unable 2 open any links with explorer, new page is blank & freezes. Any idea's?

[CBMatt]

patio's right; you should follow all instructions when dealing with these matters.

Make sure you have fixed those entries with HijackThis like I said.  You will also want to delete the folder C:\Program Files\WinAntiVirus 2006.  There may also be a WinAntiVirus folder in C:\Program Files\Common Files, so you should look for one in there.  Because programs like this tend to create directories all over, I think ComboFix would still be a good idea because it shows us different changes that have been made to your computer.

I would also like for you to update your AVG (Anti-Virus would be preferred, but Anti-Spyware should be sufficient) and scan with it in Safe Mode.  Let it clean whatever it wants.

And what about your original problem?  Is it still happening?

[melsonly]

If you still can't uninstall it...

Download ComboFix and save it to your desktop.  Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says.  Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt.  Go ahead and post that here.  Note: Don't click on the window while it's running; this may cause stalls.

I am sorry I seem to upset a few people which was not my intention. I did follow all the instruction that I was given by Chris. I may have misunderstood what was written. I took it that if I could not uninstall using other methods that I was then to run the Combofix.... as you said if I still cant uninstall...... I did every other step before that to the letter.I did all the steps with Hijackthis. And went into safe mode and enable hidden files and folders.and uninstalled it.....sorry for the misunderstanding.

I will do the other steps now that you have told me. And I will post the log. You have been so great to help me with this and do not want u to think that I am not taking it seriously. thank you.
the original problem is still happening but will let you know if it improves after your steps.

[CBMatt]

Don't worry, nobody's upset with you.  You just didn't say exactly what you did, so it wasn't clear if you followed the whole post.  And you didn't misunderstand me about ComboFix.  However, after further consideration, I still think you should give it a try because I think it could prove to be useful.  We just want to make sure you're being thorough, that's all.  You're still okay with us.  Ha.

ComboFix may not help fix the problem, but it might help us determine what the problem is.

[melsonly]

Should have been clearer...it was late here and I couldn't type anymore ha ha..
I will do the combofix tonight and let you know....I have done everything u told me... ....thanks mate..

[CBMatt]

Understandable.  When you're ready with a log, I'll gladly take a look at it.

[patio]

And i wasn't upset with you...coming across as stern is my normal mode.

Maybe i need a softer keyboard. I hear they have gel-filled ones now....

 

[CBMatt]

patio's like a bug: hard on the outside...squishy and soft on the inside.

[melsonly]

not sure that I would like to be compared to a bug hahha.... Just glad all is well...
I ran the combofix.. this is the log hope it makes sense to you, I could read it upside down and it couldnt make less sense....

"User" - 2007-06-06 23:03:19    Service Pack 1  NTFS 
ComboFix 07-06-3B - Running from: "C:\Documents and Settings\User\Desktop\"


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\winupdates
C:\WINDOWS\b.exe
C:\WINDOWS\system32\info.txt


(((((((((((((((((((((((((   Files Created from 2007-05-06 to 2007-06-06  )))))))))))))))))))))))))))))))


2007-06-04 05:31   <DIR>   d--------   C:\DOCUME~1\User\APPLIC~1\Lavasoft
2007-06-03 22:48   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-03 22:45   3,968   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-03 22:39   446,464   --a------   C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-02 00:30   <DIR>   d--------   C:\Program Files\CCleaner


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-04 09:58:15   --------   d-----w   C:\Program Files\ErrorKiller
2007-06-03 13:34:32   --------   d-----w   C:\Program Files\Common Files\Companion Wizard
2007-06-03 12:48:06   --------   d-----w   C:\Program Files\Lavasoft
2007-06-01 23:13:52   --------   d-----w   C:\Program Files\Google
2007-06-01 22:55:07   --------   d-----w   C:\Program Files\MSN Games
2004-11-09 10:20:29   56   --sh--r   C:\WINDOWS\system32\EB051588A6.sys
2004-11-11 01:16:38   848   --sha-w   C:\WINDOWS\system32\KGyGaAvL.sys


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 17:34 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 21:10]
"PowerMenu"="%systemroot%\system32\powermenu.exe" []
"LWBMOUSE"="C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE" [2001-11-09 16:47]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00]
"NOMAD Detector"="C:\Program Files\Creative\NOMAD Jukebox 3\PlayCenter2\CTNMRUN.EXE" [2002-06-26 13:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-10 17:35]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 17:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 16:59]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 08:36]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-03 22:45]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 22:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NOMAD Detector"="C:\Program Files\Creative\NOMAD Jukebox 3\PlayCenter2\CTNMRUN.EXE" [2002-06-26 13:16]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-01-14 07:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoSaveSettings"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-29 00:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-06-03 09:44:03  C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-04 17:00:00  C:\WINDOWS\tasks\Disk Cleanup.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-06 23:03:57
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???p???w^?s??>?wH ?w????w*??w4???U??w4????D8?s4???.?&2??\\??H?s.???3:?w.?T?w?U?w\\`???C@?\\???s.\???s\?&2?d??s?&2??C@?x???sx?;?w\??@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-06 23:04:31
C:\ComboFix-quarantined-files.txt ... 2007-06-06 23:04

   --- E O F ---

Still have to update anti virus..will do in morning and let you know if that helps...

can say thanks enough ... you are a champion!!!!! thanks

[CBMatt]

There isn't really anything sticking out that might be creating this problem.  It did get rid of a couple of baddies, though.  Have you noticed any changes?  Run CCleaner and make sure it cleans out your Temporary Internet Files.  As soon as possible, you need to update your protection and try another scan.

