Jump to content
SkipperB

LOST IE after running MALWAREBYTES Anti malware

Recommended Posts

I had the VIRUSTRIGGER virus on my computer so I downloaded and ran MALWAREBYTES' Anti-malware. Everything looked better as the POP-ups have disappeared.

But now I cannot get online through IE. When I type www. google.com it redirects it to dnsmislead.com but a page never opens.

What do I do to get the Internet back? PLEASE HELP!!

Share this post


Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:43:51 AM, on 11/15/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\S24EvMon.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\WINDOWS\system32\RegSrvc.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\1XConfig.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\WebMediaViewer\qttask.exe

C:\Program Files\WebMediaViewer\hpmon.exe

C:\Program Files\OpenVPN\bin\openvpn-gui.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe

C:\Program Files\Microsoft Office Communicator\Communicator.exe

C:\Program Files\WebMediaViewer\qttaskm.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Netcom3 Cleaner\Netcom3D.exe

C:\Program Files\WebMediaViewer\hpmom.exe

C:\Program Files\McAfee\Common Framework\McScript_InUse.exe

C:\Documents and Settings\sarah.bernstein\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://*.crm (HKLM)

O15 - ESC Trusted Zone: http://*.s2na1crmweb2 (HKLM)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152129297172

O16 - DPF: {80017034-D4F8-410D-9B03-0E713C34CEAD} (Chart Object) - http://69.8.212.200/chartfx62/download/Cha...Client.Core.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://krmtest.webex.com/client/T26L/event/ieatgpc.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://remote.us.cision.com/dana-cached/se...perSetupSP1.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP

O17 - HKLM\Software\..\Telephony: DomainName = na1.ad.group

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\Netcom3D.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 7596 bytes

Malwarebytes' Anti-Malware 1.30

Database version: 1399

Windows 5.1.2600 Service Pack 2

11/14/2008 9:03:35 PM

mbam-log-2008-11-14 (21-03-35).txt

Scan type: Quick Scan

Objects scanned: 113988

Time elapsed: 26 minute(s), 1 second(s)

Memory Processes Infected: 3

Memory Modules Infected: 2

Registry Keys Infected: 20

Registry Values Infected: 7

Registry Data Items Infected: 14

Folders Infected: 3

Files Infected: 17

Memory Processes Infected:

C:\Program Files\VirusTriggerBin\VirusTriggerBin.exe (Rogue.VirusHeat) -> Unloaded process successfully.

C:\Program Files\tinyproxy\tinyproxy.exe (Trojan.Proxy) -> Unloaded process successfully.

C:\WINDOWS\system32\algg.exe (Trojan.Zlob) -> Unloaded process successfully.

Memory Modules Infected:

C:\WINDOWS\system32\512686\512686.dll (Trojan.BHO) -> Delete on reboot.

C:\WINDOWS\system32\wakjs.dll (Trojan.Zlob) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{257f6f44-2c64-46bb-acb4-55f9b9e0ae08} (Trojan.Zlob.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\z444.z444mgr (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\z444.z444mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{EE8A3F7B-E4AB-5C41-4926-3FAED82759F5} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{096cba44-4a4c-49f7-8903-1e75550abcb7} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{096cba44-4a4c-49f7-8903-1e75550abcb7} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\remote procedure call (rpc) (rpcss) (Trojan.Proxy) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\remote procedure call (rpc) (rpcss) (Trojan.Proxy) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\remote procedure call (rpc) (rpcss) (Trojan.Proxy) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\SpyClean (Rogue.SpyClean) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\virustriggerbin (Rogue.VirusTrigger) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{257f6f44-2c64-46bb-acb4-55f9b9e0ae08} (Trojan.Zlob.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\virustriggerbin (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysftray2 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wblogon (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:

C:\Program Files\VirusTriggerBin (Rogue.VirusTrigger) -> Quarantined and deleted successfully.

C:\Program Files\TinyProxy (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\512686 (Trojan.BHO) -> Delete on reboot.

Files Infected:

C:\WINDOWS\system32\wakjs.dll (Trojan.Zlob.H) -> Delete on reboot.

C:\Program Files\VirusTriggerBin\VirusTriggerBin.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\512686\512686.dll (Trojan.BHO) -> Delete on reboot.

C:\Program Files\TinyProxy\tinyproxy.exe (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\bolivar25.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\algg.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\sarah.bernstein\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\sarah.bernstein\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\sarah.bernstein\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\sarah.bernstein\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\sarah.bernstein\Local Settings\Temp\xrg3.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Desktop\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Desktop\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\sarah.bernstein\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites
Please help...still can't get on IE.

Is it just IE that's affected?

Share this post


Link to post
Share on other sites

Yes and also another security alert (networm-i.virus) keeps popping up now. when I type a web address into IE it changes to dnsmislead.com automatically.

Any help would be appreciated.

Share this post


Link to post
Share on other sites
Yes and also another security alert (networm-i.virus) keeps popping up now. when I type a web address into IE it changes to dnsmislead.com automatically.

Any help would be appreciated.

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.
I need you to follow the instructions provided here
first.
I also need for you to download this program
http://oldtimer.geekstogo.com/OTListIt.exe' rel="external nofollow">
to your desktop.
  • Close all applications and windows so that you have nothing open and are at your Desktop

  • Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.

  • Place a checkmark in the
    "Scan All Users"
    checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)

  • Click the Run Scan button

  • NOTE:
    Please be patient and let the scan run without using the computer

  • When the scan is complete, a text file (
    OTListIt.Txt
    ) will open in Notepad (if not, it can be found on your Desktop)

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.

  • Submit your reply and close the Notepad window with
    OTList.txt

  • Also OTListIt's
    Extras.txt
    log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.

  • NOTE:
    If the files (
    OTListIt.txt, Extras.txt
    ) do not appear in your taskbar, just open the files in notepad from your desktop.

Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.

Share this post


Link to post
Share on other sites
Is there anything I can do to get it back?

You can follow my instructions above Please. :blink: And we can go from there.

Share this post


Link to post
Share on other sites

OTListIt logfile created on: 11/15/2008 6:34:22 PM - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\sarah.bernstein\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.23 Mb Total Physical Memory | 77.14 Mb Available Physical Memory | 30.22% Memory free

1002.02 Mb Paging File | 686.07 Mb Available in Paging File | 68.47% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.88 Gb Total Space | 47.82 Gb Free Space | 85.57% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 976.13 Mb Total Space | 816.31 Mb Free Space | 83.63% Space Free | Partition Type: FAT

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: NH-LOAN-EAST01

Current User Name: sarah.bernstein

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2005/11/10 19:43:12 | 00,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

[2005/07/05 01:28:34 | 00,421,955 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe

[2005/12/19 09:08:42 | 00,018,944 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE

[2005/12/19 09:08:40 | 01,200,128 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE

[2008/09/14 21:00:48 | 00,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

[2005/11/23 11:45:10 | 00,159,744 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe

[2008/09/03 10:51:18 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe

[2006/11/30 09:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

[2008/09/03 10:51:20 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

[2006/11/30 09:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

[2005/07/05 01:26:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe

[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe

[2006/05/12 16:04:08 | 00,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe

[2004/08/04 07:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe

[2005/07/05 01:32:04 | 00,639,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe

[2005/11/10 19:43:12 | 00,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

[2005/07/05 01:26:36 | 00,389,186 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\1XConfig.exe

[2008/11/14 19:26:51 | 00,053,323 | ---- | M] () -- C:\Program Files\WebMediaViewer\qttask.exe

[2008/11/14 17:44:08 | 00,068,776 | ---- | M] () -- C:\Program Files\WebMediaViewer\hpmon.exe

[2005/04/21 11:46:50 | 00,098,816 | ---- | M] () -- C:\Program Files\OpenVPN\bin\openvpn-gui.exe

[2005/12/19 09:08:42 | 01,347,584 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE

[2005/06/27 08:31:14 | 00,135,168 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

[2008/09/03 10:51:20 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe

[2008/11/15 17:35:54 | 00,027,253 | ---- | M] () -- C:\Program Files\WebMediaViewer\qttaskm.exe

[2006/11/30 09:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

[2007/09/27 13:04:26 | 01,318,912 | ---- | M] ( ) -- C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe

[2008/11/15 17:36:04 | 00,027,791 | ---- | M] () -- C:\Program Files\WebMediaViewer\hpmom.exe

[2005/05/12 12:40:38 | 04,167,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe

[2008/09/03 10:51:18 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe

[2008/08/16 06:29:04 | 00,861,464 | ---- | M] () -- C:\Program Files\Netcom3 Cleaner\Netcom3D.exe

[2008/09/03 10:51:18 | 00,169,280 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McScript_InUse.exe

[2008/11/15 18:22:28 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sarah.bernstein\Desktop\OTListIt.exe

========== (O23) Win32 Services ==========

[2007/04/13 02:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2005/11/10 19:43:12 | 00,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])

[2007/04/13 02:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2008/09/14 21:00:48 | 00,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService [Auto | Running])

[2005/11/23 11:45:10 | 00,159,744 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap [Auto | Running])

[2008/09/03 10:51:18 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [unknown | Running])

[2006/11/30 09:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield [unknown | Running])

[2006/11/30 09:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager [unknown | Running])

[2008/08/16 06:29:04 | 00,861,464 | ---- | M] () -- C:\Program Files\Netcom3 Cleaner\Netcom3D.exe -- (Netcom3 [On_Demand | Running])

[2003/04/29 14:29:54 | 00,139,264 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])

[2005/02/20 19:52:28 | 00,014,336 | ---- | M] () -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService [On_Demand | Stopped])

[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2005/07/05 01:26:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc [Auto | Running])

[2005/07/05 01:28:34 | 00,421,955 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor [Auto | Running])

[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

[2006/05/12 16:04:08 | 00,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4 [Auto | Running])

[2005/12/19 09:08:42 | 00,018,944 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])

[2005/10/06 18:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS [On_Demand | Stopped])

========== Driver Services ==========

[2005/11/10 19:49:24 | 01,406,464 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

[2006/02/25 15:01:12 | 00,016,194 | ---- | M] (AMBIT Microsystems Corporation.) -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5 [On_Demand | Running])

[2005/04/05 16:38:32 | 00,132,352 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Running])

[2005/11/02 13:24:34 | 00,424,320 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Stopped])

[2008/09/14 20:43:28 | 00,023,552 | ---- | M] (Juniper Networks) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt [On_Demand | Running])

[2005/05/03 15:08:50 | 00,208,384 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])

[2005/05/03 15:09:28 | 01,033,728 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV [On_Demand | Running])

[2004/08/03 21:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped])

[2004/03/17 12:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

[2006/11/30 09:50:00 | 00,064,360 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])

[2006/11/30 09:50:00 | 00,072,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])

[2006/11/30 09:50:00 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])

[2006/11/30 09:50:00 | 00,168,776 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])

[2006/11/30 09:50:00 | 00,031,944 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk [system | Running])

[2006/11/30 09:50:00 | 00,052,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik [system | Running])

[2002/11/22 20:01:26 | 00,020,096 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])

[2006/03/23 00:27:10 | 00,488,992 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\wg511nd5.sys -- (NETGEAR_WG511_SERVICE [On_Demand | Running])

[2005/11/23 11:43:56 | 00,018,688 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [system | Running])

[2005/04/21 21:58:38 | 00,092,550 | ---- | M] (O2Micro) -- C:\WINDOWS\system32\drivers\ozscr.sys -- (OZSCR [On_Demand | Running])

[2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2005/06/17 07:15:26 | 00,010,970 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])

[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2004/11/15 15:37:52 | 00,264,440 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97 [On_Demand | Running])

[2004/06/24 03:54:12 | 00,023,552 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801 [On_Demand | Running])

[2005/07/26 16:36:50 | 00,662,400 | ---- | M] (Intel

Share this post


Link to post
Share on other sites

Here are the OTListItLOg and Extras.... The Spybot won't install on my computer so I can't run that.

OTListIt Extras logfile created on: 11/15/2008 6:34:22 PM - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\sarah.bernstein\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.23 Mb Total Physical Memory | 77.14 Mb Available Physical Memory | 30.22% Memory free

1002.02 Mb Paging File | 686.07 Mb Available in Paging File | 68.47% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.88 Gb Total Space | 47.82 Gb Free Space | 85.57% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 976.13 Mb Total Space | 816.31 Mb Free Space | 83.63% Space Free | Partition Type: FAT

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: NH-LOAN-EAST01

Current User Name: sarah.bernstein

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008/09/03 10:51:18 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service

[2006/09/15 00:21:24 | 00,249,924 | ---- | M] () -- C:\Documents and Settings\chris.fournier\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:dsTermServ Module

[2008/05/30 15:30:16 | 06,189,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007

[2005/05/12 12:40:38 | 04,167,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Communicator

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008/05/30 15:30:16 | 06,189,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007

[2008/09/14 21:23:20 | 00,132,480 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\sarah.bernstein\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Disabled:Juniper Terminal Services Client

[2005/05/12 12:40:38 | 04,167,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Disabled:Microsoft Office Communicator 2005

[2008/09/03 10:51:18 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service

File not found -- C:\Program Files\tinyproxy\tinyproxy.exe:*:Enabled:tinyproxy

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{14DC6BDC-5370-4D52-AAE9-6F831E8CE785}" = Microsoft Conferencing Add-in for Microsoft Office Outlook

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise

"{5E994A95-9388-4D10-8E68-54B8CBF894D3}" = Microsoft Application Error Reporting

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio

"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0

"{b697396d-4bff-430d-9578-8aa5a549777a}" = Intel® PROSet

"{BE5AD430-9E0C-4243-AB3F-593835869855}" = Microsoft Office Communicator 2005

"{C2DA1CDC-EF9D-4B7C-91F8-710B17AD44A7}" = Microsoft Office Live Meeting 2007

"{C9D20484-D3CC-4CD2-B1ED-B72A9CEFD45D}" = NETGEAR 108 Mbps Wireless PC Card WG511T

"{CA7BE522-8026-4E85-A432-1C9EB6BCFC00}" = Microsoft CRM desktop client for Microsoft Office Outlook

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{DA56C01D-C70A-401D-ABE2-7188B9FF161F}" = Microsoft Office Live Meeting 2005

"ActiveTouchMeetingClient" = WebEx

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"ATI Display Driver" = ATI Display Driver

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"Browser Toolbar" = Browser Toolbar

"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem

"EB88B6218325D2AB47CFFBF7170236B60A6198FF" = Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)

"eTIMEsheet" = eTIMEsheet

"HijackThis" = HijackThis 2.0.2

"IExplorer add-on" = IExplorer add-on

"Juniper Network Connect 5.3.0" = Juniper Networks Network Connect 5.3.0

"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0

"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"MSNINST" = MSN

"Netcom3 Cleaner_is1" = Netcom3 Cleaner 2.0

"Online Alert Manager" = Online Alert Manager

"OpenVPN" = OpenVPN 2.0-gui-1.0

"PAL" = PAL

"RealVNC_is1" = VNC Free Edition 4.1.2

"ST5UNST #1" = Onyx Customer Center

"VfP Setup" = VfP Setup

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"WinZip" = WinZip

"WMCSetup" = Windows Media Connect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Juniper_Term_Services" = Juniper Terminal Services Client

"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1645522239-630328440-682003330-11182\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Juniper_Term_Services" = Juniper Terminal Services Client

"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 10/27/2008 3:09:30 PM | Computer Name = NH-LOAN-EAST01 | Source = Userenv | ID = 1085

Description = The Group Policy client-side extension Security failed to execute.

Please look for any errors reported earlier by that extension.

Error - 10/27/2008 5:01:59 PM | Computer Name = NH-LOAN-EAST01 | Source = Userenv | ID = 1085

Description = The Group Policy client-side extension Security failed to execute.

Please look for any errors reported earlier by that extension.

Error - 10/29/2008 10:21:18 AM | Computer Name = NH-LOAN-EAST01 | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

Error - 10/29/2008 10:21:20 AM | Computer Name = NH-LOAN-EAST01 | Source = UserInit | ID = 1000

Description = Could not execute the following script update_localadmingroup.vbs.

The system cannot find the file specified. .

Error - 10/29/2008 10:21:20 AM | Computer Name = NH-LOAN-EAST01 | Source = UserInit | ID = 1000

Description = Could not execute the following script cision-registered.vbs. The

system cannot find the file specified. .

Error - 10/29/2008 10:21:21 AM | Computer Name = NH-LOAN-EAST01 | Source = UserInit | ID = 1000

Description = Could not execute the following script printer-eventlog.vbs. The system

cannot find the file specified. .

Error - 10/29/2008 10:21:21 AM | Computer Name = NH-LOAN-EAST01 | Source = UserInit | ID = 1000

Description = Could not execute the following script vnc-inst.vbs. The system cannot

find the file specified. .

Error - 10/29/2008 10:21:21 AM | Computer Name = NH-LOAN-EAST01 | Source = UserInit | ID = 1000

Description = Could not execute the following script procomm_cacls.bat. The system

cannot find the file specified. .

Error - 10/29/2008 10:21:21 AM | Computer Name = NH-LOAN-EAST01 | Source = UserInit | ID = 1000

Description = Could not execute the following script vnc-password-client.vbs. The

system cannot find the file specified. .

Error - 10/29/2008 10:21:21 AM | Computer Name = NH-LOAN-EAST01 | Source = UserInit | ID = 1000

Description = Could not execute the following script dell-autoon.vbs. The system

cannot find the file specified. .

[ System Events ]

Error - 11/3/2008 9:27:51 AM | Computer Name = NH-LOAN-EAST01 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 29 minutes. NtpClient has no source of accurate

time.

Error - 11/3/2008 9:57:51 AM | Computer Name = NH-LOAN-EAST01 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 59 minutes. NtpClient has no source of accurate

time.

Error - 11/3/2008 10:01:29 AM | Computer Name = NH-LOAN-EAST01 | Source = Dhcp | ID = 1002

Description = The IP address lease 10.12.210.111 for the Network Card with network

address 00FF68DDA281 has been denied by the DHCP server 10.200.200.200 (The DHCP

Server sent a DHCPNACK message).

Error - 11/5/2008 10:51:13 AM | Computer Name = NH-LOAN-EAST01 | Source = NETLOGON | ID = 5719

Description = No Domain Controller is available for domain NA1 due to the following:

%%1311. Make sure that the computer is connected to the network and try again. If

the problem persists, please contact your domain administrator.

Error - 11/5/2008 10:53:55 AM | Computer Name = NH-LOAN-EAST01 | Source = Service Control Manager | ID = 7000

Description = The Netgear Wireless Domain Login Service service failed to start

due to the following error: %%2

Error - 11/5/2008 10:54:50 AM | Computer Name = NH-LOAN-EAST01 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

Error - 11/5/2008 10:56:27 AM | Computer Name = NH-LOAN-EAST01 | Source = Dhcp | ID = 1002

Description = The IP address lease 10.12.210.104 for the Network Card with network

address 00FF68ADA281 has been denied by the DHCP server 10.200.200.200 (The DHCP

Server sent a DHCPNACK message).

Error - 11/7/2008 10:19:30 AM | Computer Name = NH-LOAN-EAST01 | Source = NETLOGON | ID = 5719

Description = No Domain Controller is available for domain NA1 due to the following:

%%1311. Make sure that the computer is connected to the network and try again. If

the problem persists, please contact your domain administrator.

Error - 11/7/2008 10:21:53 AM | Computer Name = NH-LOAN-EAST01 | Source = Service Control Manager | ID = 7000

Description = The Netgear Wireless Domain Login Service service failed to start

due to the following error: %%2

Error - 11/7/2008 10:23:07 AM | Computer Name = NH-LOAN-EAST01 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

< End of report >

Share this post


Link to post
Share on other sites

Please download hijackthis v2.0.2, rename it to skippyb.exe, and try running it. If it does come online, please scan and save a logfile. And post it here. Thanks!

You have a slight BHO, trojan/downloader family present according to the logs you've already provided. Let's see if we can't get you cleaned up.

Share this post


Link to post
Share on other sites

here it is the hijack log. Hope this helps.

Thanks - -

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:51:30 PM, on 11/15/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\S24EvMon.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\WINDOWS\system32\RegSrvc.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\1XConfig.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\WebMediaViewer\qttask.exe

C:\Program Files\WebMediaViewer\hpmon.exe

C:\Program Files\OpenVPN\bin\openvpn-gui.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\WebMediaViewer\qttaskm.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\WebMediaViewer\hpmom.exe

C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe

C:\Program Files\Microsoft Office Communicator\Communicator.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe

C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\McAfee\Common Framework\McScript_InUse.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://*.crm (HKLM)

O15 - ESC Trusted Zone: http://*.s2na1crmweb2 (HKLM)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152129297172

O16 - DPF: {80017034-D4F8-410D-9B03-0E713C34CEAD} (Chart Object) - http://69.8.212.200/chartfx62/download/Cha...Client.Core.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://krmtest.webex.com/client/T26L/event/ieatgpc.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://remote.us.cision.com/dana-cached/se...perSetupSP1.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP

O17 - HKLM\Software\..\Telephony: DomainName = na1.ad.group

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\Netcom3D.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 7528 bytes

Share this post


Link to post
Share on other sites

Calm down fella. :blink:

I haven't forgotten about ya.

Select all of these with HJT, and remove them. Then scan and post a fresh log. Let me know if your PC is surfing the web again as well please.

I also want you to go ahead and follow these instructions too please.

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html' rel="external nofollow">
  • Avira AntiVir Rescue System
    Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to:


repair a damaged system,

rescue data,

scan the system for virus infections.


Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer.
The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available.

Share this post


Link to post
Share on other sites

Select all of these with HJT, and remove them. Then scan and post a fresh log. Let me know if your PC is surfing the web again as well please.

-----------

What does that mean to (Select all of these with HJT and remove them)? I don't think I did that. I just did a system scan and logfile.

I scanned HJT log below. I also have access to the web through Firefox only.

I will do that other thing now that you said to do in your directions.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:39:32 PM, on 11/16/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\S24EvMon.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\WINDOWS\system32\RegSrvc.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\1XConfig.exe

C:\Program Files\WebMediaViewer\qttask.exe

C:\Program Files\WebMediaViewer\hpmon.exe

C:\Program Files\OpenVPN\bin\openvpn-gui.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\WebMediaViewer\qttaskm.exe

C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe

C:\Program Files\Microsoft Office Communicator\Communicator.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\WebMediaViewer\hpmom.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://*.crm (HKLM)

O15 - ESC Trusted Zone: http://*.s2na1crmweb2 (HKLM)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152129297172

O16 - DPF: {80017034-D4F8-410D-9B03-0E713C34CEAD} (Chart Object) - http://69.8.212.200/chartfx62/download/Cha...Client.Core.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://krmtest.webex.com/client/T26L/event/ieatgpc.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://remote.us.cision.com/dana-cached/se...perSetupSP1.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP

O17 - HKLM\Software\..\Telephony: DomainName = na1.ad.group

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\Netcom3D.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 7127 bytes

Share this post


Link to post
Share on other sites

1. Make sure Internet Explorer is not open and is not showing in taskmanager.

2. Open a console prompt. Start>>run>>cmd.exe <enter>

3. Type the following NET STOP NetCom3 Service <enter>

4. Now, open hijackthis, select scan, place a check beside the following entries and click Fix. Answer yes to any questions asked,

and reboot if asked to do so.

5. Post a fresh hijackthis log and we'll go from there.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090

O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll

O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll

O4 - HKCU\..\Run: [spyClean] C:\Program Files\Netcom3 Cleaner\netcom3.exe

O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] C:\Program Files\WebMediaViewer\qttask.exe

O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] C:\Program Files\WebMediaViewer\hpmon.exe

O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)

O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\Netcom3D.exe

Share this post


Link to post
Share on other sites

Here is the new log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:10:43 PM, on 11/16/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\S24EvMon.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\WINDOWS\system32\RegSrvc.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\1XConfig.exe

C:\Program Files\OpenVPN\bin\openvpn-gui.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\WebMediaViewer\qttaskm.exe

C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe

C:\Program Files\Microsoft Office Communicator\Communicator.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\WebMediaViewer\hpmom.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\WebMediaViewer\qttask.exe

C:\Program Files\WebMediaViewer\hpmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://*.crm (HKLM)

O15 - ESC Trusted Zone: http://*.s2na1crmweb2 (HKLM)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152129297172

O16 - DPF: {80017034-D4F8-410D-9B03-0E713C34CEAD} (Chart Object) - http://69.8.212.200/chartfx62/download/Cha...Client.Core.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://krmtest.webex.com/client/T26L/event/ieatgpc.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://remote.us.cision.com/dana-cached/se...perSetupSP1.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP

O17 - HKLM\Software\..\Telephony: DomainName = na1.ad.group

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = NA1.AD.GROUP

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\Netcom3D.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 6738 bytes

Share this post


Link to post
Share on other sites

All of a sudden something called Powerful Virus Remover 2008 started to download and run on my screen. I canceled it but what happens if that happens again?

Share this post


Link to post
Share on other sites

WebmediaViewer is still present on your PC. You can surf with firefox, but not IE right?

I really need you to do everything that I ask.

If possible, please zip the following folder and attach it to this thread:

C:\program files\webmediaviewer

Is this computer part of some sort of corporate network? I need to know this before I have you make any network changes....

Share this post


Link to post
Share on other sites

IE works now but I got a huge error that says there is a virus that attacks .exe extensions

Firefox doesn't say that.

This is my work computer and I do login through a network.

Trying to attach that folder. It's taking a long time.

Share this post


Link to post
Share on other sites
Here is the attachment ...

Okay, give me a bit of time...

Any other computers on the network doing the same thing, or just yours?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.