Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I need help to uninstall xferwan.exe

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I need help to uninstall xferwan.exe

Unread postby Liliana_reyesa » July 11th, 2006, 4:42 pm

SOS
I need help to uninstall xferwan.exe of Centennial Discovery
How can i doit

Please helpe !!

hijack

Logfile of HijackThis v1.99.1
Scan saved at 03:01:22 p.m., on 11/07/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\netdde.exe
C:\Centenn.ial\Audit\xferwan.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINNT\system32\nvsvc32.exe
C:\Archivos de programa\Seagate Software\WCS\pageserver.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\Archivos de programa\Seagate Software\WCS\WebCompServer.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Archivos de programa\Winamp\winampa.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\Microsoft Visual Studio\VB98\vb6.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\system32\KeySODBC.exe
C:\Archivos de programa\Microsoft Office\Office\OUTLOOK.EXE
C:\Archivos de programa\Archivos comunes\System\MAPI\3082\nt\MAPISP32.EXE
C:\PROGRA~1\INFORMIX\BIN\SQLEDI~1.EXE
C:\PROGRAM FILES\INFORMIX\BIN\sqleditor210.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Yahoo!\Messenger\YPager.exe
C:\ARCHIV~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Archivos de programa\LIUtilities\WinTasks\wintasks.exe
C:\Documents and Settings\PAZELRJ1\Escritorio\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.t1msn.com.mx/0SEESMX/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.intranet.com.mx/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por BBVA Bancomer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://salida.intranet.com.mx:8080/explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = salida.intranet.com.mx:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 150.201.68.75;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O1 - Hosts: 150.50.102.152 ara
O1 - Hosts: 150.100.205.141 casiopea libra
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [AWMON] "C:\ARCHIV~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - Global Startup: Scheduler for OEM.lnk.disabled
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIV~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIV~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .NPSSView: C:\Archivos de programa\Seagate Software\Viewers\ActiveXViewer\\NPssView.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/res ... nPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = areametro
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = areametro
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = areametro
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll
O23 - Service: CentennialClientAgent - Unknown owner - C:\Centenn.ial\Audit\CAgent32.exe (file missing)
O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C:\Centenn.ial\Audit\xferwan.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Seagate Page Server (pageserver) - Unknown owner - C:\Archivos de programa\Seagate Software\WCS\pageserver.exe" -service -cache -deleteCache (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Seagate Web Component Server (WebCompServer) - Unknown owner - C:\Archivos de programa\Seagate Software\WCS\WebCompServer.exe" -service (file missing)
Liliana_reyesa
Active Member
 
Posts: 6
Joined: July 11th, 2006, 4:32 pm
Advertisement
Register to Remove

Unread postby 'KotaGuy » July 11th, 2006, 6:54 pm

Welcome Liliana!

Run HijackThis. Click the Misc Tools button, then the Uninstall Manager button, then the Save List button. Save it to your Desktop.

Post that list in your next reply please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

The list

Unread postby Liliana_reyesa » July 11th, 2006, 10:03 pm

Actualización del sistema del Reproductor de Windows Media (9 Series)
Ad-Aware SE Professional
Adobe Acrobat 6.0 Professional
Adobe Download Manager 2.0 (solo quitar)
AsfTools 3.1 (remove only)
Civilization III
Civilization III Play the World
DivX Player
DivX Pro Codec Adware
EditPlus 2
ewido anti-spyware 4.0
Explorador de base de datos
HijackThis 1.99.1
honestech TVR
HSP56 Modem Drivers
INFORMIX-CLI 32
INFORMIX-Relational Object Manager 2.10.TC2
Intel Application Accelerator
Intel(R) PRO Network Connections Drivers
Jasc Paint Shop Pro 8
KatMouse (remove only)
KeyClient 2.4a
Macromedia Flash Player 8
McAfee VirusScan Enterprise
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Spanish Language Pack
Microsoft Data Access Components KB870669
Microsoft Internet Explorer 6 SP1
Microsoft Office 2000 SR-1 Professional
Microsoft Visual Studio .NET Enterprise Architect - English
Microsoft Web Publishing Wizard 1.53
MSN Messenger 7.0
Nero - Burning Rom (Web installer)
NOD32 antivirus system
NOD32 FiX v2.1
NVIDIA Windows 2000/XP Display Drivers
Outlook Express Q823353
PowerDVD
Seagate Crystal Reports Developer Edition
Sheridan ActiveThreed 2.0
Sheridan ActiveThreed Plus 3.02
SoftK56 Data Fax
SoundMAX
SoundMAX Synthesizer
Spread
Spybot - Search & Destroy 1.3
Starcraft
SuperRam
TweakNow RegCleaner
USB Data Cable
Visor
Winamp (remove only)
WinRAR archiver
Yahoo! Messenger
Liliana_reyesa
Active Member
 
