Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WinAntiSpyware 2005 / SurfAccuracy [CLOSED]


  • This topic is locked This topic is locked

#1
kansberr

kansberr

    New Member

  • Member
  • Pip
  • 1 posts
Here is my HijackThis log. Would like to have WinAntiSpyware 2005, SurfAccuracy and any other spyware/adware files removed from system :tazz: .

Logfile of HijackThis v1.99.1
Scan saved at 9:03:35 AM, on 9/8/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~2\Avsynmgr.exe
d:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
c:\winnt\system32\domtimec.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~2\VsStat.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~2\Vshwin32.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\COMMON~1\NETWOR~1\McShield\Mcshield.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~2\Avconsol.exe
C:\WINNT\system32\DACONFIG.EXE
C:\Program Files\SurfAccuracy\SAcc.exe
C:\WINNT\system32\wuaepl40.exe
C:\Program Files\WinAntiSpyware 2005\was5.exe
C:\Program Files\Bxctqs\Nyyyeqp.exe
D:\Program Files\Microsoft Office\Office\Findfast.exe
D:\Program Files\Microsoft Office\Office\Osa.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\TEMP\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape...nsearch200.html
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -on
O4 - HKLM\..\Run: [DACONFIGEXE] DACONFIG.EXE R
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [s79O35g] wuaepl40.exe
O4 - HKLM\..\Run: [WinAntiSpyware 2005] C:\Program Files\WinAntiSpyware 2005\was5.exe
O4 - HKLM\..\Run: [Enknofp] C:\Program Files\Bxctqs\Nyyyeqp.exe
O4 - Global Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O13 - WWW. Prefix: http://
O16 - DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18} (Oracle JInitiator 1.1.8.18) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122581022058
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ctlaerospace.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CE8C589-31A0-47DE-B178-C91A33BF28F2}: Domain = ctlaerospace.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CE8C589-31A0-47DE-B178-C91A33BF28F2}: NameServer = 216.68.1.100,216.68.2.100
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ctlaerospace.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CE8C589-31A0-47DE-B178-C91A33BF28F2}: Domain = ctlaerospace.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CE8C589-31A0-47DE-B178-C91A33BF28F2}: NameServer = 216.68.1.100,216.68.2.100
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ctlaerospace.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CE8C589-31A0-47DE-B178-C91A33BF28F2}: Domain = ctlaerospace.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CE8C589-31A0-47DE-B178-C91A33BF28F2}: NameServer = 216.68.1.100,216.68.2.100
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\PROGRA~1\NETWOR~1\VIRUSS~2\Avsynmgr.exe
O23 - Service: Backup Exec Remote Agent for Windows NT/2000 (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - d:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Domain Time Client - Greyware Automation Products
Web: http://www.greyware.com
FTP: ftp://ftp.greyware.com
Email: techsupport@greyware.com
Phone: 972-867-2794 - c:\winnt\system32\domtimec.exe
O23 - Service: IBM Nodelock License Server (IBM LUM NDL) - IBM - C:\IFOR\WIN\BIN\I4LLMD.EXE
O23 - Service: McShield - Network Associates, Inc. - C:\PROGRA~1\COMMON~1\NETWOR~1\McShield\Mcshield.exe
O23 - Service: OracleClientCache80 - Unknown owner - D:\orant\BIN\ONRSD80.EXE
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

I apologize for the delay getting to your log, the helpers here are very busy.
You are currently using hijackthis from a temp directory. This can cause problems. Please create a directory on your c: drive called c:\hijackthis and download and unzip hijackthis into that directory. Run the program from that directory from now on. It is essential that you follow these steps or certain important features of the program will not function correctly.

Once you have Hijackthis is a permanent folder, run Hijackthis. Click on "Open the Misc Tools section". Next click on "Open uninstall manager".
Press the button 'save list'. It will open a Notepad file. Place the content of that file here in your in your next post.
  • 0

#3
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP