I ran EWIDO on safe mode; afterwards, hpothb07 was found in
C:\program files\hpothb07.tif
C:\program files\hpothb07.dat
These both are 0 KB. There is a third location:
C:\Documents and Settings\Alexander\hpoth07
file:///C:/Documents%20and%20Settings/Alexander%20Skabry/My%20Documents/hpothb07.tif
EWIDO found in this folder:
C:\Documents and Settings\Alexander Skabry\Cookies
these three
alexander skabry@doubleclick[1].txt
alexander
[email protected][1].txt
alexander skabry@advertising[2].txt
They are now gone and not part of the system. It may be worthwhile to note that I have "removed" these several times. And that Microsoft Antispyware found a trojan ... this is their log
2/11/2005 4:47:47 PM::------------------------------------------------------------------
2/11/2005 4:47:47 PM::Initializing Clean - (ScanID: 29B9D74F-C2B6-498F-A6F3-59956C)
2/11/2005 4:47:47 PM::Remove Threat (ID:15030)
2/11/2005 4:47:47 PM::Clean Threat eXact.ISEXEng (ID:15030)
2/11/2005 4:47:47 PM::Terminating IE
2/11/2005 4:47:53 PM::Removing file c:\windows\system32\angelex.exe
2/11/2005 4:47:56 PM::Disable file c:\windows\system32\angelex.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\39BC1373-2C7E-4B5C-BFE7-AA24D2\74D85D29-DEB3-4DA4-8891-574036
2/11/2005 4:47:56 PM::Clean Threat eXact.ISEXEng (ID:15030) Complete
2/11/2005 4:47:56 PM::Remove Threat (ID:15030) Complete
2/11/2005 4:47:56 PM::Remove Threat (ID:2861)
2/11/2005 4:47:56 PM::Clean Threat eXact.BargainBuddy (ID:2861)
2/11/2005 4:48:04 PM::Removing file c:\buddy.exe
2/11/2005 4:48:07 PM::Disable file c:\buddy.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\57591F07-099C-4163-9F2A-C49011\7C1E058A-1310-45F6-A619-2FC468
2/11/2005 4:48:07 PM::Removing file c:\windows\bbchk.exe
2/11/2005 4:48:10 PM::Disable file c:\windows\bbchk.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\57591F07-099C-4163-9F2A-C49011\A13E8147-D692-4F6C-806A-08E619
2/11/2005 4:48:10 PM::Removing file c:\windows\system32\msbe.dll
2/11/2005 4:48:18 PM::Disable file c:\windows\system32\msbe.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\57591F07-099C-4163-9F2A-C49011\FE7D7692-ADA0-4CE8-9C79-244C26
2/11/2005 4:48:18 PM::Clean Threat eXact.BargainBuddy (ID:2861) Complete
2/11/2005 4:48:18 PM::Remove Threat (ID:2861) Complete
2/11/2005 4:48:18 PM::Remove Threat (ID:5605)
2/11/2005 4:48:18 PM::Clean Threat GAIN (ID:5605)
2/11/2005 4:48:19 PM::Removing file c:\windows\gatorpdpsetup.log
2/11/2005 4:48:19 PM::Disable file c:\windows\gatorpdpsetup.log and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\35B14C63-6EF3-407B-98C6-475F77\7110E102-EFF9-4CDF-851D-66DE38
2/11/2005 4:48:19 PM::Removing file c:\windows\gatoruninstaller_cme.log
2/11/2005 4:48:19 PM::Disable file c:\windows\gatoruninstaller_cme.log and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\35B14C63-6EF3-407B-98C6-475F77\B12FD344-E162-4B76-AF97-6ECF9A
2/11/2005 4:48:19 PM::Removing file c:\windows\gatoruninstaller_cme_u.log
2/11/2005 4:48:19 PM::Disable file c:\windows\gatoruninstaller_cme_u.log and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\35B14C63-6EF3-407B-98C6-475F77\96FFA4D0-AB16-494D-859B-59808D
2/11/2005 4:48:19 PM::Removing file c:\windows\temp\bundle.inf
2/11/2005 4:48:19 PM::Disable file c:\windows\temp\bundle.inf and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\35B14C63-6EF3-407B-98C6-475F77\312E5E7A-6DA3-4071-ADB5-553C4E
2/11/2005 4:48:19 PM::Clean Threat GAIN (ID:5605) Complete
2/11/2005 4:48:19 PM::Remove Threat (ID:5605) Complete
2/11/2005 4:48:19 PM::Remove Threat (ID:14967)
2/11/2005 4:48:19 PM::Clean Threat VX2.LocalNRD (ID:14967)
2/11/2005 4:48:19 PM::Removing file c:\windows\localnrd.dll
2/11/2005 4:48:26 PM::Disable file c:\windows\localnrd.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\9BAD2BDE-1507-4FB8-B98E-8FD608\38D6A2C3-DFD4-4CC3-ADF5-0F5F75
2/11/2005 4:48:26 PM::Clean Threat VX2.LocalNRD (ID:14967) Complete
2/11/2005 4:48:27 PM::Remove Threat (ID:14967) Complete
2/11/2005 4:48:27 PM::Remove Threat (ID:14894)
2/11/2005 4:48:27 PM::Clean Threat WildMedia.OverPro (ID:14894)
2/11/2005 4:48:28 PM::Removing file c:\windows\minigolf_affiliate.exe
2/11/2005 4:48:29 PM::Disable file c:\windows\minigolf_affiliate.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\D1600276-185B-4C94-9EFC-A43961\88597CB1-8A71-46E1-89C0-09ABF6
2/11/2005 4:48:29 PM::Removing file c:\windows\wildapp.dll
2/11/2005 4:48:36 PM::Disable file c:\windows\wildapp.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\D1600276-185B-4C94-9EFC-A43961\91B74ABB-CA15-4D33-A51E-2725FC
2/11/2005 4:48:36 PM::Clean Threat WildMedia.OverPro (ID:14894) Complete
2/11/2005 4:48:36 PM::Remove Threat (ID:14894) Complete
2/11/2005 4:48:36 PM::Remove Threat (ID:13770)
2/11/2005 4:48:36 PM::Clean Threat Twain Tech (ID:13770)
2/11/2005 4:48:36 PM::Removing file c:\windows\smdat32a.sys
2/11/2005 4:48:36 PM::Disable file c:\windows\smdat32a.sys and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\59FE93DB-57B3-45D6-92A8-EC2081\B833F053-D866-4251-9B3F-F750B4
2/11/2005 4:48:36 PM::Removing file c:\windows\smdat32m.sys
2/11/2005 4:48:37 PM::Disable file c:\windows\smdat32m.sys and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\59FE93DB-57B3-45D6-92A8-EC2081\12635D88-6201-49CE-BFD5-92E011
2/11/2005 4:48:37 PM::Clean Threat Twain Tech (ID:13770) Complete
2/11/2005 4:48:37 PM::Remove Threat (ID:13770) Complete
2/11/2005 4:48:37 PM::Remove Threat (ID:14997)
2/11/2005 4:48:37 PM::Clean Threat eZula.WebOffer (ID:14997)
2/11/2005 4:48:38 PM::Removing file c:\ezstub.exe
2/11/2005 4:48:39 PM::Disable file c:\ezstub.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\78F3A35E-3FA2-4E67-ACC8-653A53\A1D690CB-2307-45DE-9A6A-A3702B
2/11/2005 4:48:39 PM::Clean Threat eZula.WebOffer (ID:14997) Complete
2/11/2005 4:48:39 PM::Remove Threat (ID:14997) Complete
2/11/2005 4:48:39 PM::Remove Threat (ID:3203)
2/11/2005 4:48:39 PM::Clean Threat Blazefind (ID:3203)
2/11/2005 4:48:39 PM::Removing file c:\windows\3_0_1browserhelper3.dll
2/11/2005 4:48:46 PM::Disable file c:\windows\3_0_1browserhelper3.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\5BD54679-7C1F-4903-80D5-3D5FBC\0917AA93-B726-4E00-A43D-9E4BCA
2/11/2005 4:48:46 PM::Clean Threat Blazefind (ID:3203) Complete
2/11/2005 4:48:46 PM::Remove Threat (ID:3203) Complete
2/11/2005 4:48:46 PM::Remove Threat (ID:6921)
2/11/2005 4:48:46 PM::Clean Threat IEPlugin (ID:6921)
2/11/2005 4:48:47 PM::Removing file c:\windows\systb.dll
2/11/2005 4:48:54 PM::Disable file c:\windows\systb.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\C7845CA6-6B5F-4F29-90EF-23D64F\037F2E38-9DB8-4C63-B94D-4FC5BB
2/11/2005 4:48:54 PM::Clean Threat IEPlugin (ID:6921) Complete
2/11/2005 4:48:54 PM::Remove Threat (ID:6921) Complete
2/11/2005 4:48:54 PM::Remove Threat (ID:13755)
2/11/2005 4:48:54 PM::Clean Threat TurboDownload (ID:13755)
2/11/2005 4:48:56 PM::Removing file c:\windows\system32\maxspeed.exe
2/11/2005 4:48:57 PM::Disable file c:\windows\system32\maxspeed.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\0E8E41C9-4FC3-4050-AFEC-41CE68\775070F5-C8B8-4818-A7B9-5C8BC9
2/11/2005 4:48:57 PM::Clean Threat TurboDownload (ID:13755) Complete
2/11/2005 4:48:57 PM::Remove Threat (ID:13755) Complete
2/11/2005 4:48:57 PM::Remove Threat (ID:10307)
2/11/2005 4:48:57 PM::Clean Threat RapidBlaster (ID:10307)
2/11/2005 4:48:57 PM::Removing file c:\windows\system32\acsproxy.dll
2/11/2005 4:49:04 PM::Disable file c:\windows\system32\acsproxy.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\44C581FB-CDE2-4614-8F9F-D7B0C4\54AA4EFE-71F7-4B17-8D65-C10D74
2/11/2005 4:49:04 PM::Clean Threat RapidBlaster (ID:10307) Complete
2/11/2005 4:49:04 PM::Remove Threat (ID:10307) Complete
2/11/2005 4:49:04 PM::Remove Threat (ID:15002)
2/11/2005 4:49:04 PM::Clean Threat eXact.Downloader (ID:15002)
2/11/2005 4:49:05 PM::Clean Threat eXact.Downloader (ID:15002) Complete
2/11/2005 4:49:05 PM::Remove Threat (ID:15002) Complete
2/11/2005 4:49:05 PM::Remove Threat (ID:7656)
2/11/2005 4:49:05 PM::Clean Threat KeenValue PerfectNav (ID:7656)
2/11/2005 4:49:06 PM::Removing file c:\windows\browserxtras\pn\remove.exe
2/11/2005 4:49:07 PM::Disable file c:\windows\browserxtras\pn\remove.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\7C51355F-D165-4A2C-A7B3-93689E\5AF32031-1AF9-4753-B6B5-37AF16
2/11/2005 4:49:07 PM::Clean Threat KeenValue PerfectNav (ID:7656) Complete
2/11/2005 4:49:07 PM::Remove Threat (ID:7656) Complete
2/11/2005 4:49:07 PM::Unititializing Clean
2/11/2005 4:49:07 PM::------------------------------------------------------------------
2/11/2005 4:52:11 PM::------------------------------------------------------------------
2/11/2005 4:52:11 PM::Initializing Clean - (ScanID: 29B9D74F-C2B6-498F-A6F3-59956C)
2/11/2005 4:52:11 PM::Remove Threat (ID:7631)
2/11/2005 4:52:11 PM::Clean Threat KaZaA (ID:7631)
2/11/2005 4:52:12 PM::Removing file c:\windows\temp\p2psetup.exe
2/11/2005 4:52:13 PM::Disable file c:\windows\temp\p2psetup.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\80C57DC8-DB3E-432B-BACA-D5133B\672231DD-9F40-4038-AE02-080439
2/11/2005 4:52:13 PM::Clean Threat KaZaA (ID:7631) Complete
2/11/2005 4:52:13 PM::Remove Threat (ID:7631) Complete
2/11/2005 4:52:13 PM::Unititializing Clean
2/11/2005 4:52:13 PM::------------------------------------------------------------------
2/26/2005 2:35:16 AM::------------------------------------------------------------------
2/26/2005 2:35:16 AM::Initializing Clean - (ScanID: 18A76F39-7D0C-4EF8-A2C0-D2E0A6)
2/26/2005 2:35:17 AM::Unititializing Clean
2/26/2005 2:35:17 AM::------------------------------------------------------------------
2/26/2005 9:45:28 AM::------------------------------------------------------------------
2/26/2005 9:45:28 AM::Initializing Clean - (ScanID: 18A76F39-7D0C-4EF8-A2C0-D2E0A6)
2/26/2005 9:45:28 AM::Remove Threat (ID:14997)
2/26/2005 9:45:28 AM::Clean Threat eZula.WebOffer (ID:14997)
2/26/2005 9:45:30 AM::Removing file c:\memorywatcher_b.exe
2/26/2005 9:45:30 AM::Disable file c:\memorywatcher_b.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\4C38877B-F351-4E07-9BCB-ACD35A\C28E5298-8A16-475D-8D5B-C92683
2/26/2005 9:45:30 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003085.exe
2/26/2005 9:45:31 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003085.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\4C38877B-F351-4E07-9BCB-ACD35A\4C8D6BFD-4649-4532-BCA4-516518
2/26/2005 9:45:31 AM::Clean Threat eZula.WebOffer (ID:14997) Complete
2/26/2005 9:45:31 AM::Remove Threat (ID:14997) Complete
2/26/2005 9:45:31 AM::Remove Threat (ID:14894)
2/26/2005 9:45:31 AM::Clean Threat WildMedia.OverPro (ID:14894)
2/26/2005 9:45:32 AM::Removing file c:\overpro-401.exe
2/26/2005 9:45:33 AM::Disable file c:\overpro-401.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\9422F255-A9E7-420B-B85B-312711\41A2C5BF-21B7-42CC-B1F5-6227D9
2/26/2005 9:45:33 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003082.dll
2/26/2005 9:45:40 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003082.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\9422F255-A9E7-420B-B85B-312711\AA99A2BB-22CF-4FD5-8031-D9358F
2/26/2005 9:45:40 AM::Clean Threat WildMedia.OverPro (ID:14894) Complete
2/26/2005 9:45:40 AM::Remove Threat (ID:14894) Complete
2/26/2005 9:45:40 AM::Remove Threat (ID:2861)
2/26/2005 9:45:40 AM::Clean Threat eXact.BargainBuddy (ID:2861)
2/26/2005 9:45:41 AM::Removing file c:\windows\system32\msexreg.exe
2/26/2005 9:45:42 AM::Disable file c:\windows\system32\msexreg.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\A5E4ABBF-0C15-4E5C-B934-0989BF\6D9C1894-B98C-4890-B1F4-FFAA20
2/26/2005 9:45:42 AM::Clean Threat eXact.BargainBuddy (ID:2861) Complete
2/26/2005 9:45:42 AM::Remove Threat (ID:2861) Complete
2/26/2005 9:45:42 AM::Remove Threat (ID:15286)
2/26/2005 9:45:42 AM::Clean Threat Unclassified.Spyware.43 (ID:15286)
2/26/2005 9:45:43 AM::Removing file c:\windows\temp\update_8.exe
2/26/2005 9:45:43 AM::Disable file c:\windows\temp\update_8.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\A0C6B0EE-6D82-402E-BEEF-AC62C3\B3A0DCF0-F7A4-4EEC-B92C-00F5DB
2/26/2005 9:45:43 AM::Clean Threat Unclassified.Spyware.43 (ID:15286) Complete
2/26/2005 9:45:43 AM::Remove Threat (ID:15286) Complete
2/26/2005 9:45:43 AM::Remove Threat (ID:15292)
2/26/2005 9:45:43 AM::Clean Threat VX2.Buddy (ID:15292)
2/26/2005 9:45:44 AM::Removing file c:\documents and settings\alexander skabry\application data\dics.exe
2/26/2005 9:45:45 AM::Disable file c:\documents and settings\alexander skabry\application data\dics.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\808160D2-DE89-4579-9480-9C2CC0\BBB7BE8F-62DD-4AEB-A9D1-91C64A
2/26/2005 9:45:45 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003077.exe
2/26/2005 9:45:46 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003077.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\808160D2-DE89-4579-9480-9C2CC0\AD9C44FD-A7E3-4B36-B722-D67972
2/26/2005 9:45:46 AM::Clean Threat VX2.Buddy (ID:15292) Complete
2/26/2005 9:45:46 AM::Remove Threat (ID:15292) Complete
2/26/2005 9:45:46 AM::Remove Threat (ID:15030)
2/26/2005 9:45:46 AM::Clean Threat eXact.ISEXEng (ID:15030)
2/26/2005 9:45:47 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003076.exe
2/26/2005 9:45:47 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003076.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\A0595BF1-62A1-4CB9-878D-D30AB5\5E21D601-6BA2-4139-8A0B-F5B446
2/26/2005 9:45:47 AM::Clean Threat eXact.ISEXEng (ID:15030) Complete
2/26/2005 9:45:47 AM::Remove Threat (ID:15030) Complete
2/26/2005 9:45:47 AM::Remove Threat (ID:15002)
2/26/2005 9:45:47 AM::Clean Threat eXact.Downloader (ID:15002)
2/26/2005 9:45:48 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003079.dll
2/26/2005 9:45:55 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003079.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\5DCB6C27-9CF8-4DB8-98B0-DD615D\5128B107-A966-4627-955F-A20B9B
2/26/2005 9:45:55 AM::Clean Threat eXact.Downloader (ID:15002) Complete
2/26/2005 9:45:55 AM::Remove Threat (ID:15002) Complete
2/26/2005 9:45:55 AM::Remove Threat (ID:3203)
2/26/2005 9:45:55 AM::Clean Threat Blazefind (ID:3203)
2/26/2005 9:45:55 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003086.dll
2/26/2005 9:46:02 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003086.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\42F0B890-22D1-4805-B8CF-7B2F80\49B84C33-2333-4468-B69A-372B09
2/26/2005 9:46:02 AM::Clean Threat Blazefind (ID:3203) Complete
2/26/2005 9:46:02 AM::Remove Threat (ID:3203) Complete
2/26/2005 9:46:02 AM::Remove Threat (ID:6921)
2/26/2005 9:46:02 AM::Clean Threat IEPlugin (ID:6921)
2/26/2005 9:46:03 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003087.dll
2/26/2005 9:46:10 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003087.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\C48FD245-1704-461F-9F1D-62DBF6\8CE6EC4F-3A9D-4F8E-B735-8D77A7
2/26/2005 9:46:10 AM::Clean Threat IEPlugin (ID:6921) Complete
2/26/2005 9:46:10 AM::Remove Threat (ID:6921) Complete
2/26/2005 9:46:10 AM::Remove Threat (ID:13755)
2/26/2005 9:46:10 AM::Clean Threat TurboDownload (ID:13755)
2/26/2005 9:46:11 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003088.exe
2/26/2005 9:46:12 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003088.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\5BDC025D-EE3E-4103-9FE0-07BC74\16F8233B-790A-4CD3-B208-105EF0
2/26/2005 9:46:12 AM::Clean Threat TurboDownload (ID:13755) Complete
2/26/2005 9:46:12 AM::Remove Threat (ID:13755) Complete
2/26/2005 9:46:12 AM::Remove Threat (ID:10307)
2/26/2005 9:46:12 AM::Clean Threat RapidBlaster (ID:10307)
2/26/2005 9:46:12 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003089.dll
2/26/2005 9:46:19 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003089.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\C659E8C5-8833-4F4F-BC7E-FC2BD9\D3D208DD-9A5D-4B29-8C12-0211A0
2/26/2005 9:46:19 AM::Clean Threat RapidBlaster (ID:10307) Complete
2/26/2005 9:46:19 AM::Remove Threat (ID:10307) Complete
2/26/2005 9:46:19 AM::Remove Threat (ID:7656)
2/26/2005 9:46:19 AM::Clean Threat KeenValue PerfectNav (ID:7656)
2/26/2005 9:46:20 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003090.exe
2/26/2005 9:46:21 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003090.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\70DF1526-E891-4B33-9B4A-65DDC0\FEC5DB71-4F2B-4065-80EA-4AC965
2/26/2005 9:46:21 AM::Clean Threat KeenValue PerfectNav (ID:7656) Complete
2/26/2005 9:46:21 AM::Remove Threat (ID:7656) Complete
2/26/2005 9:46:21 AM::Unititializing Clean
2/26/2005 9:46:21 AM::------------------------------------------------------------------
3/7/2005 2:26:58 AM::------------------------------------------------------------------
3/7/2005 2:26:58 AM::Initializing Clean - (ScanID: 2CF73AAA-7CAC-4CF8-A577-D49418)
3/7/2005 2:26:58 AM::Unititializing Clean
3/7/2005 2:26:58 AM::------------------------------------------------------------------
3/10/2005 10:22:41 PM::------------------------------------------------------------------
3/10/2005 10:22:41 PM::Initializing Clean - (ScanID: 2CF73AAA-7CAC-4CF8-A577-D49418)
3/10/2005 10:22:41 PM::Remove Threat (ID:15292)
3/10/2005 10:22:41 PM::Clean Threat VX2.Buddy (ID:15292)
3/10/2005 10:22:41 PM::Terminating IE
3/10/2005 10:22:42 PM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp16\a0012462.exe
3/10/2005 10:22:43 PM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp16\a0012462.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\8D7D1704-5E6F-48B6-AA61-3AAB28\416400D1-4BE1-4836-B737-95C5A3
3/10/2005 10:22:43 PM::Clean Threat VX2.Buddy (ID:15292) Complete
3/10/2005 10:22:43 PM::Remove Threat (ID:15292) Complete
3/10/2005 10:22:43 PM::Remove Threat (ID:14997)
3/10/2005 10:22:43 PM::Clean Threat eZula.WebOffer (ID:14997)
3/10/2005 10:22:44 PM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp16\a0012459.exe
3/10/2005 10:22:44 PM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp16\a0012459.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\A975C658-0B0D-4893-854E-C565AD\2D4EFCCD-3D51-4622-9BA9-483CB4
3/10/2005 10:22:44 PM::Clean Threat eZula.WebOffer (ID:14997) Complete
3/10/2005 10:22:44 PM::Remove Threat (ID:14997) Complete
3/10/2005 10:22:44 PM::Remove Threat (ID:2861)
3/10/2005 10:22:44 PM::Clean Threat eXact.BargainBuddy (ID:2861)
3/10/2005 10:22:45 PM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp16\a0012461.exe
3/10/2005 10:22:45 PM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp16\a0012461.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\9A8C745E-4B3C-4B88-BDA8-D4ED48\B43A398A-8D21-493A-9F20-AA7213
3/10/2005 10:22:45 PM::Clean Threat eXact.BargainBuddy (ID:2861) Complete
3/10/2005 10:22:45 PM::Remove Threat (ID:2861) Complete
3/10/2005 10:22:45 PM::Remove Threat (ID:14894)
3/10/2005 10:22:45 PM::Clean Threat WildMedia.OverPro (ID:14894)
3/10/2005 10:22:46 PM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp16\a0012460.exe
3/10/2005 10:22:46 PM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp16\a0012460.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\14EDE98F-C0C5-4BD6-9481-CC3D3B\D9FCB991-CEDD-4582-A82B-C00410
3/10/2005 10:22:46 PM::Clean Threat WildMedia.OverPro (ID:14894) Complete
3/10/2005 10:22:46 PM::Remove Threat (ID:14894) Complete
3/10/2005 10:22:47 PM::Unititializing Clean
3/10/2005 10:22:47 PM::------------------------------------------------------------------
4/8/2005 2:30:36 AM::------------------------------------------------------------------
4/8/2005 2:30:36 AM::Initializing Clean - (ScanID: DF76E81D-6591-4F19-9B90-606D32)
4/8/2005 2:30:36 AM::Unititializing Clean
4/8/2005 2:30:36 AM::------------------------------------------------------------------
4/8/2005 2:50:21 AM::------------------------------------------------------------------
4/8/2005 2:50:21 AM::Initializing Clean - (ScanID: DF76E81D-6591-4F19-9B90-606D32)
4/8/2005 2:50:21 AM::Remove Threat (ID:14831)
4/8/2005 2:50:21 AM::Clean Threat Possible Browser Hijack (ID:14831)
4/8/2005 2:50:23 AM::Run custom cleaner Internet Explorer mozilla: (148311)
4/8/2005 2:50:23 AM::Restore IE URL settings
4/8/2005 2:50:23 AM::Clean Threat Possible Browser Hijack (ID:14831) Complete
4/8/2005 2:50:23 AM::Remove Threat (ID:14831) Complete
4/8/2005 2:50:23 AM::Unititializing Clean
4/8/2005 2:50:23 AM::------------------------------------------------------------------
4/12/2005 2:48:39 AM::------------------------------------------------------------------
4/12/2005 2:48:39 AM::Initializing Clean - (ScanID: 45F7EF15-C9FD-4A19-A221-541D89)
4/12/2005 2:48:39 AM::Unititializing Clean
4/12/2005 2:48:39 AM::------------------------------------------------------------------
4/12/2005 2:51:36 AM::------------------------------------------------------------------
4/12/2005 2:51:36 AM::Initializing Clean - (ScanID: 45F7EF15-C9FD-4A19-A221-541D89)
4/12/2005 2:51:36 AM::Remove Threat (ID:4093)
4/12/2005 2:51:36 AM::Clean Threat CoolWebSearch.CameUp (ID:4093)
4/12/2005 2:51:37 AM::Removing file c:\windows\webdlg32.dll
4/12/2005 2:51:50 AM::Disable file c:\windows\webdlg32.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\0B869069-35EB-4820-86B4-B546D9\77684FB8-D99E-4EDB-B796-469520
4/12/2005 2:51:50 AM::Clean Threat CoolWebSearch.CameUp (ID:4093) Complete
4/12/2005 2:51:51 AM::Remove Threat (ID:4093) Complete
4/12/2005 2:51:51 AM::Remove Threat (ID:15436)
4/12/2005 2:51:51 AM::Clean Threat ClickSpring.PuritySCAN.Downloader (ID:15436)
4/12/2005 2:51:51 AM::Removing file c:\windows\system32\eaz.dll
4/12/2005 2:51:59 AM::Disable file c:\windows\system32\eaz.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\73258AC8-B11F-4E9E-B942-BA08D7\5A4F8EF6-23B4-4534-BDBC-F11AD6
4/12/2005 2:52:00 AM::Clean Threat ClickSpring.PuritySCAN.Downloader (ID:15436) Complete
4/12/2005 2:52:00 AM::Remove Threat (ID:15436) Complete
4/12/2005 2:52:00 AM::Unititializing Clean
4/12/2005 2:52:00 AM::------------------------------------------------------------------
4/27/2005 2:46:51 AM::------------------------------------------------------------------
4/27/2005 2:46:51 AM::Initializing Clean - (ScanID: FA163571-03FE-4269-A480-46852B)
4/27/2005 2:46:52 AM::Unititializing Clean
4/27/2005 2:46:52 AM::------------------------------------------------------------------
4/27/2005 7:13:59 AM::------------------------------------------------------------------
4/27/2005 7:13:59 AM::Initializing Clean - (ScanID: FA163571-03FE-4269-A480-46852B)
4/27/2005 7:13:59 AM::Remove Threat (ID:15043)
4/27/2005 7:13:59 AM::Clean Threat SearchHelp (ID:15043)
4/27/2005 7:14:01 AM::Removing file c:\windows\temp\clicks.dll
4/27/2005 7:14:14 AM::Disable file c:\windows\temp\clicks.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\13A9F819-CC42-4A7D-B475-D86690\72115767-05AC-43E9-B572-6BE43E
4/27/2005 7:14:14 AM::Clean Threat SearchHelp (ID:15043) Complete
4/27/2005 7:14:14 AM::Remove Threat (ID:15043) Complete
4/27/2005 7:14:14 AM::Remove Threat (ID:4093)
4/27/2005 7:14:14 AM::Clean Threat CoolWebSearch.CameUp (ID:4093)
4/27/2005 7:14:15 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp84\a0044102.dll
4/27/2005 7:14:23 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp84\a0044102.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\1F53D372-6A4F-4B83-A597-FE1829\1517A43D-26F1-4777-B7AA-706D54
4/27/2005 7:14:23 AM::Clean Threat CoolWebSearch.CameUp (ID:4093) Complete
4/27/2005 7:14:23 AM::Remove Threat (ID:4093) Complete
4/27/2005 7:14:23 AM::Remove Threat (ID:15436)
4/27/2005 7:14:23 AM::Clean Threat ClickSpring.PuritySCAN.Downloader (ID:15436)
4/27/2005 7:14:24 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp84\a0044103.dll
4/27/2005 7:14:32 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp84\a0044103.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\1D7CA214-0E50-4ECA-A49A-B8D7C4\711CC606-40BC-4BCE-A122-5B43B0
4/27/2005 7:14:32 AM::Clean Threat ClickSpring.PuritySCAN.Downloader (ID:15436) Complete
4/27/2005 7:14:32 AM::Remove Threat (ID:15436) Complete
4/27/2005 7:14:32 AM::Unititializing Clean
4/27/2005 7:14:32 AM::------------------------------------------------------------------
10/5/2005 5:12:56 AM::------------------------------------------------------------------
10/5/2005 5:12:56 AM::Initializing Clean - (ScanID: 0)
10/5/2005 5:12:56 AM::Clean Threat 180Solutions.SearchAssistant (ID:14814)
10/5/2005 5:12:56 AM::Generating threat
10/5/2005 5:13:28 AM::Removing file c:\documents and settings\all users\start menu\programs\180search assistant\Uninstall 180search Assistant Instructions.lnk
10/5/2005 5:13:30 AM::Disable file c:\documents and settings\all users\start menu\programs\180search assistant\Uninstall 180search Assistant Instructions.lnk and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\3E17E86E-C456-41B0-B824-9032C4\F90E3E1C-476F-4C26-915A-F817FA
10/5/2005 5:13:31 AM::Delete folder c:\documents and settings\all users\start menu\programs\180search assistant\
10/5/2005 5:13:32 AM::Removing file c:\program files\180searchassistant\sais.exe
10/5/2005 5:13:34 AM::Removed registry auto start HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sais=c:\program files\180searchassistant\sais.exe]
10/5/2005 5:13:35 AM::Terminating process c:\program files\180searchassistant\sais.exe
10/5/2005 5:13:36 AM::Disable file c:\program files\180searchassistant\sais.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\3E17E86E-C456-41B0-B824-9032C4\04595128-A5E4-4E07-B1A7-2DCE3B
10/5/2005 5:13:36 AM::Removing file c:\program files\180searchassistant\saishook.dll
10/5/2005 5:13:38 AM::RemoveProviderByPath-FilePath=c:\program files\180searchassistant\saishook.dll,RC=0,ThreatID=14814
10/5/2005 5:13:38 AM::Removed all related Winsock LSP handler for c:\program files\180searchassistant\saishook.dll
10/5/2005 5:14:11 AM::Removing BHO {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} for file c:\program files\180searchassistant\saishook.dll
10/5/2005 5:14:11 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} [=SABHO
10/5/2005 5:14:11 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
10/5/2005 5:14:11 AM::Removing registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
10/5/2005 5:14:12 AM::Unregistering COM entry points for file c:\program files\180searchassistant\saishook.dll
10/5/2005 5:14:16 AM::Disable file c:\program files\180searchassistant\saishook.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\3E17E86E-C456-41B0-B824-9032C4\B9EB7378-A652-4FBA-8AE4-ECAB64
10/5/2005 5:14:16 AM::Removing file c:\program files\180searchassistant\sais_gdf.dat
10/5/2005 5:14:16 AM::Disable file c:\program files\180searchassistant\sais_gdf.dat and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\3E17E86E-C456-41B0-B824-9032C4\B01C39C7-80A2-426E-88B6-2CFAB9
10/5/2005 5:14:16 AM::Removing file c:\program files\180searchassistant\saisau.dat
10/5/2005 5:14:16 AM::Disable file c:\program files\180searchassistant\saisau.dat and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\3E17E86E-C456-41B0-B824-9032C4\6D09C620-6070-43FD-9FA1-04B426
10/5/2005 5:14:16 AM::Removing file c:\program files\180searchassistant\sais_kyf_update.dat
10/5/2005 5:14:17 AM::Disable file c:\program files\180searchassistant\sais_kyf_update.dat and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\3E17E86E-C456-41B0-B824-9032C4\BEB5C096-76DA-48F7-BC25-AF3D5A
10/5/2005 5:14:17 AM::Delete folder c:\program files\180searchassistant\
10/5/2005 5:14:17 AM::Removing file c:\windows\downloaded program files\clientax.dll
10/5/2005 5:14:17 AM::RemoveProviderByPath-FilePath=c:\windows\downloaded program files\clientax.dll,RC=0,ThreatID=14814
10/5/2005 5:14:17 AM::Removed all related Winsock LSP handler for c:\windows\downloaded program files\clientax.dll
10/5/2005 5:14:26 AM::Removing IE ActiveX {99410CDE-6F16-42ce-9D49-3807F78F0287} for file c:\windows\downloaded program files\clientax.dll
10/5/2005 5:14:26 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Contains\Files
10/5/2005 5:14:26 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Contains
10/5/2005 5:14:26 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}\DownloadInformation [CODEBASE=http://www.180searchassistant.com/180saax.cab
10/5/2005 5:14:26 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}\DownloadInformation [INF=C:\WINDOWS\Downloaded Program Files\ClientAX.inf
10/5/2005 5:14:26 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}\DownloadInformation
10/5/2005 5:14:26 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InstalledVersion [=6,9,95,0
10/5/2005 5:14:26 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InstalledVersion
10/5/2005 5:14:26 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287} [Installer=MSICD
10/5/2005 5:14:26 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287} [SystemComponent=0
10/5/2005 5:14:26 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}
10/5/2005 5:14:26 AM::Removing registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}
10/5/2005 5:14:27 AM::Unregistering COM entry points for file c:\windows\downloaded program files\clientax.dll
10/5/2005 5:14:29 AM::Disable file c:\windows\downloaded program files\clientax.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\3E17E86E-C456-41B0-B824-9032C4\43AFACAB-993E-409A-B7B1-6A16AF
10/5/2005 5:14:30 AM::Removing registry value HKEY_CURRENT_USER\Software\sais [last_conn_h=29739430
10/5/2005 5:14:30 AM::Removing registry value HKEY_CURRENT_USER\Software\sais [last_conn_l=208253360
10/5/2005 5:14:30 AM::Removing registry value HKEY_CURRENT_USER\Software\sais [we=2
10/5/2005 5:14:30 AM::Removing registry value HKEY_CURRENT_USER\Software\sais
10/5/2005 5:14:30 AM::Removing registry key HKEY_CURRENT_USER\Software\sais
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais [DisplayName=Uninstall 180search Assistant
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais [UninstallString=c:\program files\180searchassistant\sais.exe /uninst_simple_init=y
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais [DisplayIcon=c:\program files\180searchassistant\sais.exe,2
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais
10/5/2005 5:14:30 AM::Removing registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais [did=5041
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais [duid=62D335E225279AD3CAF307594CDED0C3C5A0FE9AA572E291FB80C74313A040CF
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais [partner_id=447869953
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais [product_id=5041
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais [umt=0162D335E225279AD3CAF307594CDED0C3C5A0FE9AA572E291FB80C74313A040CF
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais [gma=1
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais [gvi=1
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais [gpi=1
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais [boom=
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais [boom_ver=1
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais
10/5/2005 5:14:30 AM::Removing registry key HKEY_LOCAL_MACHINE\SOFTWARE\sais
10/5/2005 5:14:31 AM::Clean Threat 180Solutions.SearchAssistant (ID:14814) Complete
10/5/2005 5:14:36 AM::Unititializing Clean
10/5/2005 5:14:36 AM::------------------------------------------------------------------
10/5/2005 5:16:08 AM::------------------------------------------------------------------
10/5/2005 5:16:08 AM::Initializing Clean - (ScanID: 0)
10/5/2005 5:16:09 AM::Clean Threat IST.SideFind (ID:14817)
10/5/2005 5:16:09 AM::Generating threat
10/5/2005 5:16:22 AM::Removing file c:\program files\sidefind\update\sidefind.exe
10/5/2005 5:16:25 AM::Disable file c:\program files\sidefind\update\sidefind.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\E7B2CEF5-0BB8-4FF9-A848-269F3F\75718FC9-84C2-4B50-B7E3-CC2F7C
10/5/2005 5:16:25 AM::Removing file c:\program files\sidefind\sfexd001
10/5/2005 5:16:25 AM::Disable file c:\program files\sidefind\sfexd001 and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\E7B2CEF5-0BB8-4FF9-A848-269F3F\5080EEFD-09EA-4556-BE50-ECF181
10/5/2005 5:16:25 AM::Removing file c:\program files\sidefind\sfbho.dll
10/5/2005 5:16:26 AM::RemoveProviderByPath-FilePath=c:\program files\sidefind\sfbho.dll,RC=0,ThreatID=14817
10/5/2005 5:16:26 AM::Removed all related Winsock LSP handler for c:\program files\sidefind\sfbho.dll
10/5/2005 5:16:38 AM::Removing BHO {A3FDD654-A057-4971-9844-4ED8E67DBBB8} for file c:\program files\sidefind\sfbho.dll
10/5/2005 5:16:38 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}
10/5/2005 5:16:38 AM::Removing registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}
10/5/2005 5:16:40 AM::Unregistering COM entry points for file c:\program files\sidefind\sfbho.dll
10/5/2005 5:16:43 AM::Disable file c:\program files\sidefind\sfbho.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\E7B2CEF5-0BB8-4FF9-A848-269F3F\7C9D05BD-1D98-43BF-9FA7-254391
10/5/2005 5:16:43 AM::Removing file c:\program files\sidefind\sidefind.dll
10/5/2005 5:16:43 AM::RemoveProviderByPath-FilePath=c:\program files\sidefind\sidefind.dll,RC=0,ThreatID=14817
10/5/2005 5:16:43 AM::Removed all related Winsock LSP handler for c:\program files\sidefind\sidefind.dll
10/5/2005 5:16:53 AM::Unregistering COM entry points for file c:\program files\sidefind\sidefind.dll
10/5/2005 5:16:55 AM::Disable file c:\program files\sidefind\sidefind.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\E7B2CEF5-0BB8-4FF9-A848-269F3F\6A386479-3404-4853-BA67-8E9879
10/5/2005 5:16:56 AM::Delete folder c:\program files\sidefind\
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 [=C:\Program Files\SideFind\sidefind.dll
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 [ThreadingModel=Apartment
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\ProgID [=SideFind.Finder.1
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\ProgID
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Programmable
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\TypeLib [={58634367-D62B-4C2C-86BE-5AAC45CDB671}
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\TypeLib
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\VersionIndependentProgID [=SideFind.Finder
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\VersionIndependentProgID
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} [=SideFind
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}
10/5/2005 5:16:57 AM::Removing registry key HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\SideFind.Finder.1\CLSID [={8CBA1B49-8144-4721-A7B1-64C578C9EED7}
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\SideFind.Finder.1\CLSID
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\SideFind.Finder.1 [=SideFind
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\SideFind.Finder.1
10/5/2005 5:16:57 AM::Removing registry key HKEY_CLASSES_ROOT\SideFind.Finder.1
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\SideFind.Finder\CLSID [={8CBA1B49-8144-4721-A7B1-64C578C9EED7}
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\SideFind.Finder\CLSID
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\SideFind.Finder\CurVer [=SideFind.Finder.1
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\SideFind.Finder\CurVer
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\SideFind.Finder [=SideFind
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\SideFind.Finder
10/5/2005 5:16:57 AM::Removing registry key HKEY_CLASSES_ROOT\SideFind.Finder
10/5/2005 5:16:57 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} [Default Visible=Yes
10/5/2005 5:16:57 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} [ButtonText=SideFind
10/5/2005 5:16:58 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} [HotIcon=C:\PROGRA~1\SideFind\sidefind.dll,201
10/5/2005 5:16:58 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} [Icon=C:\PROGRA~1\SideFind\sidefind.dll,201
10/5/2005 5:16:58 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} [CLSID={E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16}
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} [BandCLSID={8CBA1B49-8144-4721-A7B1-64C578C9EED7}
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807}
10/5/2005 5:16:59 AM::Removing registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807}
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\Software\Microsoft\SideFind [webautosearch=true
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\Software\Microsoft\SideFind [shoppingautosearch=true
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\Software\Microsoft\SideFind
10/5/2005 5:16:59 AM::Removing registry key HKEY_LOCAL_MACHINE\Software\Microsoft\SideFind
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind [DisplayName=SideFind
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind [UninstallString="C:\Program Files\Sidefind\update\sidefind.exe" /remove
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind
10/5/2005 5:16:59 AM::Removing registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind [account_id=106
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind [PathBHO=C:\Program Files\SideFind\sfbho.dll
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind [PathDLL=C:\Program Files\SideFind\sidefind.dll
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind [PathXML=C:\Program Files\SideFind\sfexd001
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind [PathEXE=C:\Program Files\Sidefind\update\sidefind.exe
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind [InstallDate=2005-10-05 11:56:59
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind [SearchSite=http://www.sidefind.com/results.php?target=_external&
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind [update=1128772623
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind [ver=1.3
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind [IntervalBetweenShows=240
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind
10/5/2005 5:17:00 AM::Removing registry key HKEY_LOCAL_MACHINE\SOFTWARE\SideFind
10/5/2005 5:17:00 AM::Clean Threat IST.SideFind (ID:14817) Complete
10/5/2005 5:17:02 AM::Unititializing Clean
10/5/2005 5:17:02 AM::------------------------------------------------------------------
10/5/2005 5:24:40 AM::------------------------------------------------
10/5/2005 5:24:40 AM::Starting GIANT AS Cleaner
10/5/2005 5:24:40 AM::Running all Cleaner deletes
10/5/2005 5:24:40 AM::---Starting Quick Cleaner DelFolders
10/5/2005 5:24:41 AM::---Starting Quick Cleaner DelRegKeys
10/5/2005 5:24:41 AM::Checking threats to clean
10/5/2005 5:24:41 AM::Ending GIANT AS Cleaner
10/5/2005 5:24:41 AM::------------------------------------------------
10/5/2005 5:31:01 AM::------------------------------------------------------------------
10/5/2005 5:31:01 AM::Initializing Clean - (ScanID: 0)
10/5/2005 5:31:01 AM::Remove Threat (ID:15049)
10/5/2005 5:31:01 AM::Clean Threat YourSiteBar (ID:15049)
10/5/2005 5:31:03 AM::Generating threat
10/5/2005 5:31:42 AM::Removing file c:\program files\yoursitebar\ysb.dll
10/5/2005 5:31:47 AM::RemoveProviderByPath-FilePath=c:\program files\yoursitebar\ysb.dll,RC=0,ThreatID=15049
10/5/2005 5:31:47 AM::Removed all related Winsock LSP handler for c:\program files\yoursitebar\ysb.dll
10/5/2005 5:32:21 AM::Unregistering COM entry points for file c:\program files\yoursitebar\ysb.dll
10/5/2005 5:32:24 AM::Disable file c:\program files\yoursitebar\ysb.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\1B81B1CE-D23C-4E41-8BC9-9E0326\6E57AABF-D5CB-4FE7-B27A-6FE5C5
10/5/2005 5:32:24 AM::Removing file c:\program files\yoursitebar\yoursitebar.xml
10/5/2005 5:32:25 AM::Disable file c:\program files\yoursitebar\yoursitebar.xml and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\1B81B1CE-D23C-4E41-8BC9-9E0326\11EF216A-0722-4E8B-8C9C-94F4A6
10/5/2005 5:32:25 AM::Removing file c:\program files\yoursitebar\imagemap_normal.bmp
10/5/2005 5:32:25 AM::Disable file c:\program files\yoursitebar\imagemap_normal.bmp and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\1B81B1CE-D23C-4E41-8BC9-9E0326\DC56ECAC-8336-4018-8E0F-37533F
10/5/2005 5:32:25 AM::Removing file c:\program files\yoursitebar\imagemap_over.bmp
10/5/2005 5:32:25 AM::Disable file c:\program files\yoursitebar\imagemap_over.bmp and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\1B81B1CE-D23C-4E41-8BC9-9E0326\597DBB5C-565F-4474-8FF1-FF5FC5
10/5/2005 5:32:25 AM::Removing file c:\program files\yoursitebar\version.txt
10/5/2005 5:32:25 AM::Disable file c:\program files\yoursitebar\version.txt and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\1B81B1CE-D23C-4E41-8BC9-9E0326\BF8058E7-02AF-4DF0-9725-B64EC5
10/5/2005 5:32:25 AM::Delete folder c:\program files\yoursitebar\
10/5/2005 5:32:25 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}\Implemented Categories
10/5/2005 5:32:25 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} [=YourSiteBar
10/5/2005 5:32:25 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}
10/5/2005 5:32:25 AM::Removing registry key HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}
10/5/2005 5:32:25 AM::Clean Threat YourSiteBar (ID:15049) Complete
10/5/2005 5:32:27 AM::Remove Threat (ID:15049) Complete
10/5/2005 5:51:56 AM::------------------------------------------------------------------
10/5/2005 5:51:56 AM::Initializing Clean - (ScanID: 956955C5-0B35-41AE-BB9D-6B1A4A)
10/5/2005 5:51:56 AM::Remove Threat (ID:14816)
10/5/2005 5:51:56 AM::Clean Threat IST.XXXToolbar (ID:14816)
10/5/2005 5:52:04 AM::Terminating IE
10/5/2005 5:52:05 AM::Suspending 369 process thread(s) for C:\Program Files\ISTsvc\istsvc.exe
10/5/2005 5:52:05 AM::Removing file C:\Program Files\ISTsvc\istsvc.exe
10/5/2005 5:52:07 AM::Removed registry auto start HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IST Service=C:\Program Files\ISTsvc\istsvc.exe]
10/5/2005 5:52:07 AM::Terminating process C:\Program Files\ISTsvc\istsvc.exe
10/5/2005 5:52:08 AM::Disable file C:\Program Files\ISTsvc\istsvc.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\64823FE5-80F5-478F-BC79-3331B5\59B46BA1-72FF-4C8A-ACD6-C4AD16
10/5/2005 5:52:08 AM::Delete file C:\Program Files\ISTsvc\istsvc.exe failed, adding to FileDeleteReboot
10/5/2005 5:52:09 AM::Disable file C:\Program Files\ISTsvc\istsvc.exe failed, file locked or in memory
10/5/2005 5:52:09 AM::Special cleaner required to remove threat on restart, reason: Could not quarantine file C:\Program Files\ISTsvc\istsvc.exe, unknown error moving file.
10/5/2005 5:52:10 AM::Removing file C:\Program Files\ISTsvc\istsvc.exe
10/5/2005 5:52:11 AM::Disable file C:\Program Files\ISTsvc\istsvc.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\64823FE5-80F5-478F-BC79-3331B5\A7AA3501-8260-4B91-82AB-904E1C
10/5/2005 5:52:11 AM::Delete file C:\Program Files\ISTsvc\istsvc.exe failed, adding to FileDeleteReboot
10/5/2005 5:52:11 AM::Disable file C:\Program Files\ISTsvc\istsvc.exe failed, file locked or in memory
10/5/2005 5:52:11 AM::Special cleaner required to remove threat on restart, reason: Could not quarantine file C:\Program Files\ISTsvc\istsvc.exe, unknown error moving file.
10/5/2005 5:52:11 AM::Clean Threat IST.XXXToolbar (ID:14816) Complete
10/5/2005 5:52:11 AM::Remove Threat (ID:9942)
10/5/2005 5:52:11 AM::Clean Threat IST.PowerScan (ID:9942)
10/5/2005 5:52:12 AM::Removing file c:\program files\power scan\powerscan.exe
10/5/2005 5:52:13 AM::Removed registry auto start HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Power Scan=C:\Program Files\Power Scan\powerscan.exe]
10/5/2005 5:52:13 AM::Disable file c:\program files\power scan\powerscan.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\47FFA4A8-8015-4F3D-B96B-C792EC\B754D411-D436-4A92-81F7-3A9540
10/5/2005 5:52:13 AM::Removing file C:\Program Files\Power Scan\uninstall.exe
10/5/2005 5:52:14 AM::Disable file C:\Program Files\Power Scan\uninstall.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\47FFA4A8-8015-4F3D-B96B-C792EC\361C9E2A-AA9F-44F1-BE88-6D58F7
10/5/2005 5:52:14 AM::Removing file c:\documents and settings\alexander skabry\start menu\programs\power scan\power scan.lnk
10/5/2005 5:52:14 AM::Disable file c:\documents and settings\alexander skabry\start menu\programs\power scan\power scan.lnk and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\47FFA4A8-8015-4F3D-B96B-C792EC\772A02EB-936F-4928-9B33-5110E5
10/5/2005 5:52:14 AM::Delete folder c:\documents and settings\alexander skabry\start menu\programs\power scan\
10/5/2005 5:52:15 AM::Delete folder c:\program files\power scan\
10/5/2005 5:52:15 AM::Removing registry value HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Power Scan [DisplayName=Power Scan
10/5/2005 5:52:15 AM::Removing registry value HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Power Scan [UninstallString=C:\Program Files\Power Scan\uninstall.exe
10/5/2005 5:52:15 AM::Removing registry value HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Power Scan
10/5/2005 5:52:15 AM::Removing registry key HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Power Scan
10/5/2005 5:52:15 AM::Removing registry value HKEY_LOCAL_MACHINE\software\powerscan [LoadNum=2
10/5/2005 5:52:15 AM::Removing registry value HKEY_LOCAL_MACHINE\software\powerscan
10/5/2005 5:52:15 AM::Removing registry key HKEY_LOCAL_MACHINE\software\powerscan
10/5/2005 5:52:15 AM::Clean Threat IST.PowerScan (ID:9942) Complete
10/5/2005 5:52:15 AM::Remove Threat (ID:9942) Complete
10/5/2005 5:52:15 AM::Remove Threat (ID:16006)
10/5/2005 5:52:15 AM::Clean Threat Trojan.Startup.NameShifter.BT (ID:16006)
10/5/2005 5:52:16 AM::Suspending 367 process thread(s) for c:\windows\system32\uir3km49.exe
10/5/2005 5:52:16 AM::Removing file c:\windows\system32\uir3km49.exe
10/5/2005 5:52:17 AM::Removed registry auto start HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [uir3km49=C:\WINDOWS\system32\uir3km49.exe]
10/5/2005 5:52:17 AM::Terminating process c:\windows\system32\uir3km49.exe
10/5/2005 5:52:20 AM::Disable file c:\windows\system32\uir3km49.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\20BDAE18-2D0F-4F11-9ECC-A08F94\130EC8EB-6600-4350-A1E8-2C86F5
10/5/2005 5:52:20 AM::Clean Threat Trojan.Startup.NameShifter.BT (ID:16006) Complete
10/5/2005 5:52:20 AM::Remove Threat (ID:16006) Complete
10/5/2005 5:52:20 AM::Remove Threat (ID:14817)
10/5/2005 5:52:20 AM::Clean Threat IST.SideFind (ID:14817)
10/5/2005 5:52:23 AM::Removing file c:\documents and settings\alexander skabry\local settings\temp\sidefind.exe
10/5/2005 5:52:23 AM::Disable file c:\documents and settings\alexander skabry\local settings\temp\sidefind.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\7C94A9D7-B8A9-48B0-9EF4-118338\D13A8198-8C1A-4D94-A2D9-62B1AE
10/5/2005 5:52:24 AM::Clean Threat IST.SideFind (ID:14817) Complete
10/5/2005 5:52:24 AM::Remove Threat (ID:14817) Complete
10/5/2005 5:52:24 AM::Remove Threat (ID:14805)
10/5/2005 5:52:24 AM::Clean Threat SEP (ID:14805)
10/5/2005 5:52:24 AM::Removing file c:\program files\sep\sep.dll
10/5/2005 5:52:26 AM::RemoveProviderByPath-FilePath=c:\program files\sep\sep.dll,RC=0,ThreatID=14805
10/5/2005 5:52:26 AM::Removed all related Winsock LSP handler for c:\program files\sep\sep.dll
10/5/2005 5:52:41 AM::Unregistering COM entry points for file c:\program files\sep\sep.dll
10/5/2005 5:52:44 AM::Disable file c:\program files\sep\sep.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\8D168BEA-0C2C-41E6-B5B1-21A075\65FB3614-6FB5-4014-BD0C-F832F2
10/5/2005 5:52:44 AM::Clean Threat SEP (ID:14805) Complete
10/5/2005 5:52:44 AM::Remove Threat (ID:14805) Complete
10/5/2005 5:52:44 AM::Remove Threat (ID:14827)
10/5/2005 5:52:44 AM::Clean Threat WindUpdates (ID:14827)
10/5/2005 5:52:45 AM::Removing file c:\windows\system32\ide21201.vxd
10/5/2005 5:52:45 AM::Disable file c:\windows\system32\ide21201.vxd and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\ECE6756B-3C26-4824-A8A3-5412F1\151EA2B6-2DEB-412F-836C-4A3BF0
10/5/2005 5:52:46 AM::Clean Threat WindUpdates (ID:14827) Complete
10/5/2005 5:52:46 AM::Remove Threat (ID:14827) Complete
10/5/2005 5:52:46 AM::Remove Threat (ID:14814)
10/5/2005 5:52:46 AM::Clean Threat 180Solutions.SearchAssistant (ID:14814)
10/5/2005 5:52:48 AM::Removing