Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

worm.win32.netsky [RESOLVED]


  • This topic is locked This topic is locked

#16
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Just continue on with the next step
  • 0

Advertisements


#17
manzrdh

manzrdh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
OK sorry a blond moment heheh

ok i found the erunt.exe file

a folder warning popped up says this appliccation may depend on other compressed files in this folder. for the application to run properly it is recommended that you first extract all files

extract all or run or cancel


thanks for all your help

dinene
  • 0

#18
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Extract all and follow any prompts it gives you. It isn't hugely important that you do that step really. Try get it done but if you still can't then go onto the next step
  • 0

#19
manzrdh

manzrdh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
ok i figured how to extract the files. but this my next question I am trying to copy and paste the code in wordpad. and not following name the file fix.reg (meaning save the file) when i go to save as type i dont see "all files" only

RTF
text doc
text do(MS_DOS format)
unicode text doc


ok for tonight I look forward to your response

thanks for all your time and help

dinene

Edited by manzrdh, 25 January 2008 - 07:52 PM.

  • 0

#20
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
You need to use notepad
  • 0

#21
manzrdh

manzrdh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Thanks for your patience I think Ive been looking at the computer tooo long

Just a note the following items where not present when you first asked me to a scan in post #4

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2

O4 - HKCU\..\Run: [AntiSpywareBot] C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe -boot

O23 - Service: AntiSpywareBot Scanning Engine (AntiSpywareBotSrv) - Unknown owner - C:\Program Files\AntiSpywareBot\AntiSpywareBotSrv.srv.exe



OK here is the latest DSS:


Deckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-01-26 08:57:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:52 AM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\program files\slide\slide.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\COMPAQ~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Slide.exe] c:\program files\slide\slide.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoft....com/activescan (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide....ageUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9275 bytes

-- Files created between 2007-12-26 and 2008-01-26 -----------------------------

2008-01-24 20:02:45 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\AntiSpywareBot
2008-01-23 00:29:03 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-23 00:01:27 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-22 23:54:57 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-22 23:54:57 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-01-22 23:47:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-22 23:32:55 0 d-------- C:\Program Files\Trend Micro
2008-01-22 21:55:17 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Grisoft
2008-01-22 21:54:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-20 18:10:10 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Webroot
2008-01-20 18:09:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Geek Squad
2008-01-20 18:07:14 0 d-------- C:\WINDOWS\pss
2008-01-06 15:16:56 0 d-------- C:\Program Files\Norton 360
2007-12-26 19:05:47 0 d-------- C:\Program Files\iPod
2007-12-26 18:57:58 0 d-------- C:\Program Files\QuickTime
2007-12-26 18:54:18 0 d-------- C:\Program Files\Apple Software Update
2007-12-26 18:53:29 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-12-26 18:52:14 0 d-------- C:\Program Files\Common Files\Apple
2007-12-26 18:52:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


-- Find3M Report ---------------------------------------------------------------

2008-01-26 08:03:03 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Slide
2008-01-25 17:00:30 11374 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2008-01-25 16:06:06 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-22 23:47:45 0 d-------- C:\Program Files\Common Files
2008-01-19 22:08:09 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2008-01-06 19:30:20 0 d-------- C:\Program Files\Symantec
2008-01-06 17:29:45 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
2008-01-06 15:46:23 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Symantec
2007-12-26 19:24:11 0 d-------- C:\Program Files\iTunes
2007-12-24 17:41:47 0 d-------- C:\Program Files\Microsoft Silverlight


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/26/2005 12:34 AM]
"SMSERIAL"="sm56hlpr.exe" [01/24/2005 04:56 AM C:\WINDOWS\sm56hlpr.exe]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [10/14/2004 03:54 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/07/2005 12:14 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [03/04/2004 10:46 AM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 07:38 AM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/18/2004 12:55 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 10:56 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 12:10 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/17/2007 08:54 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 06:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/20/2007 07:36 PM]
"Slide.exe"="c:\program files\slide\slide.exe" [04/26/2007 12:30 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe [5/7/2005 12:27:23 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00cc60c4-8b14-11db-8b91-0011d8f1f6bf}]
AutoRun\command- J:\LaunchU3.exe -a

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-01-26 08:58:26 ------------



thanks again

dinene

I'll be back in 30 minutes or less

Edited by manzrdh, 26 January 2008 - 08:08 AM.

  • 0

#22
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Delete this folder in bold

C:\Documents and Settings\Compaq_Owner\Application Data\AntiSpywareBot



Please download RUNSCANNER to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log
  • Call the file "Select a file name here" and save it to your desktop. You will see the .run file on your desktop. Please zip the .run file by right clicking and selecting send to Zip file

Then upload that as an attachment in your next post.




Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

  • 0

#23
manzrdh

manzrdh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Im so sorry for my lack of knowledge but apprentely I can not firgure how to remove this folder

Documents and Settings\Compaq_Owner\Application Data\AntiSpywareBot
  • 0

#24
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No problem, will do it for you :)

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\Compaq_Owner\Application Data\AntiSpywareBot
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Then continue on with the rest of the steps
  • 0

#25
manzrdh

manzrdh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
C:\Documents and Settings\Compaq_Owner\Application Data\AntiSpywareBot\Quarantine\24-01-2008-21-32-22\271.qit moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\AntiSpywareBot\Quarantine\24-01-2008-21-32-22\241.qit moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\AntiSpywareBot\Quarantine\24-01-2008-21-32-22\240.qit moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\AntiSpywareBot\Quarantine\24-01-2008-21-32-22\24.qit moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\AntiSpywareBot\Quarantine\24-01-2008-21-32-22\239.qit moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\AntiSpywareBot\Quarantine\24-01-2008-21-32-22\237.qit moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\AntiSpywareBot\Quarantine\24-01-2008-21-32-22\235.qit moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\AntiSpywareBot\Quarantine\24-01-2008-21-32-22\229.qit moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\AntiSpywareBot\Quarantine\24-01-2008-21-32-22\225.qit moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\AntiSpywareBot\Quarantine\24-01-2008-21-32-22 moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\AntiSpywareBot\Quarantine moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\AntiSpywareBot\Log moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\AntiSpywareBot moved successfully.
[Custom Input]
< purity >

OTMoveIt2 v1.0.14 log created on 01262008_103549


ok will continue with you next steps
  • 0

Advertisements


#26
manzrdh

manzrdh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
SUPERAntiSpyware Scan Log
Generated 01/26/2008 at 11:36 AM

Application Version : 3.6.1000

Core Rules Database Version : 3190
Trace Rules Database Version: 1200

Scan type : Complete Scan
Total Scan Time : 00:55:07

Memory items scanned : 495
Memory threats detected : 0
Registry items scanned : 5326
Registry threats detected : 0
File items scanned : 60329
File threats detected : 24

Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statcounter[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@server.iad.liveperson[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@fastclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@trafficmp[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.googleadservices[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@roiservice[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@server.iad.liveperson[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@clickbank[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media6degrees[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@collective-media[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@realmedia[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@overture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.pointroll[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@doubleclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@pandasoftware.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediaplex[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats.sellmosoft[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adopt.euroclick[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@advertising[1].txt

Edited by manzrdh, 26 January 2008 - 03:43 PM.

  • 0

#27
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Don't forget the runscanner file

You will need to attach it
  • 0

#28
manzrdh

manzrdh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I hope i did this correctly

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

000 General info
----------------
Computer name : YOUR-F78BF48CE2
Creation time : 1/26/2008 7:24:05 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.11
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.6.1.0
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

001 Running processes
---------------------
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe (Apple, Inc.)
* c:\windows\system32\alg.exe (Microsoft Corporation)
* c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe (GRISOFT s.r.o.)
* c:\program files\grisoft\avg anti-spyware 7.5\guard.exe (GRISOFT s.r.o.)
* c:\windows\system32\csrss.exe (Microsoft Corporation)
c:\program files\compaq connections\6750491\program\compaq connections.exe (Hewlett-Packard)
* c:\windows\system32\ctfmon.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe (Google Inc.)
c:\program files\hp\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
c:\program files\hewlett-packard\hp software update\hpwuschd2.exe (Hewlett-Packard Company)
* c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
* c:\program files\internet explorer\iexplore.exe (Microsoft Corporation)
* c:\program files\ipod\bin\ipodservice.exe (Apple Inc.)
* c:\program files\itunes\ituneshelper.exe (Apple Inc.)
c:\program files\java\jre1.5.0\bin\jusched.exe (Sun Microsystems, Inc.)
* c:\windows\system32\lsass.exe (Microsoft Corporation)
* c:\program files\common files\microsoft shared\vs7debug\mdm.exe (Microsoft Corporation)
* c:\windows\sm56hlpr.exe (Motorola Inc.)
c:\program files\common files\real\update_ob\realsched.exe (RealNetworks, Inc.)
* c:\windows\alcxmntr.exe (Realtek Semiconductor Corp.)
* c:\documents and settings\compaq_owner\desktop\runscanner.exe (Runscanner.net)
* c:\windows\system32\services.exe (Microsoft Corporation)
* c:\program files\slide\slide.exe (Slide, Inc.)
* c:\windows\system32\spoolsv.exe (Microsoft Corporation)
c:\program files\superantispyware\superantispyware.exe (SUPERAntiSpyware.com)
* c:\program files\common files\symantec shared\ccsvchst.exe (Symantec Corporation)
* c:\program files\common files\symantec shared\ccapp.exe (Symantec Corporation)
* c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe
* c:\windows\system32\vttimer.exe (S3 Graphics, Inc.)
* c:\windows\explorer.exe (Microsoft Corporation)
* c:\program files\messenger\msmsgs.exe (Microsoft Corporation)
* c:\windows\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\system32\smss.exe (Microsoft Corporation)
* c:\windows\system32\wdfmgr.exe (Microsoft Corporation)

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\program files\hp\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
c:\program files\hewlett-packard\hp software update\hpwuschd2.exe (Hewlett-Packard Company)
c:\program files\hewlett-packard\hp boot optimizer\hpbootop.exe (Hewlett-Packard Company)
* c:\program files\itunes\ituneshelper.exe (Apple Inc.)
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)
c:\program files\quicktime\qttask.exe (Apple Inc.)
c:\program files\common files\real\update_ob\realsched.exe (RealNetworks, Inc.)

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\program files\slide\slide.exe (Slide, Inc.)
c:\program files\superantispyware\superantispyware.exe (SUPERAntiSpyware.com)

005 C:\Documents and Settings\All Users\Start Menu\Programs\Startup
-------------------------------------------------------------------
c:\progra~1\compaq~1\6750491\program\compaq~1.exe (Hewlett-Packard)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe (Apple Mobile Device)
C:\WINDOWS\microsoft.net\framework\v1.1.4322\aspnet_state.exe (ASP.NET State Service)
c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe (InstallDriver Table Manager)
* c:\program files\ipod\bin\ipodservice.exe (iPod Service)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
- c:\windows\system32\drivers\changer.sys (Changer)
- c:\windows\system32\drivers\i2omgmt.sys (i2omgmt)
- c:\windows\system32\drivers\intelppm.sys (Intel Processor Driver)
- c:\windows\system32\drivers\lbrtfdc.sys (lbrtfdc)
C:\WINDOWS\system32\drivers\pcdrndisuio.sys (PCDRNDISUIO Usermode I/O Protocol)
- c:\windows\system32\drivers\pcidump.sys (PCIDump)
- c:\windows\system32\drivers\pdcomp.sys (PDCOMP)
- c:\windows\system32\drivers\pdframe.sys (PDFRAME)
- c:\windows\system32\drivers\pdreli.sys (PDRELI)
- c:\windows\system32\drivers\pdrframe.sys (PDRFRAME)
C:\WINDOWS\system32\drivers\pxhelp20.sys (PxHelp20)
c:\program files\superantispyware\sasdifsv.sys (SASDIFSV)
c:\program files\superantispyware\sasenum.sys (SASENUM)
c:\program files\superantispyware\saskutil.sys (SASKUTIL)
- c:\windows\system32\drivers\wdica.sys (WDICA)

030 HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
------------------------------------------
c:\windows\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
c:\windows\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
c:\windows\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}

031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
-------------------------------------------
c:\program files\hp\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) {CF184AD3-CDCB-4168-A3F7-8E447D129300}
c:\program files\common files\microsoft shared\information retrieval\msitss.dll (Microsoft Corporation) {0A9007C0-4076-11D3-8789-0000F8105754}

035 HKLM-HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
------------------------------------------------------------------
c:\windows\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}

042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
- http: {653D93AF-C741-4e5e-8C1B-59BA43F93E16}

050 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
-----------------------------------------------------------------------------
c:\program files\superantispyware\sasseh.dll (SuperAdBlocker.com) {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
* c:\program files\google\googletoolbarnotifier\2.0.1121.2472\swg.dll (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
c:\windows\system32\mscoree.dll (Microsoft Corporation) {1D2680C9-0E2A-469d-B787-065558BC7D43}
* c:\program files\itunes\itunesminiplayer.dll (Apple Inc.) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}
c:\windows\system32\shellvrtf.dll (XSS) {7F67036B-66F1-411A-AD85-759FB9C5B0DB}
c:\program files\real\realplayer\rpshell.dll (RealNetworks, Inc.) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
c:\program files\superantispyware\saswinlo.dll (SUPERAntiSpyware.com)

069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
--------------------------------------------------------
C:\WINDOWS\system32\mdimon.dll (Microsoft Corporation)

073 %windir%\Tasks
------------------
AntiSpywareBot Scheduled Scan.job : c:\program files\antispywarebot\antispywarebot.exe

100 Internet Explorer settings
------------------------------
Default_Search_URL HKCU : http://ie.redirect.h...a...&pf=desktop
Start Page HKLM : http://ie.redirect.h...a...&pf=desktop

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
* c:\program files\quicktime\qtplugin.ocx (Apple Inc.) {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
- c:\windows\downloaded program files\snapfishactivia1000.ocx {406B5949-7190-4245-91A9-30A17DE16AD0}
- c:\windows\downloaded program files\msnpupld.dll {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
- c:\windows\downloaded program files\imageuploader3.ocx {55027008-315F-4F45-BBC3-8BE119764741}
c:\program files\java\jre1.5.0\bin\npjpi150.dll (Sun Microsystems, Inc.) {8AD9C840-044E-11D1-B3E9-00805F499D93}
- c:\windows\downloaded program files\asinst.dll {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
c:\program files\java\jre1.5.0\bin\npjpi150.dll (Sun Microsystems, Inc.) {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
Add To Compaq Organize... : C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
E&xport to Microsoft Excel : res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

160 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
------------------------------------------------------------------
DisableTaskMgr : 1

170 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
------------------------------------------------------------------------
{00cc60c4-8b14-11db-8b91-0011d8f1f6bf} : J:\LaunchU3.exe -a
{1822e9d2-0073-11da-88b8-806d6172696f} : C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
D : C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
c:\program files\superantispyware\sasctxmn.dll (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
  • 0

#29
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you zip the .run file and upload it here for me

Thats what I need
  • 0

#30
manzrdh

manzrdh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
not sure what you mean by that. i thought that is what i did.

I did it again but appently incorrectly but when i double click on the icon on my desktop

runscanner startup anyalyzer pops up

Edited by manzrdh, 26 January 2008 - 07:23 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP