[Wayne Puckett]

10 Days Hello
I have run spybot s&d and ad aware se along with Xoftspy.when system is booted takes forever bios loads and I get the coursor then we wait. same to boot in safe mode.programs work slow. So here is my HJT log and ewiod
Logfile of HijackThis v1.99.1
Scan saved at 12:18:32 PM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\local-user\Desktop\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.dogpile.c...orms/search.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tomcoyote.org/hjt/#Top
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [xsoR3FT] wmnptsvc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinn...5/pool/pool.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.sho...odspeed1003.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...eed/install.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:21:00 PM, 8/8/2005
+ Report-Checksum: A8F9F90A

+ Scan result:

C:\WINDOWS\etb\xud_62.dll -> Spyware.EliteBar : Cleaned with backup


::Report End

Edited by Wayne Puckett, 17 August 2005 - 08:31 AM.

[Advertisements]

Hi Wayne. Sorry you were missed on the first go-round. Could you run hijack this again and post a new log in this thread so I can see what your machine is doing today? Thanks.

[coachwife6]

Hi Wayne. Sorry you were missed on the first go-round. Could you run hijack this again and post a new log in this thread so I can see what your machine is doing today? Thanks.

[Wayne Puckett]

Thanks Coachwife6, here's new log. Have had spyware and malware on computer also had virus through java.




Logfile of HijackThis v1.99.1
Scan saved at 5:35:30 PM, on 8/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Documents and Settings\local-user\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tomcoyote.org/hjt/#Top
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [xsoR3FT] wmnptsvc.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VElite Admin] C:\Program Files\SecureOL\A2\VELiteUI.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinn...5/pool/pool.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.sho...odspeed1003.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...eed/install.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SecureOL A2D (SecureOL_A2D) - Unknown owner - C:\WINDOWS\system32\SecureOLA2D.exe
O23 - Service: SecureOL Exec (SecureOL_Exec) - SecureOL Ltd. - C:\WINDOWS\system32\SecureOLExec.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[coachwife6]

There are quite a few programs available that offer protection features to help keep a computer from getting infected. While this is normally a helpful feature, it can keep a victim from making the changes necessary to clean their comptuer. Please read the following and uninstall or disable those that apply to your machine.

These programs need to be uninstalled

AdWatch

These programs can just be disabled

Microsoft Antispyware
TeaTimer
SpySweeper
Win Patrol
Spyware Guard
PSGuard
Pestpatrol
Regrun
Diamonds Process controller

Please download CleanUp! - Download - HomePage
Don't run it yet.

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tomcoyote.org/hjt/#Top

O4 - HKLM\..\Run: [xsoR3FT] wmnptsvc.exe
O4 - HKLM\..\Run: [VElite Admin] C:\Program Files\SecureOL\A2\VELiteUI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE<<resource hog

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinn...5/pool/pool.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.sho...odspeed1003.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...eed/install.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab

O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL

O23 - Service: SecureOL A2D (SecureOL_A2D) - Unknown owner - C:\WINDOWS\system32\SecureOLA2D.exe
O23 - Service: SecureOL Exec (SecureOL_Exec) - SecureOL Ltd. - C:\WINDOWS\system32\SecureOLExec.exe

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
C:\WINDOWS\system32\SecureOLA2D.exe
C:\WINDOWS\system32\SecureOLExec.exe
wmnptsvc.exe
C:\Program Files\SecureOL\<<entire folder



Click on the button labeled CleanUp!.

When it finishes it will prompt you to restart Windows - there will be one or two files it cannot delete when Windows is running - however, they will be deleted next time Windows starts up.

Reboot and give me a new hijack this log and tell me how it's working.

[Wayne Puckett]

new HJT log

Ok I did as instructed. It took 38 minutes to reboot in safe mode and 58 minutes to boot win xp. Machine works but !!!!!

Logfile of HijackThis v1.99.1
Scan saved at 2:44:14 PM, on 8/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\local-user\Desktop\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[coachwife6]

* Please click this link to download Silent Runners.
* Save it to the desktop.
* Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
* You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)
* Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

[Wayne Puckett]

That link was no good but I found it.
"Silent Runners.vbs", revision 40, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AIM" = "C:\Program Files\AIM\aim.exe -cnetwait.odl" ["America Online, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"GhostStartTrayApp" = "C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" ["Symantec Corporation"]
"Device Detector" = "DevDetect.exe -autorun" ["ACD Systems, Ltd."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\1033\UNBIND.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Symantec\Norton Ghost 2003\GhoShExt.dll" ["Symantec Corporation"]
"{8BE13461-936F-11D1-A87D-444553540000}" = "Eraser Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Eraser\erasext.dll" ["-"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
"AppInit_DLLs" = (value not set)

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Eraser\erasext.dll" ["-"]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Eraser\erasext.dll" ["-"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"


Startup items in "local-user" & "All Users" startup folders:
------------------------------------------------------------

C:\Documents and Settings\local-user\Start Menu\Programs\Startup
"Webshots" -> shortcut to: "C:\Program Files\Webshots\Launcher.exe /t" [null data]


Enabled Scheduled Tasks:
------------------------

"XoftSpy" -> launches: "C:\Documents and Settings\local-user\Desktop\XoftSpy\XoftSpy.exe -t" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
GhostStartService, GhostStartService, "C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "Yes" at the first message box.
---------- (total run time: 62 seconds, including 18 seconds for message boxes)

[coachwife6]

I still can't figure out what is causing it to take so long to load.

Try a scan from panda. You have to use IE to download it. It will produce a log. Copy and paste that log here. I also am going to ask someone from another forum to poke his/her head in here for any suggestions.

http://www.pandasoft...n_principal.htm

Here is a great tutorial on some things you can do to make your ocmputer more efficient.

Restore Your Computer's Performance

[peterm]

1)Did you download any programs or windows up dates before this started to happen ?

2)Do you hear any beeps when you turn the computer on ?
there should be 1 which is the POST beep any more?

3) Is this a laptop or desktop?
if a desktop do you think you could take the cover off check for dust and see if all fans are running ?

If you take the cover you must EARTH yourself Static is a big kiler of computers

Edited by peterm, 20 August 2005 - 09:08 PM.

[Wayne Puckett]

Thanks Coach Wife 6
I have used Panda before but with Netscape. I will use I.E. Tonight and check out tutorial. Trend Micro Housecall did find virus something in or through java I did save that log.Have AGV too.I will post tomarrow. Tried Panda and it keeps assking from user name and password

Peterm
1) Did no downloads that I know of but I do have two young sons that could have.computer hug up at the first of the mounth and when restarted this happened. Do have windows auto update on.
2) Yes one beep(post) when bios loads then hdd detect dos coursor then I have to wait (black) screen I used to get windows loading (white) activity bar at bottom but now that takes 45 minuts to an hour (something reading hdd)
3) Desktop and Yes all fans running

Edited by Wayne Puckett, 21 August 2005 - 12:11 AM.

[Wayne Puckett]

Panda will not let me do the free scan. Maybe it's only a one time thingy I had used panda before

[coachwife6]

Try what peterm suggested or asked you. I'm thinking we have to get the hardware situation straightened out first before we proceed.

[Wayne Puckett]

Peterm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0057)http://housecall60.t...l/en/result.htm -->
<HTML><HEAD><TITLE>Trend Micro Housecall</TITLE>
<META http-equiv=Content-Type content="text/html; charset=utf-8"><LINK
href="Trend Micro Housecall_files/housecall.css" type=text/css
rel=stylesheet><LINK href="Trend Micro Housecall_files/hnss.css" type=text/css
rel=stylesheet>
<script language=JavaScript src="Trend Micro Housecall_files/string.js"
type=text/JavaScript></SCRIPT>

<script src="Trend Micro Housecall_files/hc.js"></SCRIPT>

<script src="Trend Micro Housecall_files/basic.js"></SCRIPT>

<script language=JavaScript id=data_src defer type=text/JavaScript></SCRIPT>

<script language=JavaScript type=text/JavaScript>
<!--

var theDoc = document;
var theWin = window;
var theBody = document.body;
var max_size = 500;
function MM_swapImgRestore() { //v3.0
var i,x,a=theDoc.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;
}

function MM_preloadImages() { //v3.0
var d=theDoc; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
}

function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=theDoc; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}

function MM_swapImage() { //v3.0
var i,j=0,x,a=MM_swapImage.arguments; theDoc.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
if ((x=MM_findObj(a[i]))!=null){theDoc.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
}

function MM_goToURL() { //v3.0
var i, args=MM_goToURL.arguments; theDoc.MM_returnValue = false;
for (i=0; i<(args.length-1); i+=2) eval(args[i]+".location='"+args[i+1]+"'");
}

var virusShow = false;
var WTShow = false;
var SpywareShow = false;
var VAShow = false;

function switch2(st)
{
toggleDisplay(get(st));
//var sTemp = (theDoc.all(st).style.display == "none") ? STR_SHOW : STR_HIDE;
var sTemp;
if (theDoc.all(st).style.display == "none") {
sTemp = STR_SHOW
} else {
sTemp = STR_HIDE;

if ( st == "virus" ) {
if ( !virusShow ) {
virusShow = true;
printVirusResult();
}
} else if ( st == "T" ) {
if ( !WTShow ) {
WTShow = true;
printWTResult();
}
} else if ( st == "S" ) {
if ( !SpywareShow ) {
SpywareShow = true;
printSpywaresResult();
}
} else if ( st == "va" ) {
if ( !VAShow ) {
VAShow = true;
printVAResult();
}
}
}
theDoc.all("btn" + st).value = sTemp;
}

var CHECK_INFO = new Array();
var RISK_INFO = new Array();

CHECK_INFO['virus'] =
{ name:STR_VIRUS_SCAN, risk:RISK_FREE, desc:'', num:0, numInfected:0, selected:0 };

CHECK_INFO['wormtrojan'] =
{ name:STR_TROJAN_WORM_CHECK, risk:RISK_FREE, desc:'', num:0, selected:0 };

CHECK_INFO['spyware'] =
{ name:STR_SPYWARE_CHECK, risk:RISK_FREE, desc:'', num:0, selected:0 };

CHECK_INFO['vulnerability'] =
{ name:STR_MS_VULNERABILITY_CHECK, risk:RISK_FREE, desc:'', num:0, selected:0 };

RISK_INFO[RISK_FREE] = { image_url:'images/icon_free.gif', alt_msg:STR_RISK_FREE };
RISK_INFO[RISK_LOW] = { image_url:'images/icon_low.gif', alt_msg:STR_LOW_RISK };
RISK_INFO[RISK_MEDIUM] = { image_url:'images/icon_medium.gif', alt_msg:STR_MEDIUM_RISK };
RISK_INFO[RISK_HIGH] = { image_url:'images/icon_high.gif', alt_msg:STR_HIGH_RISK };

var BASE_URL_VIRUS =
'http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=';
var BASE_URL_WORMTROJAN =
'http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=';
var BASE_URL_SPYWARE =
'http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=';
var BASE_URL_VULNERABILITY =
'http://www.trendmicro.com/en/security/advisories/';

var num_virus_infected_files = 0;
var num_spyware_no_cookie = 0;
var num_spyware_is_cookie = 0;

function image_link(name) {
var risk = CHECK_INFO[name].risk;
var img;
img = theDoc.createElement("IMG");
img.src = RISK_INFO[risk].image_url;
img.alt = RISK_INFO[risk].alt_msg;
img.style.width = "24";
img.style.height = "24";
img.align = "absmiddle";
return img;
//var risk = CHECK_INFO[name].risk;
//return '<img src="' + RISK_INFO[risk].image_url + '" alt="' +
// RISK_INFO[risk].alt_msg + '" width="24" height="24" align="absmiddle">';
}

function process_summary() {
var mode = 0;
var flags = 0;
var total_threat = 0;
var num;
var risk;

mode = getCookie(HC_COOKIE_SCAN_MODE);

flags = getCookie(HC_COOKIE_SCAN_FLAGS);

if (flags & CVS) {
num = (typeof INFECTED_FILES != "undefined") ?
INFECTED_FILES.length : 0;
risk = getCookie('risk_virus');
CHECK_INFO['virus'].selected = true;
CHECK_INFO['virus'].num = num;
CHECK_INFO['virus'].numInfected = (typeof NumInfected != "undefined") ? NumInfected : 0;
CHECK_INFO['virus'].risk = (typeof risk == "number") ?
risk : (num > 0 ? RISK_HIGH : RISK_FREE);
CHECK_INFO['virus'].desc = (CHECK_INFO['virus'].num == 0) ? STR_NO_VIRUS_FOUND :
((CHECK_INFO['virus'].num > 1) ?
num + STR_MULTIPLE_VIRUSES_FOUND : STR_ONE_VIRUS_FOUND);
total_threat += CHECK_INFO['virus'].num;
}

if (flags & CVS) {
num = (typeof DETECTED_WORMS_TROJANS != "undefined") ?
DETECTED_WORMS_TROJANS.length : 0;
risk = getCookie('risk_wormtrojan');
CHECK_INFO['wormtrojan'].selected = true;
CHECK_INFO['wormtrojan'].num = num;
CHECK_INFO['wormtrojan'].risk = (typeof risk == "number") ?
risk : (num > 0 ? RISK_HIGH : RISK_FREE);
CHECK_INFO['wormtrojan'].desc = (CHECK_INFO['wormtrojan'].num == 0) ? STR_NO_WORMTROJAN_FOUND :
((CHECK_INFO['wormtrojan'].num > 1) ?
num + STR_MULTIPLE_WORMTROJANES_FOUND : STR_ONE_WORMTROJAN_FOUND);
total_threat += CHECK_INFO['wormtrojan'].num;
}

if (flags & CSS) {
num = (typeof DETECTED_SPYWARES != "undefined") ?
DETECTED_SPYWARES.length : 0;

for (z = 0; z < num; z++) {
CheckSpywareType(DETECTED_SPYWARES[z].name);
}

risk = getCookie('risk_spyware');
CHECK_INFO['spyware'].selected = true;
CHECK_INFO['spyware'].num = num;
CHECK_INFO['spyware'].risk = (typeof risk == "number") ?
risk : ((num_spyware_no_cookie != 0) ? RISK_MEDIUM : ((num_spyware_is_cookie != 0) ? RISK_LOW : RISK_FREE));


CHECK_INFO['spyware'].desc = (CHECK_INFO['spyware'].num == 0) ? STR_NO_SPYWARE_FOUND :
((CHECK_INFO['spyware'].num > 1) ?
num + STR_MULTIPLE_SPYWARES_FOUND : STR_ONE_SPYWARE_FOUND);
total_threat += CHECK_INFO['spyware'].num;
}

if (flags & CVA) {
num = (typeof DETECTED_VULNERABILITIES != "undefined") ?
DETECTED_VULNERABILITIES.length : 0;
risk = getCookie('risk_vulnerability');
CHECK_INFO['vulnerability'].selected = true;
CHECK_INFO['vulnerability'].risk = (typeof risk == "number") ?
risk : (num > 0 ? RISK_MEDIUM : RISK_FREE);

var highest = RISK_FREE;
if (typeof DETECTED_VULNERABILITIES != "undefined") {
for (var i = 0; i < DETECTED_VULNERABILITIES.length; i++) {
var level = DETECTED_VULNERABILITIES[i].risk;
if (level >= 0 && level <= 1) level = RISK_LOW;
else if (level >= 2 && level <= 3) level = RISK_MEDIUM;
else if (level >= 4 && level <= 5) level = RISK_HIGH;
else level = RISK_FREE;
if (level > highest) highest = level;
}
}

CHECK_INFO['vulnerability'].risk = highest;

CHECK_INFO['vulnerability'].num = num;
CHECK_INFO['vulnerability'].desc = (CHECK_INFO['vulnerability'].num == 0) ? STR_NO_VULN_FOUND :
((CHECK_INFO['vulnerability'].num > 1) ?
num + STR_MULTIPLE_VULNS_FOUND : STR_ONE_VULN_FOUND);
total_threat += CHECK_INFO['vulnerability'].num;
}
}


function onLoad()
{
var printable_result = false;
var result_path = getCookie(HC_COOKIE_RESULT_PATH);

if (theWin.blur)
theWin.focus();

//if (typeof theWin.opener != "undefined") {
if (theWin.parent.location.href.indexOf('result.htm') != -1) {
printable_result = true;
hide(get('button_virus'));
hide(get('button_S'));
hide(get('button_T'));
hide(get('button_va'));

theDoc.getElementById('td_virus_scan').innerText = " " + theDoc.getElementById('td_virus_scan').innerText;
theDoc.getElementById('td_Trojan').innerText = " " + theDoc.getElementById('td_Trojan').innerText;
theDoc.getElementById('td_spyware').innerText = " " + theDoc.getElementById('td_spyware').innerText;
theDoc.getElementById('td_Vulnerability').innerText = " " + theDoc.getElementById('td_Vulnerability').innerText;

}
//}

if (typeof result_path != "string")
result_path = TEMP_RESULT_PAGE_DEFAULT;
else
result_path = "file:///" + hcEscape(result_path);

theDoc.getElementById('data_src').src = result_path;

process_summary();

if (CHECK_INFO['virus'].selected) {
display(get('summary_virus'));
if (printable_result) display(get('virus'));
if (CHECK_INFO['virus'].num > 0)
display(get('details_virus'));
display(get('divider_1'));
}

if (CHECK_INFO['wormtrojan'].selected) {
display(get('summary_wormtrojan'));
if (printable_result) display(get('T'));
if (CHECK_INFO['wormtrojan'].num > 0)
display(get('details_wormtrojan'));
display(get('divider_2'));

}

if (CHECK_INFO['spyware'].selected) {
display(get('summary_spyware'));
if (printable_result) display(get('S'));
if (CHECK_INFO['spyware'].num > 0)
display(get('details_spyware'));
display(get('divider_3'));
}

if (CHECK_INFO['vulnerability'].selected) {
display(get('summary_vulnerability'));
if (printable_result) display(get('va'));
if (CHECK_INFO['vulnerability'].num > 0)
display(get('details_vulnerability'));
display(get('divider_4'));
}

outputData();
if (printable_result) {
printVirusResult();
printWTResult();
printSpywaresResult();
printVAResult();
}
}

function getCleanActionMsg(action) {
if (action == 0) {
return STR_ACTION_NOT_CLEANED;
} else if (action == 1) {
return STR_ACTION_CLEAN_SUCCESS;
} else if (action == 2) {
return STR_ACTION_CLEAN_FAILURE;
} else if (action == 3) {
return STR_ACTION_DELETE_SUCCESS;
} else if (action == 4) {
return STR_ACTION_DELETE_FAILURE;
} else if (action == 5) {
return STR_ACTION_IGNORE;
}
return STR_ACTION_UNKNOWN;
}

function getDCSActionMsg(action) {
if (action == 0) {
return STR_DCS_ACTION_NOT_CLEANED;
} else if (action == 1) {
return STR_DCS_ACTION_CLEAN_SUCCESS;
} else if (action == 2) {
return STR_DCS_ACTION_CLEAN_FAILURE;
} else if (action == 5) {
return STR_ACTION_IGNORE;
} else if (action == 7 || action == 9) {
return STR_DCS_ACTION_CLEAN_SUCCESS + ' (' + STR_TSC_ACTION_REBOOT + ')';
} else if (action == 8) {
return STR_DCS_ACTION_CLEAN_FAILURE + ' (' + STR_TSC_ACTION_REBOOT + ')';
}
return STR_TSC_ACTION_UNKNOWN;
}

function getSPYWActionMsg(action) {
if (action == 0) {
return STR_SPYW_ACTION_NOT_CLEANED;
} else if (action == 1) {
return STR_SPYW_ACTION_CLEAN_SUCCESS;
} else if (action == 2) {
return STR_SPYW_ACTION_CLEAN_FAILURE;
} else if (action == 5) {
return STR_ACTION_IGNORE;
} else if (action == 7 || action == 9) {
return STR_SPYW_ACTION_CLEAN_SUCCESS + ' (' + STR_TSC_ACTION_REBOOT + ')';
} else if (action == 8) {
return STR_SPYW_ACTION_CLEAN_FAILURE + ' (' + STR_TSC_ACTION_REBOOT + ')';
}
return STR_TSC_ACTION_UNKNOWN;
}

function GetWormsTrojansType(str) {
if (str.indexOf('WORM') != -1) {
return STR_WORM;
} else if (str.indexOf('TROJ') == 0) {
return STR_TROJ;
} else if (str.indexOf('PE') == 0) {
return STR_PE;
}
return STR_OTHERS;
}

function CheckSpywareType(str) {
if (str.indexOf('ADW') != -1) {
num_spyware_no_cookie++;
} else if (str.indexOf('COOKIE') == 0) {
num_spyware_is_cookie++;
} else if (str.indexOf('SPYW') == 0) {
num_spyware_no_cookie++;
} else if (str.indexOf('BHO') == 0) {
num_spyware_no_cookie++;
} else if (str.indexOf('BKDR') == 0) {
num_spyware_no_cookie++;
} else if (str.indexOf('DIAL') == 0) {
num_spyware_no_cookie++;
} else if (str.indexOf('HKTL') == 0) {
num_spyware_no_cookie++;
} else if (str.indexOf('RAP') == 0) {
num_spyware_no_cookie++;
}
}

function GetSpywaresType(str) {
if (str.indexOf('ADW') != -1) {
num_spyware_no_cookie++;
return STR_ADW;
} else if (str.indexOf('COOKIE') == 0) {
num_spyware_is_cookie++;
return STR_COOKIE;
} else if (str.indexOf('SPYW') == 0) {
num_spyware_no_cookie++;
return STR_SPYW;
} else if (str.indexOf('BHO') == 0) {
num_spyware_no_cookie++;
return STR_BHO;
} else if (str.indexOf('BKDR') == 0) {
num_spyware_no_cookie++;
return STR_BKDR;
} else if (str.indexOf('DIAL') == 0) {
num_spyware_no_cookie++;
return STR_DIAL;
} else if (str.indexOf('HKTL') == 0) {
num_spyware_no_cookie++;
return STR_HKTL;
} else if (str.indexOf('RAP') == 0) {
num_spyware_no_cookie++;
return STR_RAP;
}
num_spyware_no_cookie++;
return STR_OTHERS;
}

function getRiskLevelMsg(risk) {
switch (risk) {
case 1:
return STR_VA_RISK_LEVEL_LOW;
break;
case 2:
return STR_VA_RISK_LEVEL_MODERATE;
break;
case 3:
return STR_VA_RISK_LEVEL_IMPORTANT;
break;
case 4:
return STR_VA_RISK_LEVEL_CRITICAL;
break;
case 5:
return STR_VA_RISK_LEVEL_HIGHLY_CRIT;
break;
default:
return STR_VA_RISK_LEVEL_UNKNOWN;
break;
}
}

function outputData()
{
var object;

object = theDoc.getElementById('risk_virus');
object.insertBefore(image_link('virus'), null);
object = theDoc.getElementById('risk_wormtrojan');
object.insertBefore(image_link('wormtrojan'), null);
object = theDoc.getElementById('risk_spyware');
object.insertBefore(image_link('spyware'), null);
object = theDoc.getElementById('risk_vulnerability');
object.insertBefore(image_link('vulnerability'), null);

theDoc.getElementById('msg_virus').innerText =
CHECK_INFO['virus'].desc;
theDoc.getElementById('msg_wormtrojan').innerText =
CHECK_INFO['wormtrojan'].desc;
theDoc.getElementById('msg_spyware').innerText =
CHECK_INFO['spyware'].desc;
theDoc.getElementById('msg_vulnerability').innerText =
CHECK_INFO['vulnerability'].desc;

theDoc.getElementById('num_virus').innerText =
CHECK_INFO['virus'].num;
theDoc.getElementById('num_infected').innerText =
CHECK_INFO['virus'].numInfected;
if (CHECK_INFO['virus'].numInfected > max_size)
{
theDoc.getElementById('max_infected').innerText =
max_size;
theDoc.getElementById('num_infected2').innerText =
CHECK_INFO['virus'].numInfected;
theDoc.getElementById('limit_infected').style.display="";
}
theDoc.getElementById('num_wormtrojan').innerText =
CHECK_INFO['wormtrojan'].num;
if (CHECK_INFO['wormtrojan'].num > max_size)
{
theDoc.getElementById('max_wormtrojan').innerText =
max_size;
theDoc.getElementById('num_wormtrojan2').innerText =
CHECK_INFO['wormtrojan'].num;
theDoc.getElementById('limit_wormtrojan').style.display="";
}
theDoc.getElementById('num_spyware').innerText =
CHECK_INFO['spyware'].num;
if (CHECK_INFO['spyware'].num > max_size)
{
theDoc.getElementById('max_spyware').innerText =
max_size;
theDoc.getElementById('num_spyware2').innerText =
CHECK_INFO['spyware'].num;
theDoc.getElementById('limit_spyware').style.display="";
}
theDoc.getElementById('num_vulnerability').innerText =
CHECK_INFO['vulnerability'].num;
if (CHECK_INFO['vulnerability'].num > max_size)
{
theDoc.getElementById('max_vulnerability').innerText =
max_size;
theDoc.getElementById('num_vulnerability2').innerText =
CHECK_INFO['vulnerability'].num;
theDoc.getElementById('limit_vulnerability').style.display="";
}
}

function printVirusResult() {
var tbl, tbody, tr, td, div, a, buffer, i;

if (typeof INFECTED_FILES != "undefined") {
var details_virus_list_object;
var tableflag = false;
var size = max_size;
var numDropDown = 0;

details_virus_list_object = theDoc.getElementById('details_virus_list');
tbl = theDoc.createElement("TABLE");
tbl.cellpadding = "0";
tbl.cellspacing = "4";
tbl.style.width = "100%";
tbl.style.fontFamily = "Arial, Helvetica, sans-serif";
tbl.style.fontSize = "11px";
tbl.style.paddingTop = "1px";
tbl.style.paddingRight ="1px";
tbl.style.paddingBottom = "1px";
tbl.style.paddingLeft = "1px";
tbl.style.backgroundColor = "#E8E8E8";

tbody = theDoc.createElement("TBODY");
tbl.insertBefore(tbody,null);
details_virus_list_object.insertBefore(tbl, null);

for (i = 0; i < INFECTED_FILES.length ; i++) {
var virus_array = INFECTED_FILES[i].detected_viruses.split(';');
for (var j = 0; j < virus_array.length; j++) {
var virus_info = virus_array[j].split(':');
var url = BASE_URL_VIRUS + virus_info[0].replace("*", "");
var threatname = INFECTED_FILES[i].filename;

if (INFECTED_FILES[i].viruses_type == 1)
threatname = STR_DRIVE_BOOT_RECORD + threatname;
else if (INFECTED_FILES[i].viruses_type == 2)
threatname = STR_DRIVE_PARTITION_TABLE + threatname;

//zip file
if (INFECTED_FILES[i].fileinArch.length)
{
if (tableflag == false) {
//start of sub-table
tableflag = true;

//Add a row of zip file
tr = theDoc.createElement("TR");
tr.valign = "center";
tbody.insertBefore(tr,null);

td = theDoc.createElement("TD");
td.style.wordBreak = "break-all";
td.style.width = "50%";
td.innerText = threatname;
tr.insertBefore(td, null);

td = theDoc.createElement("TD");
td.align = "center";
td.style.width = "30%";
tr.insertBefore(td,null);

td = theDoc.createElement("TD");
td.style.width = "20%";
tr.insertBefore(td, null);
div = theDoc.createElement("DIV");
div.align="center";
td.insertBefore(div,null);
numDropDown++;
}

tr = theDoc.createElement("TR");
tr.valign="center";
tbody.insertBefore(tr,null);

td = theDoc.createElement("TD");
td.paddingLeft = "10px";
td.style.wordBreak = "break-all";
td.style.width = "50%";
buffer = "- ";

if ( INFECTED_FILES[i].fileinArch.length )
buffer += INFECTED_FILES[i].fileinArch;
else
buffer += "";
td.innerText = buffer;
tr.insertBefore(td, null);

td = theDoc.createElement("TD");
tr.insertBefore(td, null);
div = theDoc.createElement("DIV");
div.align = "center";
td.insertBefore(div, null);
a = theDoc.createElement("A");
a.href = url;
a.target = "_blank";
a.width="30%";
a.innerText = virus_info[0];
div.insertBefore(a, null);
td = theDoc.createElement("TD");
td.style.width = "20%";
tr.insertBefore(td,null);
div = theDoc.createElement("DIV");
div.align="center";
td.insertBefore(div,null);

if (tableflag == true &&
((i < INFECTED_FILES.length -1 && INFECTED_FILES[i].filename != INFECTED_FILES[i+1].filename) ||
(i == INFECTED_FILES.length - 1)))
{
//end of sub-table
tableflag = false;
}
} else {
//not zip file

tr = theDoc.createElement("TR");
tr.valign = "center";
tbody.insertBefore(tr,null);
td = theDoc.createElement("TD");
td.style.wordBreak = "break-all";
td.style.width = "50%";
td.innerText = threatname;
tr.insertBefore(td, null);

td = theDoc.createElement("TD");
tr.insertBefore(td, null);
div = theDoc.createElement("DIV");
div.align = "center";
td.insertBefore(div, null);
a = theDoc.createElement("A");
a.href = url;
a.target = "_blank";
a.width="30%";
a.innerText = virus_info[0];
div.insertBefore(a, null);
td = theDoc.createElement("TD");
td.style.width = "20%";
tr.insertBefore(td,null);
div = theDoc.createElement("DIV");
div.align="center";
td.insertBefore(div,null);
numDropDown++;
}
}
if ( numDropDown == size )
i = INFECTED_FILES.length;
}
}
}

function printWTResult() {
var tbl, tbody, tr, td, div, a, buffer, i;

if (typeof DETECTED_WORMS_TROJANS != "undefined") {
var details_wormtrojan_list_object = theDoc.getElementById('details_wormtrojan_list');
var size = max_size;

tbl = theDoc.createElement("TABLE");
tbl.cellpadding = "0";
tbl.cellspacing = "4";
tbl.style.width = "100%";
tbl.style.fontFamily = "Arial, Helvetica, sans-serif";
tbl.style.fontSize = "11px";
tbl.style.paddingTop = "1px";
tbl.style.paddingRight ="1px";
tbl.style.paddingBottom = "1px";
tbl.style.paddingLeft = "1px";
tbl.style.backgroundColor = "#E8E8E8";

tbody = theDoc.createElement("TBODY");
tbl.insertBefore(tbody,null);
details_wormtrojan_list_object.insertBefore(tbl, null);
if ( DETECTED_WORMS_TROJANS.length < size)
size = DETECTED_WORMS_TROJANS.length;

for (i = 0; i < size; i++) {
var url = BASE_URL_WORMTROJAN + DETECTED_WORMS_TROJANS[i].name;
tr = theDoc.createElement("TR");
tr.valign = "center";
tbody.insertBefore(tr, null);

td = theDoc.createElement("TD");
td.style.width = "30%";
tr.insertBefore(td, null);
a = theDoc.createElement("A");
a.href = url;
a.target = "_blank";
a.innerText = DETECTED_WORMS_TROJANS[i].name;
td.insertBefore(a, null);

td = theDoc.createElement("TD");
td.style.width = "50%";
tr.insertBefore(td,null);

div = theDoc.createElement("DIV");
div.align = "center";
div.innerText = GetWormsTrojansType(DETECTED_WORMS_TROJANS[i].name);
td.insertBefore(div, null);

td = theDoc.createElement("TD");
td.style.width = "20%";
tr.insertBefore(td, null);

div = theDoc.createElement("DIV");
div.align = "center";
td.insertBefore(div, null);
}
}
}

function printSpywaresResult() {
var tbl, tbody, tr, td, div, a, buffer, i;

if (typeof DETECTED_SPYWARES != "undefined") {
var details_spyware_list_object = theDoc.getElementById('details_spyware_list');
var size = max_size;

tbl = theDoc.createElement("TABLE");
tbl.cellpadding = "0";
tbl.cellspacing = "4";
tbl.style.width = "100%";
tbl.style.fontFamily = "Arial, Helvetica, sans-serif";
tbl.style.fontSize = "11px";
tbl.style.paddingTop = "1px";
tbl.style.paddingRight ="1px";
tbl.style.paddingBottom = "1px";
tbl.style.paddingLeft = "1px";
tbl.style.backgroundColor = "#E8E8E8";

tbody = theDoc.createElement("TBODY");
tbl.insertBefore(tbody,null);
details_spyware_list_object.insertBefore(tbl, null);
if ( DETECTED_SPYWARES.length < size)
size = DETECTED_SPYWARES.length;

for (i = 0; i < size; i++) {
var url = BASE_URL_SPYWARE + DETECTED_SPYWARES[i].name;

tr = theDoc.createElement("TR");
tr.valign = "center";
tbody.insertBefore(tr, null);

td = theDoc.createElement("TD");
td.style.width = "30%";
tr.insertBefore(td);

a = theDoc.createElement("A");
a.href = url;
a.target = "_blank";
a.innerText = DETECTED_SPYWARES[i].name;
td.insertBefore(a, null);

td = theDoc.createElement("TD");
td.style.width = "50%";
tr.insertBefore(td, null);

div = theDoc.createElement("DIV");
div.align = "center";
div.innerText = GetSpywaresType(DETECTED_SPYWARES[i].name);
td.insertBefore(div, null);

td = theDoc.createElement("TD");
td.style.width = "20%";
tr.insertBefore(td, null);

div = theDoc.createElement("DIV");
div.align = "center";
td.insertBefore(div, null);
}
}
}

function printVAResult() {
var tbl, tbody, tr, td, div, a, buffer, i;

if (typeof DETECTED_VULNERABILITIES != "undefined") {
var details_vulnerability_list_object = theDoc.getElementById('details_vulnerability_list');
var size = max_size;

tbl = theDoc.createElement("TABLE");
tbl.cellpadding = "0";
tbl.cellspacing = "4";
tbl.style.width = "100%";
tbl.style.fontFamily = "Arial, Helvetica, sans-serif";
tbl.style.fontSize = "11px";
tbl.style.paddingTop = "1px";
tbl.style.paddingRight ="1px";
tbl.style.paddingBottom = "1px";
tbl.style.paddingLeft = "1px";
tbl.style.backgroundColor = "#E8E8E8";

tbody = theDoc.createElement("TBODY");
tbl.insertBefore(tbody,null);
details_vulnerability_list_object.insertBefore(tbl, null);
if ( DETECTED_VULNERABILITIES.length < size)
size = DETECTED_VULNERABILITIES.length;

for (i = 0; i < size; i++) {
var url = BASE_URL_VULNERABILITY + DETECTED_VULNERABILITIES[i].name + '.htm';

tr = theDoc.createElement("TR");
tbody.insertBefore(tr, null);

td = theDoc.createElement("TD");
td.valign = "top";
td.style.width = "15%";
td.innerText = getRiskLevelMsg(DETECTED_VULNERABILITIES[i].risk);
tr.insertBefore(td, null);

td = theDoc.createElement("TD");
td.valign = "top";
td.innerText = DETECTED_VULNERABILITIES[i].desc;
tr.insertBefore(td, null);

td = theDoc.createElement("TD");
td.valign = "top";
td.align = "center";
td.style.width = "20%";
td.innerText = " ";
tr.insertBefore(td,null);

a = theDoc.createElement("A");
a.href = url;
a.target = "_blank";
a.innerText = DETECTED_VULNERABILITIES[i].name;
td.insertBefore(a,null);
}
}
}

//-->
</SCRIPT>

<META content="MSHTML 6.00.2900.2722" name=GENERATOR></HEAD>
<BODY oncontextmenu=window.event.returnValue=false leftMargin=0 topMargin=0
onload=onLoad() marginheight="0" marginwidth="0">
<TABLE class=table cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR id=summary_virus style="DISPLAY: none">
<TD class=contentbold id=td_virus_scan bgColor=#ffffff height=28>Virus
Scan</TD>
<TD class="" bgColor=#ffffff height=28>
<DIV id=risk_virus align=center></DIV></TD>
<TD class=content id=msg_virus bgColor=#ffffff height=28></TD>
<TD class="" height=28>
<DIV id=button_virus align=center><INPUT class=buybutton id=btnvirus style="WIDTH: 60px" onclick="switch2('virus')" type=button value=Show name=btnvirus>
</DIV></TD></TR>
<TR id=divider_1 style="DISPLAY: none" bgColor=#cccccc>
<TD class=contentbold colSpan=4 height=1><IMG height=1
src="Trend Micro Housecall_files/1space.gif" width=1></TD></TR>
<TR>
<TD colSpan=4>
<TABLE id=virus style="DISPLAY: none" cellSpacing=0 cellPadding=0
width="100%">
<TBODY>
<TR>
<TD class=data2>
<TABLE class=data3 cellSpacing=0 cellPadding=5 width="100%">
<TBODY>
<TR></TR>
<TR>
<TD><STRONG>Results:</STRONG><BR>We have detected <SPAN
id=num_infected>0</SPAN> infected file(s) with <SPAN
id=num_virus>0</SPAN> virus(es) on your computer<SPAN
id=limit_infected style="DISPLAY: none">. Only <SPAN
id=max_infected>0</SPAN> out of <SPAN
id=num_infected2>0</SPAN> infected files are displayed</SPAN>.
<BR>
<TABLE class=data3 id=details_virus style="DISPLAY: none"
cellSpacing=4 cellPadding=0 width="100%">
<TBODY>
<TR>
<TD width="50%"><STRONG>Detected File</STRONG></TD>
<TD width="30%">
<DIV align=center><B>Associated Virus Name</B></DIV></TD>
<TD width="20%">
<DIV align=center><B></B></DIV></TD></TR><!--
<tr>
<td>C:\download\doc\file.doc</td>
<td>XXX</td>
<td>Clean</td>
</tr>
<tr>
<td>C:\download\doc\file2.doc</td>
<td>XXX</td>
<td>Clean</td>
</tr>
-->
<TR>
<TD id=details_virus_list
colSpan=3></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR>
<TR id=summary_wormtrojan style="DISPLAY: none">
<TD class=contentbold id=td_Trojan bgColor=#ffffff height=28>Trojan/Worm
Check</TD>
<TD class="" width="6%" bgColor=#ffffff height=28>
<DIV id=risk_wormtrojan align=center></DIV></TD>
<TD class=content id=msg_wormtrojan width="37%" bgColor=#ffffff
height=28></TD>
<TD class="" height=28>
<DIV id=button_T align=center><INPUT class=buybutton id=btnT style="WIDTH: 60px" onclick="switch2('T')" type=button value=Show name=btnT>
</DIV></TD></TR>
<TR id=divider_2 style="DISPLAY: none" bgColor=#cccccc>
<TD class=contentbold colSpan=4 height=1><IMG height=1
src="Trend Micro Housecall_files/1space.gif" width=1></TD></TR>
<TR>
<TD colSpan=4>
<TABLE id=T style="DISPLAY: none" cellSpacing=0 cellPadding=0
width="100%">
<TBODY>
<TR>
<TD class=data2>
<TABLE class=data3 cellSpacing=0 cellPadding=5 width="100%">
<TBODY>
<TR>
<TD><STRONG>What we checked:</STRONG><BR>Malicious activity by
a Trojan horse program. Although a Trojan seems like a
harmless program, it contains malicious code and once
installed can cause damage to your computer. </TD></TR>
<TR>
<TD><STRONG>Results:</STRONG><BR>We have detected <SPAN
id=num_wormtrojan>0</SPAN> Trojan horse program(s) and worm(s)
on your computer<SPAN id=limit_wormtrojan
style="DISPLAY: none">. Only <SPAN id=max_wormtrojan>0</SPAN>
out of <SPAN id=num_wormtrojan2>0</SPAN> Trojan horse programs
and worms are displayed</SPAN>.<BR>
<TABLE class=data3 id=details_wormtrojan style="DISPLAY: none"
cellSpacing=4 cellPadding=0 width="100%">
<TBODY>
<TR>
<TD width="30%"><STRONG>Trojan/Worm Name</STRONG></TD>
<TD width="50%">
<DIV align=center><STRONG>Trojan/Worm
Type</STRONG></DIV></TD>
<TD width="20%">
<DIV align=center><STRONG></STRONG></DIV></TD></TR><!--
<tr>
<td valign="top">XXX</td>
<td><a href="http://www.trendmicr...ROJ_IRCDREAM.A" target="_blank">http://www.trendmicr...REAM.A</a></td>
</tr>
-->
<TR>
<TD id=details_wormtrojan_list
colSpan=3></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR>
<TR id=summary_spyware style="DISPLAY: none">
<TD class=contentbold id=td_spyware width="43%" bgColor=#ffffff
height=28>Spyware Check</TD>
<TD class="" bgColor=#ffffff height=28>
<DIV id=risk_spyware align=center></DIV></TD>
<TD class=content id=msg_spyware bgColor=#ffffff height=28></TD>
<TD class="" width="14%" height=28>
<DIV id=button_S align=center><INPUT class=buybutton id=btnS style="WIDTH: 60px" onclick="switch2('S')" type=button value=Show name=btnS>
</DIV></TD></TR>
<TR id=divider_3 style="DISPLAY: none" bgColor=#cccccc>
<TD class=contentbold colSpan=4 height=1><IMG height=1
src="Trend Micro Housecall_files/1space.gif" width=1></TD></TR>
<TR>
<TD colSpan=4>
<TABLE id=S style="DISPLAY: none" cellSpacing=0 cellPadding=0
width="100%">
<TBODY>
<TR>
<TD class=data2>
<TABLE class=data3 cellSpacing=0 cellPadding=5 width="100%">
<TBODY>
<TR>
<TD><STRONG>What we checked:</STRONG><BR>Whether personal
information was tracked and reported by spyware. Spyware is
often installed secretly with legitimate programs downloaded
from the Internet. </TD></TR>
<TR>
<TD><STRONG>Results:</STRONG><BR>We have detected <SPAN
id=num_spyware>0</SPAN> spyware(s) on your computer<SPAN
id=limit_spyware style="DISPLAY: none">. Only <SPAN
id=max_spyware>0</SPAN> out of <SPAN id=num_spyware2>0</SPAN>
spywares are displayed</SPAN>. <BR>
<TABLE class=data3 id=details_spyware style="DISPLAY: none"
cellSpacing=4 cellPadding=0 width="100%">
<TBODY>
<TR>
<TD width="30%"><STRONG>Spyware Name</STRONG></TD>
<TD width="50%">
<DIV align=center><STRONG>Spyware Type</STRONG></DIV></TD>
<TD width="20%">
<DIV align=center><STRONG></STRONG></DIV></TD></TR><!--
<tr>
<td valign="top">XXX</td>
<td><a href="http://www.trendmicr...ROJ_IRCDREAM.A" target="_blank">http://www.trendmicr...REAM.A</a></td>
</tr>
-->
<TR>
<TD id=details_spyware_list
colSpan=3></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR>
<TR id=summary_vulnerability style="DISPLAY: none">
<TD class=contentbold id=td_Vulnerability bgColor=#ffffff
height=28>Microsoft Vulnerability Check</TD>
<TD class="" bgColor=#ffffff height=28>
<DIV id=risk_vulnerability align=center></DIV></TD>
<TD class=content id=msg_vulnerability bgColor=#ffffff height=28></TD>
<TD class="" height=28>
<DIV id=button_va align=center><INPUT class=buybutton id=btnva style="WIDTH: 60px" onclick="switch2('va')" type=button value=Show name=btnva>
</DIV></TD></TR>
<TR id=divider_4 style="DISPLAY: none" bgColor=#cccccc>
<TD class=contentbold colSpan=4 height=1><IMG height=1
src="Trend Micro Housecall_files/1space.gif" width=1></TD></TR>
<TR>
<TD colSpan=4>
<TABLE id=va style="DISPLAY: none" cellSpacing=0 cellPadding=0
width="100%">
<TBODY>
<TR>
<TD class=data2>
<TABLE class=data3 cellSpacing=0 cellPadding=5 width="100%">
<TBODY>
<TR>
<TD><STRONG>What we checked:</STRONG><BR>Microsoft known
security vulnerabilities. These are issues Microsoft has
identified and released Critical Updates to fix. </TD></TR>
<TR>
<TD><STRONG>Results:</STRONG><BR>We have detected <SPAN
id=num_vulnerability>0</SPAN> vulnerability/vulnerabilities on
your computer<SPAN id=limit_vulnerability
style="DISPLAY: none">. Only <SPAN
id=max_vulnerability>0</SPAN> out of <SPAN
id=num_vulnerability2>0</SPAN> vulnerabilities are
displayed</SPAN>. <BR>
<TABLE class=data3 id=details_vulnerability
style="DISPLAY: none" cellSpacing=4 cellPadding=0
width="100%">
<TBODY>
<TR>
<TD width="15%"><STRONG>Risk Level</STRONG></TD>
<TD><STRONG>Issue</STRONG></TD>
<TD align=middle width="20%"><STRONG>How to
Fix</STRONG></TD></TR>
<TR>
<TD id=details_vulnerability_list
colSpan=3></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR><!--
<tr>
<td colspan="4" class="contentbold"> </td>
</tr>
--></TBODY></TABLE></BODY></HTML>

[coachwife6]

what did you just post?

[Wayne Puckett]

Online scan log from Trend Micro.