scottydog
2006-08-10, 22:04
Hi there,
I am currently troubleshooting some probs on my step dads pc whereby on running spybot I keep picking up the following malware mentioned in the subject title. I fix this in spybot and run a new scan but for some reason these offending items have still not been removed. I have tried a number of things already but don't appear to be making too much progress and am getting increasingly frustrated at my lack of progress. In conjunction with spybot the pc is also running adaware and avg. I have also tried running specific fixes that I have found called SmitFraudFix and also Vundofix.exe (by S!iri) as per a similar thread that was posted by jdl155 on 8th aug and replied to by teacup. I still have to try a few things as listed in the thread including silent runners.zip and combofix.exe but I thought I would post my logfiles in the meantime whilst waiting for a reply.
I have also ran DrWebCureit which did not fix the problem. How hardful are these viruses by the way as my step dad is now extremely paranoid about putting his credit card details in to purchase anything and where could he have picked this up from? Is he right to be so paranoid? I have also attempted to download the win2000 updates but appear to be having probs downloading these also (a seperate issue that I am looking in to). I would like to think that this can be fixed without wiping the pc totally and any ideas that you could offer would be greatly appreciated.
Thanks in advance
Scott
AVG LOGFILE
<history>
<!-- 01c6bc97989a2400 -->
<rec time="2006/04/13 11:19:50" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:317-316;</attr>
</rec>
<rec time="2006/04/14 17:36:41" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:319-317;</attr>
</rec>
<rec time="2006/04/16 09:49:12" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:320-319;</attr>
</rec>
<rec time="2006/04/17 20:02:33" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:737-736;iavi:321-320;</attr>
</rec>
<rec time="2006/04/18 11:53:09" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:739-737;iavi:324-321;</attr>
</rec>
<rec time="2006/04/19 10:24:53" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:740-739;iavi:325-324;</attr>
</rec>
<rec time="2006/04/20 12:22:25" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:326-325;</attr>
</rec>
<rec time="2006/04/21 11:29:42" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:327-326;</attr>
</rec>
<rec time="2006/04/22 16:58:07" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:741-740;iavi:328-327;</attr>
</rec>
<rec time="2006/04/23 14:54:34" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:329-328;</attr>
</rec>
<rec time="2006/04/25 10:10:13" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:742-741;iavi:330-329;</attr>
</rec>
<rec time="2006/04/26 09:49:11" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:331-330;</attr>
</rec>
<rec time="2006/04/27 09:49:19" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:743-742;iavi:332-331;</attr>
</rec>
<rec time="2006/04/28 15:58:43" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:744-743;iavi:333-332;</attr>
</rec>
<rec time="2006/04/29 17:50:16" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:334-333;</attr>
</rec>
<rec time="2006/05/01 19:07:58" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:335-334;</attr>
</rec>
<rec time="2006/05/03 09:50:01" user="SYSTEM" source="Update">
<value>@HL_UpdateOKNeedRestart</value>
<attr
name="version">avi:745-744;core:392-381;core9x:392-381;corent:392-381;dos:392-381;helpsm:386-373;iavi:336-335;lng:389-381;setup:389-381;update:389-385;</attr
>
</rec>
<rec time="2006/05/03 15:56:33" user="Administrator" source="General">
<value>@HL_TestStarted</value>
<attr
name="testname">@TestName_02</attr>
</rec>
<rec time="2006/05/03 16:28:18" user="Administrator" source="General">
<value>@HL_TestEnded</value>
<attr
name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2006/05/04 11:41:36" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:746-745;iavi:338-336;</attr>
</rec>
<rec time="2006/05/05 10:13:53" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:747-746;iavi:339-338;</attr>
</rec>
<rec time="2006/05/07 10:16:14" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:748-747;iavi:340-339;</attr>
</rec>
<rec time="2006/05/09 15:38:59" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:341-340;</attr>
</rec>
<rec time="2006/05/10 12:26:56" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:342-341;</attr>
</rec>
<rec time="2006/05/12 13:33:32" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:749-748;iavi:344-342;</attr>
</rec>
<rec time="2006/05/13 09:58:57" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:345-344;</attr>
</rec>
<rec time="2006/05/14 12:02:48" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:346-345;</attr>
</rec>
<rec time="2006/05/15 18:51:14" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:347-346;</attr>
</rec>
<rec time="2006/05/17 09:49:18" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:750-749;iavi:348-347;</attr>
</rec>
<rec time="2006/05/18 11:17:30" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:349-348;</attr>
</rec>
<rec time="2006/05/19 08:00:04" user="SYSTEM" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2006/05/19 08:22:10" user="SYSTEM" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2006/05/22 08:33:27"
user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:751-750;iavi:351-349;</attr>
</rec>
<rec time="2006/05/23 09:49:13"
user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:752-751;iavi:352-351;</attr>
</rec>
<rec time="2006/05/24 11:29:29"
user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">core:394-392;core9x:394-392;corent:394-392;dos:394-392;iavi:353-352;</attr>
</rec>
<rec time="2006/05/25 10:26:44" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:753-752;iavi:354-353;</attr>
</rec>
<rec time="2006/05/28 12:57:27" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:754-753;iavi:356-354;</attr>
</rec>
<rec time="2006/05/29 19:01:44" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:756-754;iavi:358-356;</attr>
</rec>
<rec time="2006/05/31 09:49:13" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:757-756;iavi:359-358;</attr>
</rec>
<rec time="2006/06/01 18:45:52" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:758-757;iavi:361-359;</attr>
</rec>
<rec time="2006/06/02 08:00:16" user="SYSTEM"
source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2006/06/03 19:49:15" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:362-361;</attr>
</rec>
<rec time="2006/06/06 11:38:12" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:759-758;iavi:363-362;</attr>
</rec>
<rec time="2006/06/07 11:36:06" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:364-363;</attr>
</rec>
<rec time="2006/06/08 15:20:26" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:760-759;iavi:365-364;</attr>
</rec>
<rec time="2006/06/09 12:58:10" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:366-365;</attr>
</rec>
<rec time="2006/06/12 15:50:58" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:368-366;</attr>
</rec>
<rec time="2006/06/13 09:49:20" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:369-368;</attr>
</rec>
<rec time="2006/06/14 14:35:31" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:761-760;iavi:370-369;</attr>
</rec>
<rec time="2006/06/15 09:49:29" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:371-370;</attr>
</rec>
<rec time="2006/06/15 11:27:37" user="Administrator"
source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2006/06/15 12:00:53" user="Administrator"
source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec
time="2006/06/16 15:55:14" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:763-761;iavi:374-371;</attr>
</rec>
<rec
time="2006/06/18 09:25:31" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:375-374;</attr>
</rec>
<rec
time="2006/06/19 15:51:21" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:764-763;iavi:376-375;</attr>
</rec>
<rec
time="2006/06/21 19:01:30" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:765-764;iavi:379-376;</attr>
</rec>
<rec
time="2006/06/23 23:07:35" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:766-765;iavi:381-379;</attr>
</rec>
<rec
time="2006/06/26 17:27:17" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:768-766;iavi:383-381;</attr>
</rec>
<rec
time="2006/06/28 15:58:25" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:384-383;</attr>
</rec>
<rec
time="2006/06/29 16:15:41" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:769-768;iavi:385-384;</attr>
</rec>
<rec
time="2006/07/02 09:20:49" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:772-769;iavi:388-385;</attr>
</rec>
<rec
time="2006/07/04 15:18:42" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:389-388;</attr>
</rec>
<rec
time="2006/07/06 16:10:07" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:773-772;iavi:390-389;</attr>
</rec>
<rec
time="2006/07/07 17:31:35" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:774-773;iavi:391-390;</attr>
</rec>
<rec
time="2006/07/10 21:47:32" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:392-391;</attr>
</rec>
<rec
time="2006/07/12 13:03:30" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:394-392;</attr>
</rec>
<rec
time="2006/07/21 16:05:37" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:779-774;iavi:403-394;</attr>
</rec>
<rec
time="2006/07/27 21:05:03" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\WINNT\eraseme_56516.exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">BackDoor.Generic3.LY</attr>
</rec>
<rec time="2006/07/27 21:05:09" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINNT\eraseme_56516.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/27 22:06:36" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\RDFX4.exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.56.J</attr>
</rec>
<rec time="2006/07/27 22:06:38" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\MTE3NDI6ODoxNgnew.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/27 22:06:40" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\stub_113_4_0_4_0newer.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.GDZ</attr>
</rec>
<rec time="2006/07/27 22:06:52" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\RDFX4.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/27 22:07:10" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\MTE3NDI6ODoxNgnew.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/27 22:07:13" user="SYSTEM"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\41S9QH0F\MTE3NDI6ODoxNg[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/27 22:07:16" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and
Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8Z87I545\MTE3NDI6ODoxNg[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/27 22:07:25" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\stub_113_4_0_4_0newer.exe</attr>
<attr name="action">@HL_ActVVInserted</attr>
</rec>
<rec
time="2006/07/27 22:08:02" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\8Z87I545\MTE3NDI6ODoxNg[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec
time="2006/07/27 22:08:30" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\EZM5IHO7\drsmartload46a[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/27 22:08:34" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\drsmartload849a[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/27 22:08:51" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\EZM5IHO7\drsmartload46a[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/27 22:09:02" user="SYSTEM"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\MTE3NDI6ODoxNg.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/27 22:09:04" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\drsmartload46a7i.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec
time="2006/07/27 22:09:04" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\drsmartload849a[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec
time="2006/07/27 22:09:05" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\41S9QH0F\drsmartload849a[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/27 22:09:16" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\drsmartload46a7i.exe</attr>
<attr name="action">@HL_ActVVInserted</attr>
</rec>
<rec time="2006/07/27 22:09:22"
user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary
Internet Files\Content.IE5\41S9QH0F\drsmartload849a[1].exe</attr>
<attr name="action">@HL_ActVVInserted</attr>
</rec>
I am currently troubleshooting some probs on my step dads pc whereby on running spybot I keep picking up the following malware mentioned in the subject title. I fix this in spybot and run a new scan but for some reason these offending items have still not been removed. I have tried a number of things already but don't appear to be making too much progress and am getting increasingly frustrated at my lack of progress. In conjunction with spybot the pc is also running adaware and avg. I have also tried running specific fixes that I have found called SmitFraudFix and also Vundofix.exe (by S!iri) as per a similar thread that was posted by jdl155 on 8th aug and replied to by teacup. I still have to try a few things as listed in the thread including silent runners.zip and combofix.exe but I thought I would post my logfiles in the meantime whilst waiting for a reply.
I have also ran DrWebCureit which did not fix the problem. How hardful are these viruses by the way as my step dad is now extremely paranoid about putting his credit card details in to purchase anything and where could he have picked this up from? Is he right to be so paranoid? I have also attempted to download the win2000 updates but appear to be having probs downloading these also (a seperate issue that I am looking in to). I would like to think that this can be fixed without wiping the pc totally and any ideas that you could offer would be greatly appreciated.
Thanks in advance
Scott
AVG LOGFILE
<history>
<!-- 01c6bc97989a2400 -->
<rec time="2006/04/13 11:19:50" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:317-316;</attr>
</rec>
<rec time="2006/04/14 17:36:41" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:319-317;</attr>
</rec>
<rec time="2006/04/16 09:49:12" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:320-319;</attr>
</rec>
<rec time="2006/04/17 20:02:33" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:737-736;iavi:321-320;</attr>
</rec>
<rec time="2006/04/18 11:53:09" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:739-737;iavi:324-321;</attr>
</rec>
<rec time="2006/04/19 10:24:53" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:740-739;iavi:325-324;</attr>
</rec>
<rec time="2006/04/20 12:22:25" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:326-325;</attr>
</rec>
<rec time="2006/04/21 11:29:42" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:327-326;</attr>
</rec>
<rec time="2006/04/22 16:58:07" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:741-740;iavi:328-327;</attr>
</rec>
<rec time="2006/04/23 14:54:34" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:329-328;</attr>
</rec>
<rec time="2006/04/25 10:10:13" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:742-741;iavi:330-329;</attr>
</rec>
<rec time="2006/04/26 09:49:11" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:331-330;</attr>
</rec>
<rec time="2006/04/27 09:49:19" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:743-742;iavi:332-331;</attr>
</rec>
<rec time="2006/04/28 15:58:43" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">avi:744-743;iavi:333-332;</attr>
</rec>
<rec time="2006/04/29 17:50:16" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:334-333;</attr>
</rec>
<rec time="2006/05/01 19:07:58" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">iavi:335-334;</attr>
</rec>
<rec time="2006/05/03 09:50:01" user="SYSTEM" source="Update">
<value>@HL_UpdateOKNeedRestart</value>
<attr
name="version">avi:745-744;core:392-381;core9x:392-381;corent:392-381;dos:392-381;helpsm:386-373;iavi:336-335;lng:389-381;setup:389-381;update:389-385;</attr
>
</rec>
<rec time="2006/05/03 15:56:33" user="Administrator" source="General">
<value>@HL_TestStarted</value>
<attr
name="testname">@TestName_02</attr>
</rec>
<rec time="2006/05/03 16:28:18" user="Administrator" source="General">
<value>@HL_TestEnded</value>
<attr
name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2006/05/04 11:41:36" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:746-745;iavi:338-336;</attr>
</rec>
<rec time="2006/05/05 10:13:53" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:747-746;iavi:339-338;</attr>
</rec>
<rec time="2006/05/07 10:16:14" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:748-747;iavi:340-339;</attr>
</rec>
<rec time="2006/05/09 15:38:59" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:341-340;</attr>
</rec>
<rec time="2006/05/10 12:26:56" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:342-341;</attr>
</rec>
<rec time="2006/05/12 13:33:32" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:749-748;iavi:344-342;</attr>
</rec>
<rec time="2006/05/13 09:58:57" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:345-344;</attr>
</rec>
<rec time="2006/05/14 12:02:48" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:346-345;</attr>
</rec>
<rec time="2006/05/15 18:51:14" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:347-346;</attr>
</rec>
<rec time="2006/05/17 09:49:18" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:750-749;iavi:348-347;</attr>
</rec>
<rec time="2006/05/18 11:17:30" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:349-348;</attr>
</rec>
<rec time="2006/05/19 08:00:04" user="SYSTEM" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2006/05/19 08:22:10" user="SYSTEM" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2006/05/22 08:33:27"
user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:751-750;iavi:351-349;</attr>
</rec>
<rec time="2006/05/23 09:49:13"
user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:752-751;iavi:352-351;</attr>
</rec>
<rec time="2006/05/24 11:29:29"
user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr
name="version">core:394-392;core9x:394-392;corent:394-392;dos:394-392;iavi:353-352;</attr>
</rec>
<rec time="2006/05/25 10:26:44" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:753-752;iavi:354-353;</attr>
</rec>
<rec time="2006/05/28 12:57:27" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:754-753;iavi:356-354;</attr>
</rec>
<rec time="2006/05/29 19:01:44" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:756-754;iavi:358-356;</attr>
</rec>
<rec time="2006/05/31 09:49:13" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:757-756;iavi:359-358;</attr>
</rec>
<rec time="2006/06/01 18:45:52" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:758-757;iavi:361-359;</attr>
</rec>
<rec time="2006/06/02 08:00:16" user="SYSTEM"
source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2006/06/03 19:49:15" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:362-361;</attr>
</rec>
<rec time="2006/06/06 11:38:12" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:759-758;iavi:363-362;</attr>
</rec>
<rec time="2006/06/07 11:36:06" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:364-363;</attr>
</rec>
<rec time="2006/06/08 15:20:26" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:760-759;iavi:365-364;</attr>
</rec>
<rec time="2006/06/09 12:58:10" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:366-365;</attr>
</rec>
<rec time="2006/06/12 15:50:58" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:368-366;</attr>
</rec>
<rec time="2006/06/13 09:49:20" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:369-368;</attr>
</rec>
<rec time="2006/06/14 14:35:31" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:761-760;iavi:370-369;</attr>
</rec>
<rec time="2006/06/15 09:49:29" user="SYSTEM"
source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:371-370;</attr>
</rec>
<rec time="2006/06/15 11:27:37" user="Administrator"
source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2006/06/15 12:00:53" user="Administrator"
source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec
time="2006/06/16 15:55:14" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:763-761;iavi:374-371;</attr>
</rec>
<rec
time="2006/06/18 09:25:31" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:375-374;</attr>
</rec>
<rec
time="2006/06/19 15:51:21" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:764-763;iavi:376-375;</attr>
</rec>
<rec
time="2006/06/21 19:01:30" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:765-764;iavi:379-376;</attr>
</rec>
<rec
time="2006/06/23 23:07:35" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:766-765;iavi:381-379;</attr>
</rec>
<rec
time="2006/06/26 17:27:17" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:768-766;iavi:383-381;</attr>
</rec>
<rec
time="2006/06/28 15:58:25" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:384-383;</attr>
</rec>
<rec
time="2006/06/29 16:15:41" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:769-768;iavi:385-384;</attr>
</rec>
<rec
time="2006/07/02 09:20:49" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:772-769;iavi:388-385;</attr>
</rec>
<rec
time="2006/07/04 15:18:42" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:389-388;</attr>
</rec>
<rec
time="2006/07/06 16:10:07" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:773-772;iavi:390-389;</attr>
</rec>
<rec
time="2006/07/07 17:31:35" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:774-773;iavi:391-390;</attr>
</rec>
<rec
time="2006/07/10 21:47:32" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:392-391;</attr>
</rec>
<rec
time="2006/07/12 13:03:30" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:394-392;</attr>
</rec>
<rec
time="2006/07/21 16:05:37" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:779-774;iavi:403-394;</attr>
</rec>
<rec
time="2006/07/27 21:05:03" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\WINNT\eraseme_56516.exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">BackDoor.Generic3.LY</attr>
</rec>
<rec time="2006/07/27 21:05:09" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINNT\eraseme_56516.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/27 22:06:36" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\RDFX4.exe</attr>
<attr
name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.56.J</attr>
</rec>
<rec time="2006/07/27 22:06:38" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\MTE3NDI6ODoxNgnew.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/27 22:06:40" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\stub_113_4_0_4_0newer.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.GDZ</attr>
</rec>
<rec time="2006/07/27 22:06:52" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\RDFX4.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/27 22:07:10" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\MTE3NDI6ODoxNgnew.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/27 22:07:13" user="SYSTEM"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\41S9QH0F\MTE3NDI6ODoxNg[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/27 22:07:16" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and
Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8Z87I545\MTE3NDI6ODoxNg[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/27 22:07:25" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\stub_113_4_0_4_0newer.exe</attr>
<attr name="action">@HL_ActVVInserted</attr>
</rec>
<rec
time="2006/07/27 22:08:02" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\8Z87I545\MTE3NDI6ODoxNg[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec
time="2006/07/27 22:08:30" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\EZM5IHO7\drsmartload46a[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/27 22:08:34" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\drsmartload849a[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/27 22:08:51" user="Administrator"
source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary Internet
Files\Content.IE5\EZM5IHO7\drsmartload46a[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2006/07/27 22:09:02" user="SYSTEM"
source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\MTE3NDI6ODoxNg.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.Generic.HGT</attr>
</rec>
<rec time="2006/07/27 22:09:04" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr
name="filename">C:\drsmartload46a7i.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec
time="2006/07/27 22:09:04" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\CFQ5W9Y3\drsmartload849a[1].exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec
time="2006/07/27 22:09:05" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Default
User\Local Settings\Temporary Internet Files\Content.IE5\41S9QH0F\drsmartload849a[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr
name="virusname">Downloader.Generic2.GQV</attr>
</rec>
<rec time="2006/07/27 22:09:16" user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\drsmartload46a7i.exe</attr>
<attr name="action">@HL_ActVVInserted</attr>
</rec>
<rec time="2006/07/27 22:09:22"
user="Administrator" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Default User\Local Settings\Temporary
Internet Files\Content.IE5\41S9QH0F\drsmartload849a[1].exe</attr>
<attr name="action">@HL_ActVVInserted</attr>
</rec>