PDA

View Full Version : Infected with ISearchTech.YSB HELP Please!



Yvettesr
2006-01-14, 23:18
Hello,
Like many other, I seem to be infected with ISearch and I cannot get rid of it. I have read several other posts and ist seem that I need to post my HJ log for the problem to be resolved. So, here it is. Thanks for any help I can get!!!

Logfile of HijackThis v1.99.1
Scan saved at 4:08:34 PM, on 1/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msident.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Bqua\Yzaejtm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Yvette\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.co
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Higyti] C:\Program Files\Bqua\Yzaejtm.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOFFICE\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MSOFFICE\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: msident - Unknown owner - C:\WINDOWS\system32\msident.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

shelf life
2006-01-15, 16:37
hi Yvettesr,

lets try this:

scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.

O4 - HKLM\..\Run: [Higyti] C:\Program Files\Bqua\Yzaejtm.exe

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZUxdm080YYUS
-------------------------------------------
start hjt again this time select>open the misc tools<

click on delete a NT service

copy past this into the window:

C:\WINDOWS\system32\msident.exe
follow the prompts
------------------------------------------
look here> C:\Program Files and delete a folder called "Bqua" if found

look in add/remove programs panel and uninstall:
Viewpoint or viewpoint manager

reboot computer once and rescan with hjt a post anew log.......shelf life

Yvettesr
2006-01-15, 18:09
Hi Shelf Life,
THANK YOU for your help! :D

I deleted the line 04 and 08 in HJT, removed the Bqua folder and uninstalled Viewpoint. However, I could not delete "C:/WINDOWS/system32/msident.exe". I got and error message that said "Service C:/WINDOWS/system32/msindent.exe was not found in registry. Make sure you entered the short name of the service."

I rebooted the computer and here is my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:02:28 AM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msident.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Yvette\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.co
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOFFICE\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MSOFFICE\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: msident - Unknown owner - C:\WINDOWS\system32\msident.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

shelf life
2006-01-16, 00:50
hi Yvettesr,

ok lets try this;

go to start>run> type in---> services.msc

under the name column look for--->msident.exe

right click on it and select properties. under the general tab:
make sure that the service status is: Stopped
and the Startup type is: disabled

next look here: C:\WINDOWS\system32 and see if you can find the file msident.exe, if so delete it.

Yvettesr
2006-01-16, 04:53
Hi Shelf Life,
OK, I did what you said. I couldn't find a file called msident.exe, but I did find one listed as msident that was an application and a file called msident.dll. I deleted both (moved them to the recycle bin) and rebooted the computer.

I think I might be cured, but I'm not sure. I went to a few sites to test it and nothing popped up, but I had two ads pop up while I was typing this letter. Do I need to do anthing else?

Thank you so much for your help!!

Yvettesr

shelf life
2006-01-16, 05:09
hi Yvettesr

could you rescan and post anew hjt log..........shelf life

Yvettesr
2006-01-16, 06:16
OK, here is the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:14:26 PM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Yvette\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.co
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOFFICE\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MSOFFICE\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

Thanks again!

shelf life
2006-01-16, 15:55
hi Yvettesr,

that last log looks ok. you can run hjt once more and have it fix:

R3 - Default URLSearchHook is missing
----------------------------------------
if everything is ok, we will make new restore points because malware can get archived in them....

all you do is disable system restore then reboot. this deletes all restore points. then enable system restore and reboot once more. this will make a new clean restore point.

link about restore here:

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039

shelf life

Yvettesr
2006-01-16, 18:25
Hi Shelf Life,
Ok..I removed the R3 line in HJT and made new restore points. I even ran spybot again, but the dreaded ISearchTech.YSB is still there and it is still sending me pop-ups! Argghhhh!

Any more ideas?
Thanks again!
Yvettesr


Here is my latest log from HJT[/COLOR]:

Logfile of HijackThis v1.99.1
Scan saved at 11:20:58 AM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Yvette\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.co
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOFFICE\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MSOFFICE\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

Yvettesr
2006-01-16, 18:27
Sorry--I meant that I had HJT fix the missing R3 line--not that I removed it.

Yvettesr

shelf life
2006-01-16, 20:54
hi Yvettesr,

does spybot keeps finding this:
ISearchTech.YSB

log looks ok, lets try another download:

1. Download Ewido and install
Ewido Security Suite. It is a free trial version of the program:

http://www.ewido.net/en/download/

2. Install ewido security suite
3. Launch ewido, there should be an icon on your desktop double-click it.
4. The program will now go to the main screen

You will need to update ewido to the latest definition files.

1. On the left hand side of the main screen click update
2. Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use Ewido manual updates


Once the updates are installed do the following:

1. Click on scanner
2. Click on Complete System Scan and the scan will begin.
3. NOTE: During some scans with ewido it is finding cases of false positives.**
o You will need to step through the process of cleaning files one-by-one.
o If ewido detects a file you KNOW to be legitimate, select none as the action.
o DO NOT select "Perform action on all infections"
o If you are unsure of any entry found select none for now.
4. Once the scan has completed, there will be a button located on the bottom of the screen named Save report
5. Click Save report.
6. Save the report .txt file to your desktop.

Now close ewido security suite.
post the saved ewido log in next reply.........shelf life

Yvettesr
2006-01-16, 22:13
Hi Shelf life,
Yes, Spybot keeps telling me that I have ISearchTech.YSB and it can't get rid of it because it is in use. Spybot asks for permission to run at the next start-up, which I click "ok", but it doesn't do any good.

I downloaded and ran the Ewido program. Wow! It found over 360 files that were suspicious. My husband looked at them and deleted all but two. I hope he didn't delete anything important!

Anyway, I am posting the Edwido report seperately since it is too long to include in just one posting.

Thanks for your help. I anxiously await the next step in this mystifying process! :)

Yvettesr
2006-01-16, 22:15
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:06:14 PM, 1/16/2006
+ Report-Checksum: A41D4EAC

+ Scan result:

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IMV379J8\196_150_i[1].abc -> Dropper.Small.aiv : Ignored
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IMV379J8\196_150_i[2].abc -> Dropper.Small.aiv : Ignored
HKLM\SOFTWARE\sais -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyse -> Spyware.ISTBar : Error during cleaning
HKU\S-1-5-21-329068152-926492609-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-329068152-926492609-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-329068152-926492609-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-329068152-926492609-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-329068152-926492609-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-329068152-926492609-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup
HKU\S-1-5-21-329068152-926492609-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-329068152-926492609-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-329068152-926492609-725345543-1004\Software\sais -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\system32\test.bmp -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\odbcint.exe -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\system32\icaapi.exe -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\system32\pidgen.exe -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\system32\tapi.exe -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\system32\opengl32.exe -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\system32\cryptdlg.exe -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\system32\198_150_ni_4.exe -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\system32\mlang.exe -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\system32\msnsspc.exe -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\xFNLRHJGHAO.exe -> Downloader.Agent.am : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\A9P03EBF\198_150_i_5[1].abc -> Downloader.Agent.wd : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\A9P03EBF\198_150_i_1[1].abc -> Downloader.Agent.wd : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@cz5.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@vip.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@e-2dj6wflyejd5wep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@ehg-cbs.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@www.shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@tribalfusion[3].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@harpo.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@z1.adserver[3].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@overture[3].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@e-2dj6wfloepcjeko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Yvette\Cookies\yvette@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Tori\Local Settings\Temp\Cookies\tori@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Tori\Local Settings\Temp\Cookies\tori@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Tori\Local Settings\Temp\Cookies\tori@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Tori\Local Settings\Temp\Cookies\tori@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tori\Local Settings\Temp\Cookies\tori@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Tori\Local Settings\Temp\Cookies\tori@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Tori\Local Settings\Temp\Cookies\tori@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Tori\Local Settings\Temp\Cookies\tori@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Tori\Local Settings\Temp\Cookies\tori@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Tori\Local Settings\Temp\Cookies\tori@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Tori\Local Settings\Temp\Cookies\tori@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Tori\Local Settings\Temp\Cookies\tori@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Tori\Local Settings\Temp\Cookies\tori@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Tori\Local Settings\Temp\Cookies\tori@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Tori\Local Settings\Temporary Internet Files\Content.IE5\25UH8HSL\ZangoInstaller[1].exe -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Tori\Local Settings\Temporary Internet Files\Content.IE5\4TMBWL2N\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@ads18.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@e-2dj6wjkosnczcep.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@e-2dj6wfmiojajskp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@www.sidefind[2].txt -> Spyware.Cookie.Sidefind : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@e-2dj6wjnyohd5sbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@e-2dj6wjny-1ocjsf.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@e-2dj6wjkycmdpiep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@e-2dj6wfkoqgazeaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@e-2dj6wjk4wod5eeq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@powellsbooks.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@ehg-maniatv.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@www.burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@oewabox[1].txt -> Spyware.Cookie.Oewabox : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@hg1.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@bluemountain[1].txt -> Spyware.Cookie.Bluemountain : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@ehg-randomhouse.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@www.shopathomeselect[1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@ehg-warnerbrothers.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@commission-junction[2].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@fastclick[3].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@servedby.advertising[3].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@ehg-dig.hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@ad.yieldmanager[3].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@statcounter[1].txt ->

Yvettesr
2006-01-16, 22:17
Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@as-us.falkag[3].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@ads.addynamix[3].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@2o7[3].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@www.shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@linksynergy[3].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@z1.adserver[3].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Tori\Cookies\tori@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Maggie\Local Settings\Temp\iinstall.exe -> Downloader.IstBar.kh : Cleaned with backup
C:\Documents and Settings\Maggie\Local Settings\Temp\optimize.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\Maggie\Local Settings\Temp\bb.exe -> Downloader.Adload.a : Cleaned with backup
C:\Documents and Settings\Maggie\Local Settings\Temp\sidefind.exe -> Downloader.IstBar.jm : Cleaned with backup
C:\Documents and Settings\Maggie\Local Settings\Temporary Internet Files\Content.IE5\SXG5MR05\198_150_ni_4[1].abc -> Downloader.Agent.am : Cleaned with backup
C:\Documents and Settings\Maggie\Start Menu\Programs\Power Scan -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Maggie\Start Menu\Programs\Power Scan\Power Scan.lnk -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@clickagents[2].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@www.burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@ad-logics[1].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@ehg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@www.sidefind[2].txt -> Spyware.Cookie.Sidefind : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@ehg-ubisoft.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@casinolasvegas[1].txt -> Spyware.Cookie.Casinolasvegas : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@banner.casinolasvegas[2].txt -> Spyware.Cookie.Casinolasvegas : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@ehg-nestleusainc.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@counter.hitslink[2].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@spylog[2].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@goldenpalace[2].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@www.goldenpalace[1].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@banner.goldenpalace[2].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@ehg-cbs.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@www.shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@cz4.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@advertising[3].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@ad-logics[2].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@serving-sys[3].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@adopt.specificclick[3].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@2o7[3].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@questionmarket[3].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@fastclick[3].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@www.shopathomeselect[3].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@as-us.falkag[3].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@z1.adserver[3].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@valueclick[3].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@statcounter[3].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@ehg-nestleusainc.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@media.fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@sel.as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@ad.yieldmanager[3].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@data3.perf.overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Maggie\Cookies\maggie@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Maggie\xQSFMIYRRFS.exe -> Downloader.Agent.am : Cleaned with backup
C:\Documents and Settings\Maggie\xQSPJSOOQTT.exe -> Downloader.Agent.am : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@www.sidefind[2].txt -> Spyware.Cookie.Sidefind : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@hg1.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@www.burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@pro-market[1].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@vip.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and

Yvettesr
2006-01-16, 22:18
Settings\Scott\Cookies\scott@www.shopathomeselect[1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@xxxcounter[2].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@blp.valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@ehg-knightridder.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@counter7.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@clickagents[1].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@ehg-bskyb.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@trafic[1].txt -> Spyware.Cookie.Trafic : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@ehg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@ehg-lowermybills.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@commission-junction[2].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@ehg-hollywood.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@ehg-accuweather.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@chicagosuntimes.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@ehg-clearchannel.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@valueclick[4].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@yieldmanager[3].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@z1.adserver[3].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@chicagosuntimes.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@qksrv[2].txt ->
Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@ads.pointroll[3].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@bluestreak[3].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@spylog[1].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@tribalfusion[3].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@xxxcounter[3].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@citi.bridgetrack[3].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@ford.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@www.burstbeacon[3].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@trafficmp[3].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@edge.ru4[3].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@revenue[3].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wfk4sjdjodp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@tribuneinteractive.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@blp.valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@statcounter[3].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup


::Report End

shelf life
2006-01-17, 04:17
hi Yvettesr,

that was long. alot of that stuff in ewido looked like leftover strays. lavasofts ad aware is good for malware as well as removing cookies.
does spybot still find ISearchTech.YSB if so i am thinking it may be a false positive in spybot. hows it going on that end?

shelf life

Yvettesr
2006-01-17, 15:09
Hi Shelf Life,
I ran SpyBot again this morning and the ISearch is still there AND I am still getting pop-ups. I assume a false positive would mean that the pop-ups wouldn't be coming up anymore, right?

Do you have any other ideas or magic tricks? :confused:

You know, the most ironic thing about this is that the blasted infection keeps sending me pop-ups to buy spyware stoppers. Hah!

Thanks again for all your time and help!!!!!

shelf life
2006-01-18, 01:18
hi Yvettesr,

well, look what i found.

Download and run iSearchFix.exe from here;

http://www.atribune.org/downloads/iSearchFix.exe

allow it to install to its default location.
Next boot to safe mode and open the iSearchFix folder and run isearch.bat
Allow it to finish running then reboot and post the isearchlog.txt
-------------------------------------
you reach safe mode by tapping the f8 key during a restart. chose the first option from the list, which should be safe mode.

once at the safe mode desktop, open the isearch folder and run the .bat file.

after its done reboot computer normally and run spybot and ewido once more.
post the isearchlog and a new hjt log.............shelf life

Yvettesr
2006-01-21, 04:54
Hi Shelf Life,
Sorry for the delay in posting my logs. I was away all week. I downloaded the isearch.exe file and ran it. Here is my Isearch log followed by my HJT log. Thanks for sticking with me on this!
Yvettesr

p.s the number of pop-up ads have gotten worse while I was gone!

iSearch Removal Batch 1.00
by Atri
Looking for and terminating running processes

Fixing the registry
"Registry fix complete"
Removing the Delprot service
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
Unregistering and deleting isrvs dll's
Attempting to delete files and folders
Removing bad shortcuts from desktop
If there are "bad" shortcuts remaining on your desktop please report them with your logs!
Emptying the Trusted and Restricted zones

!!Please post this log as well as a new HijackThis log on the forum!!

new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:51:42 PM, on 1/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Yvette\Desktop\HijackThis.exe
C:\Documents and Settings\Yvette\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.co
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOFFICE\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MSOFFICE\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

shelf life
2006-01-22, 02:11
hi Yvettesr,

sorry for the delay. still getting popups. do you notice anything thats common to the popups? lets try this, another dload, dload install and run f-secure backlight.

http://www.f-secure.com/blacklight/try.shtml

let me know how its going.

shelf life

tashi
2006-01-27, 18:52
Hello, this topic will now be archived to prevent others with similar issues posting in it.
If you need it re-opened please pm shelf life or myself.