Jump to content

SkipperB

Members
  • Posts

    23
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I think its working ok now still. WOW Can that Netcom3 be removed? I don't need it. Can I delete all the downloads I made(cccleaner, HTJ, MBAM etc)
  2. Ok - Seems fixed. NOthing really a problem. It's actually working much faster now. Can I try to log in to work or should I wait? Here is the NetCom3 cleaner zip. Thanks.. Shortcut_to_Netcom3_Cleaner.zip Shortcut_to_Netcom3_Cleaner.zip
  3. OK I rebooted and no pop-ups yet. here are my logs.. MBAM Malwarebytes' Anti-Malware 1.30 Database version: 1402 Windows 5.1.2600 Service Pack 2 11/16/2008 10:34:33 PM mbam-log-2008-11-16 (22-34-33).txt Scan type: Quick Scan Objects scanned: 102521 Time elapsed: 10 minute(s), 48 second(s) Memory Processes Infected: 4 Memory Modules Infected: 0 Registry Keys Infected: 11 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 15 Memory Processes Infected: C:\Program Files\WebMediaViewer\hpmom.exe (Trojan.Zlob) -> Unloaded process successfully. C:\Program Files\WebMediaViewer\hpmon.exe (Trojan.Zlob) -> Unloaded process successfully. C:\Program Files\WebMediaViewer\qttask.exe (Trojan.Zlob) -> Unloaded process successfully. C:\Program Files\WebMediaViewer\qttaskm.exe (Trojan.Zlob) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b385ee3-ee18-4c69-bf55-6b6b406ef591} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Alert Manager (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer add-on (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Toolbar (Trojan.Zlob) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vmware hptray (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\quicktime task (Trojan.Zlob) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\WebMediaViewer (Trojan.Zlob) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\WebMediaViewer\browseul.dll (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\hpmun.dll (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\browseu.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\hpmom.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\hpmon.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\hpmun.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\qttask.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\qttaskm.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\qttasku.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully. HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:42:38 PM, on 11/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\system32\RegSrvc.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\1XConfig.exe C:\WINDOWS\Explorer.EXE C:\Program Files\OpenVPN\bin\openvpn-gui.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe C:\Program Files\Microsoft Office Communicator\Communicator.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://*.crm (HKLM) O15 - ESC Trusted Zone: http://*.s2na1crmweb2 (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152129297172 O16 - DPF: {80017034-D4F8-410D-9B03-0E713C34CEAD} (Chart Object) - http://69.8.212.200/chartfx62/download/Cha...Client.Core.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://krmtest.webex.com/client/T26L/event/ieatgpc.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://remote.us.cision.com/dana-cached/se...perSetupSP1.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP O17 - HKLM\Software\..\Telephony: DomainName = na1.ad.group O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\Netcom3D.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 6077 bytes
  4. ok I updated this to 1402. Should I do it again now? OR delete those HJT things you just wrote?
  5. Here is the logs: Latest Malwarebytes' Anti-Malware 1.30 Database version: 1306 Windows 5.1.2600 Service Pack 2 11/16/2008 8:43:23 PM mbam-log-2008-11-16 (20-43-23).txt Scan type: Quick Scan Objects scanned: 98920 Time elapsed: 11 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) EARLIER TODAY: Files Infected: (No malicious items detected) Malwarebytes' Anti-Malware 1.30 Database version: 1306 Windows 5.1.2600 Service Pack 2 11/16/2008 3:42:14 PM mbam-log-2008-11-16 (15-42-14).txt Scan type: Full Scan (C:\|) Objects scanned: 128550 Time elapsed: 28 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) HJT - LATEST Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:53:32 PM, on 11/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\system32\RegSrvc.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\1XConfig.exe C:\Program Files\WebMediaViewer\qttask.exe C:\Program Files\WebMediaViewer\hpmon.exe C:\Program Files\OpenVPN\bin\openvpn-gui.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe C:\Program Files\Microsoft Office Communicator\Communicator.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\WebMediaViewer\qttaskm.exe C:\Program Files\WebMediaViewer\hpmom.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://*.crm (HKLM) O15 - ESC Trusted Zone: http://*.s2na1crmweb2 (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152129297172 O16 - DPF: {80017034-D4F8-410D-9B03-0E713C34CEAD} (Chart Object) - http://69.8.212.200/chartfx62/download/Cha...Client.Core.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://krmtest.webex.com/client/T26L/event/ieatgpc.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://remote.us.cision.com/dana-cached/se...perSetupSP1.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP O17 - HKLM\Software\..\Telephony: DomainName = na1.ad.group O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\Netcom3D.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 6828 bytes
  6. Here is the attachment ... WebMediaViewer.zip WebMediaViewer.zip
  7. IE works now but I got a huge error that says there is a virus that attacks .exe extensions Firefox doesn't say that. This is my work computer and I do login through a network. Trying to attach that folder. It's taking a long time.
  8. All of a sudden something called Powerful Virus Remover 2008 started to download and run on my screen. I canceled it but what happens if that happens again?
  9. Here is the new log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:10:43 PM, on 11/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\system32\RegSrvc.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\1XConfig.exe C:\Program Files\OpenVPN\bin\openvpn-gui.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\WebMediaViewer\qttaskm.exe C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe C:\Program Files\Microsoft Office Communicator\Communicator.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\WebMediaViewer\hpmom.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\WebMediaViewer\qttask.exe C:\Program Files\WebMediaViewer\hpmon.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://*.crm (HKLM) O15 - ESC Trusted Zone: http://*.s2na1crmweb2 (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152129297172 O16 - DPF: {80017034-D4F8-410D-9B03-0E713C34CEAD} (Chart Object) - http://69.8.212.200/chartfx62/download/Cha...Client.Core.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://krmtest.webex.com/client/T26L/event/ieatgpc.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://remote.us.cision.com/dana-cached/se...perSetupSP1.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP O17 - HKLM\Software\..\Telephony: DomainName = na1.ad.group O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\Netcom3D.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 6738 bytes
  10. Select all of these with HJT, and remove them. Then scan and post a fresh log. Let me know if your PC is surfing the web again as well please. ----------- What does that mean to (Select all of these with HJT and remove them)? I don't think I did that. I just did a system scan and logfile. I scanned HJT log below. I also have access to the web through Firefox only. I will do that other thing now that you said to do in your directions. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:39:32 PM, on 11/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\system32\RegSrvc.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\1XConfig.exe C:\Program Files\WebMediaViewer\qttask.exe C:\Program Files\WebMediaViewer\hpmon.exe C:\Program Files\OpenVPN\bin\openvpn-gui.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\WebMediaViewer\qttaskm.exe C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe C:\Program Files\Microsoft Office Communicator\Communicator.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\WebMediaViewer\hpmom.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://*.crm (HKLM) O15 - ESC Trusted Zone: http://*.s2na1crmweb2 (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152129297172 O16 - DPF: {80017034-D4F8-410D-9B03-0E713C34CEAD} (Chart Object) - http://69.8.212.200/chartfx62/download/Cha...Client.Core.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://krmtest.webex.com/client/T26L/event/ieatgpc.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://remote.us.cision.com/dana-cached/se...perSetupSP1.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP O17 - HKLM\Software\..\Telephony: DomainName = na1.ad.group O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\Netcom3D.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 7127 bytes
  11. Does that log help at all? Is this possible to fix? I just needed the Internet on Monday for work.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.