Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Desperate for help!


  • Please log in to reply

#1
richwins54

richwins54

    New Member

  • Member
  • Pip
  • 1 posts
Hi-- My computer has been acting strangely for a while now. I suspect some kind of virus or something because at first I lost my "visited today" part of my history in IE6, then my START toolbar changed from the xp version to a plain white (or gray) that I can no longer change. The computer takes forever to boot into windows. The xp theme option is gone now from the appearance options. System restore won't work anymore, and I also run adaware, spybot and avg scanner, updating and scanning at least twice a week. After reading a thread in this forum, I ran the Kapersky, Ewido, Panda, McAfee, smitrem, and one of the scanning programs reported 3 infected files ( same file with major threats with a skeleton head), so I placed that file in the recycle bin. Now all my email is gone in Outlook express, 3 years worth. Is there a way to recover this file, since none of the system restore points work anymore? PLease help to recover my email. Here is my hijackthis current log:
Logfile of HijackThis v1.99.1
Scan saved at 4:58:38 AM, on 8/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rich Winsauer\Desktop\stuff\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {908A31E8-2A6E-4736-8E8A-AAF00C4AE38F} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EF2C5039-C98A-E52D-DE8A-94ABDD0253B5} - (no file)
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus Photo 2200" /O6 "USB002" /M "Stylus Photo 2200"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Festoon] C:\Program Files\Santa Cruz Networks\Festoon\Festoon.exe /BOOT
O4 - HKLM\..\Run: [csvdea] C:\Documents and Settings\Rich Winsauer\Desktop\stuff\SECURITY\csvdea\csvdea.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Rich Winsauer\Desktop\SECURITY\ram defragger\free ram xp pro\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Ezwy] C:\WINDOWS\System32\??oolsv.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk.disabled
O4 - Global Startup: Configuration Wizard.lnk = C:\Program Files\Symantec\WinFax\WTNSETUP.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: MagicTune 3.5.lnk.disabled
O4 - Global Startup: NaturalColorLoad.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} -
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} -
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} -
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} -
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} -
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} -
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} -
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://69.213.66.54/TSWEB/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {BB95299D-B65B-47E0-8DDB-697A66298C3A} -
O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driverage...driveragent.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe (file missing)
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

Along with other reports:
KASPERSKY ONLINE SCANNER REPORT
Friday, August 25, 2006 6:23:13 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 26/08/2006
Kaspersky Anti-Virus database records: 205546
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 88654
Number of viruses found: 1
Number of infected objects: 3 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:23:49

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Rich Winsauer\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Rich Winsauer\Local Settings\Application Data\Identities\{FEBDACD2-3FB0-46D0-B9E9-C6E3CCFBAFA4}\Microsoft\Outlook Express\Sent Items.dbx/[From <[email protected]>][Date Wed, 18 Jan 2006 10:21:29 -0600]/UNNAMED/downfall.GIF Infected: Trojan-Spy.HTML.Bayfraud.in skipped
C:\Documents and Settings\Rich Winsauer\Local Settings\Application Data\Identities\{FEBDACD2-3FB0-46D0-B9E9-C6E3CCFBAFA4}\Microsoft\Outlook Express\Sent Items.dbx/[From <[email protected]>][Date Wed, 18 Jan 2006 10:21:29 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.in skipped
C:\Documents and Settings\Rich Winsauer\Local Settings\Application Data\Identities\{FEBDACD2-3FB0-46D0-B9E9-C6E3CCFBAFA4}\Microsoft\Outlook Express\Sent Items.dbx Mail MS Outlook 5: infected - 2 skipped
C:\Documents and Settings\Rich Winsauer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Rich Winsauer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Rich Winsauer\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rich Winsauer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rich Winsauer\ntuser.dat Object is locked skipped
C:\Documents and Settings\Rich Winsauer\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{01B4D712-AA77-45D5-BE9B-1D2296D61950}\RP68\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{0602DB34-C4E4-450D-A899-1E45AC0FBCB3}.crmlog Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:26:58 PM 8/26/2006

+ Scan result:



HKU\S-1-5-21-776561741-1284227242-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Rich Winsauer\Cookies\rich [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Rich Winsauer\Cookies\rich [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Rich Winsauer\Cookies\rich [email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Rich Winsauer\Cookies\rich [email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Rich Winsauer\Cookies\rich [email protected][1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-776561741-1284227242-839522115-1003\Dc1267.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Rich Winsauer\Cookies\rich [email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-776561741-1284227242-839522115-1003\Dc1265.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-776561741-1284227242-839522115-1003\Dc1339.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-776561741-1284227242-839522115-1003\Dc1342.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-776561741-1284227242-839522115-1003\Dc1365.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-776561741-1284227242-839522115-1003\Dc1351.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Rich Winsauer\Cookies\rich [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-776561741-1284227242-839522115-1003\Dc1364.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


::Report end



Incident Status Location

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Rich Winsauer\Cookies\rich [email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Rich Winsauer\Cookies\rich [email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Rich Winsauer\Cookies\rich [email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Rich Winsauer\Desktop\Testing stuff\smitrem\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Rich Winsauer\Desktop\Testing stuff\smitrem\smitRem.exe[smitRem/Process.exe]

McAfee VirusScan for Win32 v4.40.0
Copyright © 1992-2004 Networks Associates Technology Inc. All rights reserved.
(408) 988-3832 LICENSED COPY - Sep 23 2004

Scan engine v4.4.00 for Win32.
Virus data file v4838 created Aug 25 2006
Scanning for 206695 viruses, trojans and variants.


--------------------------------------------------------------------------------
Virus Scan Results
--------------------------------------------------------------------------------




08/25/2006 22:06:21


Options:
/ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /EXCLUDE C:\MCAFEE\EXCLIST.TXT /HTML C:\MCAFEE\NORMAL_SCANREPORT.HTML

Scanning C: []
Scanning C:\*.*

Summary report on C:\*.*
File(s)
Total files: ........... 204541
Clean: ................. 204051
Possibly Infected: ..... 0
Cleaned: ............... 0
Non-critical Error(s): 2
Master Boot Record(s): ......... 1
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0


Time: 01:41.26


Thanks for doing what you do. Theres nothing I'd like more than to solve this problem.

Rich
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP