« previous next »
Pages: [1]

Author Topic: "NavExcel Search Toolbar" Program  (Read 3842 times)

Guest_Bandane

  • Guest
"NavExcel Search Toolbar" Program
« on: January 07, 2005, 03:43:57 PM »
Hi all. First post here. Running WinXP Pro OS. I ran "PestPatrol" yesterday and it found "NavExcel" highjacker program. Opted for PestPatrol to delete it. Later, ran 2nd. scan, and PestPatrol no longer listed this pest. Great, I thought, PestPatrol was worth the money! WRONG! Cuz when I later checked my "Currently Installed Programs List", I found that "NavExcel Search Toolbar" program was still listed. Selected "remove" button several times, but it just won't come off the list!! Contacted PestPatrol "help desk", but they had no good suggestions as to how to remove. Said it was just a "cosmetic" problem, that program was really gone, and not to worry about it. Me, I "worry" about this kind of "cosmetic" problem! If the program isn't on my machine, then it shouldn't show up on my "Installed Programs" list!! Anyway, I need help on how to get this corrected. Below is my "HijackThis Logfile". I can see several "NavExcel" items, but before I do the check-for-removal thing, I would like an expert's opinion on what to do. Thanks!!

Logfile of HijackThis v1.99.0
Scan saved at 1:02:22 PM, on 1/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.isp.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysearch.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/...r/axscanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DF72003-3911-4735-89BF-A079B4DF8C3A}: NameServer = 68.13.16.30,68.13.16.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDF409DC-2F90-4D9D-A280-33EB6CF330F4}: NameServer = 68.13.16.30,68.12.16.30
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = om.cox.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = om.cox.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = om.cox.net
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
Logged

Offline Bandane

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
"NavExcel Search Toolbar" Program
« Reply #1 on: January 07, 2005, 03:58:02 PM »
I'm not a "Guest". Just forgot to log in before sending my post. Sorry.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
"NavExcel Search Toolbar" Program
« Reply #2 on: January 07, 2005, 09:55:03 PM »
Let's try this

Download and save to desktop the Standalone Version of CWSHREDDER

Close down all browser windows, Open CWShredder and click only the FIX button
Let it FIX all problems and then RESTART your computer

Back in Windows

Access your Add/Remove programs and remove if found
NavHelper if you can

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysearch.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
YES and exit Hijackthis

RESTART your computer

Don't open a browser yet, instead access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

Find and delete this folder if it exists
C:\Program Files\NavExcel Search Toolbar <--this folder

Do a DiskCleanup>>START----Run---type in cleanmgr
Hit OK
Ensure that Temp and Temporary Internet Files are checked


Download and Install the free version of Ad-Aware SE Personal 1.05
Ensure you have this version
Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates

Perform a Full system scan--"Uncheck Search for Negligible Risk Entries" before scanning
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer again to finish the cleaning process

Post back with a fresh hijackthis log and let me know if your problems are resolved
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Bandane

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
"NavExcel Search Toolbar" Program
« Reply #3 on: January 08, 2005, 11:22:34 AM »
Hi guestolo. Thanks for your response! Okay, I followed your recomendations EXACTLY! 1.)Downloaded CWShredder and it found and fixed a couple of items. Restarted computer. 2.) Checked ADD/REMOVE PROGRAMS list. NavHelper was not, or never was in my programs list, but NavExcel Search Toolbar, my originally reported problem "cosmetic only" program was still on the list. 3.) Did another scan with HijackThis. Put a check next to items you indicated, except your second R1 item, which was not listed on the new scan. Closed all windows and clicked "Fix Checked". Then exited HijackThis. Restarted computer. 4.) Performed Control Panel operations as instructed. 5.) Checked for C:\Program Files\NavExcel Search Toolbar folder with Windows Explorer--was not listed (and wasn't at time of my initial post). 6.)Ran Cleanmgr as instructed. 7.) Installed Ad-Aware, checked for updates (got a few), unchecked "search for negligble risk entries". ran full system scan-one "bug" found and deleted. 8.) Restarted computer. Checked ADD/REMOVE PROGRAMS list--NavExcel Search Toolbar was still listed. 9.) Ran a fresh HijackThis scan. (Log is posted below.) Please hang in there and help me get rid of this "cosmetic" problem!! Thank you very much!!

Logfile of HijackThis v1.99.0
Scan saved at 8:45:28 AM, on 1/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.isp.com
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/...r/axscanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DF72003-3911-4735-89BF-A079B4DF8C3A}: NameServer = 68.13.16.30,68.13.16.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDF409DC-2F90-4D9D-A280-33EB6CF330F4}: NameServer = 68.13.16.30,68.12.16.30
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = om.cox.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = om.cox.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = om.cox.net
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
"NavExcel Search Toolbar" Program
« Reply #4 on: January 08, 2005, 02:09:14 PM »
No worries, you have a couple of choices. At this point it does sound as it is just cosmetic.

You can simply edit the registry, if your comfortable with this
Go to START>>RUN>>Type in regedit
and hit OK

Your looking for this key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

You will expand each entry
+HKEY_LOCAL_MACHINE
+SOFTWARE
+Microsoft
+Windows
+CurrentVersion
+Uninstall

Still on the left hand side you will see some long stringed entries
As an example they will look like this
{43FCA273-9534-40DB-B7C5-D7758875616A}
The entry your looking to delete will be similiar too, but Not exactly the same as the
example

Left click to highlight each one
Look to the right at the "Display Name"
When you find the one that displays
NavExcel Search Toolbar

Right click on the long stringed entry and choose EXPORT
Name it and save it to a folder, this is just for backup reasons...
Then again Right click on the long stringed entry, and choose Delete

A prompt will ask you if you want to delete this key and it's subkeys
Click YES
Exit out of the Registry editor

The entry in your Add/Remove Programs should be gone

If your uncomfortable editing the Registry
I prefer this small utility
RegSeeker 1.35 >>> http://www.hoverdesk.net/freeware.htm

After installation simply Open Regseeker and look under INSTALLED APPLICATIONS
Left click to highlight NavExcel Search Toolbar
Right click on it and Delete selected item

Hope this helps http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Bandane

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
"NavExcel Search Toolbar" Program
« Reply #5 on: January 08, 2005, 03:11:43 PM »
Tried RegSeeker program. It couldn't delete/remove the program either. So, I went the regedit route (first time to use--scarry!). Followed your instructions but none of the long strings were for NavExcel Search Toolbar! I just happened to scroll further down the list, and BINGO, there it was! I highlighted it and selected delete. BINGO again, it disappeared from the regedit list! I went to the control panel and looked at Installed Programs List and BINGO yet again, it was no longer on my list!!!!!!! Thank you! Thank you! My mind can rest easy now! Did I say THANK YOU!!!?
Logged

Filip

  • Guest
"NavExcel Search Toolbar" Program
« Reply #6 on: March 23, 2005, 08:19:16 PM »
To Bandane:

My quest to get rid of NavExcel Toolbar ended today.

What should you do?
Here's the answer:

No matter if you're an experienced user or not... just pay attention not to delete anything you're not sure about when working in your pc's registry.

1) browse to this page

    http://www.scanspyware.net/info/NavExcel.htm

    Scroll to the 2nd part of the page where you'll find the chapter:
    "Manual detection and removal of NavExcel"
   
     --> you will find here all the keys/values/directories/files/etc. that
           you will need to manually look for on your PC using the Register
           Editor in Windows XP

2) how to start the register editor ?

     --> go to Start < Run      ... and type:
     --> regedit
     enter
 
3) how to use the register editor for this operation from this point    
    onwards?

    There are 3 actions that you will need to perform per item that
    is listed on the webpage I mentionned above in bold.

                           
        A) you will need to copy the item
               
                (for eg.:  v2.0.4, or NavHelper, or NHUpdater.exe, etc....)
                --> highlight the text on the website, and use CTRL+C to
                      copy quickly

        http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' /> you will then need to go to the registry editor

                (it's handy to have only the webpage open and your registry
                editor, then you can use ALT+TAB to quickly switch between
                screens)


                           scan your registry
        C) in the registry editor use CTRL+F to open een find window,
            and paste the item (CTRL+P) ... enter
 
            --> if it's in your registry, the register editor will find it, and
                  show you it's location...

                            [/B]delete the registry items
        D) if indeed the registry editor matches in its search one of the
            NavExcel files/folders/directories/keys/values listed , always
            double-check if this is the file you where looking for..
 
             if YES: delete it as if you would delete a file or folder on your
                        computer. Simply select it and press delete + confirm
                        you really want to delete it.
                        NOTE: if you found a match for your search and you've
                                  deleted the result, press F3 to re-do the same
                                  search to check if there's not a "copycat" left
                                  behind

             if there's no result, ... continue with the remaining items, until
             you finish the list for Directories/Files/Registry Keys/Registry
             Values mentionned on the webpage
                         NOTE: there are navigation bars to scroll down on the
                                   especially for Directories/Files/Registry Keys

             if you doubt you're result is "your match" don't touch it, and
             leave it as it is. You should be able to recognise clearly it's the
             the same description as what you are looking for.

YOU WILL NEED TO CHECK OFF THE WHOLE LISTE ONE BY ONE in the way mentionned as above, in order to be sure none of NavExcel's components remains on your pc.

Once you've done all this. Restart you're computer.
Go to Start < Configuration < Software

===> NavExcel should not appear in the list anymore !!!!

Goodluck.

ps: The quickest way is using shortcuts and systematically working down the list.

CTRL + C = copy
CTRL + P = past
CTRL + F = find
ALT + TAB = switch between programs

... it should not take you longer than 1-2 hours to perform all the actions ; just remember... how long you already are waiting to get rid of NavExcel. The end is in sight...


                 

       
       




     --> per item mentionned for manual detection and removal
           on the page I mentionned above in bold, you will need to:
     
           A) copy the item (copy the text from the website)
           http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' /> go to the register editor and use CTRL+F
                --> a "find" window will open in registor editor
                --> paste your "detect and delete" item in here, and enter
           C) if your search matches your item, registor editor will show you
                where to find the file/folder/directory/value/key

           !!) if you've located what you've looked for, you can delete it
               after you've double-checked indead it is the same "thing"

           D) simply delete the search result like you would delete a file
               or folder (highlight --> delete --> co
nfirm deletion)
Logged

Guest_Ace_*

  • Guest
"NavExcel Search Toolbar" Program
« Reply #7 on: March 30, 2005, 05:00:49 AM »
yayayayaya ty ty ty
Logged
Pages: [1]
« previous next »