Also, go to VirusTotal and scan the following file:
C:\WINDOWS\system32\EB051588A6.sys
Post the results here.

Keep in mind that your Windows is out-of-date.  There's a slight possibility that updating it could be helpful.  However, I'm reluctant to have you do that yet because installing SP2 on a problematic machine can create more problems.

[melsonly]

I have noticed that it is running alot quicker.. but original problem is still here.. but I guess that may be because my Windows is out of date...Which is something I had no clue about .. not the first thing I missed it seems....
I will update virus protection now and scan.. this is log from Virus total...

STATUS: FINISHEDComplete scanning result of "EB051588A6.sys", received in VirusTotal at 06.06.2007, 22:19:18 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.31.2 06.05.2007  no virus found
AntiVir 7.4.0.32 06.06.2007  no virus found
Authentium 4.93.8 05.23.2007  no virus found
Avast 4.7.997.0 06.06.2007  no virus found
AVG 7.5.0.467 06.06.2007  no virus found
BitDefender 7.2 06.06.2007  no virus found
CAT-QuickHeal 9.00 06.06.2007  no virus found
ClamAV devel-20070416 06.06.2007  no virus found
DrWeb 4.33 06.06.2007  no virus found
eSafe 7.0.15.0 06.06.2007  no virus found
eTrust-Vet 30.7.3696 06.06.2007  no virus found
Ewido 4.0 06.06.2007  no virus found
FileAdvisor 1 06.06.2007  no virus found
Fortinet 2.85.0.0 06.06.2007  no virus found
F-Prot 4.3.2.48 06.06.2007  no virus found
F-Secure 6.70.13030.0 06.06.2007  no virus found
Ikarus T3.1.1.8 06.06.2007  no virus found
Kaspersky 4.0.2.24 06.06.2007  no virus found
McAfee 5047 06.06.2007  no virus found
Microsoft 1.2503 06.06.2007  no virus found
NOD32v2 2313 06.06.2007  no virus found
Norman 5.80.02 06.06.2007  no virus found
Panda 9.0.0.4 06.06.2007  no virus found
Prevx1 V2 06.06.2007  no virus found
Sophos 4.18.0 06.01.2007  no virus found
Sunbelt 2.2.907.0 06.04.2007  no virus found
Symantec 10 06.06.2007  no virus found
TheHacker 6.1.6.130 06.06.2007  no virus found
VBA32 3.12.0 06.06.2007  no virus found
VirusBuster 4.3.23:9 06.06.2007  no virus found
Webwasher-Gateway 6.0.1 06.06.2007 no virus found


Aditional Information
File size: 56 bytes
MD5: b73df1aa8a992e09399cb6ba98d43fdb
SHA1: 35ca027061fb642749b43959ccd6533dc511b6a 8

thanks Chris..

[CBMatt]

Thanks for the log.  VirusTotal isn't always 100% accurate, but it's usually reliable.  Upting Windows could possibly help, however it might not help at all.  It could even complicate things further.  It's hard to say at this point.  If you do decide to take the plunge, you might want to backup all of your important data first.

[melsonly]

hi Chris, I updated the Anti-Virus  seems I have a few issues. not sure if I am meant to leave them in the virus vault or delete them, was unable to post this log. With the windows update I am not sure about what to do..you seem doubtful and that makes me very worried..I am so thankful for helping me get rid of that huge problem...

[CBMatt]

You can delete the found infections if you'd like, but it should be safe to leave them in the virus vault.  Infections are renamed and deactivated when placed in there.  What you do with them is your choice.  After having done these scans, are there any improvements at all in regards to your problem?

Also, I'm wondering if you still have problems with another browser such as Firefox?

The reason why I'm reluctant to have you install SP2 is: if you install it on an infected machine, it may cause problems during the installation process, so it's always best to get all problems worked out first.  However, I have my doubts about your problem being related to an infection, and there's a possibility that SP2 could solve your problem.

But before taking any steps towards that, I would like you to check out the two links below...
http://www.theeldergeek.com/repair_ie6.htm
http://www.theeldergeek.com/repair_reinstall_ie_and_oe_6.htm

Please note that some of the listed steps require an official Windows XP CD.

[patio]

Why would your Windows be out of date ? ?

This may be the root of the problem...

[melsonly]

ok, I think that you are asking the wrong person. I had no idea windows ran out of date and why it has I have no idea....my lack of knowledge seems clearer then ever now ...

Chris as for your question, it has not changed my original problem, but my computer in general is so much better. I have never tried a different browser, do you suggest I give that a try?

As for the-
But before taking any steps towards that, I would like you to check out the two links below...
http://www.theeldergeek.com/repair_ie6.htm
http://www.theeldergeek.com/repair_reinstall_ie_and_oe_6.htm

Please note that some of the listed steps require an official Windows XP CD.

I have not yet been able to do these steps, I have been away. Will get it done tomorrow and let you know...cheers