Solved

NAVCANCL AND IEFRAME.DLL ERROR

Posted on 2013-11-19
15
5,196 Views
Last Modified: 2016-10-28
Can someone please help me?  I constantly get a pop up on my Sony Vaio Windows 7 laptop.   The popup says:

File download - Security Warning at the top, then it says in the body

Do you want to save this file, or find a program online to open it?

Name:  navcancl

Type:  unknown file type, 2.64 kb
 
From: ieframe.dll

underneath this is ask
 
Find    Save  or  Cancel


When I select cancel it disappears.  

I have been trying to fix this for months and it is extremely aggravating.  

I have tried tons of different registry cleaners, antivirus products, etc and nothing will clear this up.  

The only general feed back is that this is related to Internet Explorer or Windows Update files and is a DLL error...

If anyone could assist me, I would be extremely grateful.  Thank you very much!
0
Comment
Question by:cyberrazor
  • 6
  • 4
  • 2
  • +1
15 Comments
 
LVL 61

Expert Comment

by:btan
Comment Utility
I saw that there is MS kb stating to this error but is when you try to open IE7

http://support.microsoft.com/kb/937409
http://msmvps.com/blogs/spywaresucks/archive/2007/05/13/901373.aspx

It is pertaining to the ieframe.dll DLL file, then it should be related (closely) to Internet Explorer. Do not, under any circumstances, download the ieframe.dll DLL file individually from any "DLL download site."

As mentioned above, there maybe many reasons such as
- One of your installed add-ons might be causing the ieframe.dll issue. Selectively disabling them will show you which one, if any, is causing problems.
- the Temporary Internet Files folder in Internet Explorer has been moved from its original location, plus both Protected Mode and the Phishing Filter are enabled, the ieframe.dll error will occur.

I was wondering if there is a navcancl.htm page which is effectively Navigation Cancelled. Add on in the IE in this case may trigger the error and disabling all add-on including toolbars to check if it helps

But if we go more paranoid, it can also likely be those spyware as well or non compatible security s/w installed (intentional or non-intentional) in the machine.

Note sure if same symptoms also while running safe mode.
But if really need to drill further, we may attempt running GMER (open tool) to sieve any backdoor or hidden process. OR running Process Explorer (sysinternal tool) to see if we visually see any anomalous process spawned off and drill into its dependencies ..likely iexplorer (even if it is a "fake") is called too...
0
 
LVL 38

Expert Comment

by:Insignificant Volunteer
Comment Utility
A DLL file is a "Dynamic Link Library" of resources.  They vary in complexity, but a DLL like IEFRAME.DLL version 10, which supplies resources for the Internet Explorer v10 graphic interface, contains the following resources:

104 icons, 8 cursors, 372 bitmap images, 2 AVI video files, 107 dialog boxes, 193 HTML-related files, 58 menus, 2,477 strings, type library, 1  manifest, and 316 miscellaneous other files.

That's 3,639 separate resource files packed into IEFRAME.DLL for Internet Explorer 10, all of which can be referenced externally and used by other processes.  IEFRAME.DLL for Internet Explorer 8 contains only 2,753 separate resource files, so there are a lot of differences between versions of Internet Explorer.

The "HTML-related" resources are basically fully qualified web pages along with their image files, JavaScripts, etc. Internet Explorer uses the special  RES://   protocol to display named native resources from within a DLL file, as opposed to using the standard   HTTP://   protocol.  When Internet Explorer encounters an error, cannot find a page, there is a connection issue, etc, it shows a web page by fetching the resource files from within IEFRAME.DLL using the  RES://  protocol and the browser's Address Bar (or sometimes you have to use the File menu > Properties to see the URL) should show something like the following for an "Internet Explorer cannot display the webpage" error:
res://ieframe.dll/dnserror.htm#http://www.some-website-address.com

You can see that in this case the HTM web page named "dnserror" is being displayed.  The code in the loaded HTM page fetches images such as:
res://ieframe.dll/noConnect.png
res://ieframe.dll/favcenter.png
res://ieframe.dll/tools.png
It also fetches in JavaScripts:
res://ieframe.dll/errorPageStrings.js
res://ieframe.dll/httpErrorPagesScripts.js
The error explanations are fetched from the string resources of IEFRAME.DLL by the JavaScript code on demand.

