Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Too Many Pop-ups!

Started by desirant , Jan 20 2007 03:16 PM

  • This topic is locked This topic is locked

#1
desirant
Posted 20 January 2007 - 03:16 PM

desirant

    New Member

  • Member
  • Pip
  • 6 posts
I can't seem to get rid of all of these pop-ups. I'm not sure what all you need from me. Let me know if you need anything else. Thank you so much!

Logfile of HijackThis v1.99.1
Scan saved at 1:13:01 PM, on 1/20/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\msdtc.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
D:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
D:\WINDOWS\WmVuYSBEb2hlcnR5\command.exe
D:\WINDOWS\system32\Dfssvc.exe
D:\WINDOWS\System32\dns.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Kaseya\Agent\AgentMon.exe
D:\WINDOWS\System32\llssrv.exe
d:\program files\harms\millennium backup\harmssoftware.millennium.backup.exe
d:\program files\harms\millennium.mail\harmssoftware.millennium.mail.exe
D:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
D:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
D:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe
D:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe
D:\WINDOWS\system32\ntfrs.exe
D:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\sbscrexe.exe
C:\Program Files\Trend\Smex\InstMon.exe
D:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\DbServer.exe
D:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\NSAgent.exe
D:\WINDOWS\System32\wins.exe
D:\Program Files\Exchsrvr\bin\mad.exe
C:\Program Files\Trend\Smex\RMonitor.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Trend\Smex\InstRTS.exe
C:\Program Files\Trend\Smex\SmexVS.exe
D:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE
D:\Program Files\Exchsrvr\bin\emsmta.exe
C:\Program Files\Trend\Smex\SMEXMA.exe
C:\Program Files\Trend\Smex\WebRoot\InstWeb.exe
C:\Program Files\Trend\Smex\WebRoot\SmexHS.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\Trend\SMCF\cm_smex.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
d:\windows\system32\inetsrv\w3wp.exe
D:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
D:\Program Files\LogMeIn\LogMeInSystray.exe
D:\Program Files\Kaseya\Agent\KaUsrTsk.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
D:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
D:\Program Files\Atomic Clock Sync\Atomic.exe
D:\Program Files\Ipwindows\ipwins.exe
D:\PROGRA~1\MI3AA1~1\wcescomm.exe
D:\PROGRA~1\CURITY~1\nopdb.exe
D:\Documents and Settings\Administrator\Application Data\?dobe\winspool.exe
D:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
D:\Program Files\Microsoft ActiveSync\WCESMgr.exe
D:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\HARMS\Millennium Workstation\Millennium.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Documents and Settings\Administrator\Desktop\Sterling Utilities\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "D:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Kaseya Agent Service Helper] D:\Program Files\Kaseya\Agent\KaUsrTsk.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [VxTaskbarMgr] D:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKLM\..\Run: [IpWins] D:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [Atomic.exe] D:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [Ater] "D:\PROGRA~1\CURITY~1\nopdb.exe" -vt yazr
O4 - HKCU\..\Run: [Efgwmwvn] D:\Documents and Settings\Administrator\Application Data\?dobe\winspool.exe
O4 - Startup: Server Management.lnk = ?
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = D:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Service Manager.lnk = D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {0638383F-68BF-4F95-B2A7-EB2B3FBCAE14} (AtxSmexInst Control) - https://server.desir...AtxSmexInst.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://server.desir...html/AtxEnc.cab
O16 - DPF: {69B502DF-D12F-4FD7-9892-D8DFA2D96474} (OfficeScan Management Console) - https://server.desir.../AtxConsole.cab
O16 - DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} (PieChart Class) - https://server.desir...html/AtxPie.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Desirant.local
O17 - HKLM\Software\..\Telephony: DomainName = Desirant.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Desirant.local
O20 - Winlogon Notify: dimsntfy - D:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: LMIinit - D:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: PCANotify - D:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - Symantec Corporation - D:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - D:\Program Files\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - D:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - D:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - D:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Command Service (cmdService) - Unknown owner - D:\WINDOWS\WmVuYSBEb2hlcnR5\command.exe (file missing)
O23 - Service: Kaseya Agent (KaseyaAgent) - Unknown owner - D:\Program Files\Kaseya\Agent\AgentMon.exe" -s (file missing)
O23 - Service: Millennium Backup - Harms Software, Inc. - d:\program files\harms\millennium backup\harmssoftware.millennium.backup.exe
O23 - Service: Millennium.Mail - Harms Software, Inc. - d:\program files\harms\millennium.mail\harmssoftware.millennium.mail.exe
O23 - Service: Network Monitor - Unknown owner - D:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - D:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScan Master Service (ofcservice) - Trend Micro Inc. - D:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScanMail_MailAction - Trend Micro Inc. - C:\Program Files\Trend\Smex\SMEXMA.exe
O23 - Service: ScanMail_Monitor - Trend Micro Inc. - C:\Program Files\Trend\Smex\InstMon.exe
O23 - Service: ScanMail_RealTimeScan - Trend Micro Inc. - C:\Program Files\Trend\Smex\InstRTS.exe
O23 - Service: ScanMail_Web - Trend Micro Inc. - C:\Program Files\Trend\Smex\WebRoot\InstWeb.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - D:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - D:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  • 0

Advertisements

#2
desirant
Posted 20 January 2007 - 04:54 PM

desirant

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here is my SuperAntispyware Scan Log...

File threats detected : 165

Adware.Adservs
D:\WINDOWS\WMVUYSBEB2HLCNR5\ASAPPSRV.DLL
D:\WINDOWS\WMVUYSBEB2HLCNR5\ASAPPSRV.DLL
D:\WINDOWS\system32\atmtd.dll
D:\WINDOWS\system32\atmtd.dll._

Adware.IPWins
D:\PROGRAM FILES\IPWINDOWS\IPWINS.EXE
D:\PROGRAM FILES\IPWINDOWS\IPWINS.EXE
[IpWins] D:\PROGRAM FILES\IPWINDOWS\IPWINS.EXE
HKU\S-1-5-21-1970956990-375256604-4240838389-500\Software\IpWins
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins#UninstallString
D:\Program Files\ipwindows\ipwins.dll
D:\Program Files\ipwindows\pop1032.tmp
D:\Program Files\ipwindows\Uninst.exe
D:\Program Files\ipwindows
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#IpWins [ D:\Program Files\Ipwindows\ipwins.exe ]

Adware.ClickSpring-Variant
D:\PROGRA~1\CURITY~1\NOPDB.EXE
D:\PROGRA~1\CURITY~1\NOPDB.EXE

Adware.ClickSpring/Resident
D:\DOCUME~1\ADMINI~1\APPLIC~1\DOBE~1\winspool.exe
D:\DOCUME~1\ADMINI~1\APPLIC~1\DOBE~1\winspool.exe

Adware.ClickSpring
[Ater] D:\PROGRA~1\CURITY~1\NOPDB.EXE

Adware.Tracking Cookie
D:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@maxserving[2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@roiservice[1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@superstats[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@valueclick[1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@74613876[1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@valueclick[2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@admarketplace[1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@revsci[1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@dealtime[1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@LPBofA1[2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@44153975[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@optimost[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@oddcast[1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@87971403[2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@spylog[2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@fluencymedia[1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@linksynergy[2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@atwola[2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@nextag[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@interclick[2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@79430329[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@ad[2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@belnk[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@partner2profit[2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@9551721[2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@html[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@1072704870[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@dynamicsitestats[2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@tripod[1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@1071053577[2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@adinterax[2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@bizrate[2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@hitbox[1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@23702433[1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@azjmp[1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@43836137[2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@hotlog[1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@findwhat[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@smileycentral[2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@adlegend[1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@rambler[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@adserver[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@6229559[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@69359571[2].txt
D:\Documents and Settings\Administrator\Cookies\administrator@spamblockerutility[1].txt
D:\Documents and Settings\Administrator\Cookies\administrator@directtrack[2].txt

Adware.180solutions/Search Assistant
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib#Version
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib#Version

Spyware.WebSearch (WinTools/Huntbar)
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#DeviceDesc

Adware.Avenue Media/Internet Optimizer
HKU\S-1-5-21-1970956990-375256604-4240838389-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\AMeOpt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\AMeOpt

Trojan.NetMon/DNSChange
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Type
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Start
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control#ActiveService
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#Contact
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRemove
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#UninstallString
D:\Program Files\Network Monitor

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Type
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Start
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#NextInstance
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#Contact
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRemove
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#UninstallString
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000\Control#ActiveService

Adware.TargetSavers
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA#UninstallString

Adware.Starware
D:\Program Files\Starware\bin\Starware.dll
D:\Program Files\Starware\bin
D:\Program Files\Starware\brand.bmp
D:\Program Files\Starware\contexts\error.xml
D:\Program Files\Starware\contexts\Related.xml
D:\Program Files\Starware\contexts\Travel.xml
D:\Program Files\Starware\contexts
D:\Program Files\Starware\icons\star_16.ico
D:\Program Files\Starware\icons
D:\Program Files\Starware\Setup.exe
D:\Program Files\Starware\StarwareConfig.xml
D:\Program Files\Starware\xml
D:\Program Files\Starware
HKU\S-1-5-21-1970956990-375256604-4240838389-500\Software\Starware

Adware.Toolbar888
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0\win32
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\FLAGS
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\HELPDIR
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version

Adware.ClickSpring/Yazzle
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString
HKLM\Software\Cowabanga
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cowabanga
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cowabanga#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cowabanga#UninstallString
D:\Program Files\Cowabanga\Cowabanga.exe
D:\Program Files\Cowabanga\License.txt
D:\Program Files\Cowabanga\uninstaller.exe
D:\Program Files\Cowabanga

Adware.ClickSpring/Outer Info Network
D:\Program Files\Outerinfo\OiUninstaller.exe
D:\Program Files\Outerinfo\outerinfo.ico
D:\Program Files\Outerinfo\Terms.rtf
D:\Program Files\Outerinfo
D:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo\Terms.lnk
D:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo\Uninstall.lnk
D:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo
  • 0

#3
Tigger93
Posted 20 January 2007 - 05:00 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hi and welcome. :whistling:

1. Download ComboFix.exe using either of these links:

BleepingComputer

Techsupportforum.com

2. Double click on combofix.exe & follow the prompts to allow the tool to run.

3. When it has finished, it will produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
  • 0

#4
desirant
Posted 21 January 2007 - 12:27 PM

desirant

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I tried to run combofix but it gave me an error message: 'Unsupported Operating System'. What does this mean and what should I do about it?
  • 0

#5
Tigger93
Posted 21 January 2007 - 12:57 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Sorry, I didn't know the tool won't run on Windows 2003, we'll have to go about this other ways.

Open Notepad and copy and paste in the following:

sc stop cmdService
sc stop "Network Monitor"
sc delete cmdService
sc delete "Network Monitor"
rmdir /q "D:\WINDOWS\WmVuYSBEb2hlcnR5\"
del fixit.bat


Save it as fixit.bat to the desktop and double-click on it to run it. A black screen may popup quickly the disappear. This is normal.

1. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
2. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

3. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Restart your computer and post a new HJT log please. :whistling:
  • 0

#6
desirant
Posted 21 January 2007 - 03:02 PM

desirant

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:00:27 PM, on 1/21/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
D:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
D:\WINDOWS\system32\Dfssvc.exe
D:\WINDOWS\System32\dns.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Kaseya\Agent\AgentMon.exe
d:\program files\harms\millennium backup\harmssoftware.millennium.backup.exe
D:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
D:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
D:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe
D:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe
D:\WINDOWS\system32\ntfrs.exe
D:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\DbServer.exe
D:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\NSAgent.exe
C:\Program Files\Trend\Smex\InstMon.exe
D:\WINDOWS\System32\wins.exe
D:\Program Files\Exchsrvr\bin\exmgmt.exe
D:\Program Files\Exchsrvr\bin\mad.exe
C:\Program Files\Trend\Smex\RMonitor.exe
D:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Exchsrvr\bin\store.exe
D:\Program Files\Exchsrvr\bin\emsmta.exe
C:\Program Files\Trend\Smex\InstRTS.exe
C:\Program Files\Trend\Smex\SmexVS.exe
C:\Program Files\Trend\Smex\SMEXMA.exe
C:\Program Files\Trend\Smex\WebRoot\InstWeb.exe
C:\Program Files\Trend\Smex\WebRoot\SmexHS.exe
d:\windows\system32\inetsrv\w3wp.exe
D:\Program Files\Exchsrvr\bin\events.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\LogMeIn\LogMeInSystray.exe
D:\Program Files\Kaseya\Agent\KaUsrTsk.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
D:\Program Files\Atomic Clock Sync\Atomic.exe
D:\PROGRA~1\MI3AA1~1\wcescomm.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Microsoft ActiveSync\WCESMgr.exe
D:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
D:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
D:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
D:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\Program Files\Trend Micro\OfficeScan Client\PCCNTMON.EXE
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\WINDOWS\system32\dllhost.exe
D:\Program Files\HARMS\Millennium Workstation\Millennium.exe
D:\Documents and Settings\Administrator\Desktop\Sterling Utilities\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "D:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Kaseya Agent Service Helper] D:\Program Files\Kaseya\Agent\KaUsrTsk.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [VxTaskbarMgr] D:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKLM\..\Run: [Atomic.exe] D:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [Efgwmwvn] D:\Documents and Settings\Administrator\Application Data\?dobe\winspool.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Server Management.lnk = ?
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = D:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Service Manager.lnk = D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {0638383F-68BF-4F95-B2A7-EB2B3FBCAE14} (AtxSmexInst Control) - https://server.desir...AtxSmexInst.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://server.desir...html/AtxEnc.cab
O16 - DPF: {69B502DF-D12F-4FD7-9892-D8DFA2D96474} (OfficeScan Management Console) - https://server.desir.../AtxConsole.cab
O16 - DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} (PieChart Class) - https://server.desir...html/AtxPie.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Desirant.local
O17 - HKLM\Software\..\Telephony: DomainName = Desirant.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Desirant.local
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - D:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: LMIinit - D:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: PCANotify - D:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - Symantec Corporation - D:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - D:\Program Files\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - D:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - D:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - D:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Kaseya Agent (KaseyaAgent) - Unknown owner - D:\Program Files\Kaseya\Agent\AgentMon.exe" -s (file missing)
O23 - Service: Millennium Backup - Harms Software, Inc. - d:\program files\harms\millennium backup\harmssoftware.millennium.backup.exe
O23 - Service: Millennium.Mail - Harms Software, Inc. - d:\program files\harms\millennium.mail\harmssoftware.millennium.mail.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - D:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScan Master Service (ofcservice) - Trend Micro Inc. - D:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScanMail_MailAction - Trend Micro Inc. - C:\Program Files\Trend\Smex\SMEXMA.exe
O23 - Service: ScanMail_Monitor - Trend Micro Inc. - C:\Program Files\Trend\Smex\InstMon.exe
O23 - Service: ScanMail_RealTimeScan - Trend Micro Inc. - C:\Program Files\Trend\Smex\InstRTS.exe
O23 - Service: ScanMail_Web - Trend Micro Inc. - C:\Program Files\Trend\Smex\WebRoot\InstWeb.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - D:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - D:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  • 0

#7
Tigger93
Posted 21 January 2007 - 06:24 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hi again.

Open HiJackThis and put a check next to this:
O4 - HKCU\..\Run: [Efgwmwvn] D:\Documents and Settings\Administrator\Application Data\?dobe\winspool.exe

Close all windows and click "Fix Checked".

Find and delete this file:
D:\Documents and Settings\Administrator\Application Data\?dobe\ <- The "?" may be any character, delete it, as long as it doesn't start with "a".

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Restart your computer and post a new HJT log please and the Uninstall list. :whistling:
  • 0

#8
desirant
Posted 21 January 2007 - 06:42 PM

desirant

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 5.0
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 6.0.1
APC PowerChute Personal Edition
Atomic Clock Sync
Business Contact Manager for Outlook 2003
Conexant D850 56K V.9x DFVc Modem
CutePDF Writer 2.3
Dell Printer Software Uninstall
HijackThis 1.99.1
Hotfix for Windows Server 2003 (KB909394)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
HP Software Update
Lernout & Hauspie TruVoice American English TTS Engine
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
LogMeIn
LogMeIn
Macromedia Flash Player 8
Microsoft .NET Framework 1.1 -- Device Update 4.0
Microsoft .NET Framework 2.0
Microsoft ActiveSync 4.0
Microsoft Data Access Components KB870669
Microsoft Group Policy Management Console
Microsoft Health Monitor 2.1
Microsoft Office Live Meeting 2005
Microsoft Office Small Business Edition 2003
Microsoft Office XP Web Components
Microsoft SQL Server Desktop Engine (BKUPEXEC)
Microsoft SQL Server Desktop Engine (SBSMONITORING)
Microsoft SQL Server Desktop Engine (SHAREPOINT)
Microsoft Windows SharePoint Services 2.0
Millennium 2005 (Conversion)
Millennium 2005 Runtime Update
Millennium 2005 Workstation
Millennium Backup
Millennium mini Server
Millennium Platinum
Millennium Screen Saver
Millennium.Mail
Millennium.Mail Update
Millennium.NET 2005 Update I
Mozilla Firefox (1.0.4)
MSXML 4.0 SP2 Parser and SDK
Outerinfo
QuickBooks Basic 2005
ScanMail for Exchange eManager
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Server 2003 (KB883939)
Security Update for Windows Server 2003 (KB890046)
Security Update for Windows Server 2003 (KB893756)
Security Update for Windows Server 2003 (KB896358)
Security Update for Windows Server 2003 (KB896422)
Security Update for Windows Server 2003 (KB896424)
Security Update for Windows Server 2003 (KB896428)
Security Update for Windows Server 2003 (KB896688)
Security Update for Windows Server 2003 (KB899587)
Security Update for Windows Server 2003 (KB899588)
Security Update for Windows Server 2003 (KB899589)
Security Update for Windows Server 2003 (KB899591)
Security Update for Windows Server 2003 (KB900725)
Security Update for Windows Server 2003 (KB901017)
Security Update for Windows Server 2003 (KB901214)
Security Update for Windows Server 2003 (KB902400)
Security Update for Windows Server 2003 (KB903235)
Security Update for Windows Server 2003 (KB904706)
Security Update for Windows Server 2003 (KB905414)
Security Update for Windows Server 2003 (KB905915)
Security Update for Windows Server 2003 (KB908519)
Security Update for Windows Server 2003 (KB908981)
Security Update for Windows Server 2003 (KB911280)
Security Update for Windows Server 2003 (KB911562)
Security Update for Windows Server 2003 (KB911567)
Security Update for Windows Server 2003 (KB911927)
Security Update for Windows Server 2003 (KB912812)
Security Update for Windows Server 2003 (KB912919)
Security Update for Windows Server 2003 (KB913446)
Security Update for Windows Server 2003 (KB914388)
Security Update for Windows Server 2003 (KB914389)
Security Update for Windows Server 2003 (KB916281)
Security Update for Windows Server 2003 (KB917159)
Security Update for Windows Server 2003 (KB917344)
Security Update for Windows Server 2003 (KB917422)
Security Update for Windows Server 2003 (KB917537)
Security Update for Windows Server 2003 (KB917734)
Security Update for Windows Server 2003 (KB917953)
Security Update for Windows Server 2003 (KB918439)
Security Update for Windows Server 2003 (KB918899)
Security Update for Windows Server 2003 (KB920214)
Security Update for Windows Server 2003 (KB920670)
Security Update for Windows Server 2003 (KB920683)
Security Update for Windows Server 2003 (KB921398)
Security Update for Windows Server 2003 (KB921883)
Security Update for Windows Server 2003 (KB922616)
StarMicronics OPOS POSPrinter Register
SUPERAntiSpyware Free Edition
SuperCharge
SuperCharge Maintenance Pack
Symantec Backup Exec ™ 10d for Windows Servers
Symantec Backup Exec for Windows Servers
Symantec pcAnywhere
Trend Micro Client Server Messaging Suite-SERVER
Trend Micro OfficeScan Client
Trend Micro ScanMail for Microsoft Exchange
Update for Windows Server 2003 (KB896727)
Update for Windows Server 2003 (KB908531)
Update for Windows Server 2003 (KB910437)
VERITAS Update
Windows Defender Signatures
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Server 2003 Hotfix - KB 833407
Windows Server 2003 Service Pack 1
Windows Small Business Server 2003
Yahoo! Toolbar
  • 0

#9
Tigger93
Posted 21 January 2007 - 09:30 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Can you please post a new HJT log?
  • 0

#10
desirant
Posted 22 January 2007 - 10:45 AM

desirant

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Logfile of HijackThis v1.99.1
Scan saved at 8:44:34 AM, on 1/22/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
D:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
D:\WINDOWS\system32\Dfssvc.exe
D:\WINDOWS\System32\dns.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Kaseya\Agent\AgentMon.exe
d:\program files\harms\millennium backup\harmssoftware.millennium.backup.exe
d:\program files\harms\millennium.mail\harmssoftware.millennium.mail.exe
D:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
D:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
D:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe
D:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe
D:\WINDOWS\system32\ntfrs.exe
D:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\DbServer.exe
D:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\NSAgent.exe
C:\Program Files\Trend\Smex\InstMon.exe
D:\WINDOWS\System32\wins.exe
D:\Program Files\Exchsrvr\bin\exmgmt.exe
D:\Program Files\Exchsrvr\bin\mad.exe
D:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend\Smex\RMonitor.exe
D:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE
D:\Program Files\Exchsrvr\bin\store.exe
D:\Program Files\Exchsrvr\bin\emsmta.exe
C:\Program Files\Trend\Smex\InstRTS.exe
C:\Program Files\Trend\Smex\SmexVS.exe
C:\Program Files\Trend\Smex\SMEXMA.exe
C:\Program Files\Trend\Smex\WebRoot\InstWeb.exe
C:\Program Files\Trend\Smex\WebRoot\SmexHS.exe
D:\Program Files\Exchsrvr\bin\events.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\LogMeIn\LogMeInSystray.exe
D:\Program Files\Kaseya\Agent\KaUsrTsk.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
D:\Program Files\Atomic Clock Sync\Atomic.exe
D:\PROGRA~1\MI3AA1~1\wcescomm.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\Program Files\Microsoft ActiveSync\WCESMgr.exe
D:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
D:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
D:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
D:\Program Files\Trend Micro\OfficeScan Client\PCCNTMON.EXE
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\verconn.exe
d:\windows\system32\inetsrv\w3wp.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Administrator\Desktop\Sterling Utilities\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "D:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Kaseya Agent Service Helper] D:\Program Files\Kaseya\Agent\KaUsrTsk.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [VxTaskbarMgr] D:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKLM\..\Run: [Atomic.exe] D:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Server Management.lnk = ?
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = D:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Service Manager.lnk = D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {0638383F-68BF-4F95-B2A7-EB2B3FBCAE14} (AtxSmexInst Control) - https://server.desir...AtxSmexInst.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://server.desir...html/AtxEnc.cab
O16 - DPF: {69B502DF-D12F-4FD7-9892-D8DFA2D96474} (OfficeScan Management Console) - https://server.desir.../AtxConsole.cab
O16 - DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} (PieChart Class) - https://server.desir...html/AtxPie.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Desirant.local
O17 - HKLM\Software\..\Telephony: DomainName = Desirant.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Desirant.local
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - D:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: LMIinit - D:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: PCANotify - D:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - Symantec Corporation - D:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - D:\Program Files\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - D:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - D:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - D:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Kaseya Agent (KaseyaAgent) - Unknown owner - D:\Program Files\Kaseya\Agent\AgentMon.exe" -s (file missing)
O23 - Service: Millennium Backup - Harms Software, Inc. - d:\program files\harms\millennium backup\harmssoftware.millennium.backup.exe
O23 - Service: Millennium.Mail - Harms Software, Inc. - d:\program files\harms\millennium.mail\harmssoftware.millennium.mail.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - D:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScan Master Service (ofcservice) - Trend Micro Inc. - D:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScanMail_MailAction - Trend Micro Inc. - C:\Program Files\Trend\Smex\SMEXMA.exe
O23 - Service: ScanMail_Monitor - Trend Micro Inc. - C:\Program Files\Trend\Smex\InstMon.exe
O23 - Service: ScanMail_RealTimeScan - Trend Micro Inc. - C:\Program Files\Trend\Smex\InstRTS.exe
O23 - Service: ScanMail_Web - Trend Micro Inc. - C:\Program Files\Trend\Smex\WebRoot\InstWeb.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - D:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - D:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  • 0

#11
Tigger93
Posted 22 January 2007 - 04:18 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hi.

Go Start > Control Panel > Add/Remove Programs and uninstall Outerinfo

Find and delete this folder:
C:\Program Files\Outerinfo

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

  • 0

#12
Tigger93
Posted 05 February 2007 - 04:51 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP