2010_07_14__18_41_38_.txt mbam_log_2010_07_16__16_16_48_.txt AviraEvents.txt hijackthis.txt
  8. I followed your instructions. Here is the log from running ESET: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.5863 # api_version=3.0.2 # EOSSerial=78e615b816967c4fb659de4401740821 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-05-27 12:34:24 # local_time=2009-05-26 05:34:24 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1797 37 100 100 31297031250 # scanned=156091 # found=1 # cleaned=1 # scan_time=2222 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACubhkopfxdcvabfv.dll.vir a variant of Win32/Kryptik.PS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 Here is the most recent HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:48:25 PM, on 5/26/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Documents and Settings\Mike\Desktop\HJT\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: iWebshot - {BD01C2B8-8826-4131-8D90-3E948F002E5A} - C:\Program Files\iWebshot\iwsieext.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [uVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Capture with iWebshot - res://C:\Program Files\iWebshot\iwsieext.dll/StartIWS.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {76C93E2E-C6D9-4938-A42C-A51384854E74} - C:\Program Files\iWebshot\iwsieext.dll O9 - Extra 'Tools' menuitem: iWebshot - {76C93E2E-C6D9-4938-A42C-A51384854E74} - C:\Program Files\iWebshot\iwsieext.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.trendsecure.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...20Installer.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/141p/html/gtdownlr.cab O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146790903687 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179888048625 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing) -- End of file - 10647 bytes I download Process Monitor. So far, no indication of "rogue" IE instances. ------------------------------------------------------------------------------------------------
  9. Sorry, here are the logs. iexplore_exe_parent.txt iexplore_exe_child.txt iexplore_exe_parent.txt iexplore_exe_child.txt
  10. Thanks, negster22. I got rid of McAfee and loaded Antivir. I have used webwatcher (kid was looking at porn), but it's no longer needed. I'd appreciate instructions on getting rid of remnants. I haven't been able to catch IE running hidden. Attached are 2 logs from Process Explorer for IE that I launched myself. One is for a child process and the other is for its parent. Thanks, again.
  11. Thanks for the reply. After browsing your site last night, I actually performed some of these steps. I've repeated them per your email. The attachment combofix1.txt was from last night. You'll see that a number of items were found and deleted. However, I'm still having some problems with anti-virus startup (no icons shows in the taskbar) and with iexplorer.exe processes running even when no browser window is open. The attachment combofix1.txt was from last night. Combofix2.txt, ARK.txt and hijackthis.txt are from today based on your instructions. Again, I appreciate your help. ComboFix1.txt ComboFix2.txt ARK.txt hijackthis.txt ComboFix1.txt ComboFix2.txt ARK.txt hijackthis.txt
  12. Logfile of HijackThis v1.99.1 Scan saved at 5:25:20 PM, on 5/22/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Documents and Settings\Mike\Desktop\stinger1001546.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Mike\Desktop\HJT\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: iWebshot - {BD01C2B8-8826-4131-8D90-3E948F002E5A} - C:\Program Files\iWebshot\iwsieext.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe O4 - HKLM\..\Run: [uVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Capture with iWebshot - res://C:\Program Files\iWebshot\iwsieext.dll/StartIWS.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {76C93E2E-C6D9-4938-A42C-A51384854E74} - C:\Program Files\iWebshot\iwsieext.dll O9 - Extra 'Tools' menuitem: iWebshot - {76C93E2E-C6D9-4938-A42C-A51384854E74} - C:\Program Files\iWebshot\iwsieext.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International O15 - Trusted Zone: http://www.trendsecure.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...20Installer.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/141p/html/gtdownlr.cab O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146790903687 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179888048625 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: shellservice - {8FB2D6CA-E258-48CF-9DAB-EEFB735E225C} - C:\WINDOWS\system32\config\atww\ShellService.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing) O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.