Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Computer slow and IE is rediredting to ad websites

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Unread postby shannon » July 16th, 2007, 9:52 pm

Hi,

Just went to ebay and got redirected to http://www.jeffsokol.worldventures.biz/. It is back to doing the same thing as before, the download status bar at the bottom of IE is running through a bunch of web addresses and then I get redirected. UGH! No frustration with you just the computer! :)

Please advise.

Shannon
shannon
Regular Member
 
Posts: 19
Joined: July 14th, 2007, 9:40 pm
Top
Advertisement
Register to Remove

Unread postby Scotty » July 17th, 2007, 10:31 am

Hello shannon

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:

      + Extended(If available otherwise Standard)
    • Scan Options:

      + Scan Archives
      + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save the log on your desktop.


Post both logs in your next reply, please.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland
Top

Can not get a text file

Unread postby shannon » July 17th, 2007, 10:19 pm

Scotty,

Thanks for all your time and effort trying tohelp me!

The Kaspersky Online Scanner is not giving me a "Save as Text" button. As a matter of fact I do not see any way to save a report at all. I have ran the scan twice (2.5 hours each time) thinking I did somthing wrong the first time and there is nothing to click on to save any information. Kapersky scan does show I have 1 virus and 1 infected object.

I have not had time to run the WinPFind3u.exe yet.

How should I proceed?

Shannon
shannon
Regular Member
 
Posts: 19
Joined: July 14th, 2007, 9:40 pm
Top

Unread postby Scotty » July 18th, 2007, 7:07 am

Hi Shannon

Go with the WinPFind for now.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland
Top

WinPFind3u Report

Unread postby shannon » July 18th, 2007, 9:24 am

WinPFind3 logfile created on: 7/18/2007 9:17:21 AM
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

223.48 Mb Total Physical Memory | 112.75 Mb Available Physical Memory | 50.45% Memory free
546.47 Mb Paging File | 356.76 Mb Available in Paging File | 65.28% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.29 Gb Total Space | 19.95 Gb Free Space | 61.78% Space Free
Drive D: | 4.96 Gb Total Space | 0.91 Gb Free Space | 18.26% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: YOUR-LK4RLMSU41
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
a2service.exe -> %ProgramFiles%\a-squared Anti-Malware\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.320 | Size = 226936 bytes | Modified Date = 7/17/2007 4:01:08 AM | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 1, 5 | Size = 561152 bytes | Modified Date = 7/6/2007 2:02:26 PM | Attr = ]
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 7:04:38 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 10:36:32 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 10:36:36 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ]
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 2/11/2003 11:02:48 PM | Attr = ]
mmtask.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 53248 bytes | Modified Date = 2/24/2003 9:51:14 PM | Attr = ]
omniserv.exe -> %ProgramFiles%\Softex\OmniPass\omniServ.exe -> [Ver = | Size = 68704 bytes | Modified Date = 2/21/2003 7:07:06 AM | Attr = ]
opxpapp.exe -> %ProgramFiles%\Softex\OmniPass\OPXPApp.exe -> [Ver = | Size = 53248 bytes | Modified Date = 2/21/2003 6:50:10 AM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 7:58:18 PM | Attr = ]
s3tray2.exe -> %System32%\S3tray2.exe -> S3 Graphics, Inc. [Ver = 1.00.19-0113 | Size = 69632 bytes | Modified Date = 2/25/2003 5:33:14 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 6/23/2007 3:15:54 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(a2AntiMalware) a-squared Anti-Malware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\a-squared Anti-Malware\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.320 | Size = 226936 bytes | Modified Date = 7/17/2007 4:01:08 AM | Attr = ]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 1, 5 | Size = 561152 bytes | Modified Date = 7/6/2007 2:02:26 PM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 10:36:32 AM | Attr = ]
(KodakCCS) Kodak Camera Connection Software [Win32_Own | On_Demand | Stopped] -> %System32%\drivers\KodakCCS.exe -> Eastman Kodak Company [Ver = 1.1.5100.4 | Size = 411920 bytes | Modified Date = 3/30/2005 4:46:56 PM | Attr = ]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 69632 bytes | Modified Date = 5/3/2003 2:19:00 AM | Attr = ]
(omniserv) Softex OmniPass Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Softex\OmniPass\omniServ.exe -> [Ver = | Size = 68704 bytes | Modified Date = 2/21/2003 7:07:06 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 5/11/2007 3:06:32 AM | Attr = ]
a-squared -> %ProgramFiles%\a-squared Anti-Malware\a2guard.exe -> Emsi Software GmbH [Ver = 3.0.0.323 | Size = 1794192 bytes | Modified Date = 7/17/2007 4:04:58 AM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 4/7/2003 10:07:38 AM | Attr = ]
hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 7:04:38 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 10:36:36 AM | Attr = ]
KBD -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 2/11/2003 11:02:48 PM | Attr = ]
mmtask -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 53248 bytes | Modified Date = 2/24/2003 9:51:14 PM | Attr = ]
NAVWatch -> %SystemDrive%\NAVWatcher.exe -> Pacific Gold Coast Corp. [Ver = 1, 0, 0, 1 | Size = 95232 bytes | Modified Date = 9/18/2006 3:53:24 PM | Attr = H ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 4640768 bytes | Modified Date = 5/3/2003 2:19:00 AM | Attr = ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 323584 bytes | Modified Date = 5/3/2003 2:19:00 AM | Attr = ]
PS2 -> %System32%\ps2.EXE -> Hewlett-Packard Company [Ver = 1.0.2.1 | Size = 81920 bytes | Modified Date = 7/31/2002 11:28:38 PM | Attr = ]
QuickFinder Scheduler -> %ProgramFiles%\WordPerfect Office 11\Programs\QFSCHD110.EXE -> Novell, Inc., c/o Corel Corporation Limited [Ver = 11.0.0.233 | Size = 77887 bytes | Modified Date = 3/7/2003 6:01:24 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 7:58:18 PM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 1, 0, 0, 1 | Size = 212992 bytes | Modified Date = 9/14/2002 12:42:26 AM | Attr = ]
S3TRAY2 -> %System32%\S3tray2.exe -> S3 Graphics, Inc. [Ver = 1.00.19-0113 | Size = 69632 bytes | Modified Date = 2/25/2003 5:33:14 AM | Attr = ]
StorageGuard -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.11a | Size = 155648 bytes | Modified Date = 2/13/2003 11:01:00 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.1622 | Size = 151597 bytes | Modified Date = 7/24/2003 5:36:58 AM | Attr = ]
< RunOnceEx [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx ->
-> -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> -> File not found
NVIEW -> %System32%\nview.dll [rundll32.exe nview.dll,nViewLoadHook] -> NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 835654 bytes | Modified Date = 5/3/2003 2:19:00 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Compaq Connections.lnk -> %ProgramFiles%\Compaq Connections\1940576\Program\BackWeb-1940576.exe -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,2104 | Size = 315392 bytes | Modified Date = 4/7/2003 10:06:48 AM | Attr = ]
OPXPGina -> %ProgramFiles%\Softex\OmniPass\OPXPGina.dll -> [Ver = | Size = 40960 bytes | Modified Date = 2/21/2003 6:50:12 AM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (1510 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
216.93.174.28 a.tribalfusion.com -> ->
207.44.240.65 rad.msn.com -> ->
216.93.174.28 view.atdmt.com -> ->
216.93.174.28 media.fastclick.net -> ->
127.0.0.1 media19.fastclick.net -> ->
216.93.174.28 ad.doubleclick.net -> ->
127.0.0.1 ads.specificpop.com -> ->
216.93.174.28 images.trafficmp.com -> ->
127.0.0.1 webpdp.gator.com -> ->
127.0.0.1 ads.x10.com -> ->
127.0.0.1 images.x10.com -> ->
127.0.0.1 servedby.netadvertising.com -> ->
127.0.0.1 ad.uk.doubleclick.net -> ->
127.0.0.1 ad.ca.doubleclick.net -> ->
127.0.0.1 ads.specificclick.com -> ->
127.0.0.1 ads.popupsponsor.com -> ->
216.93.174.28 adfarm.mediaplex.com -> ->
216.93.174.28 media1.fastclick.net -> ->
216.93.174.28 media19.fastclick.net -> ->
127.0.0.1 media28.fastclick.net -> ->
127.0.0.1 media29.fastclick.net -> ->
216.93.174.28 media39.fastclick.net -> ->
127.0.0.1 adserv.internetfuel.com -> ->
127.0.0.1 http://www.satellitepop.com -> ->
216.93.174.28 count.exitexchange.com -> ->
127.0.0.1 servedfor.valuead.com -> ->
127.0.0.1 banners.valuead.com -> ->
127.0.0.1 img.mediaplex.com -> ->
127.0.0.1 ln.doubleclick.net -> ->
127.0.0.1 m2.doubleclick.net -> ->
127.0.0.1 m.doubleclick.net -> ->
127.0.0.1 media28.fastclick.net -> ->
127.0.0.1 media39.fastclick.net -> ->
127.0.0.1 popuptraffic.com -> ->
216.93.174.28 leader.linkexchange.com -> ->
127.0.0.1 iv.doubleclick.net -> ->
127.0.0.1 focusin.ads.targetnet.com -> ->
127.0.0.1 ads.fortunecity.com -> ->
67.15.114.78 pagead2.googlesyndication.com -> ->
67.15.114.78 pagead.googlesyndication.com -> ->
216.93.174.28 ad.yieldmanager.com -> ->
67.15.114.78 ypn-js.overture.com -> ->
216.93.174.28 freeze.zedo.com -> ->
127.0.0.1 iframetraf.biz -> ->
127.0.0.1 onli-ne.com -> ->
127.0.0.1 promo.dollarrevenue.com -> ->
< Internet Explorer Settings > -> ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Start Page -> http://www.msn.com/ ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://srch-qus9.hpwis.com/ ->
HKCU: Start Page -> http://www.cox.net/ ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> 127.0.0.1;localhost ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{E023F504-0C5A-4750-A1E7-A9046DEA8A21} -> Reg Data - Value does not exist [ButtonText: MoneySide] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{163E2CE5-4379-4B85-8411-33A240E7AABB} -> (VIA Rhine II Fast Ethernet Adapter) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000011 -> SSpSubLSP.dll -> File not found
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/ka ... nicode.cab ->
{4CCA4E80-9259-11D9-AC6E-444553544200} -> FixController Control - CodeBase = http://h30155.www3.hp.com/ediags/dd/ins ... _v01_5.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/microsoftup ... 7946635198 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftup ... 7946625338 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> HPObjectInstaller Class - CodeBase = http://h30155.www3.hp.com/ediags/dd/ins ... utions.cab ->
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -> Get_ActiveX Control - CodeBase = https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx ->
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} -> Java Plug-in 1.4.1_02 - CodeBase = ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shoc ... wflash.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 7/17/2007 9:29:16 PM | Attr = HS]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 6/26/2007 2:58:20 PM | Attr = RH ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 7/15/2007 6:53:58 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 69632 bytes | Created Date = 7/15/2007 6:53:58 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 7/15/2007 6:53:58 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Created Date = 7/15/2007 6:53:58 PM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 7/17/2007 9:45:07 AM | Attr = ]
SoftwareDistribution -> %System32%\SoftwareDistribution -> [Folder | Created Date = 6/21/2007 12:42:00 PM | Attr = ]
hosts.20070712-203440.backup -> %System32%\drivers\etc\hosts.20070712-203440.backup -> [Ver = | Size = 1510 bytes | Created Date = 7/12/2007 7:34:40 PM | Attr = ]
hosts.20070714-120613.backup -> %System32%\drivers\etc\hosts.20070714-120613.backup -> [Ver = | Size = 1510 bytes | Created Date = 7/14/2007 11:06:13 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 7/17/2007 10:38:50 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 234409984 bytes | Modified Date = 7/17/2007 10:38:52 PM | Attr = HS]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Modified Date = 6/26/2007 3:58:22 PM | Attr = RH ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 7/17/2007 10:38:48 PM | Attr = R ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 7/12/2007 5:51:26 PM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 7/17/2007 10:37:10 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 7/12/2007 12:38:10 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 7/17/2007 10:38:54 PM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 7/17/2007 10:45:14 AM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 6/26/2007 4:08:46 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 7/12/2007 1:40:54 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 7/17/2007 10:45:02 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 7/17/2007 10:36:08 PM | Attr = HS]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 7/18/2007 9:17:06 AM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 7/12/2007 12:41:10 PM | Attr = ]
ShellNew -> %SystemRoot%\ShellNew -> [Folder | Modified Date = 6/26/2007 4:09:54 PM | Attr = ]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 7/15/2007 6:55:26 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 7/17/2007 10:35:46 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 7/17/2007 10:29:58 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 7/17/2007 10:42:22 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 592 bytes | Modified Date = 7/11/2007 8:37:20 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 6/26/2007 4:11:46 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 7/11/2007 12:47:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 7/17/2007 10:39:00 PM | Attr = H ]
User_Feed_Synchronization-{13F2EF52-84E4-4285-9BE1-79267A3A9B68}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{13F2EF52-84E4-4285-9BE1-79267A3A9B68}.job -> [Ver = | Size = 422 bytes | Modified Date = 7/18/2007 9:15:00 AM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 7/17/2007 2:15:12 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 6/26/2007 4:15:18 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 7/11/2007 9:20:38 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 7/17/2007 10:35:48 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 548800 bytes | Modified Date = 6/26/2007 5:04:38 PM | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 7/17/2007 11:58:22 AM | Attr = ]
ieuinit.inf -> %System32%\ieuinit.inf -> [Ver = | Size = 56483 bytes | Modified Date = 7/12/2007 5:46:28 PM | Attr = ]
@Alternate Data Stream - 88 bytes -> %System32%\ieuinit.inf:SummaryInformation ->
@Alternate Data Stream - 0 bytes -> %System32%\ieuinit.inf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Modified Date = 7/12/2007 1:22:00 AM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 69632 bytes | Modified Date = 7/12/2007 2:22:36 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Modified Date = 7/12/2007 1:22:04 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Modified Date = 7/12/2007 2:22:38 AM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 7/17/2007 10:45:08 AM | Attr = ]
Macromed -> %System32%\Macromed -> [Folder | Modified Date = 7/11/2007 5:46:48 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 54280 bytes | Modified Date = 7/12/2007 12:41:08 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 384596 bytes | Modified Date = 7/12/2007 12:41:08 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 433842 bytes | Modified Date = 7/12/2007 12:41:08 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 7/12/2007 10:12:48 AM | Attr = ]
SoftwareDistribution -> %System32%\SoftwareDistribution -> [Folder | Modified Date = 6/21/2007 1:42:02 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 7/2/2007 5:52:46 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 7/17/2007 10:39:50 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 7/17/2007 10:39:42 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.34 | Size = 16121856 bytes | Modified Date = 9/20/2004 4:20:44 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ]
@Alternate Data Stream - 88 bytes -> %System32%\ieuinit.inf:SummaryInformation ->
@Alternate Data Stream - 0 bytes -> %System32%\ieuinit.inf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 1:41:38 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 1:41:38 AM | Attr = ]

< End of report >
shannon
Regular Member
 
Posts: 19
Joined: July 14th, 2007, 9:40 pm
Top

Unread postby Scotty » July 18th, 2007, 3:35 pm

Hi Shanon

Upload a File to Virustotal
Please visit Virustotal

  • Click the Browse... button
  • Navigate to the file C:\NAVWatcher.exe
  • Click the Open button
  • Click the Send button
  • Copy and paste the results back here please.


Press Ctrl+Alt+Delete and when the Task Manager opens click on the Process tab. Select the a2guard.exe process and press End Process.

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Aim6 ->
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
YN -> %AllUsersStartup%\Compaq Connections.lnk -> %ProgramFiles%\Compaq Connections\1940576\Program\BackWeb-1940576.exe
< HOSTS File > (1510 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
YN -> 216.93.174.28 a.tribalfusion.com ->
YN -> 207.44.240.65 rad.msn.com ->
YN -> 216.93.174.28 view.atdmt.com ->
YN -> 216.93.174.28 media.fastclick.net ->
YN -> 216.93.174.28 ad.doubleclick.net ->
YN -> 216.93.174.28 images.trafficmp.com ->
YN -> 216.93.174.28 adfarm.mediaplex.com ->
YN -> 216.93.174.28 media1.fastclick.net ->
YN -> 216.93.174.28 media19.fastclick.net ->
YN -> 216.93.174.28 media39.fastclick.net ->
YN -> 216.93.174.28 count.exitexchange.com ->
YN -> 216.93.174.28 leader.linkexchange.com ->
YN -> 67.15.114.78 pagead2.googlesyndication.com ->
YN -> 67.15.114.78 pagead.googlesyndication.com ->
YN -> 216.93.174.28 ad.yieldmanager.com ->
YN -> 67.15.114.78 ypn-js.overture.com ->
YN -> 216.93.174.28 freeze.zedo.com ->
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research]
YN -> {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -> Reg Data - Value does not exist [ButtonText: MoneySide]
YN -> {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} -> Java Plug-in 1.4.1_02 - CodeBase =


The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.
Warning: This fix is for this user only. DO NOT duplicate this fix or you risk damaging your own system.

When your system has re started unistall HostXpert repeat the instruction to disable the A2 process and re-install HostXpert.

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland
Top

Unread postby shannon » July 18th, 2007, 6:12 pm

Here is virustotal report. The WinPFind3u Fix did not work. All I got was an hourglass, I left and came back an hour later and still had hourglass.
I clicked on X to quit program and it it said program not responding.
Should I continue on with the rest of the instructions?



File navwatcher.exe received on 07.18.2007 22:01:00 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Loading server information...
Your file is queued in position: 2.
Estimated start time is between 46 and 66 seconds.
Do not close the window untill scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Print results

Your file has expired or do not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.7.18.0 2007.07.18 no virus found
AntiVir 7.4.0.44 2007.07.18 no virus found
Authentium 4.93.8 2007.07.18 no virus found
Avast 4.7.997.0 2007.07.18 no virus found
AVG 7.5.0.476 2007.07.18 no virus found
BitDefender 7.2 2007.07.18 no virus found
CAT-QuickHeal 9.00 2007.07.18 no virus found
ClamAV devel-20070416 2007.07.18 no virus found
DrWeb 4.33 2007.07.18 no virus found
eSafe 7.0.15.0 2007.07.17 no virus found
eTrust-Vet 30.8.3791 2007.07.18 no virus found
Ewido 4.0 2007.07.18 no virus found
FileAdvisor 1 2007.07.18 no virus found
Fortinet 2.91.0.0 2007.07.18 no virus found
F-Prot 4.3.2.48 2007.07.17 no virus found
F-Secure 6.70.13030.0 2007.07.18 no virus found
Ikarus T3.1.1.8 2007.07.18 no virus found
Kaspersky 4.0.2.24 2007.07.18 no virus found
McAfee 5077 2007.07.18 no virus found
Microsoft 1.2704 2007.07.18 no virus found
NOD32v2 2405 2007.07.18 no virus found
Norman 5.80.02 2007.07.18 no virus found
Panda 9.0.0.4 2007.07.18 no virus found
Sophos 4.19.0 2007.07.17 no virus found
Sunbelt 2.2.907.0 2007.07.18 VX2.Transponder
Symantec 10 2007.07.18 no virus found
TheHacker 6.1.7.149 2007.07.18 no virus found
VBA32 3.12.2 2007.07.17 no virus found
VirusBuster 4.3.23:9 2007.07.18 no virus found
Webwasher-Gateway 6.0.1 2007.07.18 no virus found
Aditional information
File size: 95232 bytes
MD5: a67918029f3d1e90b17387d4f01a2c25
SHA1: f6afbd1f87abcb02c7ad6a7c2787565441fcfe66
Sunbelt info: VX2 is an Internet Explorer Browser Helper Object that monitors web page requests and data entered into forms, sending this information to its home server, and opens pop-up advertisement windows. VX2 also collects and sends personal information.
shannon
Regular Member
 
Posts: 19
Joined: July 14th, 2007, 9:40 pm
Top

Unread postby Scotty » July 20th, 2007, 5:59 am

Hello Shannon

Please download Suspicious File Packer from Safer-Networking.Org
http://www.safer-networking.org/files/sfp.zip and unzip it to your desktop.

IMPORTANT. There are some files on your computer we'd like to have a look at. If you can upload a copy of them to us, we would appreciate it.

Run SFP.exe.
Please copy the following lines into the Step 1: Paste Text window:
C:\NAVWatcher.exe
Click Continue.
This will create a .cab file on your desktop named requested-files[Date/Time].cab


Now please submit those files to Spykiller by clicking here

  • You will be taken to a new post page (at a different forum).
  • In the topic title put Request by Rogue
  • Put in body of messege the link to our thread here. ( )
  • Press the browse button and then navigate to & select the file on desktop. (requested-files[Date/Time].cab)
  • Press Post to upload the file

It is normal you will not see the file you just posted because only approved members can see them to download them.

Let me know here when you have posted.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland
Top

Posted

Unread postby shannon » July 20th, 2007, 9:56 am

I've posted to the requested forum with link and file.

Thank you for your help :)
shannon
Regular Member
 
Posts: 19
Joined: July 14th, 2007, 9:40 pm
Top

Unread postby Scotty » July 20th, 2007, 11:20 am

Hi Shannon

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland
Top

HJT Uninstall List

Unread postby shannon » July 20th, 2007, 11:39 am

Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe PhotoDeluxe 2.0
Adobe Photoshop Album Starter Edition
Adobe Reader 8.1.0
Adobe Type Manager 4.0
AIM 6.0
Apple Software Update
a-squared Anti-Malware 3.0
Authentium Web Install Helper
Blackhawk Striker from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Bounce from Compaq (remove only)
BUM
Cannonballs from Compaq (remove only)
CardRd81
CCScore
Compaq Connections
Compaq Organize
CR2
eMusic Download Manager
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
Excavation from Compaq (remove only)
Five Card Frenzy from Compaq (remove only)
GemMaster 3 from Compaq (remove only)
Google Earth
Hijackthis 1.99.1
HijackThis 1.99.1
HLPIndex
HLPPDOCK
HLPRFO
Honeycombs from Compaq (remove only)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Deskjet Preloaded Printer Drivers
HP Driver Diagnostics
hp instant support
hp psc 700 series
Instant Support
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
Java(TM) 6 Update 2
Kaspersky Online Scanner
KBD
Kodak EasyShare software
KSU
Mars Rover from Compaq (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works 7.0
MP3 Player
MSXML 4.0 SP2 (KB927978)
MUSICMATCH® Jukebox
MySpaceIM
Notifier
NVIDIA Gart Driver
NVIDIA Windows 2000/XP Display Drivers
OmniPass
Orbital from Compaq (remove only)
OTtBP
OTtBPSDK
Otto from Compaq (remove only)
PC-Doctor for Windows
Polar Bowler from Compaq (remove only)
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2003 New User Edition
QuickTime
RealOne Player
RecordNow!
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
SFR
SHASTA
SKIN0001
SKINXSDK
Slyder from Compaq (remove only)
Sonic Update Manager
SpamSubtract
Spybot - Search & Destroy 1.4
STX from Compaq (remove only)
TaxCut Premium 2006
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb936558)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Word 2007 (KB934173)
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Media Player
Virtual Warfare from Compaq (remove only)
VPRINTOL
Weblink
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WIRELESS
WordPerfect Office 11
Yahoo! SiteBuilder
shannon
Regular Member
 
Posts: 19
Joined: July 14th, 2007, 9:40 pm
Top

Unread postby Scotty » July 20th, 2007, 5:21 pm

Hi Shannon

We need you to search for a couple of files. Go to Start, Search and click on All Files and Folders. Then select More Advanced Options and tick the box to search hidden files and folders.

Type this into the search box.
adreg16.exe
then this one
adgrp32.exe

If you still have the Suspicious File Packer on your pc could you upload those files to the same place, then delete them but dont empty the Recycle bin yet.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland
Top

Unread postby shannon » July 21st, 2007, 12:57 pm

Hi,

If you remember, I am still unable to use the search function on my computer to search for files and folders. If you can tell me what folder they might be in that would be great and I can find them manually.

Shannon
shannon
Regular Member
 
Posts: 19
Joined: July 14th, 2007, 9:40 pm
Top

Unread postby Scotty » July 21st, 2007, 2:18 pm

Hello Shannon

Lets see if we can get Search functional again.

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):

    O4 - HKLM\..\Run: [NAVWatch] C:\NAVWatcher.exe

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit HijackThis.

If you still have it, delete the NAVWatcher file. Let me know if that helps.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland
Top

Unread postby shannon » July 21st, 2007, 8:23 pm

No, that did not help.
shannon
Regular Member
 
Posts: 19
Joined: July 14th, 2007, 9:40 pm
Top
Advertisement
Register to Remove
PreviousNext
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 150 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index