I suspect that YOUR issue is in connection with a resource named "navcancl.htm" inside ieframe.dll, and that the page which Internet Explorer displays (use File menu > Properties or Right-Click in the page and choose Properties) is actually:

res://ieframe.dll/navcancl.htm#http://www.some-website-address.com

If you copy and paste this "res" URL directly into your Internet Explorer Address Bar:

res://ieframe.dll/navcancl.htm

you should be seeing a "Navigation Cancelled" page like this:
Page as displayed without having used a qualified web addressClearly something involved with Internet Explorer:

1. Does not understand what to do with the   RES://   protocol
2. There is some layer in between that is not correctly identifying that the HTM file type is associated with Internet Explorer and should be opening it rather than prompting to Save it
3. IEFRAME.DLL is corrupt and this specific resource is part of the corrupt sections.

The first thing you should do is start Internet Explorer in "Safe Mode".  Look in your Start Menu for a shortcut named "Internet Explorer (no add-ons)" (normally Programs > Accessories > System Tools), or else paste this command into your Start Menu > Run field:

iexplore.exe -extoff

As it says, this disables extensions and add-ons.  If the prompt goes away, then disable all add-ons and re-enable them one at a time until you isolate the culprit.

My guess would be that this could be to do with a Toolbar, for example the Google Toolbar.  If you have this, then can I suggest that you either uninstall it completely or disable it and see what happens, then let us know the results.
0
 

Author Comment

by:cyberrazor
Comment Utility
I appreciate these attempts to fix the problem, but actually I had already tried them all before and none of these worked.  Thanks anyway...
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
Maybe upgrade to the latest ie11 to see if the symptom occurred else just monitor any anomalies experience using your machine.  May consider browsing even if using other browser like chrome or firefox.
0
 

Author Comment

by:cyberrazor
Comment Utility
Thanks again, already tried that also :-)
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
Looks like even running in safe mode may ne same and too bad we cannot uninstall IE browser and try. Suspect it may be other apps but primarily still IE vulnerability

http://www.juniper.net/security/auto/vulnerabilities/vuln22966.html
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 23

Expert Comment

by:Mohammed Hamada
Comment Utility
Hi Cyberrazor,

Please download Hijackthis Install it and run it as administrator then scan and attach the log or the notepad file result here.

Second open your hosts files and copy then paste them here, the default location of the hosts is c:\windows\system32\drivers\etc ,but you can copy and paste the following path in to your Run box and press enter then open it with notepad.

%systemroot%\system32\drivers\etc\hosts

Please also download hostsxpert and run it as administrator
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
Another tool worth considering is OTL which is by OldTimer. It is a flexible, multipurpose, diagnostic, and malware removal tool. It's useful for identifying changes made to a system by spyware, malware and other unwanted programs. It creates detailed reports of registry and file settings, and also includes advanced tools and scripting ability for manual removing malware.

Download: http://oldtimer.geekstogo.com/OTL/OTL.exe

Alternate downloads and locations:

Sometimes malware will block OTL.exe by name, or all executables. In that case try one of these alternatives.
OTL.com: http://oldtimer.geekstogo.com/OTL.com
OTL.scr: http://oldtimer.geekstogo.com/OTL.scr

Mirrors:
OTL.com: http://www.itxassociates.com/OT-Tools/OTL.com
OTL.scr: http://www.itxassociates.com/OT-Tools/OTL.scr
OTL.exe: http://www.itxassociates.com/OT-Tools/OTL.exe
0
 

Author Comment

by:cyberrazor
Comment Utility
From Cyberrazor

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:07:59 AM, on 1/6/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\pavcl.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe
C:\Users\anonymous\AppData\Local\Torch\Application\torch.exe
C:\Users\anonymous\AppData\Local\Torch\Application\torch.exe
C:\Users\anonymous\AppData\Local\Torch\Update\29.0.0.5394\TorchUpdate.exe
C:\Users\anonymous\AppData\Local\Torch\Application\torch.exe
C:\Users\anonymous\AppData\Local\Torch\Application\torch.exe
C:\Users\anonymous\AppData\Local\Torch\Application\torch.exe
C:\Users\anonymous\AppData\Local\Torch\Application\torch.exe
C:\Users\anonymous\AppData\Local\Torch\Application\torch.exe
C:\Users\anonymous\AppData\Local\Torch\Application\torch.exe
C:\Users\anonymous\AppData\Local\Torch\Application\torch.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Users\anonymous\AppData\Local\Torch\Application\torch.exe
C:\Program Files (x86)\trend micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finviz.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: (no name) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - (no file)
O2 - BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.68\npchrome_frame.dll
O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll
O4 - HKLM\..\Run: [WD Anywhere Backup Premium] C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent
O4 - HKUS\S-1-5-21-745901824-3894412751-3925491877-500\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart (User 'Administrator')
O4 - HKUS\S-1-5-21-745901824-3894412751-3925491877-500\..\Run: [Akamai NetSession Interface] "C:\Users\anonymous\AppData\Local\Akamai\netsession_win.exe" (User 'Administrator')
O4 - HKUS\S-1-5-21-745901824-3894412751-3925491877-500\..\Run: [Google Update] "C:\Users\anonymous\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'Administrator')
O4 - HKUS\S-1-5-21-745901824-3894412751-3925491877-500\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler (User 'Administrator')
O4 - HKUS\S-1-5-21-745901824-3894412751-3925491877-500\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Administrator')
O4 - HKUS\S-1-5-21-745901824-3894412751-3925491877-500\..\Run: [3679589EAF464EC548B97919E2CA45C9F725B4FF._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service (User 'Administrator')
O4 - HKUS\S-1-5-21-745901824-3894412751-3925491877-500\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Administrator')
O4 - HKUS\S-1-5-21-745901824-3894412751-3925491877-500\..\Run: [Advanced SystemCare Ultimate] "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe" /AutoStart (User 'Administrator')
O4 - HKUS\S-1-5-21-745901824-3894412751-3925491877-500\..\RunOnce: [DPAPIKeyMig] %SystemRoot%\system32\dpapimig.exe -quiet (User 'Administrator')
O4 - HKUS\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Classic .NET AppPool')
O4 - HKUS\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Classic .NET AppPool')
O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'DefaultAppPool')
O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'DefaultAppPool')
O4 - HKUS\S-1-5-18\..\Run: []  (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: []  (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: *.incrediblecharts.com (HKLM)
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.68\npchrome_frame.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Active@ Disk Monitor - LSoft Technologies Inc - C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
O23 - Service: ArcSoft Exchange Service (ADExchange) - ArcSoft, Inc. - C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
O23 - Service: AV Engine Scanning Service - Preventon Technologies Limited - C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe
O23 - Service: AV Watch Service - Preventon Technologies Limited - C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: Common Toolkit 2 - SPAMfighter ApS - C:\Program Files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe
O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: eFix Real Time Protection (eFixRealTimeProtection) - Reimage® - C:\PROGRAM FILES\EFIX\EFIX PRO\REIGUARD.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Innovative Solutions Service  (InnovativeSolutionsRegEventSvr) - Innovative Solutions - C:\Program Files (x86)\Innovative Solutions\Innovative SysPack\ISF\InnovativeSolutionsRegEvent_Svr.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\Windows\system32\mqsvc.exe (file missing)
O23 - Service: @mqutil.dll,-6203 (MSMQTriggers) - Unknown owner - C:\Windows\system32\mqtgsvc.exe (file missing)
O23 - Service: myAgtSvc - McAfee, Inc. - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
O23 - Service: Norton Safe Web Lite (NSL) - Symantec Corporation - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe
O23 - Service: Office Depot PC Support Agent - Support.com, Inc. - C:\Program Files (x86)\Office Depot PC Support Agent\esService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PRTG Core Server Service (PRTGCoreService) - Paessler AG - C:\Program Files (x86)\PRTG Network Monitor\PRTG Server.exe
O23 - Service: PRTG Probe Service (PRTGProbeService) - Paessler AG - C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\Windows\PSEXESVC.EXE
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: McAfee Peer Distribution Service (RumorServer) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: Intel(R) Sample Collector (SampleCollector) - Intel Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - c:\Program Files (x86)\STOPzilla!\SZServer.exe
O23 - Service: Torch Crash Handler (TorchCrashHandler) - Unknown owner - C:\Users\anonymous\AppData\Local\Torch\Update\TorchCrashHandler.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 17832 bytes
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
Looks like lots of "Unknown owner" and "file missing" combination.
Did you use the "Safe List" option. Note that choosing the All option for any of these scans will turn the filter off and the output will include all items for that scan.
http://www.geekstogo.com/forum/topic/277391-otl-tutorial-how-to-use-oldtimer-listit/
0
 

Accepted Solution

by:
cyberrazor earned 0 total points
Comment Utility
I want to thank everyone who tried to help me.  My system was becoming extremely unstable and finally after fighting this virus for almost 6 months, I decided to reformat my hd and reinstall.  

I should state that this was after purchasing Stopzilla to try to cure this viral problem back in July of 2013 (which, of course, didnt work).  

Last week I spent over 1 hour with a tech from Stopzilla who gave up and said that the navcancl from ieframe.dll error was a problem with Windows 7 Pro's OS and specifically a corruption of IE.  Of course I agreed with him because I was able to figure that out on my own.  However I differed with him in that I think that the problem originated with a viral attack.  I guess I should state that I have been doing PC repair for going on 30 years now, and am also a MCSE.  This just so happened to be the very 1st PC I couldn't fix without reformatting.  

After hanging up with Stopzilla Rep, I contacted Microsoft.  

At first Microsoft Rep didn't want to help me but I stated that he (one of our pals from India if you know what I mean) that I had been using MS products since 1989, and that I would never purchase a MS product ever again and would visit every virus repair blog I could find and let all the users know exactly how I was treated.  Eventually, I demanded to speak to his supervisor who ended up being a super cool guy.  To cut to the chase, MS reps tried for over 5 hours (which eventuated in an escalation to a senior repair tech) to try to fix the issue.  The senior rep concluded the same thing that I concluded and the Stopzilla guy concluded but MS rep stated he thought it originated from a virus attack and I agreed.  

To sum it up, he stated that my best plan of action was to reformat which I did.  Good thing I keep a good working backup because prior to reloading my backed up files I downloaded that new ESET anti virus product (trial version) and ended up finding over 100 infections in my backup data.  I did three full sweeps to make sure everything was clean before I loaded my old stuff back on my newly formatted system.  

My main concern is that I don't know how I got the virus in the first place.  I never visit porn sites, or other malware risky sites, etc.  

I will say this, the Stopzilla product didn't find any of those viral infections, although it does a good job at identifying PUPs and trojans,etc, stuff like that.

The ESET 30 trial will expire soon.  Its kind of expensive  $59.00 for 1 pc for 1 yr.  , so I don't know if I am going to purchase it or not.  I already have licenses for Norton and Mcafee, but this ESET product was really impressive.  

Once again, God bless everyone who tried to help me fix my system.
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
thanks for sharing - may be good to scan your other ext storage if that is plugged into that PC before :) Nonetheless, some free s/w you may want to consider (just need to know those unticked features compared to "Pro" version)

malwarebyte - anti-malware limited (http://www.malwarebytes.org/free/)
avast - not the best but gd since it is no cost (http://www.avast.com/download-software)
tinywall - fare better than windows fw (http://tinywall.pados.hu/)

Cheers!
0
 
LVL 23

Expert Comment

by:Mohammed Hamada
Comment Utility
You don't have to purchase Eset, just get a home basic version of AVG. It's really useful and it does protect you.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now