1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] HELP WITH GATOR and OFFICE COMPANION REMOVAL

Discussion in 'Virus & Other Malware Removal' started by anlore2001, Apr 1, 2002.

Thread Status:
Not open for further replies.
Advertisement
  1. anlore2001

    anlore2001 Thread Starter

    Joined:
    Sep 6, 2001
    Messages:
    7,131
    First Name:
    Andrew
    Hello all, Here is my problem... My better half decided to download a program that was combined with GATOR and installed it (along with gator)... I have removed GATOR and OFFICE COMPANION with ad-aware however it keeps coming back, There is a folder called SVCSAP that is saying the access is denied and will not let ad-aware remove it. Is there a program out there that would zap this for me or can any of you help me get it off. See my Signature for my computer Specs. Thanks in advance.
     
  2. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    I'm sure you'll be able to delete this folder in Safe Mode.

    However, it would be helpful to see your startups.
    It's advisable to first stop 'malware' from starting up, if that's what it does:

    Go to Start/run, and type Msinfo32, followed by OK.
    Go to Software Environment/Startup Programs.
    Now click Edit/'Select all', and then 'copy'
    Paste the contents in your post.
     
  3. anlore2001

    anlore2001 Thread Starter

    Joined:
    Sep 6, 2001
    Messages:
    7,131
    First Name:
    Andrew
    Tony... Thanks for the response, I tried to delete them in safe mode and it did not allow me to, it still said Access is denied. I attached my startup for you.

    AdaptecDirectCD "c:\program files\adaptec\easy cd creator 5\directcd\directcd.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    AIM c:\progra~1\aim95\aim.exe -cnetwait.odl CN728872-A\Andrew Lorenz HKU\S-1-5-21-284587905-2389969595-2291903390-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    America Online 6.0 Tray Icon c:\progra~1\americ~1.0\aoltray.exe -check All Users Common Startup
    BJCFD c:\program files\broadjump\client foundation\cfd.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Camio Viewer 2000 c:\progra~1\sierra~1\imagee~1\ixapplet.exe -s All Users Common Startup
    Check For Dope Wars Updates check for dope wars updates.lnk CN728872-A\Andrew Lorenz Startup
    ComcastSUPPORT c:\program files\support.com\bin\tgkill.exe /cleaneahtioga /start All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ctfmon.exe c:\windows\system32\ctfmon.exe CN728872-A\Andrew Lorenz HKU\S-1-5-21-284587905-2389969595-2291903390-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    DellTouch c:\windows\dellmmkb.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    DESKTOP desktop.ini NT AUTHORITY\SYSTEM Startup
    DESKTOP desktop.ini CN728872-A\Andrew Lorenz Startup
    DESKTOP desktop.ini .DEFAULT Startup
    DESKTOP desktop.ini All Users Common Startup
    Event Reminder event reminder.lnk CN728872-A\Andrew Lorenz Startup
    KernelFaultCheck %systemroot%\system32\dumprep 0 -k All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    LTWinModem1 ltmsg.exe 9 All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Microsoft Office c:\progra~1\micros~2\office10\osa.exe -b -l All Users Common Startup
    MoneyStartUp10.0 "c:\program files\microsoft money\system\activation.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    MSMSGS "c:\program files\messenger\msmsgs.exe" /background CN728872-A\Andrew Lorenz HKU\S-1-5-21-284587905-2389969595-2291903390-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    NAV Agent c:\progra~1\norton~1\navapw32.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Offers "c:\program files\gator.com\offercompanion\offers.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    PowerReg Scheduler powerreg scheduler.exe CN728872-A\Andrew Lorenz Startup
    Yahoo! Pager c:\program files\yahoo!\messenger\ypager.exe -quiet CN728872-A\Andrew Lorenz HKU\S-1-5-21-284587905-2389969595-2291903390-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
     
  4. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Well there's Gator:

    Offers "c:\program files\gator.com\offercompanion\offers.exe" All Users

    Go to start/run >Msconfig, and uncheck Gator on the Startup tab.

    Click OK, close Msconfig, and reboot.

    Chances are the folder will let itself be deleted now.


    Good luck,
     
  5. anlore2001

    anlore2001 Thread Starter

    Joined:
    Sep 6, 2001
    Messages:
    7,131
    First Name:
    Andrew
    Thank you , It is now off the computer.
     
  6. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    You're welcome.

    It's always worth while to check Msconfig/Startup regularly for unwanted newcomers anyway.

    Cheers,
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/74662

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice