PC runs s-l-o-w-l-y part 2
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 02, 2008 5:53:57 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/04/2008
Kaspersky Anti-Virus database records: 678667
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 59077
Number of viruses found: 7
Number of infected objects: 32
Number of suspicious objects: 0
Duration of the scan process: 05:17:01
Infected Object Name / Virus Name / Last Action
C:\booksgrid2\vbhtp1e\chap19\fig19_21\demo.html Infected: Net-Worm.Win32.Allaple.a skipped
C:\booksgrid2\vbhtp1e\chap19\fig19_24\fig19_24.html Infected: Net-Worm.Win32.Allaple.a skipped
C:\booksgrid2\vbhtp1e\chap19\fig19_28\fig19_28.html Infected: Net-Worm.Win32.Allaple.a skipped
C:\desktop items\presitems\911Tabs.Com - External Link.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\desktop items\presitems\911Tabs.Com - External Link_files\seasons_of_lovetxt_data\ads.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\desktop items\presitems\911Tabs.Com - External Link_files\seasons_of_lovetxt_data\ads_004.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\desktop items\presitems\vbhtp1e\chap19\fig19_21\demo.html Infected: Net-Worm.Win32.Allaple.a skipped
C:\desktop items\presitems\vbhtp1e\chap19\fig19_24\fig19_24.html Infected: Net-Worm.Win32.Allaple.a skipped
C:\desktop items\presitems\vbhtp1e\chap19\fig19_28\fig19_28.html Infected: Net-Worm.Win32.Allaple.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\addr_file.html Infected: Net-Worm.Win32.Allaple.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion\Data\a4bl8d_2o2b4_o\dlg_catb.html Infected: Net-Worm.Win32.Allaple.a skipped
C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-4-2-2008( 12-23-22 ).LOG Object is locked skipped
C:\Documents and Settings\asd\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\asd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\asd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\asd\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\asd\Local Settings\History\History.IE5\MSHist012008040220080403\index.dat Object is locked skipped
C:\Documents and Settings\asd\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\asd\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\asd\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\sd\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\CA7GRSJ9.HTM Infected: Net-Worm.Win32.Allaple.a skipped
C:\Documents and Settings\sd\Shared\terminal.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Incomplete\T-3545425-munting tinig.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Program Files\Adobe\Adobe Help Viewer\1.0\help.html Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Alwil Software\Avast4\ENGLISH\aswClnTg.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Alwil Software\Avast4\ENGLISH\aswInfTg.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Alwil Software\Avast4\ENGLISH\ENHANCED.HTM Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\version.html Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\vmodeler\configuration.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\vmodeler\installation.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\vmodeler\releasenote.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\vmodeler\UPDATES.HTM Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Microsoft Visual Studio\READMERP.HTM Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\The Queen Of Fighters\- README\Readme.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\SDFix\backups\backups.zip/backups/o Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\SDFix\backups\backups.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{5E4F0F30-4610-437F-B7D1-8739292A7CFA}\RP11\A0064203.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped
C:\System Volume Information\_restore{5E4F0F30-4610-437F-B7D1-8739292A7CFA}\RP7\A0021671.exe Infected: Backdoor.Win32.SdBot.xd skipped
C:\System Volume Information\_restore{765E49E6-F384-4BAD-9E14-CD71AC29F003}\RP23\A0013910.exe Infected: Net-Worm.Win32.Allaple.e skipped
C:\System Volume Information\_restore{765E49E6-F384-4BAD-9E14-CD71AC29F003}\RP23\A0015941.exe Infected: not-a-virus:AdWare.Win32.Agent.jb skipped
C:\System Volume Information\_restore{765E49E6-F384-4BAD-9E14-CD71AC29F003}\RP32\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\o Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
Scan process completed.
0
Comments
I think the idea was for you to post this log here, in your request thread. Also perhaps post it a few weeks ago, when it was requested. If we take this up anew here, will you be able to continue without interruptions to complete a cleaning?
That Kaspersky log show a file infector, which has embedded it's code into all the .htm, and likely .hta/chm and other associated files on your system. You will need to install a complete version of some antivirus that includes the cleaning of these in it's database. As their online scan does show the infeciton located, Kaspersky would be the best choice for that. This will require you uninstall your current antivirus software, as leaving it and installing Kaspersky can and will cause system corruption there.
So, breaking from the tradition of reviewing logs first, go ahead and download the KAV 7.0 trial version from here. I do not recommend any special offers you might see, like TrialPay, since that requires you to accept ads, and potentially still purchase merchandise from other vendors to a point where you then have met some quota, and receive the free version. Unfortunate that Kasperpsky finds that partnership acceptable.
But do the download, uninstall existing AV software, then install KAV7. Once you have done that and updated it, reboot into Safe Mode (at startup tap the F8 key and select that from the menu) and run a complete Kaspersky scan. Be sure to opt to quarantine all items found, in case of an error and a new to restore one or two. And save any logs to post back here from that.
be sure to save any registration keys from existing AV software to use when reinstalling after repairs are done.
=========================
Then reboot to normal mode, and Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):
"%userprofile%\desktop\dss.exe" /config
When the DSS Configuration display opens click the "Check All" button (if the "Uncheck All" button shows, click that, then click "Check All"). Next, Under Main Log, uncheck the following:
System Restore
Temp Cleanup
Process Modules
Then under Options, place a check next to the following:
Backup Registry Hives
Don't make any other changes at this time. Then click the "Scan!" button to start the scan.
Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)
Also post back the Kaspersky log. Use separate posts here if needed.
deleted: Trojan program Backdoor.Win32.IRCBot.cjf File: C:\WINDOWS\System32\a.exe
deleted: Trojan program Backdoor.Win32.Wootbot.ff File: C:\WINDOWS\system32\fixweb.exe
deleted: Trojan program Trojan-Downloader.WMA.Wimad.n File: C:\INCOMPLETE\T-3545425-MUNTING TINIG.MP3
deleted: Trojan program Backdoor.Win32.IRCBot.cin File: C:\System Volume Information\_restore{765E49E6-F384-4BAD-9E14-CD71AC29F003}\RP38\A0031454.exe
deleted: Trojan program Backdoor.Win32.IRCBot.cjf File: C:\System Volume Information\_restore{765E49E6-F384-4BAD-9E14-CD71AC29F003}\RP38\A0031464.exe
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\booksgrid2\vbhtp1e\chap19\fig19_21\demo.html
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\booksgrid2\vbhtp1e\chap19\fig19_24\fig19_24.html
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\booksgrid2\vbhtp1e\chap19\fig19_28\fig19_28.html
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\desktop items\presitems\911Tabs.Com - External Link.htm
deleted: Trojan program Trojan.Win32.Inject.jt File: C:\desktop items\presitems\ComboFix.exe//PE_Patch.UPX/catchme.cfexe//#
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\desktop items\presitems\911Tabs.Com - External Link_files\seasons_of_lovetxt_data\ads.htm
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\desktop items\presitems\911Tabs.Com - External Link_files\seasons_of_lovetxt_data\ads_004.htm
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\desktop items\presitems\vbhtp1e\chap19\fig19_21\demo.html
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\desktop items\presitems\vbhtp1e\chap19\fig19_24\fig19_24.html
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\desktop items\presitems\vbhtp1e\chap19\fig19_28\fig19_28.html
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion\Data\a4bl8d_2o2b4_o\dlg_catb.html
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\Documents and Settings\sd\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\CA7GRSJ9.HTM
deleted: Trojan program Trojan-Downloader.WMA.Wimad.n File: C:\Documents and Settings\sd\Shared\terminal.mp3
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\Program Files\Adobe\Adobe Help Viewer\1.0\help.html
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\Program Files\Alwil Software\Avast4\ENGLISH\aswClnTg.htm
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\Program Files\Alwil Software\Avast4\ENGLISH\aswInfTg.htm
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\Program Files\Alwil Software\Avast4\ENGLISH\ENHANCED.HTM
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\version.html
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\Program Files\Microsoft Visual Studio\READMERP.HTM
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\vmodeler\configuration.htm
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\vmodeler\installation.htm
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\vmodeler\releasenote.htm
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\vmodeler\UPDATES.HTM
disinfected: virus Net-Worm.Win32.Allaple.a File: C:\Program Files\The Queen Of Fighters\- README\Readme.htm
deleted: Trojan program Trojan-Downloader.BAT.Ftp.ab File: C:\SDFix\backups\backups.zip/backups/o
deleted: Trojan program Trojan-Downloader.BAT.Ftp.ab File: C:\WINDOWS\system32\o
detected: Trojan program Backdoor.Win32.IRCBot.cin File: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SZW9GFIN\mixit[1].exe
detected: Trojan program Backdoor.Win32.IRCBot.cjf File: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SZW9GFIN\mixit[2].exe
4/8/2008 3:21:05 PM Your evaluation period will end in 29 days. To ensure uninterrupted protection, please <a v(buy)>click here to purchase</a>.
4/8/2008 3:21:05 PM You are advised to perform a full computer scan as soon as possible.
4/8/2008 3:21:09 PM Database is out of date, leaving your computer at risk of infection. Please update your database.
4/8/2008 3:21:09 PM Protection of your computer is enabled.
4/8/2008 3:24:43 PM File C:\WINDOWS\System32\mdm.exe: detected: virus 'Heur.Backdoor.Generic'.
4/8/2008 3:24:43 PM Security threats have been detected. You are advised to neutralize them immediately.
4/8/2008 3:26:00 PM File c:\windows\system32\mdm.exe: detected: virus 'Heur.Backdoor.Generic'.
4/8/2008 3:27:13 PM Process (PID 1652) tried to access Kaspersky Anti-Virus process (PID 1764), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/8/2008 3:27:15 PM Process (PID 1652) tried to access Kaspersky Anti-Virus process (PID 1672), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/8/2008 3:32:53 PM File C:\WINDOWS\system32\mdm.exe: detected: virus 'Heur.Backdoor.Generic'.
4/8/2008 3:33:26 PM File c:\windows\system32\mdm.exe: detected: virus 'Heur.Backdoor.Generic'.
4/8/2008 3:34:12 PM File c:\windows\system32\mdm.exe: detected: virus 'Heur.Backdoor.Generic'.
4/8/2008 3:34:12 PM File c:\windows\system32\mdm.exe will be deleted on system restart.
4/8/2008 3:35:36 PM File C:\WINDOWS\System32\mdm.exe: detected: virus 'Heur.Backdoor.Generic'.
4/8/2008 3:36:44 PM File C:\WINDOWS\system32\mdm.exe: detected: virus 'Heur.Backdoor.Generic'.
4/8/2008 3:40:44 PM Your evaluation period will end in 29 days. To ensure uninterrupted protection, please <a v(buy)>click here to purchase</a>.
4/8/2008 3:40:44 PM You are advised to perform a full computer scan as soon as possible.
4/8/2008 3:40:47 PM Database is out of date, leaving your computer at risk of infection. Please update your database.
4/8/2008 3:40:47 PM Protection of your computer is enabled.
4/8/2008 3:44:33 PM Process (PID 1704) tried to access Kaspersky Anti-Virus process (PID 1824), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/8/2008 3:44:34 PM Process (PID 1704) tried to access Kaspersky Anti-Virus process (PID 1764), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/8/2008 7:01:43 PM Update completed successfully
4/8/2008 7:05:30 PM File C:\WINDOWS\System32\a.exe: detected: Trojan program 'Backdoor.Win32.IRCBot.cjf'. User: ASD-BZKR5EI02OZ\asd, computer: localhost.
4/8/2008 7:05:30 PM Security threats have been detected. You are advised to neutralize them immediately.
4/8/2008 7:06:31 PM File C:\WINDOWS\System32\a.exe: deleted.
4/8/2008 7:13:07 PM File C:\WINDOWS\system32\fixweb.exe: detected: Trojan program 'Backdoor.Win32.Wootbot.ff'. User: WORKGROUP\ASD-BZKR5EI02OZ$, computer: localhost.
4/8/2008 7:13:07 PM Security threats have been detected. You are advised to neutralize them immediately.
4/8/2008 7:13:16 PM File C:\WINDOWS\system32\fixweb.exe: deleted.
4/8/2008 8:21:36 PM Your evaluation period will end in 29 days. To ensure uninterrupted protection, please <a v(buy)>click here to purchase</a>.
4/8/2008 8:21:38 PM You are advised to perform a full computer scan as soon as possible.
4/8/2008 8:21:51 PM Protection of your computer is enabled.
4/8/2008 8:23:44 PM Process (PID 1880) tried to access Kaspersky Anti-Virus process (PID 1904), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/8/2008 8:23:44 PM Process (PID 1880) tried to access Kaspersky Anti-Virus process (PID 1348), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/8/2008 8:37:35 PM Your evaluation period will end in 29 days. To ensure uninterrupted protection, please <a v(buy)>click here to purchase</a>.
4/8/2008 8:37:38 PM You are advised to perform a full computer scan as soon as possible.
4/8/2008 8:37:46 PM Protection of your computer is enabled.
4/8/2008 8:38:02 PM Process (PID 272) tried to access Kaspersky Anti-Virus process (PID 296), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/8/2008 8:38:02 PM Process (PID 272) tried to access Kaspersky Anti-Virus process (PID 1836), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/8/2008 8:46:37 PM File C:\WINDOWS\system32\fixweb.exe: detected: Trojan program 'Backdoor.Win32.Wootbot.ff'. User: WORKGROUP\ASD-BZKR5EI02OZ$, computer: localhost.
4/8/2008 8:46:37 PM Security threats have been detected. You are advised to neutralize them immediately.
4/8/2008 8:49:38 PM File C:\WINDOWS\system32\fixweb.exe: deleted.
4/8/2008 9:17:06 PM Your evaluation period will end in 29 days. To ensure uninterrupted protection, please <a v(buy)>click here to purchase</a>.
4/8/2008 9:17:09 PM You are advised to perform a full computer scan as soon as possible.
4/8/2008 9:17:14 PM Process (PID 108) tried to access Kaspersky Anti-Virus process (PID 212), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/8/2008 9:17:17 PM Protection of your computer is enabled.
4/8/2008 9:25:22 PM Update completed successfully
4/8/2008 9:26:57 PM Protection of your computer is not running. You are advised to resume protection.
4/8/2008 9:30:20 PM Your evaluation period will end in 29 days. To ensure uninterrupted protection, please <a v(buy)>click here to purchase</a>.
4/8/2008 9:30:23 PM You are advised to perform a full computer scan as soon as possible.
4/8/2008 9:30:27 PM Protection of your computer is enabled.
4/8/2008 9:30:42 PM Process (PID 288) tried to access Kaspersky Anti-Virus process (PID 336), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/8/2008 9:30:42 PM Process (PID 288) tried to access Kaspersky Anti-Virus process (PID 1852), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/8/2008 10:27:08 PM Process (PID 2100) tried to access Kaspersky Anti-Virus process (PID 1852), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/8/2008 10:27:12 PM Process (PID 2100) tried to access Kaspersky Anti-Virus process (PID 336), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/9/2008 6:30:12 AM Your evaluation period will end in 29 days. To ensure uninterrupted protection, please <a v(buy)>click here to purchase</a>.
4/9/2008 6:30:19 AM You are advised to perform a full computer scan as soon as possible.
4/9/2008 6:30:27 AM Process (PID 1644) tried to access Kaspersky Anti-Virus process (PID 1660), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/9/2008 6:30:44 AM Protection of your computer is enabled.
4/9/2008 7:00:19 AM Process (PID 2892) tried to access Kaspersky Anti-Virus process (PID 508), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/9/2008 7:00:19 AM Process (PID 2892) tried to access Kaspersky Anti-Virus process (PID 1660), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/9/2008 7:01:25 AM Process (PID 3448) tried to access Kaspersky Anti-Virus process (PID 1660), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/9/2008 7:01:25 AM Process (PID 3448) tried to access Kaspersky Anti-Virus process (PID 508), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/9/2008 2:46:43 PM You are advised to perform a full computer scan as soon as possible.
4/9/2008 2:46:47 PM Protection of your computer is enabled.
4/9/2008 2:50:38 PM Process (PID 1732) tried to access Kaspersky Anti-Virus process (PID 1764), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/9/2008 2:50:39 PM You are advised to perform a full computer scan as soon as possible.
4/9/2008 2:50:43 PM Protection of your computer is enabled.
4/9/2008 3:00:59 PM Update error: A network failure occurred during downloading updates.
4/9/2008 3:15:29 PM Update completed successfully
4/9/2008 4:03:15 PM You are advised to perform a full computer scan as soon as possible.
4/9/2008 4:03:20 PM Process (PID 288) tried to access Kaspersky Anti-Virus process (PID 320), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/9/2008 4:03:22 PM Protection of your computer is enabled.
4/9/2008 4:34:44 PM Process (PID 3596) tried to access Kaspersky Anti-Virus process (PID 1868), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/9/2008 4:34:48 PM Process (PID 3596) tried to access Kaspersky Anti-Virus process (PID 320), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/9/2008 4:53:46 PM File C:\WINDOWS\system32\fixweb.exe: detected: Trojan program 'Backdoor.Win32.Wootbot.ff'. User: MSHOME\ASD$, computer: localhost.
4/9/2008 4:53:47 PM Security threats have been detected. You are advised to neutralize them immediately.
4/9/2008 4:54:47 PM File C:\WINDOWS\system32\fixweb.exe: deleted.
4/9/2008 10:46:18 PM You are advised to perform a full computer scan as soon as possible.
4/9/2008 10:46:23 PM Protection of your computer is enabled.
4/9/2008 10:47:05 PM Process (PID 276) tried to access Kaspersky Anti-Virus process (PID 1968), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/9/2008 10:47:06 PM Process (PID 276) tried to access Kaspersky Anti-Virus process (PID 332), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/9/2008 10:47:07 PM Process (PID 276) tried to access Kaspersky Anti-Virus process (PID 888), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/9/2008 10:53:48 PM Update completed successfully
4/10/2008 12:13:17 AM File C:\INCOMPLETE\T-3545425-MUNTING TINIG.MP3: detected: Trojan program 'Trojan-Downloader.WMA.Wimad.n'.
4/10/2008 12:13:19 AM Security threats have been detected. You are advised to neutralize them immediately.
4/10/2008 12:52:54 AM File C:\System Volume Information\_restore{765E49E6-F384-4BAD-9E14-CD71AC29F003}\RP38\A0031454.exe: detected: Trojan program 'Backdoor.Win32.IRCBot.cin'. User: MSHOME\ASD$, computer: localhost.
4/10/2008 1:09:29 AM File C:\System Volume Information\_restore{765E49E6-F384-4BAD-9E14-CD71AC29F003}\RP38\A0031454.exe: deleted.
4/10/2008 1:09:29 AM File C:\INCOMPLETE\T-3545425-MUNTING TINIG.MP3: deleted.
4/10/2008 1:11:16 AM Update completed successfully
4/10/2008 2:38:42 AM File C:\System Volume Information\_restore{765E49E6-F384-4BAD-9E14-CD71AC29F003}\RP38\A0031464.exe: detected: Trojan program 'Backdoor.Win32.IRCBot.cjf'. User: MSHOME\ASD$, computer: localhost.
4/10/2008 2:38:42 AM Security threats have been detected. You are advised to neutralize them immediately.
4/10/2008 4:54:52 AM File C:\System Volume Information\_restore{765E49E6-F384-4BAD-9E14-CD71AC29F003}\RP38\A0031464.exe: deleted.
4/10/2008 5:01:57 AM You are advised to perform a full computer scan as soon as possible.
4/10/2008 5:01:58 AM System is running in safe mode. Some protection components are disabled.
4/10/2008 5:04:12 AM Scan startup objects cannot be started because of an error: task cannot be started in the safe mode
4/10/2008 5:07:23 AM File C:\booksgrid2\vbhtp1e\chap19\fig19_21\demo.html: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 5:07:23 AM Security threats have been detected. You are advised to neutralize them immediately.
4/10/2008 5:07:23 AM File C:\booksgrid2\vbhtp1e\chap19\fig19_21\demo.html: is still infected, postponed.
4/10/2008 5:07:23 AM File C:\booksgrid2\vbhtp1e\chap19\fig19_24\fig19_24.html: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 5:07:23 AM File C:\booksgrid2\vbhtp1e\chap19\fig19_24\fig19_24.html: is still infected, postponed.
4/10/2008 5:07:24 AM File C:\booksgrid2\vbhtp1e\chap19\fig19_28\fig19_28.html: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 5:07:24 AM File C:\booksgrid2\vbhtp1e\chap19\fig19_28\fig19_28.html: is still infected, postponed.
4/10/2008 5:28:19 AM File C:\desktop items\presitems\911Tabs.Com - External Link.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 5:28:19 AM Security threats have been detected. You are advised to neutralize them immediately.
4/10/2008 5:28:19 AM File C:\desktop items\presitems\911Tabs.Com - External Link.htm: is still infected, postponed.
4/10/2008 5:29:22 AM File C:\desktop items\presitems\ComboFix.exe//PE_Patch.UPX/catchme.cfexe//#: detected: Trojan program 'Trojan.Win32.Inject.jt'.
4/10/2008 5:29:22 AM File C:\desktop items\presitems\ComboFix.exe//PE_Patch.UPX/catchme.cfexe//#: is still infected, postponed.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file05: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file06: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file07: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file08: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file09: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file10: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file11: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file12: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file13: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file14: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file15: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file16: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file17: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file18: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file19: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file20: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file21: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file22: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file23: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file24: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file25: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file26: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file27: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file28: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file29: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file30: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file31: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file32: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file33: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file34: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file35: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file36: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file37: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file38: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file39: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file40: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file41: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file42: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file43: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file44: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file45: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file46: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file47: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file48: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file49: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file50: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file51: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file52: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file53: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file54: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file55: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file56: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file57: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file58: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file59: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file60: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file61: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file62: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file63: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file64: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file65: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file66: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file67: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file68: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file69: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file70: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file71: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file72: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file73: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file74: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file75: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file76: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file77: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file78: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file79: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file80: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file81: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file82: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file83: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file84: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file85: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file86: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file87: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file88: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file89: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file90: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file91: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file92: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file93: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file94: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file95: is password protected.
4/10/2008 5:36:00 AM File C:\desktop items\presitems\realalt175.exe//file96: is password protected.
4/10/2008 5:37:44 AM File C:\desktop items\presitems\911Tabs.Com - External Link_files\seasons_of_lovetxt_data\ads.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 5:37:44 AM File C:\desktop items\presitems\911Tabs.Com - External Link_files\seasons_of_lovetxt_data\ads.htm: is still infected, postponed.
4/10/2008 5:37:44 AM File C:\desktop items\presitems\911Tabs.Com - External Link_files\seasons_of_lovetxt_data\ads_004.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 5:37:44 AM File C:\desktop items\presitems\911Tabs.Com - External Link_files\seasons_of_lovetxt_data\ads_004.htm: is still infected, postponed.
4/10/2008 5:44:31 AM File C:\desktop items\presitems\vbhtp1e\chap19\fig19_21\demo.html: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 5:44:31 AM File C:\desktop items\presitems\vbhtp1e\chap19\fig19_21\demo.html: is still infected, postponed.
4/10/2008 5:44:31 AM File C:\desktop items\presitems\vbhtp1e\chap19\fig19_24\fig19_24.html: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 5:44:31 AM File C:\desktop items\presitems\vbhtp1e\chap19\fig19_24\fig19_24.html: is still infected, postponed.
4/10/2008 5:44:31 AM File C:\desktop items\presitems\vbhtp1e\chap19\fig19_28\fig19_28.html: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 5:44:31 AM File C:\desktop items\presitems\vbhtp1e\chap19\fig19_28\fig19_28.html: is still infected, postponed.
4/10/2008 5:47:54 AM File C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion\Data\a4bl8d_2o2b4_o\dlg_catb.html: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 5:47:54 AM File C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion\Data\a4bl8d_2o2b4_o\dlg_catb.html: is still infected, postponed.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{00924B86-DB64-4171-B4B4-79A51F58C7B1}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{0B230494-78D9-48E5-B255-E674ED394828}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{0EA31B5F-E459-4AE5-83EC-0BEB60448B57}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{0F6CE956-C47A-4B26-818C-E33E2F880D58}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{0F9F2A96-8DEA-4BD1-B8E9-1A8CFBDADDC8}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{10863B6C-7BDA-4B64-BB42-7FBFD1A96B81}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{11895F4D-B80B-4103-B9AD-2EC0A35C8979}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{13565000-BAB5-40F9-8985-341FCA159827}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{140E0D72-925A-4F4A-9C3F-6163DDD478D1}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{147A9337-E206-4DED-AD51-2C982C560F6E}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{1C8508A7-F0A2-4A39-80BE-B59056C4CCBA}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{22D0B8F6-BDBA-4E0B-A6A4-05499CCE14AA}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{26C48068-2F81-48A1-AB58-52860AA74384}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{2756976A-C60A-4AF1-A3FC-BFD1A005926F}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{27D1BE93-42F2-40D3-B2A5-4DC7144E593E}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{3599757D-C7BA-48EA-9A5F-0C17D52EC0B2}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{3A8E67D6-E3EE-4ACC-B005-C94D820B26A7}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{3D583EF8-CF49-4D8F-A347-F89492B16355}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{3EA8262D-90CE-40B9-95A7-3A7D8CFA20DE}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{4044393B-36E1-4635-97B1-A9921094FBDE}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{40A81317-1455-4354-B505-340173EF0FCA}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{419BC3FB-DFAB-447F-B37F-4ECC294968C9}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{49911511-F1A7-4DCE-8DCE-42DBB5274121}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{4D2F40BE-D7AD-424B-9206-5E4820C38FE1}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{4F2B3CA5-606F-42B5-931C-1E240A182B04}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{666CD963-F1B7-40B9-9FDF-7B11C7AC342C}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{6D8D1931-E31D-420D-8EE9-4FF37E928F60}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{71D337FD-CCC5-4465-A424-0EE8754B428F}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{74027327-D743-4F69-A094-B53E8271DE7C}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{7C7E7A4B-FC38-4EAF-938E-12D65FD1F0B6}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{7F8E2516-D579-4BBA-9A6D-06785E4E9852}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{825A6C8A-7167-43E7-A4CC-BCE38D16DD5E}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{86A1C839-0581-443D-B1CC-6E2D8B8DC5EB}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{875EE63E-A7A9-463B-8FDD-786806DF5EB9}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{89078431-4336-4D29-8BC7-FF2F4F6B3E92}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{8978C807-5327-44B7-B0DA-69A3B9BBA013}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{9A0948BE-4C42-4DC2-8A6D-47548FE3CD10}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{9F014836-D587-4504-830C-AB7C13E2F8F4}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{A266FDDA-00BF-453E-8973-AE8DC6BF86C8}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{B29B318C-F0BC-4BC7-B63D-C3EAA2BF8BE4}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{B3E99C3D-650F-4D24-9B8D-DE5552C0E506}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{B434F7EF-952A-4798-BB9A-7AF18C9F10F0}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{B63EFCD9-F1BA-4755-A422-B4C234634949}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{B81F2150-197D-488E-94E2-4FE8956E57CA}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{C2058D9A-378A-4563-9739-00583A3F3189}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{C28EE947-5154-4F5D-B828-80A2D6970AEB}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{C3E18BFC-4FC9-4925-BA74-92C42622B9C5}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{CCB57F30-EFA8-4B5D-A22D-50E29A685865}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{E0984FE9-0D78-4580-AB94-BFFE495A9A8B}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{E97FA080-880A-4017-A8EB-E40D1CC14736}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{E98D09E6-C306-46C0-B7F0-DC0FDA08A59F}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{ECBF41B7-683F-4245-A916-D0309FBAB370}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{F26B0A14-0E99-4553-8054-D07783F97553}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{F2807DCD-6DAE-4E1A-838D-509734DF2E33}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/{FFD2D5C7-C922-4D20-87FC-C405F6A12886}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-14-2008 - 05-30-38.SBU/backup.db: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-01-2008 - 06-13-16.SBU/{40909C9D-CDFA-457D-BA6E-30EF33119A63}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-01-2008 - 06-13-16.SBU/{52845206-7973-4499-83D1-7513993D8B32}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-01-2008 - 06-13-16.SBU/{56D02A40-BA8C-4235-BF2C-9C8A9640077A}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-01-2008 - 06-13-16.SBU/{732D67E3-3FFB-4B9B-B0C8-B89EACFE5619}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-01-2008 - 06-13-16.SBU/{75C89BDF-C704-45A9-877F-3316575D3FFF}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-01-2008 - 06-13-16.SBU/{91DA619E-9CAC-4D2D-A206-790C38B69CB3}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-01-2008 - 06-13-16.SBU/{9A9560B1-7B80-4797-A235-A649C84A988B}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-01-2008 - 06-13-16.SBU/{A50DBE84-B713-4AF6-9346-7B73B72BFE5E}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-01-2008 - 06-13-16.SBU/{D5C2F1D2-503A-47F0-BEB0-8669D9BEC35B}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-01-2008 - 06-13-16.SBU/{F91204FB-E7CB-463E-A226-58555641C8FD}: is password protected.
4/10/2008 5:51:27 AM File C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-01-2008 - 06-13-16.SBU/backup.db: is password protected.
4/10/2008 6:48:24 AM File C:\Documents and Settings\lrs\Desktop\Winrarv1.dll/Natt Chanapa - Thailand 1.wmv: is password protected.
4/10/2008 6:48:24 AM File C:\Documents and Settings\lrs\Desktop\Winrarv2.dll/Natt Chanapa - Thailand 2.wmv: is password protected.
4/10/2008 6:53:27 AM File C:\Documents and Settings\sd\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\CA7GRSJ9.HTM: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 6:53:27 AM File C:\Documents and Settings\sd\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\CA7GRSJ9.HTM: is still infected, postponed.
4/10/2008 6:54:00 AM File C:\Documents and Settings\sd\Shared\terminal.mp3: detected: Trojan program 'Trojan-Downloader.WMA.Wimad.n'.
4/10/2008 6:54:00 AM File C:\Documents and Settings\sd\Shared\terminal.mp3: is still infected, postponed.
4/10/2008 7:48:48 AM File C:\Program Files\Adobe\Adobe Help Viewer\1.0\help.html: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 7:48:48 AM File C:\Program Files\Adobe\Adobe Help Viewer\1.0\help.html: is still infected, postponed.
4/10/2008 7:53:47 AM File C:\Program Files\Alwil Software\Avast4\ENGLISH\aswClnTg.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 7:53:47 AM File C:\Program Files\Alwil Software\Avast4\ENGLISH\aswClnTg.htm: is still infected, postponed.
4/10/2008 7:53:47 AM File C:\Program Files\Alwil Software\Avast4\ENGLISH\aswInfTg.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 7:53:47 AM File C:\Program Files\Alwil Software\Avast4\ENGLISH\aswInfTg.htm: is still infected, postponed.
4/10/2008 7:53:47 AM File C:\Program Files\Alwil Software\Avast4\ENGLISH\ENHANCED.HTM: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 7:53:47 AM File C:\Program Files\Alwil Software\Avast4\ENGLISH\ENHANCED.HTM: is still infected, postponed.
4/10/2008 7:55:01 AM File C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\version.html: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 7:55:01 AM File C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\version.html: is still infected, postponed.
4/10/2008 9:30:03 AM File C:\Program Files\Microsoft Visual Studio\READMERP.HTM: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 9:30:03 AM File C:\Program Files\Microsoft Visual Studio\READMERP.HTM: is still infected, postponed.
4/10/2008 9:31:44 AM File C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\vmodeler\configuration.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 9:31:44 AM File C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\vmodeler\configuration.htm: is still infected, postponed.
4/10/2008 9:31:44 AM File C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\vmodeler\installation.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 9:31:44 AM File C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\vmodeler\installation.htm: is still infected, postponed.
4/10/2008 9:31:53 AM File C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\vmodeler\releasenote.htm: is still infected, postponed.
4/10/2008 9:32:15 AM File C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\vmodeler\UPDATES.HTM: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 9:32:15 AM File C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\vmodeler\UPDATES.HTM: is still infected, postponed.
4/10/2008 9:46:38 AM File C:\Program Files\The Queen Of Fighters\- README\Readme.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 9:46:38 AM File C:\Program Files\The Queen Of Fighters\- README\Readme.htm: is still infected, postponed.
4/10/2008 9:52:43 AM File C:\SDFix\backups\backups.zip/backups/o: detected: Trojan program 'Trojan-Downloader.BAT.Ftp.ab'.
4/10/2008 9:52:43 AM File C:\SDFix\backups\backups.zip/backups/o: is still infected, postponed.
4/10/2008 10:22:29 AM File C:\WINDOWS\system32\o: detected: Trojan program 'Trojan-Downloader.BAT.Ftp.ab'.
4/10/2008 10:22:29 AM File C:\WINDOWS\system32\o: is still infected, postponed.
4/10/2008 10:27:44 AM File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SZW9GFIN\mixit[1].exe: detected: Trojan program 'Backdoor.Win32.IRCBot.cin'.
4/10/2008 10:27:44 AM File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SZW9GFIN\mixit[1].exe: is still infected, postponed.
4/10/2008 10:27:44 AM File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SZW9GFIN\mixit[2].exe: detected: Trojan program 'Backdoor.Win32.IRCBot.cjf'.
4/10/2008 10:27:44 AM File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SZW9GFIN\mixit[2].exe: is still infected, postponed.
4/10/2008 10:34:46 AM File c:\desktop items\presitems\911tabs.com - external link.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 2:17:24 PM File c:\desktop items\presitems\911tabs.com - external link.htm disinfected.
4/10/2008 2:17:24 PM File c:\desktop items\presitems\911tabs.com - external link.htm disinfected.
4/10/2008 2:17:54 PM File c:\desktop items\presitems\combofix.exe//PE_Patch.UPX/catchme.cfexe//#: detected: Trojan program 'Trojan.Win32.Inject.jt'.
4/10/2008 2:19:47 PM File c:\desktop items\presitems\combofix.exe: deleted.
4/10/2008 2:19:47 PM File c:\desktop items\presitems\911tabs.com - external link_files\seasons_of_lovetxt_data\ads.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 2:41:10 PM File c:\desktop items\presitems\911tabs.com - external link_files\seasons_of_lovetxt_data\ads.htm disinfected.
4/10/2008 2:41:10 PM File c:\desktop items\presitems\911tabs.com - external link_files\seasons_of_lovetxt_data\ads.htm disinfected.
4/10/2008 2:41:10 PM File c:\desktop items\presitems\911tabs.com - external link_files\seasons_of_lovetxt_data\ads_004.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 2:41:14 PM File c:\desktop items\presitems\911tabs.com - external link_files\seasons_of_lovetxt_data\ads_004.htm disinfected.
4/10/2008 2:41:14 PM File c:\desktop items\presitems\911tabs.com - external link_files\seasons_of_lovetxt_data\ads_004.htm disinfected.
4/10/2008 2:41:14 PM File c:\desktop items\presitems\vbhtp1e\chap19\fig19_21\demo.html: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 2:41:17 PM File c:\desktop items\presitems\vbhtp1e\chap19\fig19_21\demo.html disinfected.
4/10/2008 2:41:17 PM File c:\desktop items\presitems\vbhtp1e\chap19\fig19_21\demo.html disinfected.
4/10/2008 2:41:17 PM File c:\desktop items\presitems\vbhtp1e\chap19\fig19_24\fig19_24.html: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 2:41:22 PM File c:\desktop items\presitems\vbhtp1e\chap19\fig19_24\fig19_24.html disinfected.
4/10/2008 2:41:22 PM File c:\desktop items\presitems\vbhtp1e\chap19\fig19_24\fig19_24.html disinfected.
4/10/2008 2:41:22 PM File c:\desktop items\presitems\vbhtp1e\chap19\fig19_28\fig19_28.html: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 2:41:22 PM File c:\desktop items\presitems\vbhtp1e\chap19\fig19_28\fig19_28.html disinfected.
4/10/2008 2:41:22 PM File c:\desktop items\presitems\vbhtp1e\chap19\fig19_28\fig19_28.html disinfected.
4/10/2008 2:41:22 PM File c:\documents and settings\all users.windows\application data\yahoo! companion\data\a4bl8d_2o2b4_o\dlg_catb.html: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 2:41:22 PM File c:\documents and settings\all users.windows\application data\yahoo! companion\data\a4bl8d_2o2b4_o\dlg_catb.html disinfected.
4/10/2008 2:41:23 PM File c:\documents and settings\all users.windows\application data\yahoo! companion\data\a4bl8d_2o2b4_o\dlg_catb.html disinfected.
4/10/2008 2:41:23 PM File c:\documents and settings\sd\local settings\temporary internet files\content.ie5\opqrstuv\ca7grsj9.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 2:41:23 PM File c:\documents and settings\sd\local settings\temporary internet files\content.ie5\opqrstuv\ca7grsj9.htm disinfected.
4/10/2008 2:41:23 PM File c:\documents and settings\sd\local settings\temporary internet files\content.ie5\opqrstuv\ca7grsj9.htm disinfected.
4/10/2008 2:41:23 PM File c:\documents and settings\sd\shared\terminal.mp3: detected: Trojan program 'Trojan-Downloader.WMA.Wimad.n'.
4/10/2008 2:41:36 PM File c:\documents and settings\sd\shared\terminal.mp3: deleted.
4/10/2008 2:41:36 PM File c:\program files\adobe\adobe help viewer\1.0\help.html: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 2:41:37 PM File c:\program files\adobe\adobe help viewer\1.0\help.html disinfected.
4/10/2008 2:41:37 PM File c:\program files\adobe\adobe help viewer\1.0\help.html disinfected.
4/10/2008 2:41:37 PM File c:\program files\alwil software\avast4\english\aswclntg.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 2:41:37 PM File c:\program files\alwil software\avast4\english\aswclntg.htm disinfected.
4/10/2008 2:41:37 PM File c:\program files\alwil software\avast4\english\aswclntg.htm disinfected.
4/10/2008 2:41:37 PM File c:\program files\alwil software\avast4\english\aswinftg.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 2:41:37 PM File c:\program files\alwil software\avast4\english\aswinftg.htm disinfected.
4/10/2008 2:41:37 PM File c:\program files\alwil software\avast4\english\aswinftg.htm disinfected.
4/10/2008 2:41:37 PM File c:\program files\alwil software\avast4\english\enhanced.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 2:41:37 PM File c:\program files\alwil software\avast4\english\enhanced.htm disinfected.
4/10/2008 2:41:38 PM File c:\program files\alwil software\avast4\english\enhanced.htm disinfected.
4/10/2008 2:41:38 PM File c:\program files\common files\adobe\help\en_us\adobe reader\8.0\version.html: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 2:41:38 PM File c:\program files\common files\adobe\help\en_us\adobe reader\8.0\version.html disinfected.
4/10/2008 2:41:38 PM File c:\program files\common files\adobe\help\en_us\adobe reader\8.0\version.html disinfected.
4/10/2008 2:41:38 PM File c:\program files\microsoft visual studio\readmerp.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 2:41:38 PM File c:\program files\microsoft visual studio\readmerp.htm disinfected.
4/10/2008 2:41:38 PM File c:\program files\microsoft visual studio\readmerp.htm disinfected.
4/10/2008 2:41:38 PM File c:\program files\microsoft visual studio\common\tools\vs-ent98\vmodeler\configuration.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 2:41:39 PM File c:\program files\microsoft visual studio\common\tools\vs-ent98\vmodeler\configuration.htm disinfected.
4/10/2008 2:41:39 PM File c:\program files\microsoft visual studio\common\tools\vs-ent98\vmodeler\configuration.htm disinfected.
4/10/2008 2:41:39 PM File c:\program files\microsoft visual studio\common\tools\vs-ent98\vmodeler\installation.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 2:41:39 PM File c:\program files\microsoft visual studio\common\tools\vs-ent98\vmodeler\installation.htm disinfected.
4/10/2008 2:41:39 PM File c:\program files\microsoft visual studio\common\tools\vs-ent98\vmodeler\installation.htm disinfected.
4/10/2008 2:41:39 PM File c:\program files\microsoft visual studio\common\tools\vs-ent98\vmodeler\releasenote.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 2:41:39 PM File c:\program files\microsoft visual studio\common\tools\vs-ent98\vmodeler\releasenote.htm disinfected.
4/10/2008 2:41:39 PM File c:\program files\microsoft visual studio\common\tools\vs-ent98\vmodeler\releasenote.htm disinfected.
4/10/2008 2:41:39 PM File c:\program files\microsoft visual studio\common\tools\vs-ent98\vmodeler\updates.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 2:41:40 PM File c:\program files\microsoft visual studio\common\tools\vs-ent98\vmodeler\updates.htm disinfected.
4/10/2008 2:41:40 PM File c:\program files\microsoft visual studio\common\tools\vs-ent98\vmodeler\updates.htm disinfected.
4/10/2008 2:41:40 PM File c:\program files\the queen of fighters\- readme\readme.htm: detected: virus 'Net-Worm.Win32.Allaple.a'.
4/10/2008 2:41:40 PM File c:\program files\the queen of fighters\- readme\readme.htm disinfected.
4/10/2008 2:41:40 PM File c:\program files\the queen of fighters\- readme\readme.htm disinfected.
4/10/2008 2:41:40 PM File c:\sdfix\backups\backups.zip/backups/o: detected: Trojan program 'Trojan-Downloader.BAT.Ftp.ab'.
4/10/2008 2:41:48 PM File c:\sdfix\backups\backups.zip/backups/o: deleted.
4/10/2008 2:41:48 PM File c:\windows\system32\o: detected: Trojan program 'Trojan-Downloader.BAT.Ftp.ab'.
4/10/2008 2:41:57 PM File c:\windows\system32\o: deleted.
4/10/2008 2:41:57 PM File c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\szw9gfin\mixit[1].exe: detected: Trojan program 'Backdoor.Win32.IRCBot.cin'.
4/10/2008 2:42:05 PM File c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\szw9gfin\mixit[1].exe: is still infected, skipped by user.
4/10/2008 2:42:05 PM File c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\szw9gfin\mixit[2].exe: detected: Trojan program 'Backdoor.Win32.IRCBot.cjf'.
4/10/2008 2:42:11 PM File c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\szw9gfin\mixit[2].exe: is still infected, skipped by user.
***
Deckard's System Scanner v20071014.68
Run by asd on 2008-04-11 04:46:03
Computer is in Normal Mode.
Backed up registry hives.
Percentage of Memory in Use: 90% (more than 75%).
Total Physical Memory: 192 MiB (512 MiB recommended).
System Drive C: has 0.33 GiB (less than 15%) free.
-- HijackThis (run as asd.exe)
Unable to find log (file not found); running clone.
-- HijackThis Clone
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-11 04:47:06
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I3S2.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\asd\Desktop\dss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = HELLO WORLD i am VB
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [MSConfigs] C:\WINDOWS\RUNDLL64.dll.vbs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O6 "USB001" /M "Stylus C65"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
--
-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\)
backup-19990101-065824-376 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-19990101-065824-379 O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
backup-19990101-065824-474 O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
backup-19990101-065824-496 O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
backup-19990101-065824-729 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
backup-19990101-065824-943 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
backup-19990101-065824-952 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
-- File Associations
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 catchme - c:\docume~1\asd\locals~1\temp\catchme.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
All services whitelisted.
-- Device Manager: Disabled
Class GUID: {D45B1C18-C8FA-11D1-9F77-0000F805F530}
Description: NT Apm/Legacy Interface Node
Device ID: ROOT\NTAPM\0000
Manufacturer: Microsoft
Name: NT Apm/Legacy Interface Node
PNP Device ID: ROOT\NTAPM\0000
Service: NtApm
-- Files created between 2008-03-11 and 2008-04-11
2008-04-09 23:54:13 76381 --a
C:\WINDOWS\System32\msv.exe
2008-04-09 16:45:16 0 d
C:\Program Files\Common Files\xing shared
2008-04-09 16:42:14 0 d
C:\Program Files\Common Files\Real
2008-04-09 16:34:42 0 d
C:\Documents and Settings\asd\Application Data\Real
2008-04-08 22:00:07 0 d
C:\Program Files\XviD
2008-04-08 21:59:08 120320 --a
C:\WINDOWS\System32\apexchanger.exe
2008-04-08 21:59:08 109568 --a
C:\WINDOWS\System32\apex3gp.exe
2008-04-08 21:59:06 4755968 --a
C:\WINDOWS\System32\apexconverter.exe
2008-04-08 21:59:05 1295582 --a
C:\WINDOWS\System32\cygwin1.dll <Not Verified; Red Hat; Cygwin>
2008-04-08 21:59:05 86016 --a
C:\WINDOWS\System32\AddiTunes.exe
2008-04-08 21:59:04 61440 --a
C:\WINDOWS\System32\cygz.dll
2008-04-08 21:59:03 249856 --a
C:\WINDOWS\System32\NCTQuickTimeFile.dll <Not Verified; Online Media Technologies Company Ltd.; NCTQuickTimeFile Module>
2008-04-08 21:59:03 626688 --a
C:\WINDOWS\System32\NCTImageFile.dll <Not Verified; Online Media Technologies Ltd.; NCTImageFile ActiveX DLL>
2008-04-08 21:59:02 495104 --a
C:\WINDOWS\System32\NCTVideoCoreM.dll <Not Verified; NCT Company Ltd.; NCTVideoCoreM ActiveX DLL>
2008-04-08 21:59:02 764416 --a
C:\WINDOWS\System32\NCTRMFile.dll <Not Verified; NCT Company Ltd.; NCTRMFile ActiveX DLL>
2008-04-08 21:59:01 780288 --a
C:\WINDOWS\System32\NCTVideoCompress.dll <Not Verified; NCT Company Ltd.; NCTVideoCompress ActiveX DLL>
2008-04-08 21:59:01 382464 --a
C:\WINDOWS\System32\NCTAVIFile.dll <Not Verified; NCT Company Ltd.; NCTAVIFile ActiveX DLL>
2008-04-08 21:59:00 90112 --a
C:\WINDOWS\System32\NCTAudioFormatSettings3.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFormatSettings3 Module>
2008-04-08 21:58:59 312320 --a
C:\WINDOWS\System32\NCTVideoView.dll <Not Verified; Online Media Technologies Ltd.; NCTVideoView ActiveX DLL>
2008-04-08 21:58:59 188416 --a
C:\WINDOWS\System32\NCTVideoFile.dll <Not Verified; NCT Company Ltd.; NCTVideoFile ActiveX DLL>
2008-04-08 21:58:59 2846720 --a
C:\WINDOWS\System32\NCTAudioCompress3.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress3 Module>
2008-04-08 21:58:58 778240 --a
C:\WINDOWS\System32\NCTAudioCompress2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress2 Module>
2008-04-08 21:58:57 215552 --a
C:\WINDOWS\System32\NCTWMVFile.dll <Not Verified; NCT Company Ltd.; NCTWMVFile ActiveX DLL>
2008-04-08 21:58:55 237568 --a
C:\WINDOWS\System32\lame_enc.dll
2008-04-08 21:58:42 139264 --a
C:\WINDOWS\System32\viscomqtde.dll <Not Verified; Viscom Software www.viscomsoft.com; >
2008-04-08 21:58:42 0 d
C:\WINDOWS\System32\RMBin
2008-04-08 21:58:41 81920 --a
C:\WINDOWS\System32\viscomwave.dll <Not Verified; Viscom Software; >
2008-04-08 21:58:40 147456 --a
C:\WINDOWS\System32\viscomqtenc.dll <Not Verified; Viscom Software www.viscomsoft.com; >
2008-04-08 21:58:31 0 d
C:\Program Files\Apex
2008-04-08 20:12:18 0 --ahs---- C:\WINDOWS\System32\.exe
2008-04-08 04:57:58 91700 --a
C:\WINDOWS\System32\drivers\klin.dat
2008-04-08 04:57:57 85860 --a
C:\WINDOWS\System32\drivers\klick.dat
2008-04-08 04:52:37 14368 --ahs---- C:\WINDOWS\System32\drivers\fidbox2.dat
2008-04-08 04:52:37 672032 --ahs---- C:\WINDOWS\System32\drivers\fidbox.dat
2008-04-08 04:52:35 0 d
C:\Program Files\Kaspersky Lab
2008-04-08 04:21:15 0 d
C:\kav
2008-04-03 22:23:50 0 d
C:\Downloads
2008-04-03 22:20:10 0 d
C:\Program Files\FlashGet
2008-03-29 05:48:04 0 d
C:\Program Files\MegauploadToolbar
2008-03-29 05:48:03 0 d
C:\Documents and Settings\asd\Application Data\MegauploadToolbar
2008-03-28 03:56:42 0 d
C:\divx
2008-03-27 00:21:49 0 d
C:\msys
2008-03-25 16:13:55 0 d
C:\Documents and Settings\asd\Application Data\DivX
2008-03-25 16:07:03 0 d
C:\Program Files\DivX
2008-03-25 15:36:16 0 d
C:\Program Files\MPEGTOAVI
2008-03-24 19:33:38 0 d
C:\Documents and Settings\asd\Application Data\AdobeUM
2008-03-24 19:32:08 0 d
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2008-03-24 19:30:11 0 d
C:\WINDOWS\Cache
2008-03-20 20:44:28 0 d
C:\Documents and Settings\asd\Application Data\uTorrent
2008-03-20 18:53:02 0 d
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-03-20 18:52:56 0 d
C:\WINDOWS\System32\Kaspersky Lab
2008-03-20 17:50:41 79622 --a
C:\WINDOWS\System32\EBPMON24.DLL <Not Verified; SEIKO EPSON CORPORATION; EPSON Bi-directional Printer>
2008-03-20 17:30:10 0 d
C:\WUTemp
2008-03-19 04:12:59 0 d
C:\Documents and Settings\asd\Application Data\GNU Solfege
2008-03-19 04:09:41 0 d
C:\Program Files\GNU Solfege
2008-03-15 20:33:03 0 d
C:\Shared
2008-03-15 20:33:03 0 d
C:\Incomplete
2008-03-15 20:27:41 0 d
C:\Documents and Settings\asd\Application Data\FrostWire
2008-03-15 20:26:56 0 d
C:\Program Files\FrostWire
2008-03-15 20:26:53 0 d
C:\Program Files\AskSBar
2008-03-13 14:45:43 0 d
C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-03-13 14:44:51 0 d
C:\Program Files\SUPERAntiSpyware
2008-03-13 14:44:48 0 d
C:\Documents and Settings\asd\Application Data\SUPERAntiSpyware.com
-- Find3M Report
2008-04-11 04:43:48 0 d
C:\Documents and Settings\asd\Application Data\OpenOffice.org2
2008-04-09 16:45:16 0 d
C:\Program Files\Common Files
2008-04-09 07:16:46 0 d
C:\Program Files\The Queen Of Fighters
2008-03-28 16:30:48 0 d
C:\Documents and Settings\asd\Application Data\LimeWire
2008-03-24 19:33:22 0 d
C:\Documents and Settings\asd\Application Data\Adobe
2008-03-20 17:51:36 0 d
C:\Program Files\EPSON
2008-03-20 17:29:45 0 d--h
C:\Program Files\WindowsUpdate
2008-03-20 06:32:14 0 d
C:\Program Files\PlayMP3z
2008-03-13 14:43:55 0 d
C:\Program Files\Common Files\Wise Installation Wizard
2008-03-07 17:35:30 0 d
C:\Documents and Settings\asd\Application Data\Grisoft
2008-03-02 05:24:20 0 d
C:\Program Files\LizardTech
2008-03-02 05:24:19 0 d--h
C:\Program Files\InstallShield Installation Information
2008-03-02 05:21:33 0 d
C:\Program Files\Foxit Software
2008-02-29 05:53:41 0 d
C:\Program Files\Web Publish
2008-02-29 05:11:50 0 d
C:\Program Files\OpenOffice.org 2.2
2008-02-29 05:10:16 0 d
C:\Program Files\Java
2008-02-28 03:40:51 0 d
C:\Program Files\Common Files\InstallShield
2008-02-27 00:37:46 0 --a
C:\WINDOWS\nsreg.dat
2008-02-27 00:37:33 0 d
C:\Documents and Settings\asd\Application Data\Mozilla
2008-02-27 00:21:57 0 d
C:\Documents and Settings\asd\Application Data\Sun
2008-02-25 05:40:18 0 d
C:\Documents and Settings\asd\Application Data\Yahoo!
2008-02-25 05:34:23 0 d
C:\Documents and Settings\asd\Application Data\Macromedia
2008-02-24 05:45:01 22720 --a
C:\WINDOWS\System32\emptyregdb.dat
2008-02-21 10:05:44 3596288 --a
C:\WINDOWS\System32\qt-dx331.dll
2008-02-21 10:04:16 196608 --a
C:\WINDOWS\System32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-21 10:04:16 81920 --a
C:\WINDOWS\System32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-21 10:04:04 802816 --a
C:\WINDOWS\System32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-21 10:04:04 823296 --a
C:\WINDOWS\System32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 10:04:04 823296 --a
C:\WINDOWS\System32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 10:04:04 682496 --a
C:\WINDOWS\System32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 10:03:24 12288 --a
C:\WINDOWS\System32\DivXWMPExtType.dll
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
03/15/2008 08:26 PM 267592 --a
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [03/15/2008 08:26 PM 267592]
[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfigs"="C:\WINDOWS\RUNDLL64.dll.vbs" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"EPSON Stylus C65 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.exe" [11/27/2003 02:00 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 06:36 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/09/2008 04:42 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [08/29/2002 06:41 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]
C:\Documents and Settings\asd\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2/2/2007 4:54:56 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartmenuMorePrograms"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
-- End of Deckard's System Scanner: finished at 2008-04-11 04:54:02
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
-- System Information
Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English
CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 191.55 MiB / 51.1 MiB
Pagefile Memory (total/avail): 467.25 MiB / 131.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1945.57 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 14.32 GiB total, 0.33 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD153AA-00BAA0 - 14.33 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 14.32 GiB - C:
-- Security Center
AUOptions is not configured.
AUState says computer is in an unknown state.
-- Environment Variables
ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\asd\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ASD
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\asd
LOGONSERVER=\\ASD
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\asd\LOCALS~1\Temp
TMP=C:\DOCUME~1\asd\LOCALS~1\Temp
USERDOMAIN=ASD
USERNAME=asd
USERPROFILE=C:\Documents and Settings\asd
windir=C:\WINDOWS
-- User Profiles
asd (admin)
Administrator (admin)
-- Add/Remove Programs
--> C:\PROGRA~1\Yahoo!\Common\unyt.exe
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
"Minimal SYStem 1.0.10" --> C:\msys\uninstall\unins000.exe
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A00000000001}
Alive 3GP Video Converter (version 1.8.3.6) --> "C:\Program Files\AliveMedia\3GP Video Converter\unins000.exe"
Apex Free 3GP Video Converter 6.46 --> "C:\Program Files\Apex\Apex Free 3GP Video Converter\unins000.exe"
Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EPSON PhotoQuicker3.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x9 uninst
EPSON PRINT Image Framer Tool2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x9 anything
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESC65 Reference Guide --> C:\Program Files\EPSON\TPMANUAL\ESC65\REF_G\DOCUNINS.EXE
ESC65 Software Guide --> C:\Program Files\EPSON\TPMANUAL\ESC65\PQU_G\DOCUNINS.EXE
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
FrostWire 4.13.5 --> C:\Program Files\FrostWire\Uninstall.exe
GNU Solfege 3.10.3 --> "C:\Program Files\GNU Solfege\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Online Scanner --> C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lizardtech DjVu Control --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x9
Megaupload Toolbar --> C:\Program Files\MegauploadToolbar\uninstall.exe
Microsoft Office Access MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 12 [pre-release] --> MsiExec.exe /X{10120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Professional Enterprise Edition 12 [pre-release] --> "C:\Program Files\Common Files\Microsoft Shared\Office Setup Controller\setup.exe" /uninstall PRO
Microsoft Office Proof Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Word MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual Studio 6.0 Enterprise Edition --> "C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPEG TO AVI version 3.1.1 --> "C:\Program Files\MPEGTOAVI\unins000.exe"
OpenOffice.org 2.2 --> MsiExec.exe /I{A1C8D94A-4303-4489-B585-4B6E6CD408CB}
PIF DESIGNER2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A7124DF-F8A4-405B-904F-CFD3D3DFB5AE}\SETUP.EXE" -l0x9 anything
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
-- Application Event Log
Event Record #/Type524 / Error
Event Submitted/Written: 04/10/2008 04:59:16 AM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.
Event Record #/Type523 / Error
Event Submitted/Written: 04/10/2008 04:59:16 AM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Event Record #/Type522 / Error
Event Submitted/Written: 04/09/2008 11:18:42 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application yahoom~1.exe, version 8.1.0.421, faulting module yahoom~1.exe, version 8.1.0.421, fault address 0x000029ef.
Event Record #/Type519 / Warning
Event Submitted/Written: 04/08/2008 08:32:26 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type514 / Warning
Event Submitted/Written: 04/08/2008 02:30:37 AM
Event ID/Source: 4113 / H+BEDV AntiVir
Event Description:
TR/Crypt.TPM.GenC:\WINDOWS\system32\WinTcpips.exe
-- Security Event Log
No Errors/Warnings found.
-- System Event Log
Event Record #/Type4867 / Error
Event Submitted/Written: 04/11/2008 03:36:40 AM
Event ID/Source: 5000 / LsaSrv
Event Description:
The security package Negotiate generated an exception. The package is now disabled.
The exception information is the data.
Event Record #/Type4849 / Error
Event Submitted/Written: 04/11/2008 02:31:26 AM / 04/11/2008 02:31:27 AM
Event ID/Source: 5000 / LsaSrv
Event Description:
The security package Negotiate generated an exception. The package is now disabled.
The exception information is the data.
Event Record #/Type4831 / Error
Event Submitted/Written: 04/11/2008 01:42:39 AM
Event ID/Source: 5000 / LsaSrv
Event Description:
The security package Negotiate generated an exception. The package is now disabled.
The exception information is the data.
Event Record #/Type4829 / Error
Event Submitted/Written: 04/11/2008 01:10:09 AM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.100.10 on the
Network Card with network address 0080AD805088.
Event Record #/Type4828 / Warning
Event Submitted/Written: 04/11/2008 01:10:09 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0080AD805088. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
-- End of Deckard's System Scanner: finished at 2008-04-11 04:54:02
Total Physical Memory: 192 MiB (512 MiB recommended).
System Drive C: has 0.33 GiB (less than 15%) free.
Also nearly maxed out on storage as well, to a point where changes cannot be made. Since you only have the SP1 upgrade, I am not sure as is you could even do the necessary SP2 upgrade. Since without SP2 the system will stay infected, how long have you had this setup this way?
The install of SP2 is very large, and creates both it's own large bunch of temp files, as well as then backup uninstall files during install. Even without adding that, which is truly a must, your NTFS file system reserves 12% +- of your drive for it's record keeping data, and as you encroach on that storage you start fragmenting that data. Slowly, over time, things get just a little slower, and with that RAM they are already sorta slow there.
You can handily uninstall and delete the files of that Ask toolbar there, given who it comes from (see here). But for reducing storage you need to be eliminating things like stored music and video libraries if you have those.
Looks like Kaspersky was able to heal those infected files, which is surely a plus. Post back on some of what I mentioned again before we take up additional post-malware cleaning here.
If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.
If you are not the user who started this thread, you must start your own Thread instead