Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Returning viruses; pokapoka [CLOSED]


  • This topic is locked This topic is locked

#1
gr8w8er

gr8w8er

    New Member

  • Member
  • Pip
  • 8 posts
Below is the HTL - I've been infected with pokapoka73 and 75. Among the software packages on my PC is EWIDO, Ad-aware and Hijack. The continual infections are leading me to buying a whole new PC.

I've found dumprep.exe in the TM; the PC will very frequently change it's settings on reboot.

Help is appreciated.
Thanks a lot-
Alex Skabry

Logfile of HijackThis v1.99.1
Scan saved at 4:39:20 AM, on 10/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Alexander Skabry\Desktop\Anti-spyware efforts\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dnaads.com/se...L?zone=enternet
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe" -quiet
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MIMER Named Pipes - Mimer Information Technology AB - C:\Program Files\Mimer SQL 9.2\NAPSRV.exe
O23 - Service: MIMER TCP - Mimer Information Technology AB - C:\Program Files\Mimer SQL 9.2\TCPSRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi Alex and welcome to GTG.

Download LQFix http://users.telenet...tools/LQfix.exe and run it. Click on Next->Next->Install. Click Finish to launch LQfix. Follow the screen prompts. Your system will reboot afterwards. Please wait for the script to finish in the background at this time...

Is it gone now? If so,

Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#3
gr8w8er

gr8w8er

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for your response! I did as you suggested immediately.

I also have changed my browser to Opera (which I already love). I can't tell just yet if I've fixed any issues with security, but this was the HTL I just got. Let me know if there's anything else I should be checking. Speed seems a bit better immediately just changing browsers.

Logfile of HijackThis v1.99.1
Scan saved at 9:48:42 AM, on 10/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.opera.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://yahoo.com
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MIMER Named Pipes - Mimer Information Technology AB - C:\Program Files\Mimer SQL 9.2\NAPSRV.exe
O23 - Service: MIMER TCP - Mimer Information Technology AB - C:\Program Files\Mimer SQL 9.2\TCPSRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
If you are having slowdown issues when starting up Windows, try disabling QuickTime from starting up (Start->Run type in msconfig and go to Startup tab - uncheck QuickTime).

Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#5
gr8w8er

gr8w8er

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
a new virus seems to be lurking about here ... hpothb07 seems to be replicating all over my PC. A search showed about 40 instances on my PC - two of which were in Killbox.

When I run ewido, MS antispy, adaware, and hijack nothing shows up.
  • 0

#6
gr8w8er

gr8w8er

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
PS: Attempts to delete on three of these are met "Cannot read from source file or disk".
  • 0

#7
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Is it hpothb07.exe? If so, that's most likely related to your Hewlett Packard device. Do you have a HP device (printer/scanner/etc...)?

Try running a scan with Ewido in Safe Mode and save the report. Post that here.
  • 0

#8
gr8w8er

gr8w8er

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for responding so quick...
I'm away from home right now, but I'll be getting back there soon to run the EWIDO in safe mode.

In the meantime, what I am seeing are .dat files and .gif files I believe. I don't think there are any executables, and it certainly hasn't shown up in any TM files or any other scans.

Get back to you soon ... thanks again for the help!!!
Alex.
  • 0

#9
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
No problem. Post back when you can.

If you can, do a search for that filename and take a screenshot for me...post it here. I will see where they are located and what extensions.
  • 0

#10
gr8w8er

gr8w8er

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I ran EWIDO on safe mode; afterwards, hpothb07 was found in
C:\program files\hpothb07.tif
C:\program files\hpothb07.dat

These both are 0 KB. There is a third location:

C:\Documents and Settings\Alexander\hpoth07
file:///C:/Documents%20and%20Settings/Alexander%20Skabry/My%20Documents/hpothb07.tif

EWIDO found in this folder:
C:\Documents and Settings\Alexander Skabry\Cookies

these three
alexander skabry@doubleclick[1].txt
alexander skabry@servedby.advertising[1].txt
alexander skabry@advertising[2].txt

They are now gone and not part of the system. It may be worthwhile to note that I have "removed" these several times. And that Microsoft Antispyware found a trojan ... this is their log

2/11/2005 4:47:47 PM::------------------------------------------------------------------
2/11/2005 4:47:47 PM::Initializing Clean - (ScanID: 29B9D74F-C2B6-498F-A6F3-59956C)
2/11/2005 4:47:47 PM::Remove Threat (ID:15030)
2/11/2005 4:47:47 PM::Clean Threat eXact.ISEXEng (ID:15030)
2/11/2005 4:47:47 PM::Terminating IE
2/11/2005 4:47:53 PM::Removing file c:\windows\system32\angelex.exe
2/11/2005 4:47:56 PM::Disable file c:\windows\system32\angelex.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\39BC1373-2C7E-4B5C-BFE7-AA24D2\74D85D29-DEB3-4DA4-8891-574036
2/11/2005 4:47:56 PM::Clean Threat eXact.ISEXEng (ID:15030) Complete
2/11/2005 4:47:56 PM::Remove Threat (ID:15030) Complete
2/11/2005 4:47:56 PM::Remove Threat (ID:2861)
2/11/2005 4:47:56 PM::Clean Threat eXact.BargainBuddy (ID:2861)
2/11/2005 4:48:04 PM::Removing file c:\buddy.exe
2/11/2005 4:48:07 PM::Disable file c:\buddy.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\57591F07-099C-4163-9F2A-C49011\7C1E058A-1310-45F6-A619-2FC468
2/11/2005 4:48:07 PM::Removing file c:\windows\bbchk.exe
2/11/2005 4:48:10 PM::Disable file c:\windows\bbchk.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\57591F07-099C-4163-9F2A-C49011\A13E8147-D692-4F6C-806A-08E619
2/11/2005 4:48:10 PM::Removing file c:\windows\system32\msbe.dll
2/11/2005 4:48:18 PM::Disable file c:\windows\system32\msbe.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\57591F07-099C-4163-9F2A-C49011\FE7D7692-ADA0-4CE8-9C79-244C26
2/11/2005 4:48:18 PM::Clean Threat eXact.BargainBuddy (ID:2861) Complete
2/11/2005 4:48:18 PM::Remove Threat (ID:2861) Complete
2/11/2005 4:48:18 PM::Remove Threat (ID:5605)
2/11/2005 4:48:18 PM::Clean Threat GAIN (ID:5605)
2/11/2005 4:48:19 PM::Removing file c:\windows\gatorpdpsetup.log
2/11/2005 4:48:19 PM::Disable file c:\windows\gatorpdpsetup.log and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\35B14C63-6EF3-407B-98C6-475F77\7110E102-EFF9-4CDF-851D-66DE38
2/11/2005 4:48:19 PM::Removing file c:\windows\gatoruninstaller_cme.log
2/11/2005 4:48:19 PM::Disable file c:\windows\gatoruninstaller_cme.log and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\35B14C63-6EF3-407B-98C6-475F77\B12FD344-E162-4B76-AF97-6ECF9A
2/11/2005 4:48:19 PM::Removing file c:\windows\gatoruninstaller_cme_u.log
2/11/2005 4:48:19 PM::Disable file c:\windows\gatoruninstaller_cme_u.log and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\35B14C63-6EF3-407B-98C6-475F77\96FFA4D0-AB16-494D-859B-59808D
2/11/2005 4:48:19 PM::Removing file c:\windows\temp\bundle.inf
2/11/2005 4:48:19 PM::Disable file c:\windows\temp\bundle.inf and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\35B14C63-6EF3-407B-98C6-475F77\312E5E7A-6DA3-4071-ADB5-553C4E
2/11/2005 4:48:19 PM::Clean Threat GAIN (ID:5605) Complete
2/11/2005 4:48:19 PM::Remove Threat (ID:5605) Complete
2/11/2005 4:48:19 PM::Remove Threat (ID:14967)
2/11/2005 4:48:19 PM::Clean Threat VX2.LocalNRD (ID:14967)
2/11/2005 4:48:19 PM::Removing file c:\windows\localnrd.dll
2/11/2005 4:48:26 PM::Disable file c:\windows\localnrd.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\9BAD2BDE-1507-4FB8-B98E-8FD608\38D6A2C3-DFD4-4CC3-ADF5-0F5F75
2/11/2005 4:48:26 PM::Clean Threat VX2.LocalNRD (ID:14967) Complete
2/11/2005 4:48:27 PM::Remove Threat (ID:14967) Complete
2/11/2005 4:48:27 PM::Remove Threat (ID:14894)
2/11/2005 4:48:27 PM::Clean Threat WildMedia.OverPro (ID:14894)
2/11/2005 4:48:28 PM::Removing file c:\windows\minigolf_affiliate.exe
2/11/2005 4:48:29 PM::Disable file c:\windows\minigolf_affiliate.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\D1600276-185B-4C94-9EFC-A43961\88597CB1-8A71-46E1-89C0-09ABF6
2/11/2005 4:48:29 PM::Removing file c:\windows\wildapp.dll
2/11/2005 4:48:36 PM::Disable file c:\windows\wildapp.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\D1600276-185B-4C94-9EFC-A43961\91B74ABB-CA15-4D33-A51E-2725FC
2/11/2005 4:48:36 PM::Clean Threat WildMedia.OverPro (ID:14894) Complete
2/11/2005 4:48:36 PM::Remove Threat (ID:14894) Complete
2/11/2005 4:48:36 PM::Remove Threat (ID:13770)
2/11/2005 4:48:36 PM::Clean Threat Twain Tech (ID:13770)
2/11/2005 4:48:36 PM::Removing file c:\windows\smdat32a.sys
2/11/2005 4:48:36 PM::Disable file c:\windows\smdat32a.sys and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\59FE93DB-57B3-45D6-92A8-EC2081\B833F053-D866-4251-9B3F-F750B4
2/11/2005 4:48:36 PM::Removing file c:\windows\smdat32m.sys
2/11/2005 4:48:37 PM::Disable file c:\windows\smdat32m.sys and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\59FE93DB-57B3-45D6-92A8-EC2081\12635D88-6201-49CE-BFD5-92E011
2/11/2005 4:48:37 PM::Clean Threat Twain Tech (ID:13770) Complete
2/11/2005 4:48:37 PM::Remove Threat (ID:13770) Complete
2/11/2005 4:48:37 PM::Remove Threat (ID:14997)
2/11/2005 4:48:37 PM::Clean Threat eZula.WebOffer (ID:14997)
2/11/2005 4:48:38 PM::Removing file c:\ezstub.exe
2/11/2005 4:48:39 PM::Disable file c:\ezstub.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\78F3A35E-3FA2-4E67-ACC8-653A53\A1D690CB-2307-45DE-9A6A-A3702B
2/11/2005 4:48:39 PM::Clean Threat eZula.WebOffer (ID:14997) Complete
2/11/2005 4:48:39 PM::Remove Threat (ID:14997) Complete
2/11/2005 4:48:39 PM::Remove Threat (ID:3203)
2/11/2005 4:48:39 PM::Clean Threat Blazefind (ID:3203)
2/11/2005 4:48:39 PM::Removing file c:\windows\3_0_1browserhelper3.dll
2/11/2005 4:48:46 PM::Disable file c:\windows\3_0_1browserhelper3.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\5BD54679-7C1F-4903-80D5-3D5FBC\0917AA93-B726-4E00-A43D-9E4BCA
2/11/2005 4:48:46 PM::Clean Threat Blazefind (ID:3203) Complete
2/11/2005 4:48:46 PM::Remove Threat (ID:3203) Complete
2/11/2005 4:48:46 PM::Remove Threat (ID:6921)
2/11/2005 4:48:46 PM::Clean Threat IEPlugin (ID:6921)
2/11/2005 4:48:47 PM::Removing file c:\windows\systb.dll
2/11/2005 4:48:54 PM::Disable file c:\windows\systb.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\C7845CA6-6B5F-4F29-90EF-23D64F\037F2E38-9DB8-4C63-B94D-4FC5BB
2/11/2005 4:48:54 PM::Clean Threat IEPlugin (ID:6921) Complete
2/11/2005 4:48:54 PM::Remove Threat (ID:6921) Complete
2/11/2005 4:48:54 PM::Remove Threat (ID:13755)
2/11/2005 4:48:54 PM::Clean Threat TurboDownload (ID:13755)
2/11/2005 4:48:56 PM::Removing file c:\windows\system32\maxspeed.exe
2/11/2005 4:48:57 PM::Disable file c:\windows\system32\maxspeed.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\0E8E41C9-4FC3-4050-AFEC-41CE68\775070F5-C8B8-4818-A7B9-5C8BC9
2/11/2005 4:48:57 PM::Clean Threat TurboDownload (ID:13755) Complete
2/11/2005 4:48:57 PM::Remove Threat (ID:13755) Complete
2/11/2005 4:48:57 PM::Remove Threat (ID:10307)
2/11/2005 4:48:57 PM::Clean Threat RapidBlaster (ID:10307)
2/11/2005 4:48:57 PM::Removing file c:\windows\system32\acsproxy.dll
2/11/2005 4:49:04 PM::Disable file c:\windows\system32\acsproxy.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\44C581FB-CDE2-4614-8F9F-D7B0C4\54AA4EFE-71F7-4B17-8D65-C10D74
2/11/2005 4:49:04 PM::Clean Threat RapidBlaster (ID:10307) Complete
2/11/2005 4:49:04 PM::Remove Threat (ID:10307) Complete
2/11/2005 4:49:04 PM::Remove Threat (ID:15002)
2/11/2005 4:49:04 PM::Clean Threat eXact.Downloader (ID:15002)
2/11/2005 4:49:05 PM::Clean Threat eXact.Downloader (ID:15002) Complete
2/11/2005 4:49:05 PM::Remove Threat (ID:15002) Complete
2/11/2005 4:49:05 PM::Remove Threat (ID:7656)
2/11/2005 4:49:05 PM::Clean Threat KeenValue PerfectNav (ID:7656)
2/11/2005 4:49:06 PM::Removing file c:\windows\browserxtras\pn\remove.exe
2/11/2005 4:49:07 PM::Disable file c:\windows\browserxtras\pn\remove.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\7C51355F-D165-4A2C-A7B3-93689E\5AF32031-1AF9-4753-B6B5-37AF16
2/11/2005 4:49:07 PM::Clean Threat KeenValue PerfectNav (ID:7656) Complete
2/11/2005 4:49:07 PM::Remove Threat (ID:7656) Complete
2/11/2005 4:49:07 PM::Unititializing Clean
2/11/2005 4:49:07 PM::------------------------------------------------------------------
2/11/2005 4:52:11 PM::------------------------------------------------------------------
2/11/2005 4:52:11 PM::Initializing Clean - (ScanID: 29B9D74F-C2B6-498F-A6F3-59956C)
2/11/2005 4:52:11 PM::Remove Threat (ID:7631)
2/11/2005 4:52:11 PM::Clean Threat KaZaA (ID:7631)
2/11/2005 4:52:12 PM::Removing file c:\windows\temp\p2psetup.exe
2/11/2005 4:52:13 PM::Disable file c:\windows\temp\p2psetup.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\80C57DC8-DB3E-432B-BACA-D5133B\672231DD-9F40-4038-AE02-080439
2/11/2005 4:52:13 PM::Clean Threat KaZaA (ID:7631) Complete
2/11/2005 4:52:13 PM::Remove Threat (ID:7631) Complete
2/11/2005 4:52:13 PM::Unititializing Clean
2/11/2005 4:52:13 PM::------------------------------------------------------------------
2/26/2005 2:35:16 AM::------------------------------------------------------------------
2/26/2005 2:35:16 AM::Initializing Clean - (ScanID: 18A76F39-7D0C-4EF8-A2C0-D2E0A6)
2/26/2005 2:35:17 AM::Unititializing Clean
2/26/2005 2:35:17 AM::------------------------------------------------------------------
2/26/2005 9:45:28 AM::------------------------------------------------------------------
2/26/2005 9:45:28 AM::Initializing Clean - (ScanID: 18A76F39-7D0C-4EF8-A2C0-D2E0A6)
2/26/2005 9:45:28 AM::Remove Threat (ID:14997)
2/26/2005 9:45:28 AM::Clean Threat eZula.WebOffer (ID:14997)
2/26/2005 9:45:30 AM::Removing file c:\memorywatcher_b.exe
2/26/2005 9:45:30 AM::Disable file c:\memorywatcher_b.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\4C38877B-F351-4E07-9BCB-ACD35A\C28E5298-8A16-475D-8D5B-C92683
2/26/2005 9:45:30 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003085.exe
2/26/2005 9:45:31 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003085.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\4C38877B-F351-4E07-9BCB-ACD35A\4C8D6BFD-4649-4532-BCA4-516518
2/26/2005 9:45:31 AM::Clean Threat eZula.WebOffer (ID:14997) Complete
2/26/2005 9:45:31 AM::Remove Threat (ID:14997) Complete
2/26/2005 9:45:31 AM::Remove Threat (ID:14894)
2/26/2005 9:45:31 AM::Clean Threat WildMedia.OverPro (ID:14894)
2/26/2005 9:45:32 AM::Removing file c:\overpro-401.exe
2/26/2005 9:45:33 AM::Disable file c:\overpro-401.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\9422F255-A9E7-420B-B85B-312711\41A2C5BF-21B7-42CC-B1F5-6227D9
2/26/2005 9:45:33 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003082.dll
2/26/2005 9:45:40 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003082.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\9422F255-A9E7-420B-B85B-312711\AA99A2BB-22CF-4FD5-8031-D9358F
2/26/2005 9:45:40 AM::Clean Threat WildMedia.OverPro (ID:14894) Complete
2/26/2005 9:45:40 AM::Remove Threat (ID:14894) Complete
2/26/2005 9:45:40 AM::Remove Threat (ID:2861)
2/26/2005 9:45:40 AM::Clean Threat eXact.BargainBuddy (ID:2861)
2/26/2005 9:45:41 AM::Removing file c:\windows\system32\msexreg.exe
2/26/2005 9:45:42 AM::Disable file c:\windows\system32\msexreg.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\A5E4ABBF-0C15-4E5C-B934-0989BF\6D9C1894-B98C-4890-B1F4-FFAA20
2/26/2005 9:45:42 AM::Clean Threat eXact.BargainBuddy (ID:2861) Complete
2/26/2005 9:45:42 AM::Remove Threat (ID:2861) Complete
2/26/2005 9:45:42 AM::Remove Threat (ID:15286)
2/26/2005 9:45:42 AM::Clean Threat Unclassified.Spyware.43 (ID:15286)
2/26/2005 9:45:43 AM::Removing file c:\windows\temp\update_8.exe
2/26/2005 9:45:43 AM::Disable file c:\windows\temp\update_8.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\A0C6B0EE-6D82-402E-BEEF-AC62C3\B3A0DCF0-F7A4-4EEC-B92C-00F5DB
2/26/2005 9:45:43 AM::Clean Threat Unclassified.Spyware.43 (ID:15286) Complete
2/26/2005 9:45:43 AM::Remove Threat (ID:15286) Complete
2/26/2005 9:45:43 AM::Remove Threat (ID:15292)
2/26/2005 9:45:43 AM::Clean Threat VX2.Buddy (ID:15292)
2/26/2005 9:45:44 AM::Removing file c:\documents and settings\alexander skabry\application data\dics.exe
2/26/2005 9:45:45 AM::Disable file c:\documents and settings\alexander skabry\application data\dics.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\808160D2-DE89-4579-9480-9C2CC0\BBB7BE8F-62DD-4AEB-A9D1-91C64A
2/26/2005 9:45:45 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003077.exe
2/26/2005 9:45:46 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003077.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\808160D2-DE89-4579-9480-9C2CC0\AD9C44FD-A7E3-4B36-B722-D67972
2/26/2005 9:45:46 AM::Clean Threat VX2.Buddy (ID:15292) Complete
2/26/2005 9:45:46 AM::Remove Threat (ID:15292) Complete
2/26/2005 9:45:46 AM::Remove Threat (ID:15030)
2/26/2005 9:45:46 AM::Clean Threat eXact.ISEXEng (ID:15030)
2/26/2005 9:45:47 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003076.exe
2/26/2005 9:45:47 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003076.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\A0595BF1-62A1-4CB9-878D-D30AB5\5E21D601-6BA2-4139-8A0B-F5B446
2/26/2005 9:45:47 AM::Clean Threat eXact.ISEXEng (ID:15030) Complete
2/26/2005 9:45:47 AM::Remove Threat (ID:15030) Complete
2/26/2005 9:45:47 AM::Remove Threat (ID:15002)
2/26/2005 9:45:47 AM::Clean Threat eXact.Downloader (ID:15002)
2/26/2005 9:45:48 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003079.dll
2/26/2005 9:45:55 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003079.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\5DCB6C27-9CF8-4DB8-98B0-DD615D\5128B107-A966-4627-955F-A20B9B
2/26/2005 9:45:55 AM::Clean Threat eXact.Downloader (ID:15002) Complete
2/26/2005 9:45:55 AM::Remove Threat (ID:15002) Complete
2/26/2005 9:45:55 AM::Remove Threat (ID:3203)
2/26/2005 9:45:55 AM::Clean Threat Blazefind (ID:3203)
2/26/2005 9:45:55 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003086.dll
2/26/2005 9:46:02 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003086.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\42F0B890-22D1-4805-B8CF-7B2F80\49B84C33-2333-4468-B69A-372B09
2/26/2005 9:46:02 AM::Clean Threat Blazefind (ID:3203) Complete
2/26/2005 9:46:02 AM::Remove Threat (ID:3203) Complete
2/26/2005 9:46:02 AM::Remove Threat (ID:6921)
2/26/2005 9:46:02 AM::Clean Threat IEPlugin (ID:6921)
2/26/2005 9:46:03 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003087.dll
2/26/2005 9:46:10 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003087.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\C48FD245-1704-461F-9F1D-62DBF6\8CE6EC4F-3A9D-4F8E-B735-8D77A7
2/26/2005 9:46:10 AM::Clean Threat IEPlugin (ID:6921) Complete
2/26/2005 9:46:10 AM::Remove Threat (ID:6921) Complete
2/26/2005 9:46:10 AM::Remove Threat (ID:13755)
2/26/2005 9:46:10 AM::Clean Threat TurboDownload (ID:13755)
2/26/2005 9:46:11 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003088.exe
2/26/2005 9:46:12 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003088.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\5BDC025D-EE3E-4103-9FE0-07BC74\16F8233B-790A-4CD3-B208-105EF0
2/26/2005 9:46:12 AM::Clean Threat TurboDownload (ID:13755) Complete
2/26/2005 9:46:12 AM::Remove Threat (ID:13755) Complete
2/26/2005 9:46:12 AM::Remove Threat (ID:10307)
2/26/2005 9:46:12 AM::Clean Threat RapidBlaster (ID:10307)
2/26/2005 9:46:12 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003089.dll
2/26/2005 9:46:19 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003089.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\C659E8C5-8833-4F4F-BC7E-FC2BD9\D3D208DD-9A5D-4B29-8C12-0211A0
2/26/2005 9:46:19 AM::Clean Threat RapidBlaster (ID:10307) Complete
2/26/2005 9:46:19 AM::Remove Threat (ID:10307) Complete
2/26/2005 9:46:19 AM::Remove Threat (ID:7656)
2/26/2005 9:46:19 AM::Clean Threat KeenValue PerfectNav (ID:7656)
2/26/2005 9:46:20 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003090.exe
2/26/2005 9:46:21 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp5\a0003090.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\70DF1526-E891-4B33-9B4A-65DDC0\FEC5DB71-4F2B-4065-80EA-4AC965
2/26/2005 9:46:21 AM::Clean Threat KeenValue PerfectNav (ID:7656) Complete
2/26/2005 9:46:21 AM::Remove Threat (ID:7656) Complete
2/26/2005 9:46:21 AM::Unititializing Clean
2/26/2005 9:46:21 AM::------------------------------------------------------------------
3/7/2005 2:26:58 AM::------------------------------------------------------------------
3/7/2005 2:26:58 AM::Initializing Clean - (ScanID: 2CF73AAA-7CAC-4CF8-A577-D49418)
3/7/2005 2:26:58 AM::Unititializing Clean
3/7/2005 2:26:58 AM::------------------------------------------------------------------
3/10/2005 10:22:41 PM::------------------------------------------------------------------
3/10/2005 10:22:41 PM::Initializing Clean - (ScanID: 2CF73AAA-7CAC-4CF8-A577-D49418)
3/10/2005 10:22:41 PM::Remove Threat (ID:15292)
3/10/2005 10:22:41 PM::Clean Threat VX2.Buddy (ID:15292)
3/10/2005 10:22:41 PM::Terminating IE
3/10/2005 10:22:42 PM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp16\a0012462.exe
3/10/2005 10:22:43 PM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp16\a0012462.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\8D7D1704-5E6F-48B6-AA61-3AAB28\416400D1-4BE1-4836-B737-95C5A3
3/10/2005 10:22:43 PM::Clean Threat VX2.Buddy (ID:15292) Complete
3/10/2005 10:22:43 PM::Remove Threat (ID:15292) Complete
3/10/2005 10:22:43 PM::Remove Threat (ID:14997)
3/10/2005 10:22:43 PM::Clean Threat eZula.WebOffer (ID:14997)
3/10/2005 10:22:44 PM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp16\a0012459.exe
3/10/2005 10:22:44 PM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp16\a0012459.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\A975C658-0B0D-4893-854E-C565AD\2D4EFCCD-3D51-4622-9BA9-483CB4
3/10/2005 10:22:44 PM::Clean Threat eZula.WebOffer (ID:14997) Complete
3/10/2005 10:22:44 PM::Remove Threat (ID:14997) Complete
3/10/2005 10:22:44 PM::Remove Threat (ID:2861)
3/10/2005 10:22:44 PM::Clean Threat eXact.BargainBuddy (ID:2861)
3/10/2005 10:22:45 PM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp16\a0012461.exe
3/10/2005 10:22:45 PM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp16\a0012461.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\9A8C745E-4B3C-4B88-BDA8-D4ED48\B43A398A-8D21-493A-9F20-AA7213
3/10/2005 10:22:45 PM::Clean Threat eXact.BargainBuddy (ID:2861) Complete
3/10/2005 10:22:45 PM::Remove Threat (ID:2861) Complete
3/10/2005 10:22:45 PM::Remove Threat (ID:14894)
3/10/2005 10:22:45 PM::Clean Threat WildMedia.OverPro (ID:14894)
3/10/2005 10:22:46 PM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp16\a0012460.exe
3/10/2005 10:22:46 PM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp16\a0012460.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\14EDE98F-C0C5-4BD6-9481-CC3D3B\D9FCB991-CEDD-4582-A82B-C00410
3/10/2005 10:22:46 PM::Clean Threat WildMedia.OverPro (ID:14894) Complete
3/10/2005 10:22:46 PM::Remove Threat (ID:14894) Complete
3/10/2005 10:22:47 PM::Unititializing Clean
3/10/2005 10:22:47 PM::------------------------------------------------------------------
4/8/2005 2:30:36 AM::------------------------------------------------------------------
4/8/2005 2:30:36 AM::Initializing Clean - (ScanID: DF76E81D-6591-4F19-9B90-606D32)
4/8/2005 2:30:36 AM::Unititializing Clean
4/8/2005 2:30:36 AM::------------------------------------------------------------------
4/8/2005 2:50:21 AM::------------------------------------------------------------------
4/8/2005 2:50:21 AM::Initializing Clean - (ScanID: DF76E81D-6591-4F19-9B90-606D32)
4/8/2005 2:50:21 AM::Remove Threat (ID:14831)
4/8/2005 2:50:21 AM::Clean Threat Possible Browser Hijack (ID:14831)
4/8/2005 2:50:23 AM::Run custom cleaner Internet Explorer mozilla: (148311)
4/8/2005 2:50:23 AM::Restore IE URL settings
4/8/2005 2:50:23 AM::Clean Threat Possible Browser Hijack (ID:14831) Complete
4/8/2005 2:50:23 AM::Remove Threat (ID:14831) Complete
4/8/2005 2:50:23 AM::Unititializing Clean
4/8/2005 2:50:23 AM::------------------------------------------------------------------
4/12/2005 2:48:39 AM::------------------------------------------------------------------
4/12/2005 2:48:39 AM::Initializing Clean - (ScanID: 45F7EF15-C9FD-4A19-A221-541D89)
4/12/2005 2:48:39 AM::Unititializing Clean
4/12/2005 2:48:39 AM::------------------------------------------------------------------
4/12/2005 2:51:36 AM::------------------------------------------------------------------
4/12/2005 2:51:36 AM::Initializing Clean - (ScanID: 45F7EF15-C9FD-4A19-A221-541D89)
4/12/2005 2:51:36 AM::Remove Threat (ID:4093)
4/12/2005 2:51:36 AM::Clean Threat CoolWebSearch.CameUp (ID:4093)
4/12/2005 2:51:37 AM::Removing file c:\windows\webdlg32.dll
4/12/2005 2:51:50 AM::Disable file c:\windows\webdlg32.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\0B869069-35EB-4820-86B4-B546D9\77684FB8-D99E-4EDB-B796-469520
4/12/2005 2:51:50 AM::Clean Threat CoolWebSearch.CameUp (ID:4093) Complete
4/12/2005 2:51:51 AM::Remove Threat (ID:4093) Complete
4/12/2005 2:51:51 AM::Remove Threat (ID:15436)
4/12/2005 2:51:51 AM::Clean Threat ClickSpring.PuritySCAN.Downloader (ID:15436)
4/12/2005 2:51:51 AM::Removing file c:\windows\system32\eaz.dll
4/12/2005 2:51:59 AM::Disable file c:\windows\system32\eaz.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\73258AC8-B11F-4E9E-B942-BA08D7\5A4F8EF6-23B4-4534-BDBC-F11AD6
4/12/2005 2:52:00 AM::Clean Threat ClickSpring.PuritySCAN.Downloader (ID:15436) Complete
4/12/2005 2:52:00 AM::Remove Threat (ID:15436) Complete
4/12/2005 2:52:00 AM::Unititializing Clean
4/12/2005 2:52:00 AM::------------------------------------------------------------------
4/27/2005 2:46:51 AM::------------------------------------------------------------------
4/27/2005 2:46:51 AM::Initializing Clean - (ScanID: FA163571-03FE-4269-A480-46852B)
4/27/2005 2:46:52 AM::Unititializing Clean
4/27/2005 2:46:52 AM::------------------------------------------------------------------
4/27/2005 7:13:59 AM::------------------------------------------------------------------
4/27/2005 7:13:59 AM::Initializing Clean - (ScanID: FA163571-03FE-4269-A480-46852B)
4/27/2005 7:13:59 AM::Remove Threat (ID:15043)
4/27/2005 7:13:59 AM::Clean Threat SearchHelp (ID:15043)
4/27/2005 7:14:01 AM::Removing file c:\windows\temp\clicks.dll
4/27/2005 7:14:14 AM::Disable file c:\windows\temp\clicks.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\13A9F819-CC42-4A7D-B475-D86690\72115767-05AC-43E9-B572-6BE43E
4/27/2005 7:14:14 AM::Clean Threat SearchHelp (ID:15043) Complete
4/27/2005 7:14:14 AM::Remove Threat (ID:15043) Complete
4/27/2005 7:14:14 AM::Remove Threat (ID:4093)
4/27/2005 7:14:14 AM::Clean Threat CoolWebSearch.CameUp (ID:4093)
4/27/2005 7:14:15 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp84\a0044102.dll
4/27/2005 7:14:23 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp84\a0044102.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\1F53D372-6A4F-4B83-A597-FE1829\1517A43D-26F1-4777-B7AA-706D54
4/27/2005 7:14:23 AM::Clean Threat CoolWebSearch.CameUp (ID:4093) Complete
4/27/2005 7:14:23 AM::Remove Threat (ID:4093) Complete
4/27/2005 7:14:23 AM::Remove Threat (ID:15436)
4/27/2005 7:14:23 AM::Clean Threat ClickSpring.PuritySCAN.Downloader (ID:15436)
4/27/2005 7:14:24 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp84\a0044103.dll
4/27/2005 7:14:32 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp84\a0044103.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\1D7CA214-0E50-4ECA-A49A-B8D7C4\711CC606-40BC-4BCE-A122-5B43B0
4/27/2005 7:14:32 AM::Clean Threat ClickSpring.PuritySCAN.Downloader (ID:15436) Complete
4/27/2005 7:14:32 AM::Remove Threat (ID:15436) Complete
4/27/2005 7:14:32 AM::Unititializing Clean
4/27/2005 7:14:32 AM::------------------------------------------------------------------
10/5/2005 5:12:56 AM::------------------------------------------------------------------
10/5/2005 5:12:56 AM::Initializing Clean - (ScanID: 0)
10/5/2005 5:12:56 AM::Clean Threat 180Solutions.SearchAssistant (ID:14814)
10/5/2005 5:12:56 AM::Generating threat
10/5/2005 5:13:28 AM::Removing file c:\documents and settings\all users\start menu\programs\180search assistant\Uninstall 180search Assistant Instructions.lnk
10/5/2005 5:13:30 AM::Disable file c:\documents and settings\all users\start menu\programs\180search assistant\Uninstall 180search Assistant Instructions.lnk and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\3E17E86E-C456-41B0-B824-9032C4\F90E3E1C-476F-4C26-915A-F817FA
10/5/2005 5:13:31 AM::Delete folder c:\documents and settings\all users\start menu\programs\180search assistant\
10/5/2005 5:13:32 AM::Removing file c:\program files\180searchassistant\sais.exe
10/5/2005 5:13:34 AM::Removed registry auto start HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sais=c:\program files\180searchassistant\sais.exe]
10/5/2005 5:13:35 AM::Terminating process c:\program files\180searchassistant\sais.exe
10/5/2005 5:13:36 AM::Disable file c:\program files\180searchassistant\sais.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\3E17E86E-C456-41B0-B824-9032C4\04595128-A5E4-4E07-B1A7-2DCE3B
10/5/2005 5:13:36 AM::Removing file c:\program files\180searchassistant\saishook.dll
10/5/2005 5:13:38 AM::RemoveProviderByPath-FilePath=c:\program files\180searchassistant\saishook.dll,RC=0,ThreatID=14814
10/5/2005 5:13:38 AM::Removed all related Winsock LSP handler for c:\program files\180searchassistant\saishook.dll
10/5/2005 5:14:11 AM::Removing BHO {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} for file c:\program files\180searchassistant\saishook.dll
10/5/2005 5:14:11 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} [=SABHO
10/5/2005 5:14:11 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
10/5/2005 5:14:11 AM::Removing registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
10/5/2005 5:14:12 AM::Unregistering COM entry points for file c:\program files\180searchassistant\saishook.dll
10/5/2005 5:14:16 AM::Disable file c:\program files\180searchassistant\saishook.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\3E17E86E-C456-41B0-B824-9032C4\B9EB7378-A652-4FBA-8AE4-ECAB64
10/5/2005 5:14:16 AM::Removing file c:\program files\180searchassistant\sais_gdf.dat
10/5/2005 5:14:16 AM::Disable file c:\program files\180searchassistant\sais_gdf.dat and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\3E17E86E-C456-41B0-B824-9032C4\B01C39C7-80A2-426E-88B6-2CFAB9
10/5/2005 5:14:16 AM::Removing file c:\program files\180searchassistant\saisau.dat
10/5/2005 5:14:16 AM::Disable file c:\program files\180searchassistant\saisau.dat and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\3E17E86E-C456-41B0-B824-9032C4\6D09C620-6070-43FD-9FA1-04B426
10/5/2005 5:14:16 AM::Removing file c:\program files\180searchassistant\sais_kyf_update.dat
10/5/2005 5:14:17 AM::Disable file c:\program files\180searchassistant\sais_kyf_update.dat and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\3E17E86E-C456-41B0-B824-9032C4\BEB5C096-76DA-48F7-BC25-AF3D5A
10/5/2005 5:14:17 AM::Delete folder c:\program files\180searchassistant\
10/5/2005 5:14:17 AM::Removing file c:\windows\downloaded program files\clientax.dll
10/5/2005 5:14:17 AM::RemoveProviderByPath-FilePath=c:\windows\downloaded program files\clientax.dll,RC=0,ThreatID=14814
10/5/2005 5:14:17 AM::Removed all related Winsock LSP handler for c:\windows\downloaded program files\clientax.dll
10/5/2005 5:14:26 AM::Removing IE ActiveX {99410CDE-6F16-42ce-9D49-3807F78F0287} for file c:\windows\downloaded program files\clientax.dll
10/5/2005 5:14:26 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Contains\Files
10/5/2005 5:14:26 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Contains
10/5/2005 5:14:26 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}\DownloadInformation [CODEBASE=http://www.180searchassistant.com/180saax.cab
10/5/2005 5:14:26 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}\DownloadInformation [INF=C:\WINDOWS\Downloaded Program Files\ClientAX.inf
10/5/2005 5:14:26 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}\DownloadInformation
10/5/2005 5:14:26 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InstalledVersion [=6,9,95,0
10/5/2005 5:14:26 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InstalledVersion
10/5/2005 5:14:26 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287} [Installer=MSICD
10/5/2005 5:14:26 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287} [SystemComponent=0
10/5/2005 5:14:26 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}
10/5/2005 5:14:26 AM::Removing registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}
10/5/2005 5:14:27 AM::Unregistering COM entry points for file c:\windows\downloaded program files\clientax.dll
10/5/2005 5:14:29 AM::Disable file c:\windows\downloaded program files\clientax.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\3E17E86E-C456-41B0-B824-9032C4\43AFACAB-993E-409A-B7B1-6A16AF
10/5/2005 5:14:30 AM::Removing registry value HKEY_CURRENT_USER\Software\sais [last_conn_h=29739430
10/5/2005 5:14:30 AM::Removing registry value HKEY_CURRENT_USER\Software\sais [last_conn_l=208253360
10/5/2005 5:14:30 AM::Removing registry value HKEY_CURRENT_USER\Software\sais [we=2
10/5/2005 5:14:30 AM::Removing registry value HKEY_CURRENT_USER\Software\sais
10/5/2005 5:14:30 AM::Removing registry key HKEY_CURRENT_USER\Software\sais
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais [DisplayName=Uninstall 180search Assistant
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais [UninstallString=c:\program files\180searchassistant\sais.exe /uninst_simple_init=y
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais [DisplayIcon=c:\program files\180searchassistant\sais.exe,2
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais
10/5/2005 5:14:30 AM::Removing registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais [did=5041
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais [duid=62D335E225279AD3CAF307594CDED0C3C5A0FE9AA572E291FB80C74313A040CF
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais [partner_id=447869953
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais [product_id=5041
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais [umt=0162D335E225279AD3CAF307594CDED0C3C5A0FE9AA572E291FB80C74313A040CF
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais [gma=1
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais [gvi=1
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais [gpi=1
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais [boom=
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais [boom_ver=1
10/5/2005 5:14:30 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\sais
10/5/2005 5:14:30 AM::Removing registry key HKEY_LOCAL_MACHINE\SOFTWARE\sais
10/5/2005 5:14:31 AM::Clean Threat 180Solutions.SearchAssistant (ID:14814) Complete
10/5/2005 5:14:36 AM::Unititializing Clean
10/5/2005 5:14:36 AM::------------------------------------------------------------------
10/5/2005 5:16:08 AM::------------------------------------------------------------------
10/5/2005 5:16:08 AM::Initializing Clean - (ScanID: 0)
10/5/2005 5:16:09 AM::Clean Threat IST.SideFind (ID:14817)
10/5/2005 5:16:09 AM::Generating threat
10/5/2005 5:16:22 AM::Removing file c:\program files\sidefind\update\sidefind.exe
10/5/2005 5:16:25 AM::Disable file c:\program files\sidefind\update\sidefind.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\E7B2CEF5-0BB8-4FF9-A848-269F3F\75718FC9-84C2-4B50-B7E3-CC2F7C
10/5/2005 5:16:25 AM::Removing file c:\program files\sidefind\sfexd001
10/5/2005 5:16:25 AM::Disable file c:\program files\sidefind\sfexd001 and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\E7B2CEF5-0BB8-4FF9-A848-269F3F\5080EEFD-09EA-4556-BE50-ECF181
10/5/2005 5:16:25 AM::Removing file c:\program files\sidefind\sfbho.dll
10/5/2005 5:16:26 AM::RemoveProviderByPath-FilePath=c:\program files\sidefind\sfbho.dll,RC=0,ThreatID=14817
10/5/2005 5:16:26 AM::Removed all related Winsock LSP handler for c:\program files\sidefind\sfbho.dll
10/5/2005 5:16:38 AM::Removing BHO {A3FDD654-A057-4971-9844-4ED8E67DBBB8} for file c:\program files\sidefind\sfbho.dll
10/5/2005 5:16:38 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}
10/5/2005 5:16:38 AM::Removing registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}
10/5/2005 5:16:40 AM::Unregistering COM entry points for file c:\program files\sidefind\sfbho.dll
10/5/2005 5:16:43 AM::Disable file c:\program files\sidefind\sfbho.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\E7B2CEF5-0BB8-4FF9-A848-269F3F\7C9D05BD-1D98-43BF-9FA7-254391
10/5/2005 5:16:43 AM::Removing file c:\program files\sidefind\sidefind.dll
10/5/2005 5:16:43 AM::RemoveProviderByPath-FilePath=c:\program files\sidefind\sidefind.dll,RC=0,ThreatID=14817
10/5/2005 5:16:43 AM::Removed all related Winsock LSP handler for c:\program files\sidefind\sidefind.dll
10/5/2005 5:16:53 AM::Unregistering COM entry points for file c:\program files\sidefind\sidefind.dll
10/5/2005 5:16:55 AM::Disable file c:\program files\sidefind\sidefind.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\E7B2CEF5-0BB8-4FF9-A848-269F3F\6A386479-3404-4853-BA67-8E9879
10/5/2005 5:16:56 AM::Delete folder c:\program files\sidefind\
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 [=C:\Program Files\SideFind\sidefind.dll
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 [ThreadingModel=Apartment
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\ProgID [=SideFind.Finder.1
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\ProgID
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Programmable
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\TypeLib [={58634367-D62B-4C2C-86BE-5AAC45CDB671}
10/5/2005 5:16:56 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\TypeLib
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\VersionIndependentProgID [=SideFind.Finder
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\VersionIndependentProgID
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} [=SideFind
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}
10/5/2005 5:16:57 AM::Removing registry key HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\SideFind.Finder.1\CLSID [={8CBA1B49-8144-4721-A7B1-64C578C9EED7}
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\SideFind.Finder.1\CLSID
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\SideFind.Finder.1 [=SideFind
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\SideFind.Finder.1
10/5/2005 5:16:57 AM::Removing registry key HKEY_CLASSES_ROOT\SideFind.Finder.1
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\SideFind.Finder\CLSID [={8CBA1B49-8144-4721-A7B1-64C578C9EED7}
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\SideFind.Finder\CLSID
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\SideFind.Finder\CurVer [=SideFind.Finder.1
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\SideFind.Finder\CurVer
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\SideFind.Finder [=SideFind
10/5/2005 5:16:57 AM::Removing registry value HKEY_CLASSES_ROOT\SideFind.Finder
10/5/2005 5:16:57 AM::Removing registry key HKEY_CLASSES_ROOT\SideFind.Finder
10/5/2005 5:16:57 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} [Default Visible=Yes
10/5/2005 5:16:57 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} [ButtonText=SideFind
10/5/2005 5:16:58 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} [HotIcon=C:\PROGRA~1\SideFind\sidefind.dll,201
10/5/2005 5:16:58 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} [Icon=C:\PROGRA~1\SideFind\sidefind.dll,201
10/5/2005 5:16:58 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} [CLSID={E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16}
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} [BandCLSID={8CBA1B49-8144-4721-A7B1-64C578C9EED7}
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807}
10/5/2005 5:16:59 AM::Removing registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807}
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\Software\Microsoft\SideFind [webautosearch=true
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\Software\Microsoft\SideFind [shoppingautosearch=true
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\Software\Microsoft\SideFind
10/5/2005 5:16:59 AM::Removing registry key HKEY_LOCAL_MACHINE\Software\Microsoft\SideFind
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind [DisplayName=SideFind
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind [UninstallString="C:\Program Files\Sidefind\update\sidefind.exe" /remove
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind
10/5/2005 5:16:59 AM::Removing registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind [account_id=106
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind [PathBHO=C:\Program Files\SideFind\sfbho.dll
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind [PathDLL=C:\Program Files\SideFind\sidefind.dll
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind [PathXML=C:\Program Files\SideFind\sfexd001
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind [PathEXE=C:\Program Files\Sidefind\update\sidefind.exe
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind [InstallDate=2005-10-05 11:56:59
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind [SearchSite=http://www.sidefind.com/results.php?target=_external&
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind [update=1128772623
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind [ver=1.3
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind [IntervalBetweenShows=240
10/5/2005 5:16:59 AM::Removing registry value HKEY_LOCAL_MACHINE\SOFTWARE\SideFind
10/5/2005 5:17:00 AM::Removing registry key HKEY_LOCAL_MACHINE\SOFTWARE\SideFind
10/5/2005 5:17:00 AM::Clean Threat IST.SideFind (ID:14817) Complete
10/5/2005 5:17:02 AM::Unititializing Clean
10/5/2005 5:17:02 AM::------------------------------------------------------------------
10/5/2005 5:24:40 AM::------------------------------------------------
10/5/2005 5:24:40 AM::Starting GIANT AS Cleaner
10/5/2005 5:24:40 AM::Running all Cleaner deletes
10/5/2005 5:24:40 AM::---Starting Quick Cleaner DelFolders
10/5/2005 5:24:41 AM::---Starting Quick Cleaner DelRegKeys
10/5/2005 5:24:41 AM::Checking threats to clean
10/5/2005 5:24:41 AM::Ending GIANT AS Cleaner
10/5/2005 5:24:41 AM::------------------------------------------------
10/5/2005 5:31:01 AM::------------------------------------------------------------------
10/5/2005 5:31:01 AM::Initializing Clean - (ScanID: 0)
10/5/2005 5:31:01 AM::Remove Threat (ID:15049)
10/5/2005 5:31:01 AM::Clean Threat YourSiteBar (ID:15049)
10/5/2005 5:31:03 AM::Generating threat
10/5/2005 5:31:42 AM::Removing file c:\program files\yoursitebar\ysb.dll
10/5/2005 5:31:47 AM::RemoveProviderByPath-FilePath=c:\program files\yoursitebar\ysb.dll,RC=0,ThreatID=15049
10/5/2005 5:31:47 AM::Removed all related Winsock LSP handler for c:\program files\yoursitebar\ysb.dll
10/5/2005 5:32:21 AM::Unregistering COM entry points for file c:\program files\yoursitebar\ysb.dll
10/5/2005 5:32:24 AM::Disable file c:\program files\yoursitebar\ysb.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\1B81B1CE-D23C-4E41-8BC9-9E0326\6E57AABF-D5CB-4FE7-B27A-6FE5C5
10/5/2005 5:32:24 AM::Removing file c:\program files\yoursitebar\yoursitebar.xml
10/5/2005 5:32:25 AM::Disable file c:\program files\yoursitebar\yoursitebar.xml and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\1B81B1CE-D23C-4E41-8BC9-9E0326\11EF216A-0722-4E8B-8C9C-94F4A6
10/5/2005 5:32:25 AM::Removing file c:\program files\yoursitebar\imagemap_normal.bmp
10/5/2005 5:32:25 AM::Disable file c:\program files\yoursitebar\imagemap_normal.bmp and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\1B81B1CE-D23C-4E41-8BC9-9E0326\DC56ECAC-8336-4018-8E0F-37533F
10/5/2005 5:32:25 AM::Removing file c:\program files\yoursitebar\imagemap_over.bmp
10/5/2005 5:32:25 AM::Disable file c:\program files\yoursitebar\imagemap_over.bmp and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\1B81B1CE-D23C-4E41-8BC9-9E0326\597DBB5C-565F-4474-8FF1-FF5FC5
10/5/2005 5:32:25 AM::Removing file c:\program files\yoursitebar\version.txt
10/5/2005 5:32:25 AM::Disable file c:\program files\yoursitebar\version.txt and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\1B81B1CE-D23C-4E41-8BC9-9E0326\BF8058E7-02AF-4DF0-9725-B64EC5
10/5/2005 5:32:25 AM::Delete folder c:\program files\yoursitebar\
10/5/2005 5:32:25 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}\Implemented Categories
10/5/2005 5:32:25 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} [=YourSiteBar
10/5/2005 5:32:25 AM::Removing registry value HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}
10/5/2005 5:32:25 AM::Removing registry key HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}
10/5/2005 5:32:25 AM::Clean Threat YourSiteBar (ID:15049) Complete
10/5/2005 5:32:27 AM::Remove Threat (ID:15049) Complete
10/5/2005 5:51:56 AM::------------------------------------------------------------------
10/5/2005 5:51:56 AM::Initializing Clean - (ScanID: 956955C5-0B35-41AE-BB9D-6B1A4A)
10/5/2005 5:51:56 AM::Remove Threat (ID:14816)
10/5/2005 5:51:56 AM::Clean Threat IST.XXXToolbar (ID:14816)
10/5/2005 5:52:04 AM::Terminating IE
10/5/2005 5:52:05 AM::Suspending 369 process thread(s) for C:\Program Files\ISTsvc\istsvc.exe
10/5/2005 5:52:05 AM::Removing file C:\Program Files\ISTsvc\istsvc.exe
10/5/2005 5:52:07 AM::Removed registry auto start HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IST Service=C:\Program Files\ISTsvc\istsvc.exe]
10/5/2005 5:52:07 AM::Terminating process C:\Program Files\ISTsvc\istsvc.exe
10/5/2005 5:52:08 AM::Disable file C:\Program Files\ISTsvc\istsvc.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\64823FE5-80F5-478F-BC79-3331B5\59B46BA1-72FF-4C8A-ACD6-C4AD16
10/5/2005 5:52:08 AM::Delete file C:\Program Files\ISTsvc\istsvc.exe failed, adding to FileDeleteReboot
10/5/2005 5:52:09 AM::Disable file C:\Program Files\ISTsvc\istsvc.exe failed, file locked or in memory
10/5/2005 5:52:09 AM::Special cleaner required to remove threat on restart, reason: Could not quarantine file C:\Program Files\ISTsvc\istsvc.exe, unknown error moving file.
10/5/2005 5:52:10 AM::Removing file C:\Program Files\ISTsvc\istsvc.exe
10/5/2005 5:52:11 AM::Disable file C:\Program Files\ISTsvc\istsvc.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\64823FE5-80F5-478F-BC79-3331B5\A7AA3501-8260-4B91-82AB-904E1C
10/5/2005 5:52:11 AM::Delete file C:\Program Files\ISTsvc\istsvc.exe failed, adding to FileDeleteReboot
10/5/2005 5:52:11 AM::Disable file C:\Program Files\ISTsvc\istsvc.exe failed, file locked or in memory
10/5/2005 5:52:11 AM::Special cleaner required to remove threat on restart, reason: Could not quarantine file C:\Program Files\ISTsvc\istsvc.exe, unknown error moving file.
10/5/2005 5:52:11 AM::Clean Threat IST.XXXToolbar (ID:14816) Complete
10/5/2005 5:52:11 AM::Remove Threat (ID:9942)
10/5/2005 5:52:11 AM::Clean Threat IST.PowerScan (ID:9942)
10/5/2005 5:52:12 AM::Removing file c:\program files\power scan\powerscan.exe
10/5/2005 5:52:13 AM::Removed registry auto start HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Power Scan=C:\Program Files\Power Scan\powerscan.exe]
10/5/2005 5:52:13 AM::Disable file c:\program files\power scan\powerscan.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\47FFA4A8-8015-4F3D-B96B-C792EC\B754D411-D436-4A92-81F7-3A9540
10/5/2005 5:52:13 AM::Removing file C:\Program Files\Power Scan\uninstall.exe
10/5/2005 5:52:14 AM::Disable file C:\Program Files\Power Scan\uninstall.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\47FFA4A8-8015-4F3D-B96B-C792EC\361C9E2A-AA9F-44F1-BE88-6D58F7
10/5/2005 5:52:14 AM::Removing file c:\documents and settings\alexander skabry\start menu\programs\power scan\power scan.lnk
10/5/2005 5:52:14 AM::Disable file c:\documents and settings\alexander skabry\start menu\programs\power scan\power scan.lnk and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\47FFA4A8-8015-4F3D-B96B-C792EC\772A02EB-936F-4928-9B33-5110E5
10/5/2005 5:52:14 AM::Delete folder c:\documents and settings\alexander skabry\start menu\programs\power scan\
10/5/2005 5:52:15 AM::Delete folder c:\program files\power scan\
10/5/2005 5:52:15 AM::Removing registry value HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Power Scan [DisplayName=Power Scan
10/5/2005 5:52:15 AM::Removing registry value HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Power Scan [UninstallString=C:\Program Files\Power Scan\uninstall.exe
10/5/2005 5:52:15 AM::Removing registry value HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Power Scan
10/5/2005 5:52:15 AM::Removing registry key HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Power Scan
10/5/2005 5:52:15 AM::Removing registry value HKEY_LOCAL_MACHINE\software\powerscan [LoadNum=2
10/5/2005 5:52:15 AM::Removing registry value HKEY_LOCAL_MACHINE\software\powerscan
10/5/2005 5:52:15 AM::Removing registry key HKEY_LOCAL_MACHINE\software\powerscan
10/5/2005 5:52:15 AM::Clean Threat IST.PowerScan (ID:9942) Complete
10/5/2005 5:52:15 AM::Remove Threat (ID:9942) Complete
10/5/2005 5:52:15 AM::Remove Threat (ID:16006)
10/5/2005 5:52:15 AM::Clean Threat Trojan.Startup.NameShifter.BT (ID:16006)
10/5/2005 5:52:16 AM::Suspending 367 process thread(s) for c:\windows\system32\uir3km49.exe
10/5/2005 5:52:16 AM::Removing file c:\windows\system32\uir3km49.exe
10/5/2005 5:52:17 AM::Removed registry auto start HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [uir3km49=C:\WINDOWS\system32\uir3km49.exe]
10/5/2005 5:52:17 AM::Terminating process c:\windows\system32\uir3km49.exe
10/5/2005 5:52:20 AM::Disable file c:\windows\system32\uir3km49.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\20BDAE18-2D0F-4F11-9ECC-A08F94\130EC8EB-6600-4350-A1E8-2C86F5
10/5/2005 5:52:20 AM::Clean Threat Trojan.Startup.NameShifter.BT (ID:16006) Complete
10/5/2005 5:52:20 AM::Remove Threat (ID:16006) Complete
10/5/2005 5:52:20 AM::Remove Threat (ID:14817)
10/5/2005 5:52:20 AM::Clean Threat IST.SideFind (ID:14817)
10/5/2005 5:52:23 AM::Removing file c:\documents and settings\alexander skabry\local settings\temp\sidefind.exe
10/5/2005 5:52:23 AM::Disable file c:\documents and settings\alexander skabry\local settings\temp\sidefind.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\7C94A9D7-B8A9-48B0-9EF4-118338\D13A8198-8C1A-4D94-A2D9-62B1AE
10/5/2005 5:52:24 AM::Clean Threat IST.SideFind (ID:14817) Complete
10/5/2005 5:52:24 AM::Remove Threat (ID:14817) Complete
10/5/2005 5:52:24 AM::Remove Threat (ID:14805)
10/5/2005 5:52:24 AM::Clean Threat SEP (ID:14805)
10/5/2005 5:52:24 AM::Removing file c:\program files\sep\sep.dll
10/5/2005 5:52:26 AM::RemoveProviderByPath-FilePath=c:\program files\sep\sep.dll,RC=0,ThreatID=14805
10/5/2005 5:52:26 AM::Removed all related Winsock LSP handler for c:\program files\sep\sep.dll
10/5/2005 5:52:41 AM::Unregistering COM entry points for file c:\program files\sep\sep.dll
10/5/2005 5:52:44 AM::Disable file c:\program files\sep\sep.dll and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\8D168BEA-0C2C-41E6-B5B1-21A075\65FB3614-6FB5-4014-BD0C-F832F2
10/5/2005 5:52:44 AM::Clean Threat SEP (ID:14805) Complete
10/5/2005 5:52:44 AM::Remove Threat (ID:14805) Complete
10/5/2005 5:52:44 AM::Remove Threat (ID:14827)
10/5/2005 5:52:44 AM::Clean Threat WindUpdates (ID:14827)
10/5/2005 5:52:45 AM::Removing file c:\windows\system32\ide21201.vxd
10/5/2005 5:52:45 AM::Disable file c:\windows\system32\ide21201.vxd and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\ECE6756B-3C26-4824-A8A3-5412F1\151EA2B6-2DEB-412F-836C-4A3BF0
10/5/2005 5:52:46 AM::Clean Threat WindUpdates (ID:14827) Complete
10/5/2005 5:52:46 AM::Remove Threat (ID:14827) Complete
10/5/2005 5:52:46 AM::Remove Threat (ID:14814)
10/5/2005 5:52:46 AM::Clean Threat 180Solutions.SearchAssistant (ID:14814)
10/5/2005 5:52:48 AM::Removing
  • 0

#11
gr8w8er

gr8w8er

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
this was cut off ...
10/9/2005 2:51:34 AM::------------------------------------------------------------------
10/9/2005 2:51:34 AM::Initializing Clean - (ScanID: 33BFD92E-5BCD-484F-B07F-C1C866)
10/9/2005 2:51:34 AM::Unititializing Clean
10/9/2005 2:51:34 AM::------------------------------------------------------------------
10/9/2005 5:17:20 AM::------------------------------------------------------------------
10/9/2005 5:17:20 AM::Initializing Clean - (ScanID: 33BFD92E-5BCD-484F-B07F-C1C866)
10/9/2005 5:17:20 AM::Remove Threat (ID:16463)
10/9/2005 5:17:20 AM::Clean Threat QuickLinks (ID:16463)
10/9/2005 5:17:23 AM::Terminating IE
10/9/2005 5:17:24 AM::Removing file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp1\a0002209.exe
10/9/2005 5:17:28 AM::Disable file c:\system volume information\_restore{6ab6c38e-48e6-4f2f-9fbf-03cf61ed1aec}\rp1\a0002209.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\28D2742D-54FD-4E22-9BCF-B471FF\6C98CDC6-48DB-45B6-BAB8-891295
10/9/2005 5:17:28 AM::Clean Threat QuickLinks (ID:16463) Complete
10/9/2005 5:17:29 AM::Remove Threat (ID:16463) Complete
10/9/2005 5:17:29 AM::Remove Threat (ID:14899)
10/9/2005 5:17:29 AM::Clean Threat SearchMiracle.EliteBar (ID:14899)
10/9/2005 5:17:30 AM::Removing file c:\documents and settings\alexander skabry\favorites\casino & carrers\start a business.url
10/9/2005 5:17:30 AM::Disable file c:\documents and settings\alexander skabry\favorites\casino & carrers\start a business.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\4B5FF60A-2933-4255-A0DF-5DD8C3\9DD31DBB-871B-413A-A3DD-A03283
10/9/2005 5:17:30 AM::Removing file c:\documents and settings\alexander skabry\favorites\finances & business\human resources.url
10/9/2005 5:17:30 AM::Disable file c:\documents and settings\alexander skabry\favorites\finances & business\human resources.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\4B5FF60A-2933-4255-A0DF-5DD8C3\31EA583F-69F2-4B21-BF56-15A404
10/9/2005 5:17:30 AM::Removing file c:\documents and settings\alexander skabry\favorites\health & insurance\term life.url
10/9/2005 5:17:30 AM::Disable file c:\documents and settings\alexander skabry\favorites\health & insurance\term life.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\4B5FF60A-2933-4255-A0DF-5DD8C3\C342A795-8775-49CD-AB9F-D9C45A
10/9/2005 5:17:30 AM::Removing file c:\documents and settings\alexander skabry\favorites\health & insurance\dental insurance.url
10/9/2005 5:17:30 AM::Disable file c:\documents and settings\alexander skabry\favorites\health & insurance\dental insurance.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\4B5FF60A-2933-4255-A0DF-5DD8C3\16A2C039-750C-4B1D-8178-2825E1
10/9/2005 5:17:30 AM::Removing file c:\documents and settings\alexander skabry\favorites\homelife & travel\international travel.url
10/9/2005 5:17:30 AM::Disable file c:\documents and settings\alexander skabry\favorites\homelife & travel\international travel.url and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\4B5FF60A-2933-4255-A0DF-5DD8C3\C05F738A-3160-494F-8648-7207D6
10/9/2005 5:17:30 AM::Delete folder c:\documents and settings\alexander skabry\favorites\casino & carrers\
10/9/2005 5:17:30 AM::Delete folder c:\documents and settings\alexander skabry\favorites\finances & business\
10/9/2005 5:17:30 AM::Delete folder c:\documents and settings\alexander skabry\favorites\health & insurance\
10/9/2005 5:17:30 AM::Delete folder c:\documents and settings\alexander skabry\favorites\homelife & travel\
10/9/2005 5:17:30 AM::Clean Threat SearchMiracle.EliteBar (ID:14899) Complete
10/9/2005 5:17:31 AM::Remove Threat (ID:14899) Complete
10/9/2005 5:17:31 AM::Unititializing Clean
10/9/2005 5:17:31 AM::------------------------------------------------------------------
10/9/2005 6:38:26 AM::------------------------------------------------
10/9/2005 6:38:26 AM::Starting GIANT AS Cleaner
10/9/2005 6:38:26 AM::Running all Cleaner deletes
10/9/2005 6:38:26 AM::---Starting Quick Cleaner DelFolders
10/9/2005 6:38:26 AM::Checking threats to clean
10/9/2005 6:38:26 AM::Ending GIANT AS Cleaner
10/9/2005 6:38:26 AM::------------------------------------------------
10/14/2005 3:04:20 AM::------------------------------------------------------------------
10/14/2005 3:04:20 AM::Initializing Clean - (ScanID: 2CC58CA9-C2FE-4C22-BD5B-7F9369)
10/14/2005 3:04:20 AM::Unititializing Clean
10/14/2005 3:04:20 AM::------------------------------------------------------------------
10/14/2005 3:05:08 AM::------------------------------------------------------------------
10/14/2005 3:05:08 AM::Initializing Clean - (ScanID: 6F7FDA99-7971-4269-AC5C-8CA24F)
10/14/2005 3:05:08 AM::Unititializing Clean
10/14/2005 3:05:08 AM::------------------------------------------------------------------
10/14/2005 4:27:21 AM::------------------------------------------------------------------
10/14/2005 4:27:21 AM::Initializing Clean - (ScanID: 2CC58CA9-C2FE-4C22-BD5B-7F9369)
10/14/2005 4:27:21 AM::Remove Threat (ID:15778)
10/14/2005 4:27:21 AM::Clean Threat Unclassified.Trojan.Downloader.77 (ID:15778)
10/14/2005 4:27:32 AM::Removing file c:\program files\common files\mc-110-12-0000080.exe
10/14/2005 4:27:42 AM::Disable file c:\program files\common files\mc-110-12-0000080.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\28D7045A-215B-412D-8CC5-3451EA\C2A929EE-E912-426B-A3EB-E6037A
10/14/2005 4:27:43 AM::Clean Threat Unclassified.Trojan.Downloader.77 (ID:15778) Complete
10/14/2005 4:27:46 AM::Remove Threat (ID:15778) Complete
10/14/2005 4:27:46 AM::Unititializing Clean
10/14/2005 4:27:46 AM::------------------------------------------------------------------
  • 0

#12
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please don't post any logs we didn't ask for. I never asked for the Microsoft AntiSpyware log nor do I need it. I don't ask users to use that program either since Microsoft has taken out some of the spyware that we usually ask users to remove.

Delete those hp...files you found.
  • 0

#13
gr8w8er

gr8w8er

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OK ... well ... sorry about that MS thing.

I have deleted those files. Is there something that causes them to reappear? Or, for that matter, the other series of three files that keep returning - especially the trojan file?
  • 0

#14
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
The series of three files returning? Which ones? hpothb07? Do you have any Hewlett Packard devices (printers/scanners)?
  • 0

#15
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP