Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware infection and sound distortion [RESOLVED]

Started by wxm , May 04 2008 12:54 AM

  • This topic is locked This topic is locked

#1
wxm
Posted 04 May 2008 - 12:54 AM

wxm

    Member

  • Member
  • PipPip
  • 14 posts
Problem started with an error on internet explorer called iebrowserc. I ran AVG, and SuperAntiSpyware which appears to have deleted the trojan but I think there may still be a problem as the sound on Windows startup is distorted. AVG results indicate that C:\windows\system32\kernel32.dll, C:\windows\system32\shell32.dll and C:\windows\system32\drivers\etc\hosts have been changed. SuperAntiSpyware is not indicating any more problems. Here's my latest Hijack this log. Not terrible computer savvy but hope enough to follow any advice you can give. THANKS!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:01 AM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/start/enCA/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.2.100.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193351729656
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9850 bytes
  • 0

Advertisements

#2
andrewuk
Posted 04 May 2008 - 02:00 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi wxm

welcome to geekstogo :)

i can see one infection in your logs, so we will clear it and do a couple of deeper scans of your machine to see what else we can find.

the scans will likely take 2 hours, quite possibly much longer. so just let it run.

firstly, do you recognise this site http://start.shaw.ca/start/enCA/ ?


====STEP 1====
Please copy (Ctrl C) and paste (Ctrl V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop.

@echo off
sc stop MyWebSearchService
sc delete MyWebSearchService
exit

Double click FixServices.bat. A window will open and close. This is normal.



====STEP 2====
Please download the OTMoveIt2 by OldTimer and Save it to your desktop.



Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZJfox000
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.



Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\Program Files\MyWebSearch
purity 
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

====STEP 3====
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



====STEP 4====
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

====STEP 5====
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


In your next reply could i see:
1. the answer to the first question
2. the OTMoveIT log
3. the kaspersky log
4. the 2 DSS logs (though there may only be one log)

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#3
wxm
Posted 04 May 2008 - 02:30 PM

wxm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for responding andrewuk!

http://start.shaw.ca/start/enCA/ is the homepage of my internet provider.

I ran Hijack this but the Mywebsearch uder 023 was gone. I did delete the 08 line.

Here are the logs.

OTmoveIt Log

Explorer killed successfully
File/Folder C:\Program Files\MyWebSearch not found.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05042008_114247

The Kaspersky log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 04, 2008 2:03:09 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/05/2008
Kaspersky Anti-Virus database records: 739304
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 61255
Number of viruses found: 7
Number of infected objects: 11
Number of suspicious objects: 0
Duration of the scan process: 01:37:21

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Wendy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-4-2008( 11-28-3 ).LOG Object is locked skipped
C:\Documents and Settings\Wendy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Wendy\Desktop\Download_mbam-setup(2).exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped
C:\Documents and Settings\Wendy\Desktop\Download_mbam-setup(3).exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped
C:\Documents and Settings\Wendy\Desktop\Download_mbam-setup(4).exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped
C:\Documents and Settings\Wendy\Desktop\Download_mbam-setup.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped
C:\Documents and Settings\Wendy\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Wendy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Wendy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Wendy\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Wendy\ntuser.dat Object is locked skipped
C:\Documents and Settings\Wendy\NTUSER.DAT.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bg skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.cc skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ca skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bg skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\sam Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\security Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Will post DSS log next
  • 0

#4
wxm
Posted 04 May 2008 - 02:33 PM

wxm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here is the first DSS log

Deckard's System Scanner v20071014.68
Run by Wendy on 2008-05-04 14:05:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-05-04 20:05:58 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-05-04 06:14:17 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Wendy.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:43 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Brother\Brmfcmon\brmfcwnd.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Wendy\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Wendy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/start/enCA/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.2.100.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193351729656
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9758 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080429-005505-126 O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
backup-20080429-005505-730 O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
backup-20080429-005505-951 O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
backup-20080429-233746-420 O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
backup-20080504-000147-923 O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
backup-20080504-000608-519 O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
backup-20080504-114035-900 O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZJfox000

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 cportclm - c:\docume~1\wendy\locals~1\temp\cportclm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-04 14:06:32 422 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B9AE5951-CAB4-40AF-82A4-7104AD52AC85}.job
2008-02-05 22:58:09 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-04 and 2008-05-04 -----------------------------

2008-05-04 12:05:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-04 12:05:07 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-04 12:05:05 0 d-------- C:\WINDOWS\LastGood
2008-05-02 23:01:39 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-02 20:25:02 0 d-------- C:\Program Files\Panda Security
2008-04-30 19:46:25 0 d-------- C:\WINDOWS\83F12F73D52E40C093B1463C311C4E17.TMP
2008-04-27 23:14:54 0 d-------- C:\Program Files\Trend Micro
2008-04-27 22:07:17 2802 --a------ C:\WINDOWS\mozver.dat
2008-04-27 21:07:00 0 d-------- C:\Documents and Settings\Wendy\Application Data\InstallShield
2008-04-27 18:06:17 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-27 18:06:07 0 d-------- C:\Documents and Settings\Wendy\Application Data\Mozilla
2008-04-27 13:42:48 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-27 13:42:42 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-27 13:42:42 0 d-------- C:\Documents and Settings\Wendy\Application Data\SUPERAntiSpyware.com
2008-04-27 13:18:41 0 d-------- C:\Documents and Settings\Wendy\Application Data\Malwarebytes
2008-04-27 13:18:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-27 13:17:24 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-25 12:17:15 0 d-------- C:\Program Files\Windows Live Safety Center
2008-04-24 23:11:03 68096 --a------ C:\WINDOWS\zip.exe
2008-04-24 23:11:03 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-24 23:11:03 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-24 23:11:03 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-24 23:11:03 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-24 23:11:03 98816 --a------ C:\WINDOWS\sed.exe
2008-04-24 23:11:03 80412 --a------ C:\WINDOWS\grep.exe
2008-04-24 23:11:03 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-20 10:24:06 6553600 --a------ C:\Documents and Settings\Wendy\ntuser.dat
2008-04-14 17:13:47 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-04-14 17:13:37 154624 --a------ C:\WINDOWS\system32\fmod.dll <Not Verified; Firelight Technologies Pty, Ltd; FMOD>
2008-04-14 17:11:42 0 d-------- C:\sierra


-- Find3M Report ---------------------------------------------------------------

2008-05-03 11:50:30 0 d-------- C:\Program Files\Quicken
2008-05-02 22:12:07 0 d-------- C:\Documents and Settings\Wendy\Application Data\AVG7
2008-04-30 15:54:42 0 d-------- C:\Program Files\Steam
2008-04-28 21:16:53 0 d-------- C:\Program Files\Common Files
2008-04-28 18:40:09 0 d-------- C:\Program Files\MSN Messenger
2008-04-28 18:24:10 0 d-------- C:\Documents and Settings\Wendy\Application Data\Adobe
2008-04-27 21:15:42 0 d-------- C:\Program Files\Microsoft Games
2008-04-27 21:11:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-27 20:44:04 0 d-------- C:\Program Files\Google
2008-04-27 13:42:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-11 22:16:08 0 d-------- C:\Documents and Settings\Wendy\Application Data\LimeWire
2008-03-27 18:31:50 0 d-------- C:\Program Files\THQ
2008-03-26 19:54:59 0 d-------- C:\Program Files\Tremulous
2008-03-23 17:29:30 0 d-------- C:\Program Files\Warcraft III
2008-03-18 13:56:44 84729 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-03-15 17:13:23 23392 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-12 21:11:34 0 d-------- C:\Program Files\QuickTime
2008-03-12 20:48:13 0 d-------- C:\Program Files\iTunes
2008-03-12 20:48:04 0 d-------- C:\Program Files\iPod
2008-03-03 22:30:43 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-03-03 22:30:43 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-02-18 20:42:19 46300 --a------ C:\WINDOWS\system32\AdssiteSocial-uninstall.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [10/14/2004 09:11 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [09/23/2004 12:41 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 12:22 PM]
"nwiz"="nwiz.exe" [10/22/2006 12:22 PM C:\WINDOWS\system32\nwiz.exe]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [04/18/2008 12:50 PM]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [06/30/2003 08:56 PM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [06/30/2003 09:00 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22 AM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [04/14/2004 02:46 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [04/14/2004 03:04 PM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [05/25/2004 09:16 AM]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [07/20/2004 09:34 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 12:22 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 06:00 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [01/11/2008 10:12 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [04/29/2008 08:48 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 9:05:56 AM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [4/6/2007 7:19:41 PM]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [4/16/2007 9:50:48 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 04/29/2008 08:48 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,




-- End of Deckard's System Scanner: finished at 2008-05-04 14:07:17 ------------
  • 0

#5
wxm
Posted 04 May 2008 - 02:35 PM

wxm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here's the last Dss log.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile AMD Sempron™ Processor 3000+
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 511.3 MiB / 213.24 MiB
Pagefile Memory (total/avail): 1246.12 MiB / 927.53 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.8 MiB

C: is Fixed (NTFS) - 153.38 GiB total, 124.47 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HDS721616PLA380 - 153.38 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 153.38 GiB - C:

\\.\PHYSICALDRIVE1 - Brother MFC-420CN USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"="C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe:*:Enabled:RelicCOH"
"C:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe"="C:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe:*:Enabled:W40kWA"
"C:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\[email protected]\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\[email protected]\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\[email protected]\\source sdk base\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\[email protected]\\source sdk base\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\[email protected]\\half-life 2\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\[email protected]\\half-life 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Steam\\steamapps\\[email protected]\\source dedicated server\\srcds.exe"="C:\\Program Files\\Steam\\steamapps\\[email protected]\\source dedicated server\\srcds.exe:*:Enabled:srcds"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe"="C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe:*:Enabled:W40k"
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
"C:\\Program Files\\Steam\\steam.exe"="C:\\Program Files\\Steam\\steam.exe:*:Disabled:Steam"
"C:\\Program Files\\THQ\\Company of Heroes\\Archive.exe"="C:\\Program Files\\THQ\\Company of Heroes\\Archive.exe:*:Enabled:Archive"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Steam\\steamapps\\[email protected]\\half-life\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\[email protected]\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Wendy\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WENDY-F5F8AC4FF
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Wendy
LOGONSERVER=\\WENDY-F5F8AC4FF
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Wendy\LOCALS~1\Temp
TMP=C:\DOCUME~1\Wendy\LOCALS~1\Temp
USERDOMAIN=WENDY-F5F8AC4FF
USERNAME=Wendy
USERPROFILE=C:\Documents and Settings\Wendy
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Wendy (admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Age of Empires III -->
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Boggle --> C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40A6C96D-808E-41DD-8716-617AB6B0F1F1}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
Company of Heroes --> MsiExec.exe /X{BA801B94-C28D-46EE-B806-E1E021A3D519}
Day of Defeat --> "C:\program files\steam\steam.exe" steam://uninstall/30
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Half-Life 2: Deathmatch --> "C:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam --> MsiExec.exe /I{26AA53D5-1307-48F9-A80F-A4D25F5849D4}
Making History: The Calm and The Storm Demo --> "C:\program files\steam\steam.exe" steam://uninstall/6260
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U /S
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Quicken XG 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA3F8E5D-452C-4F09-8285-418686BEFED1}\setup.exe" -l0x9
QuickTax 2007 --> MsiExec.exe /X{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Red Orchestra --> "C:\program files\steam\steam.exe" steam://uninstall/1200
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\WINDOWS\SiS\900\Uninst.exe
Socialnetworking Helper Adssite --> C:\WINDOWS\system32\AdssiteSocial-uninstall.exe
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Source SDK Base --> "C:\Program Files\Steam\steam.exe" steam://uninstall/215
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Sven Co-op 3.0 --> C:\WINDOWS\unvise32.exe c:\program files\steam\steamapps\[email protected]\half-life\SvenCoop\uninstal.log
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Warhammer 40,000: Dawn Of War - Gold Edition --> MsiExec.exe /X{83F12F73-D52E-40C0-93B1-463C311C4E17}
WebCam for MSN Messenger --> Rundll32.exe setupapi,InstallHinfSection DefaultUnInstall 128 C:\WINDOWS\INF\Athena.inf
WebFldrs XP -->
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type1877 / Success
Event Submitted/Written: 05/01/2008 05:14:42 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1862 / Warning
Event Submitted/Written: 04/29/2008 11:38:25 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1833 / Success
Event Submitted/Written: 04/29/2008 04:11:26 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1816 / Warning
Event Submitted/Written: 04/28/2008 09:16:45 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, OffProv, has been registered in the WMI namespace, Root\MSAPPS, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Event Record #/Type1815 / Warning
Event Submitted/Written: 04/28/2008 09:16:45 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, OffProv, has been registered in the WMI namespace, Root\MSAPPS, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type10374 / Error
Event Submitted/Written: 05/04/2008 02:06:49 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.

Event Record #/Type10352 / Error
Event Submitted/Written: 05/04/2008 11:28:59 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
sptd

Event Record #/Type10351 / Error
Event Submitted/Written: 05/04/2008 11:28:59 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The My Web Search Service service failed to start due to the following error:
%%3

Event Record #/Type10348 / Error
Event Submitted/Written: 05/04/2008 11:25:57 AM / 05/04/2008 11:27:57 AM
Event ID/Source: 4 / sptd
Event Description:
Driver detected an internal error in its data structures for .

Event Record #/Type10322 / Error
Event Submitted/Written: 05/04/2008 00:10:14 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
sptd



-- End of Deckard's System Scanner: finished at 2008-05-04 14:07:17 ------------

Can't say thank you enough for your help. Look forward to your reply.
  • 0

#6
andrewuk
Posted 04 May 2008 - 03:18 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
in this post we will remove the infections i can see in your logs, fix some of your file associations and update your Java. the kaspersky scan only picked up some false positives and some safely quarantined items.

i cant yet see any indication of what caused your original problems, so we will do another couple of scans to see if we can flush them out.

the scans will likely take 3 hours, quite possibly much longer. so just let them run.


====STEP 1====
Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Socialnetworking Helper Adssite

Please note any other programs that you dont recognize in that list in your next response



====STEP 2====
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\AdssiteSocial-uninstall.exe
purity 
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



====STEP 3====
click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /daft
This will open up Deckard's File Association Tool
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.
if that does not work then Please download DAFT and save it to your desktop and Double-click the daft.exe icon, and then follow the above instructions from "Click on the Scan button"



====STEP 4====
Clearing the Java cache:
there is a nice set of instructions http://www.java.com/.../5000020300.xml

  • Click Start > Control Panel.
  • Double-click the Java icon in the control panel and then the Java Control Panel will appear.
  • Click Settings under Temporary Internet Files and the Temporary Files Settings dialog box appears.
  • Click Delete Files and the Delete Temporary Files dialog box appears.
  • Make sure all three boxes are ticked: Downloaded Applets, Downloaded Applications and Other Files and then Click OK on Delete Temporary Files window. Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click OK on Temporary Files Settings window.
Removing old java:
Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

J2SE Runtime Environment 5.0 Update 3
Java™ 6 Update 3


Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

====STEP 5====
could you delete the current version of malwarebytes you have and follow these instructions:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



====STEP 6====
and could i see a scan with your AVG and could you ensure it is fully updated



In your next reply could i see:
1. the OTMoveIT log
2. the malwarebytes log
3. the AVG log
4. a new hijackthis log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#7
wxm
Posted 04 May 2008 - 10:14 PM

wxm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Found and deleted program listed in step 1. All other programs appear to be fine.

Here's the OTMoveIt log.

Explorer killed successfully
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe moved successfully.
File/Folder C:\WINDOWS\system32\AdssiteSocial-uninstall.exe not found.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05042008_160140

Malwarebytes log.

Malwarebytes' Anti-Malware 1.11
Database version: 716

Scan type: Full Scan (C:\|)
Objects scanned: 93278
Time elapsed: 1 hour(s), 24 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

I will provide AVG log shortly
  • 0

#8
wxm
Posted 04 May 2008 - 10:17 PM

wxm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here's the AVG log.

<history>
<!-- 01c8ae25037d37a0 -->
<rec time="2008/01/05 22:27:23" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1220-1219;</attr>
</rec>
<rec time="2008/01/06 11:10:03" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1221-1220;</attr>
</rec>
<rec time="2008/01/07 16:03:52" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1223-1221;</attr>
</rec>
<rec time="2008/01/08 17:06:54" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1224-1223;</attr>
</rec>
<rec time="2008/01/09 15:20:43" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1238-1236;iavi:1226-1224;</attr>
</rec>
<rec time="2008/01/10 20:26:24" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1228-1226;</attr>
</rec>
<rec time="2008/01/11 09:07:42" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1239-1238;iavi:1229-1228;</attr>
</rec>
<rec time="2008/01/12 14:10:44" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1240-1239;iavi:1231-1229;</attr>
</rec>
<rec time="2008/01/14 12:54:52" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1234-1231;</attr>
</rec>
<rec time="2008/01/16 08:26:04" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1243-1240;iavi:1238-1234;</attr>
</rec>
<rec time="2008/01/17 08:10:54" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1244-1243;iavi:1239-1238;</attr>
</rec>
<rec time="2008/01/19 13:49:31" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1245-1244;banner:489-488;iavi:1243-1239;</attr>
</rec>
<rec time="2008/01/20 13:23:54" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1244-1243;</attr>
</rec>
<rec time="2008/01/22 15:33:12" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version"></attr>
</rec>
<rec time="2008/01/23 15:26:01" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1248-1246;iavi:1250-1245;</attr>
</rec>
<rec time="2008/01/24 16:36:34" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1249-1248;iavi:1252-1250;</attr>
</rec>
<rec time="2008/01/25 09:44:23" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1253-1252;</attr>
</rec>
<rec time="2008/01/26 11:24:34" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1250-1249;iavi:1255-1253;</attr>
</rec>
<rec time="2008/01/26 18:47:44" user="Wendy" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/01/26 19:03:47" user="Wendy" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/01/27 15:33:42" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1251-1250;iavi:1256-1255;</attr>
</rec>
<rec time="2008/01/28 12:59:58" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1252-1251;iavi:1257-1256;</attr>
</rec>
<rec time="2008/01/29 15:48:48" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1253-1252;iavi:1259-1257;</attr>
</rec>
<rec time="2008/01/30 18:12:40" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1255-1253;iavi:1262-1259;</attr>
</rec>
<rec time="2008/01/31 13:07:17" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1263-1262;</attr>
</rec>
<rec time="2008/01/31 16:32:19" user="Wendy" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/01/31 19:00:14" user="Wendy" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/01 15:53:27" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1256-1255;iavi:1265-1263;</attr>
</rec>
<rec time="2008/02/02 15:35:49" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1257-1256;iavi:1266-1265;</attr>
</rec>
<rec time="2008/02/03 13:57:41" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1267-1266;</attr>
</rec>
<rec time="2008/02/04 18:07:11" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1258-1257;iavi:1269-1267;</attr>
</rec>
<rec time="2008/02/05 15:20:54" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1271-1269;</attr>
</rec>
<rec time="2008/02/06 20:32:40" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1259-1258;iavi:1273-1271;</attr>
</rec>
<rec time="2008/02/07 15:31:24" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1275-1273;</attr>
</rec>
<rec time="2008/02/07 16:07:39" user="Wendy" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\8OEXE83Q\favicon[1].htm</attr>
<attr name="finding">@EID_Id_vir</attr>
<attr name="virusname">Exploit</attr>
</rec>
<rec time="2008/02/08 13:29:59" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1276-1275;</attr>
</rec>
<rec time="2008/02/08 13:41:59" user="Wendy" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\0CLMAS2R\favicon[1].htm</attr>
<attr name="finding">@EID_Id_vir</attr>
<attr name="virusname">Exploit</attr>
</rec>
<rec time="2008/02/09 13:22:16" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1260-1259;iavi:1278-1276;</attr>
</rec>
<rec time="2008/02/10 14:45:47" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1262-1260;iavi:1280-1278;</attr>
</rec>
<rec time="2008/02/10 18:16:45" user="Wendy" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\EX1O4ILP\index[1].htm</attr>
<attr name="finding">@EID_Fi_vir</attr>
<attr name="virusname">HTML/Framer</attr>
</rec>
<rec time="2008/02/10 18:17:06" user="Wendy" source="Virus">
<value>@HL_ActionTakenFailed</value>
<attr name="filename">C:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\EX1O4ILP\index[1].htm</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2008/02/10 18:30:10" user="Wendy" source="Virus">
<value>@HL_ActionTakenFailed</value>
<attr name="filename">C:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\EX1O4ILP\index[1].htm</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2008/02/10 18:30:21" user="Wendy" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\EX1O4ILP\index[1].htm</attr>
<attr name="action">@HL_ActVVInserted</attr>
</rec>
<rec time="2008/02/11 15:21:21" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1282-1280;</attr>
</rec>
<rec time="2008/02/12 08:33:38" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1283-1282;</attr>
</rec>
<rec time="2008/02/13 16:44:43" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1264-1262;iavi:1287-1283;</attr>
</rec>
<rec time="2008/02/14 21:38:43" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1265-1264;iavi:1289-1287;</attr>
</rec>
<rec time="2008/02/15 16:24:55" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1266-1265;iavi:1292-1289;</attr>
</rec>
<rec time="2008/02/16 13:00:34" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1267-1266;iavi:1293-1292;</attr>
</rec>
<rec time="2008/02/17 11:51:19" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1294-1293;</attr>
</rec>
<rec time="2008/02/17 22:38:34" user="Wendy" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_13</attr>
</rec>
<rec time="2008/02/17 22:40:37" user="Wendy" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_13</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/18 17:47:39" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1296-1294;</attr>
</rec>
<rec time="2008/02/18 19:39:41" user="Wendy" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_12</attr>
</rec>
<rec time="2008/02/18 19:39:41" user="Wendy" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_12</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/18 19:41:10" user="Wendy" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_12</attr>
</rec>
<rec time="2008/02/18 19:41:10" user="Wendy" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_12</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/18 20:08:18" user="Wendy" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_12</attr>
</rec>
<rec time="2008/02/18 20:08:18" user="Wendy" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_12</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/19 20:21:20" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1268-1267;iavi:1298-1296;</attr>
</rec>
<rec time="2008/02/20 15:46:47" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1269-1268;iavi:1300-1298;</attr>
</rec>
<rec time="2008/02/20 19:02:40" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/20 20:34:45" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/20 20:49:51" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/22 12:49:09" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version"></attr>
</rec>
<rec time="2008/02/22 19:47:44" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/22 21:19:56" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/22 21:49:57" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/22 22:26:20" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 01:46:40" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 02:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 03:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 04:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 05:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 06:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 07:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 08:02:26" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1304-1302;</attr>
</rec>
<rec time="2008/02/23 08:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 09:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 10:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 11:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 12:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 13:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 14:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 19:57:14" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 20:51:49" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 22:24:18" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/24 22:08:06" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/24 22:33:55" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/25 12:51:27" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1271-1269;iavi:1307-1304;</attr>
</rec>
<rec time="2008/02/25 15:02:21" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/25 19:49:17" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/25 20:23:09" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/26 19:16:58" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/26 19:24:53" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/26 20:37:58" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/27 12:55:33" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1312-1307;</attr>
</rec>
<rec time="2008/02/27 18:34:58" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/27 19:18:56" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/27 20:18:56" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/28 16:40:10" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1313-1312;</attr>
</rec>
<rec time="2008/02/29 12:48:45" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1272-1271;iavi:1314-1313;</attr>
</rec>
<rec time="2008/02/29 15:41:31" user="Wendy" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\WINDOWS\system32\nso33.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">NaviPromo.N</attr>
</rec>
<rec time="2008/02/29 16:05:32" user="Wendy" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\WINDOWS\system32\nso33.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">NaviPromo.N</attr>
</rec>
<rec time="2008/02/29 16:05:34" user="Wendy" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINDOWS\system32\nso33.dll</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2008/02/29 18:45:42" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/29 19:14:45" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/29 20:14:45" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/29 21:14:45" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/29 23:34:56" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/01 12:29:00" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1273-1272;iavi:1316-1314;</attr>
</rec>
<rec time="2008/03/01 14:58:53" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/01 15:31:41" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/01 16:31:41" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/01 17:31:41" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/01 19:31:00" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/01 21:22:58" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/02 11:56:47" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1317-1316;</attr>
</rec>
<rec time="2008/03/03 17:36:45" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/04 19:20:34" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1274-1273;iavi:1322-1317;</attr>
</rec>
<rec time="2008/03/04 21:30:06" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/05 15:48:20" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1275-1274;iavi:1324-1322;</attr>
</rec>
<rec time="2008/03/05 16:42:50" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/05 16:50:34" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/05 18:11:19" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/05 18:51:39" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/06 20:38:43" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1276-1275;iavi:1326-1324;</attr>
</rec>
<rec time="2008/03/07 08:56:51" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1327-1326;</attr>
</rec>
<rec time="2008/03/07 09:20:02" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/07 09:59:13" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/07 10:59:13" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/07 11:59:13" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/07 12:59:13" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/07 13:59:13" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/07 14:59:13" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/07 15:59:13" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/07 17:49:28" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/07 17:59:13" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/08 12:15:44" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avgui:517-507;avi:1277-1276;ems:518-510;iavi:1329-1327;lngus:518-508;</attr>
</rec>
<rec time="2008/03/08 16:13:42" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/08 17:15:57" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/08 17:31:27" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/08 18:21:37" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/08 19:21:37" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/08 20:21:37" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/08 21:21:37" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/08 22:21:37" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/08 23:21:37" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/09 00:21:37" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/09 19:58:26" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1332-1329;</attr>
</rec>
<rec time="2008/03/10 19:37:25" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">banner:490-489;iavi:1334-1332;</attr>
</rec>
<rec time="2008/03/11 19:19:40" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1335-1334;</attr>
</rec>
<rec time="2008/03/12 15:19:10" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1337-1335;</attr>
</rec>
<rec time="2008/03/13 15:38:53" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avgui:519-517;banner:491-490;ems:519-518;iavi:1338-1337;</attr>
</rec>
<rec time="2008/03/14 20:58:26" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1339-1338;</attr>
</rec>
<rec time="2008/03/15 15:36:35" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1340-1339;</attr>
</rec>
<rec time="2008/03/17 08:02:28" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1342-1340;</attr>
</rec>
<rec time="2008/03/18 12:57:41" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1343-1342;</attr>
</rec>
<rec time="2008/03/19 12:58:12" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1345-1343;</attr>
</rec>
<rec time="2008/03/20 20:33:08" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1278-1277;banner:492-491;iavi:1347-1345;</attr>
</rec>
<rec time="2008/03/22 16:35:23" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1349-1347;</attr>
</rec>
<rec time="2008/03/24 08:02:31" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1350-1349;</attr>
</rec>
<rec time="2008/03/26 17:30:31" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version"></attr>
</rec>
<rec time="2008/03/27 15:24:07" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1280-1279;iavi:1357-1352;</attr>
</rec>
<rec time="2008/03/28 11:04:00" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1358-1357;</attr>
</rec>
<rec time="2008/03/30 11:25:00" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1360-1358;</attr>
</rec>
<rec time="2008/03/31 13:39:37" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1281-1280;iavi:1363-1360;</attr>
</rec>
<rec time="2008/04/01 12:54:35" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1282-1281;iavi:1364-1363;</attr>
</rec>
<rec time="2008/04/03 13:47:14" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1284-1282;iavi:1367-1364;</attr>
</rec>
<rec time="2008/04/04 19:05:35" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1285-1284;iavi:1370-1367;</attr>
</rec>
<rec time="2008/04/06 14:13:43" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1287-1285;iavi:1372-1370;</attr>
</rec>
<rec time="2008/04/07 16:04:36" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1288-1287;iavi:1374-1372;</attr>
</rec>
<rec time="2008/04/08 08:02:28" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1375-1374;</attr>
</rec>
<rec time="2008/04/09 22:27:29" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1290-1288;iavi:1378-1375;</attr>
</rec>
<rec time="2008/04/10 21:25:46" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1291-1290;iavi:1382-1378;</attr>
</rec>
<rec time="2008/04/11 11:06:39" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1383-1382;</attr>
</rec>
<rec time="2008/04/12 23:23:03" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1292-1291;iavi:1385-1383;</attr>
</rec>
<rec time="2008/04/13 12:01:03" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1386-1385;</attr>
</rec>
<rec time="2008/04/14 13:02:20" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1387-1386;</attr>
</rec>
<rec time="2008/04/17 13:08:27" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1294-1292;iavi:1394-1387;</attr>
</rec>
<rec time="2008/04/18 12:50:13" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avgcc:522-506;avgui:524-519;iavi:1395-1394;lngus:520-518;update:523-516;</attr>
</rec>
<rec time="2008/04/18 23:48:58" user="Wendy" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Wendy\Local Settings\Temp\bisA.exe</attr>
<attr name="finding">@EID_Id_vir</attr>
<attr name="virusname">Downloader.Swizzor</attr>
</rec>
<rec time="2008/04/19 10:29:25" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1295-1294;iavi:1397-1395;</attr>
</rec>
<rec time="2008/04/21 08:06:16" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1399-1397;</attr>
</rec>
<rec time="2008/04/23 13:12:26" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1296-1295;iavi:1403-1399;</attr>
</rec>
<rec time="2008/04/23 22:04:58" user="Wendy" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/04/24 00:
  • 0

#9
wxm
Posted 04 May 2008 - 10:20 PM

wxm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hmm... re-adding AVG log without word wrap. Not sure that it looked right in last post.

<history>
<!-- 01c8ae25037d37a0 -->
<rec time="2008/01/05 22:27:23" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1220-1219;</attr>
</rec>
<rec time="2008/01/06 11:10:03" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1221-1220;</attr>
</rec>
<rec time="2008/01/07 16:03:52" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1223-1221;</attr>
</rec>
<rec time="2008/01/08 17:06:54" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1224-1223;</attr>
</rec>
<rec time="2008/01/09 15:20:43" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1238-1236;iavi:1226-1224;</attr>
</rec>
<rec time="2008/01/10 20:26:24" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1228-1226;</attr>
</rec>
<rec time="2008/01/11 09:07:42" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1239-1238;iavi:1229-1228;</attr>
</rec>
<rec time="2008/01/12 14:10:44" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1240-1239;iavi:1231-1229;</attr>
</rec>
<rec time="2008/01/14 12:54:52" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1234-1231;</attr>
</rec>
<rec time="2008/01/16 08:26:04" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1243-1240;iavi:1238-1234;</attr>
</rec>
<rec time="2008/01/17 08:10:54" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1244-1243;iavi:1239-1238;</attr>
</rec>
<rec time="2008/01/19 13:49:31" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1245-1244;banner:489-488;iavi:1243-1239;</attr>
</rec>
<rec time="2008/01/20 13:23:54" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1244-1243;</attr>
</rec>
<rec time="2008/01/22 15:33:12" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version"></attr>
</rec>
<rec time="2008/01/23 15:26:01" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1248-1246;iavi:1250-1245;</attr>
</rec>
<rec time="2008/01/24 16:36:34" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1249-1248;iavi:1252-1250;</attr>
</rec>
<rec time="2008/01/25 09:44:23" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1253-1252;</attr>
</rec>
<rec time="2008/01/26 11:24:34" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1250-1249;iavi:1255-1253;</attr>
</rec>
<rec time="2008/01/26 18:47:44" user="Wendy" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/01/26 19:03:47" user="Wendy" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/01/27 15:33:42" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1251-1250;iavi:1256-1255;</attr>
</rec>
<rec time="2008/01/28 12:59:58" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1252-1251;iavi:1257-1256;</attr>
</rec>
<rec time="2008/01/29 15:48:48" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1253-1252;iavi:1259-1257;</attr>
</rec>
<rec time="2008/01/30 18:12:40" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1255-1253;iavi:1262-1259;</attr>
</rec>
<rec time="2008/01/31 13:07:17" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1263-1262;</attr>
</rec>
<rec time="2008/01/31 16:32:19" user="Wendy" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/01/31 19:00:14" user="Wendy" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/01 15:53:27" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1256-1255;iavi:1265-1263;</attr>
</rec>
<rec time="2008/02/02 15:35:49" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1257-1256;iavi:1266-1265;</attr>
</rec>
<rec time="2008/02/03 13:57:41" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1267-1266;</attr>
</rec>
<rec time="2008/02/04 18:07:11" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1258-1257;iavi:1269-1267;</attr>
</rec>
<rec time="2008/02/05 15:20:54" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1271-1269;</attr>
</rec>
<rec time="2008/02/06 20:32:40" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1259-1258;iavi:1273-1271;</attr>
</rec>
<rec time="2008/02/07 15:31:24" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1275-1273;</attr>
</rec>
<rec time="2008/02/07 16:07:39" user="Wendy" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\8OEXE83Q\favicon[1].htm</attr>
<attr name="finding">@EID_Id_vir</attr>
<attr name="virusname">Exploit</attr>
</rec>
<rec time="2008/02/08 13:29:59" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1276-1275;</attr>
</rec>
<rec time="2008/02/08 13:41:59" user="Wendy" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\0CLMAS2R\favicon[1].htm</attr>
<attr name="finding">@EID_Id_vir</attr>
<attr name="virusname">Exploit</attr>
</rec>
<rec time="2008/02/09 13:22:16" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1260-1259;iavi:1278-1276;</attr>
</rec>
<rec time="2008/02/10 14:45:47" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1262-1260;iavi:1280-1278;</attr>
</rec>
<rec time="2008/02/10 18:16:45" user="Wendy" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\EX1O4ILP\index[1].htm</attr>
<attr name="finding">@EID_Fi_vir</attr>
<attr name="virusname">HTML/Framer</attr>
</rec>
<rec time="2008/02/10 18:17:06" user="Wendy" source="Virus">
<value>@HL_ActionTakenFailed</value>
<attr name="filename">C:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\EX1O4ILP\index[1].htm</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2008/02/10 18:30:10" user="Wendy" source="Virus">
<value>@HL_ActionTakenFailed</value>
<attr name="filename">C:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\EX1O4ILP\index[1].htm</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2008/02/10 18:30:21" user="Wendy" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\EX1O4ILP\index[1].htm</attr>
<attr name="action">@HL_ActVVInserted</attr>
</rec>
<rec time="2008/02/11 15:21:21" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1282-1280;</attr>
</rec>
<rec time="2008/02/12 08:33:38" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1283-1282;</attr>
</rec>
<rec time="2008/02/13 16:44:43" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1264-1262;iavi:1287-1283;</attr>
</rec>
<rec time="2008/02/14 21:38:43" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1265-1264;iavi:1289-1287;</attr>
</rec>
<rec time="2008/02/15 16:24:55" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1266-1265;iavi:1292-1289;</attr>
</rec>
<rec time="2008/02/16 13:00:34" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1267-1266;iavi:1293-1292;</attr>
</rec>
<rec time="2008/02/17 11:51:19" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1294-1293;</attr>
</rec>
<rec time="2008/02/17 22:38:34" user="Wendy" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_13</attr>
</rec>
<rec time="2008/02/17 22:40:37" user="Wendy" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_13</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/18 17:47:39" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1296-1294;</attr>
</rec>
<rec time="2008/02/18 19:39:41" user="Wendy" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_12</attr>
</rec>
<rec time="2008/02/18 19:39:41" user="Wendy" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_12</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/18 19:41:10" user="Wendy" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_12</attr>
</rec>
<rec time="2008/02/18 19:41:10" user="Wendy" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_12</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/18 20:08:18" user="Wendy" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_12</attr>
</rec>
<rec time="2008/02/18 20:08:18" user="Wendy" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_12</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/19 20:21:20" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1268-1267;iavi:1298-1296;</attr>
</rec>
<rec time="2008/02/20 15:46:47" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1269-1268;iavi:1300-1298;</attr>
</rec>
<rec time="2008/02/20 19:02:40" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/20 20:34:45" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/20 20:49:51" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/22 12:49:09" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version"></attr>
</rec>
<rec time="2008/02/22 19:47:44" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/22 21:19:56" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/22 21:49:57" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/22 22:26:20" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 01:46:40" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 02:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 03:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 04:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 05:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 06:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 07:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 08:02:26" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1304-1302;</attr>
</rec>
<rec time="2008/02/23 08:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 09:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 10:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 11:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 12:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 13:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 14:37:59" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 19:57:14" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 20:51:49" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/23 22:24:18" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/24 22:08:06" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/24 22:33:55" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/25 12:51:27" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1271-1269;iavi:1307-1304;</attr>
</rec>
<rec time="2008/02/25 15:02:21" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/25 19:49:17" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/25 20:23:09" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/26 19:16:58" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/26 19:24:53" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/26 20:37:58" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/27 12:55:33" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1312-1307;</attr>
</rec>
<rec time="2008/02/27 18:34:58" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/27 19:18:56" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/27 20:18:56" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/28 16:40:10" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1313-1312;</attr>
</rec>
<rec time="2008/02/29 12:48:45" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1272-1271;iavi:1314-1313;</attr>
</rec>
<rec time="2008/02/29 15:41:31" user="Wendy" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\WINDOWS\system32\nso33.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">NaviPromo.N</attr>
</rec>
<rec time="2008/02/29 16:05:32" user="Wendy" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\WINDOWS\system32\nso33.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">NaviPromo.N</attr>
</rec>
<rec time="2008/02/29 16:05:34" user="Wendy" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINDOWS\system32\nso33.dll</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2008/02/29 18:45:42" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/29 19:14:45" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/29 20:14:45" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/29 21:14:45" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/02/29 23:34:56" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/01 12:29:00" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1273-1272;iavi:1316-1314;</attr>
</rec>
<rec time="2008/03/01 14:58:53" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/01 15:31:41" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/01 16:31:41" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/01 17:31:41" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/01 19:31:00" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/01 21:22:58" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/02 11:56:47" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1317-1316;</attr>
</rec>
<rec time="2008/03/03 17:36:45" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/04 19:20:34" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1274-1273;iavi:1322-1317;</attr>
</rec>
<rec time="2008/03/04 21:30:06" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/05 15:48:20" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1275-1274;iavi:1324-1322;</attr>
</rec>
<rec time="2008/03/05 16:42:50" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/05 16:50:34" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/05 18:11:19" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/05 18:51:39" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/06 20:38:43" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1276-1275;iavi:1326-1324;</attr>
</rec>
<rec time="2008/03/07 08:56:51" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1327-1326;</attr>
</rec>
<rec time="2008/03/07 09:20:02" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/07 09:59:13" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/07 10:59:13" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/07 11:59:13" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/07 12:59:13" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/07 13:59:13" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/07 14:59:13" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/07 15:59:13" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/07 17:49:28" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/07 17:59:13" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/08 12:15:44" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avgui:517-507;avi:1277-1276;ems:518-510;iavi:1329-1327;lngus:518-508;</attr>
</rec>
<rec time="2008/03/08 16:13:42" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/08 17:15:57" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/08 17:31:27" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/08 18:21:37" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/08 19:21:37" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/08 20:21:37" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/08 21:21:37" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/08 22:21:37" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/08 23:21:37" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/09 00:21:37" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP44\A0002673.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Puper.G</attr>
</rec>
<rec time="2008/03/09 19:58:26" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1332-1329;</attr>
</rec>
<rec time="2008/03/10 19:37:25" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">banner:490-489;iavi:1334-1332;</attr>
</rec>
<rec time="2008/03/11 19:19:40" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1335-1334;</attr>
</rec>
<rec time="2008/03/12 15:19:10" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1337-1335;</attr>
</rec>
<rec time="2008/03/13 15:38:53" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avgui:519-517;banner:491-490;ems:519-518;iavi:1338-1337;</attr>
</rec>
<rec time="2008/03/14 20:58:26" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1339-1338;</attr>
</rec>
<rec time="2008/03/15 15:36:35" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1340-1339;</attr>
</rec>
<rec time="2008/03/17 08:02:28" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1342-1340;</attr>
</rec>
<rec time="2008/03/18 12:57:41" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1343-1342;</attr>
</rec>
<rec time="2008/03/19 12:58:12" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1345-1343;</attr>
</rec>
<rec time="2008/03/20 20:33:08" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1278-1277;banner:492-491;iavi:1347-1345;</attr>
</rec>
<rec time="2008/03/22 16:35:23" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1349-1347;</attr>
</rec>
<rec time="2008/03/24 08:02:31" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1350-1349;</attr>
</rec>
<rec time="2008/03/26 17:30:31" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version"></attr>
</rec>
<rec time="2008/03/27 15:24:07" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1280-1279;iavi:1357-1352;</attr>
</rec>
<rec time="2008/03/28 11:04:00" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1358-1357;</attr>
</rec>
<rec time="2008/03/30 11:25:00" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1360-1358;</attr>
</rec>
<rec time="2008/03/31 13:39:37" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1281-1280;iavi:1363-1360;</attr>
</rec>
<rec time="2008/04/01 12:54:35" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1282-1281;iavi:1364-1363;</attr>
</rec>
<rec time="2008/04/03 13:47:14" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1284-1282;iavi:1367-1364;</attr>
</rec>
<rec time="2008/04/04 19:05:35" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1285-1284;iavi:1370-1367;</attr>
</rec>
<rec time="2008/04/06 14:13:43" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1287-1285;iavi:1372-1370;</attr>
</rec>
<rec time="2008/04/07 16:04:36" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1288-1287;iavi:1374-1372;</attr>
</rec>
<rec time="2008/04/08 08:02:28" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1375-1374;</attr>
</rec>
<rec time="2008/04/09 22:27:29" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1290-1288;iavi:1378-1375;</attr>
</rec>
<rec time="2008/04/10 21:25:46" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1291-1290;iavi:1382-1378;</attr>
</rec>
<rec time="2008/04/11 11:06:39" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1383-1382;</attr>
</rec>
<rec time="2008/04/12 23:23:03" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1292-1291;iavi:1385-1383;</attr>
</rec>
<rec time="2008/04/13 12:01:03" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1386-1385;</attr>
</rec>
<rec time="2008/04/14 13:02:20" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1387-1386;</attr>
</rec>
<rec time="2008/04/17 13:08:27" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1294-1292;iavi:1394-1387;</attr>
</rec>
<rec time="2008/04/18 12:50:13" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avgcc:522-506;avgui:524-519;iavi:1395-1394;lngus:520-518;update:523-516;</attr>
</rec>
<rec time="2008/04/18 23:48:58" user="Wendy" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Wendy\Local Settings\Temp\bisA.exe</attr>
<attr name="finding">@EID_Id_vir</attr>
<attr name="virusname">Downloader.Swizzor</attr>
</rec>
<rec time="2008/04/19 10:29:25" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1295-1294;iavi:1397-1395;</attr>
</rec>
<rec time="2008/04/21 08:06:16" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1399-1397;</attr>
</rec>
<rec time="2008/04/23 13:12:26" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1296-1295;iavi:1403-1399;</attr>
</rec>
<rec time="2008/04/23 22:04:58" user="Wendy" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</at
  • 0

#10
wxm
Posted 04 May 2008 - 10:21 PM

wxm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here's the latest HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:27 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/start/enCA/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.2.100.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193351729656
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9851 bytes
  • 0

Advertisements

#11
andrewuk
Posted 04 May 2008 - 10:56 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
your logs are looking better, how is your machine running now?
  • 0

#12
wxm
Posted 04 May 2008 - 11:15 PM

wxm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
It seems to run fine although the sound is still distorted. Not such a big deal I guess if all else is good. Is the results of the AVG scan showing that those dll files have been changed indicating that something is still there?
  • 0

#13
andrewuk
Posted 05 May 2008 - 12:18 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
the last part of the AVG log is cut off, could you repost the last part only.
  • 0

#14
wxm
Posted 05 May 2008 - 09:46 PM

wxm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Sorry about that. Here's the tail end of the AVG log:

<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/04/24 00:21:22" user="Wendy" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/04/24 22:58:10" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1297-1296;iavi:1406-1403;</attr>
</rec>
<rec time="2008/04/25 09:54:36" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1407-1406;</attr>
</rec>
<rec time="2008/04/25 15:27:52" user="Wendy" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP14\A0000506.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Clicker.MFC</attr>
</rec>
<rec time="2008/04/25 15:52:32" user="Wendy" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\System Volume Information\_restore{743B143A-177E-4C9E-BAB3-B26B0801BD02}\RP14\A0000506.dll</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2008/04/26 11:58:16" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1298-1297;iavi:1409-1407;</attr>
</rec>
<rec time="2008/04/27 12:44:00" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1410-1409;</attr>
</rec>
<rec time="2008/04/28 00:44:57" user="Wendy" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/04/28 21:56:41" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1299-1298;iavi:1412-1410;</attr>
</rec>
<rec time="2008/04/28 21:57:57" user="Wendy" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/04/28 23:58:36" user="Wendy" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/04/29 16:11:15" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1414-1412;</attr>
</rec>
<rec time="2008/04/30 15:55:14" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1300-1299;iavi:1418-1414;</attr>
</rec>
<rec time="2008/05/02 20:11:59" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1301-1300;iavi:1422-1418;</attr>
</rec>
<rec time="2008/05/02 22:12:08" user="Wendy" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/05/02 22:42:50" user="Wendy" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/05/03 11:04:34" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1423-1422;</attr>
</rec>
<rec time="2008/05/04 11:29:56" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1424-1423;</attr>
</rec>
<rec time="2008/05/04 20:25:37" user="Wendy" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/05/04 21:49:45" user="Wendy" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
</history>
  • 0

#15
andrewuk
Posted 05 May 2008 - 10:19 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
hmm, i am not seeing anything there. so, lets finish this off and then once you have followed all the below steps, do another scan with AVG and tell me if those issues are still there.

in this post we will clear away the fix tools (this is so that should you ever be re-infected, you will download updated versions and it will also remove the quarantined Malware from your computer), reset your restore points (there will be infections lurking in there) and i will leave you with some ideas on how to enhance the protection of your machine against future infection.


====STEP 1====
clearing the fix tools:
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
you can remove any other fix tools we used.


====STEP 2====
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

Instructions with screenshots to help is http://www.f-secure..../sfc_dis1.shtml

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405


====IDEAS TO SPEED UP YOUR MACHINE====
this page http://users.telenet...owcomputer.html gives some good ideas on how to improve the efficiency of your machine and has one or two useful links to help your further.


====AND FINALLY====
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein


andrewuk
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP