Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Comes Up Fine, But Cant Run Any Programs


  • Please log in to reply
10 replies to this topic

#1 spluhar

spluhar

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 10 August 2006 - 08:24 AM

ran scan-spyware this morning. it found something (didnt write it down) and said "scan-spyware needs to restart windows" . re-started fine, but now i cant run anything. no programs run at all. tried to run them out of "all programs" menu and window task manager. all say "windows cannot find ????.exe. make sure you typed the name correctly. thank you

BC AdBot (Login to Remove)

 


#2 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:11:16 PM

Posted 10 August 2006 - 08:35 AM

What program did you use to scan for spyware?

What did you quarantine or remove?

#3 spluhar

spluhar
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 10 August 2006 - 08:43 AM

the name of the program is "scan spyware". i dont know what i removed. i'll try to access a log but dont know if i can. thank you.

#4 spluhar

spluhar
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 10 August 2006 - 08:53 AM

wowcraft.b (regestry values)
wowcraft.b (files)
alcan.a (files)
multidr.ko (files)

this is the one that "deletion pending on reboot":
netsky.c (files) it was in "c\windows\winlogon.exe"

thank you

#5 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:16 PM

Posted 10 August 2006 - 08:59 AM

ScanSpyware scanspyware.net aggressive advertising; false positives work as goad to purchase [A: 6-26-04 / U: 3-24-06]

The above info is from Spyware Warrior.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:11:16 PM

Posted 10 August 2006 - 09:08 AM

I am not familiar with Scan-spyware.

What I do suggest is the following:

Run both Adaware and Spybot Search and Destroy from safe mode, updating each program’s malware definitions before you scan and allowing both to fix what they find.

If you do not already have these freeware aps installed on your computer, you can get them at the following sites:

*AdAware SE: http://www.majorgeeks.com/download506.html

*Spybot S&D: http://www.safer-networking.org/en/index.html

Following that that I suggest you post a “HijackThis” log for expert assistance with your malware infection.

Read the pinned post in our “HijackThis” forum,
here
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Carefully read and follow all directions explicitly.

Following instructions create a HJT log, and POST THE HJT LOG YOU CREATED IN OUR HJT FORUM – not in this forum,
at this link.
http://www.bleepingcomputer.com/forums/posthjtlog.html
Include the specs for your computer (ie, processor, amount of RAM, brand or motherboard, etc, and briefly describe the problem you are experiencing.)

Unless you are expert at editing the registry, Do not use the Hijack This program to try to fix anything by yourself as even what may seem to be a small mistake can render your operating system inoperable.
Some files when in the correct folder for them may be fine while in another may be malware hiding.


A member of our expert HJT Team will analyze your log, make recommendations and offer assistance, walking you through the complete repair process.

It may take a period of time to get a response to the log you posted because the members of our HJT Team are kept very busy.
Please be patient as this team is manned by volunteers. They will help you in order received as soon as possible.

NOTE
Once you have posted your HJT log, please DO NOT make any additional posts in the HJT forum thread you created until you get a response from a member of our HJT expert team, and do not make any changes to your system (changes, including any attempted repairs, will make your computer to be different than displayed in the log you posted and therefore make your log inaccurate).

The first criteria the HJT Team has when looking for logs that need replies are posts showing 0 replies. If you make an additional post, it will show as having 1 reply.
A team member, looking for a new log that requires help might well assume another HJT Team member is already assisting you and might not open the thread to respond.

So, post your HJT Log in our HJT Forum (not here in this forum) and wait for a response from a HJT team member.

If after 5 days you still have gotten no response, then post a re-request and a link to your HJT log HERE.
http://www.bleepingcomputer.com/forums/topic14717.html

#7 spluhar

spluhar
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 10 August 2006 - 09:20 AM

u was able to open an explorer window and found:

there is a new application "boot.exe" in local disc c, and in c:\windows, there is a new application "winlogon.exe". both create dates co-inside with when everything went wrong this morning.

should i not use "scan spyware" anymore?

thank you

#8 spluhar

spluhar
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 10 August 2006 - 09:23 AM

at this time, i am unable to run any of those programs. "windows cannot find ****.exe"

i am unable to access the internet either. thankyou

Edited by spluhar, 10 August 2006 - 09:24 AM.


#9 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:16 PM

Posted 10 August 2006 - 10:20 AM

You need to post a Hijack This log. Download Hijack This to a cd or floppy and install on the infected comp. following the instructions above.
What problems were you having BEFORE you used Scanspyware? Your original problem may or may not have been related to malware. What if any security/antimalware programs do you have? What OS do you have and is it up to date?
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 spluhar

spluhar
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 10 August 2006 - 10:48 AM

i was able to do a system restore through safemode. seems to be working well now. here is my hjt log, followed by a pandascan

Logfile of HijackThis v1.99.1
Scan saved at 11:34:59 AM, on 8/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\paprport\pptd40nt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Netopia\C3kWepN.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Common Files\AOL\1130249068\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1130249068\ee\AOLServiceHost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\AOL\1130249068\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\spider.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Florian Greenhouse\Local Settings\Temp\Temporary Directory 3 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [PaperPort PTD] c:\paprport\pptd40nt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [C2kWep] C:\Program Files\Netopia\C3kWepN.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130249068\ee\AOLHostManager.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shiz...pside_web18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/lang/neutral/SysVerChk.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BB641DB-045B-42B4-BAE2-CBAAD66B0CC4} (Spotlife Composer) - http://yahoo.spotlife.net/install/composer...23/SLCmpser.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - http://pointa.autodesk.com/portal/lang/enu/InstBanr.Ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_In...ller/dwnldr.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe




Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Florian Greenhouse\Cookies\florian greenhouse@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Florian Greenhouse\Cookies\florian greenhouse@atwola[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Florian Greenhouse\Cookies\florian greenhouse@c.enhance[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Florian Greenhouse\Cookies\florian greenhouse@c2.gostats[2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Florian Greenhouse\Cookies\florian greenhouse@entrepreneur[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Florian Greenhouse\Cookies\florian greenhouse@fe.lea.lycos[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Florian Greenhouse\Cookies\florian greenhouse@gostats[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Florian Greenhouse\Cookies\florian greenhouse@i.screensavers[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Florian Greenhouse\Cookies\florian greenhouse@rn11[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Florian Greenhouse\Cookies\florian greenhouse@target[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Florian Greenhouse\Cookies\florian greenhouse@www.myaffiliateprogram[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Florian Greenhouse\Cookies\florian greenhouse@xiti[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Florian Greenhouse\Desktop\smitRem\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Florian Greenhouse\Desktop\smitRem.exe[smitRem/Process.exe]
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Florian Greenhouse\Local Settings\Temp\2.dlb
Virus:Trj/Downloader.JVL Disinfected C:\Documents and Settings\Florian Greenhouse\Local Settings\Temp\435165984.exe
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Florian Greenhouse\Local Settings\Temp\5.dlb
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Florian Greenhouse\Local Settings\Temp\6.dlb
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Florian Greenhouse\Local Settings\Temp\7.dlb
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Florian Greenhouse\Local Settings\Temp\Cookies\florian greenhouse@atwola[1].txt
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Florian Greenhouse\Local Settings\Temp\rvvbzfpc.exe

#11 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:11:16 PM

Posted 10 August 2006 - 11:35 AM

For fastest results repost the log in our HJT Forum here along with a description of your system and the problem you are having:

http://www.bleepingcomputer.com/forums/posthjtlog.html

Do not do anything else that changes anything on your computer after the HJT post.

Edited by Enthusiast, 10 August 2006 - 11:53 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users