Posts: 6
Joined: July 11th, 2006, 4:32 pm

Unread postby 'KotaGuy » July 11th, 2006, 10:31 pm

OK... just so that I got this right... its these entires you want to get rid of?

O23 - Service: CentennialClientAgent - Unknown owner - C:\Centenn.ial\Audit\CAgent32.exe (file missing)
O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C:\Centenn.ial\Audit\xferwan.exe
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

YES

Unread postby Liliana_reyesa » July 11th, 2006, 11:05 pm

yes
I wanna delete the xferwan.exe of Centennial Discovery
Liliana_reyesa
Active Member
 
Posts: 6
Joined: July 11th, 2006, 4:32 pm

Unread postby 'KotaGuy » July 12th, 2006, 12:23 am

Click Start>Run, type in services.msc and hit Enter. From the list look for CentennialIPTransferAgent. Right click on it and choose Properties. Stop the service and change the Startup Type to Disabled. Do the same for CentennialClientAgent.

Run and scan with HijackThis. Place checks beside the following:

O23 - Service: CentennialClientAgent - Unknown owner - C:\Centenn.ial\Audit\CAgent32.exe (file missing)
O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C:\Centenn.ial\Audit\xferwan.exe


Close all open browsers/windows and click the Fix button.

Then click the Config button. Then the Misc Tools button. Then the Delete an NT Service button. In the text field enter in CentennialIPTransferAgent and click the OK button. Do the same for CentennialClientAgent.

Then search for and delete C:\Centenn.ial\Audit\xferwan.exe.

Actually... you could probably just delete the C:\Centenn.ial folder.

Reboot and post a new HijackThis log please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Log

Unread postby Liliana_reyesa » July 12th, 2006, 12:35 pm

Here is the log

Logfile of HijackThis v1.99.1
Scan saved at 11:27:46 a.m., on 12/07/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\netdde.exe
C:\WINNT\System32\svchost.exe
C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\hidserv.exe
C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINNT\system32\nvsvc32.exe
C:\Archivos de programa\Seagate Software\WCS\pageserver.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\Archivos de programa\Seagate Software\WCS\WebCompServer.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Archivos de programa\Winamp\winampa.exe
C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\TBMon.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\PAZELRJ1\Escritorio\HijackThis.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.t1msn.com.mx/0SEESMX/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.intranet.com.mx/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://salida.intranet.com.mx:8080/explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = salida1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 150.201.68.75;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\TBMon.exe"
O4 - Global Startup: Scheduler for OEM.lnk.disabled
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIV~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIV~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .NPSSView: C:\Archivos de programa\Seagate Software\Viewers\ActiveXViewer\\NPssView.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/res ... nPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = areametro
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = areametro
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = areametro
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Seagate Page Server (pageserver) - Unknown owner - C:\Archivos de programa\Seagate Software\WCS\pageserver.exe" -service -cache -deleteCache (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Seagate Web Component Server (WebCompServer) - Unknown owner - C:\Archivos de programa\Seagate Software\WCS\WebCompServer.exe" -service (file missing)



This is correct ???

Tks v m.


Lili
Liliana_reyesa
Active Member
 
Posts: 6
Joined: July 11th, 2006, 4:32 pm

Unread postby 'KotaGuy » July 12th, 2006, 1:13 pm

Looks good :thumbup:

Any other issues?
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

TKS

Unread postby Liliana_reyesa » July 12th, 2006, 6:46 pm

Thats all TKS ;)

I`m rest now.

kiss

Liz
Liliana_reyesa
Active Member
 
Posts: 6
Joined: July 11th, 2006, 4:32 pm

Unread postby 'KotaGuy » July 12th, 2006, 7:27 pm

You're welcome ;)

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware