Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
AntivirXP08 killing the computer...HELP!
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > AntivirXP08 killing the computer...HELP!  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : AntivirXP08 killing the computer...HELP!
[ << Previous Thread | Next Thread >> ]

wilson13
New Member


Date Joined Sep 2007
Total Posts : 10
  		   Posted 8-14-2008 3:43 (GMT +1)    Quote: AntivirXP08 killing the computer...HELP!Alert an admin about: AntivirXP08 killing the computer...HELP!
This is a friend's PC I'm fixing...really.  Anyway, the program "AntivirXP08" pops up on startup and starts scanning.  The background turns into a virus warning, and anything I do to delete it crashes the PC.  I tried to download Windows updates, but it said "Windows Installer Service couldn't be accessed".  Also, I can't run SuperAntiSpyWare because of the same "Windows Installer Service" problem.  Here's the ComboFix and Hijackthis.  Thanks for any help.
 
ComboFix 08-08-13.02 - Comtech Customer 2008-08-13 21:59:00.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.30 [GMT -4:00]
Running from: C:\Documents and Settings\Comtech Customer\Desktop\ComboFix.exe
 * Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Comtech Customer\Application Data\rhcnugj0e7dc
C:\Documents and Settings\Phil\Application Data\macromedia\Flash Player\#SharedObjects\33U9HJRA\interclick.com
C:\Documents and Settings\Phil\Application Data\macromedia\Flash Player\#SharedObjects\33U9HJRA\interclick.com\ud.sol
C:\Documents and Settings\Phil\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Phil\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Phil\Application Data\rhcnugj0e7dc
C:\Documents and Settings\Sherry\Application Data\macromedia\Flash Player\#SharedObjects\3EKXX3WZ\interclick.com
C:\Documents and Settings\Sherry\Application Data\macromedia\Flash Player\#SharedObjects\3EKXX3WZ\interclick.com\ud.sol
C:\Documents and Settings\Sherry\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Sherry\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Sherry\Application Data\rhcnugj0e7dc
C:\Program Files\rhcnugj0e7dc
C:\WINDOWS\base64.tmp
C:\WINDOWS\hosts
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\7.tmp
C:\WINDOWS\system32\blphcjugj0e7dc.scr
C:\WINDOWS\system32\lphcjugj0e7dc.exe
C:\WINDOWS\system32\phcjugj0e7dc.bmp
C:\WINDOWS\system32\pphcjugj0e7dc.exe
C:\WINDOWS\system32\sysrest.sys
C:\WINDOWS\system32\sysrest32.exe
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_sysrest.sys

(((((((((((((((((((((((((   Files Created from 2008-07-14 to 2008-08-14  )))))))))))))))))))))))))))))))
.
2008-08-13 21:55 . 2008-08-13 21:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-13 21:50 . 2008-08-13 21:50 <DIR> d-------- C:\Program Files\CCleaner
2008-08-13 21:11 . 2008-08-13 21:11 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-08-13 21:11 . 2004-08-04 03:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-13 21:09 . 2008-08-13 21:09 <DIR> d-------- C:\WINDOWS\provisioning
2008-08-13 21:09 . 2008-08-13 21:17 <DIR> d-------- C:\WINDOWS\peernet
2008-08-13 21:07 . 2008-08-13 21:07 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-13 21:04 . 2004-08-03 22:42 20,480 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-08-13 21:03 . 2008-08-13 21:29 <DIR> d-------- C:\Documents and Settings\Comtech Customer\Application Data\COMCASTTOOLBAR
2008-08-13 21:01 . 2004-08-03 22:42 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-13 20:57 . 2008-08-13 20:57 <DIR> d-------- C:\WINDOWS\EHome
2008-08-09 19:32 . 2008-08-09 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-09 19:32 . 2008-08-09 20:55 1,372 --a------ C:\WINDOWS\WinInit.Ini
2008-07-29 16:44 . 2008-08-09 20:31 <DIR> d-------- C:\Documents and Settings\Phil\Application Data\COMCASTTOOLBAR
2008-07-27 20:40 . 2008-07-27 20:53 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-07-27 20:40 . 2008-07-27 20:40 <DIR> d-------- C:\Program Files\ComcastToolbar
2008-07-27 20:40 . 2008-08-09 20:26 <DIR> d-------- C:\Documents and Settings\Sherry\Application Data\ComcastToolbar
2008-07-22 15:00 . 2008-08-13 21:26 94,208 --a------ C:\WINDOWS\system32\24.tmp
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 17:56 --------- d-----w C:\Program Files\Spyware Cleaner
2002-04-13 03:33 25,088 -csha-w C:\Program Files\Thumbs.db
.
------- Sigcheck -------
2001-08-18 08:00  12800  0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 03:56  14336  8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe
2001-08-18 08:00  12800  0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\system32\svchost.exe
2001-08-18 08:00  12800  0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\system32\dllcache\svchost.exe
2003-09-26 14:51  528896  7c30507d3d251bf5b88048bb2d226de9 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2003-09-25 12:49  560128  32173306185f603e75c477e117f3bb8d C:\WINDOWS\$xpsp1hfm$\KB824141\user32.dll
2004-08-04 03:56  577024  c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\user32.dll
2003-09-26 14:51  528896  7c30507d3d251bf5b88048bb2d226de9 C:\WINDOWS\system32\user32.dll
2003-09-26 14:51  528896  7c30507d3d251bf5b88048bb2d226de9 C:\WINDOWS\system32\dllcache\user32.dll
2001-08-18 08:00  75264  8529c295df59b564d37a73b5629162b1 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 03:56  82944  2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ws2_32.dll
2001-08-18 08:00  75264  8529c295df59b564d37a73b5629162b1 C:\WINDOWS\system32\ws2_32.dll
2001-08-18 08:00  75264  8529c295df59b564d37a73b5629162b1 C:\WINDOWS\system32\dllcache\ws2_32.dll
2004-01-08 16:23  585216  6626545292428ae1ed5b4237404b346a C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2001-08-18 08:00  593920  cf9f1eef71f42ede71b6f4aa05d5ca1a C:\WINDOWS\$NtUninstallQ309521$\wininet.dll
2004-08-04 03:56  656384  c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wininet.dll
2004-01-08 16:23  585216  6626545292428ae1ed5b4237404b346a C:\WINDOWS\system32\wininet.dll
2004-01-08 16:23  585216  6626545292428ae1ed5b4237404b346a C:\WINDOWS\system32\dllcache\wininet.dll
2001-08-18 08:00  327168  e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 02:14  359040  9f4b36614a0fc234525ba224957de55c C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\tcpip.sys
2001-08-18 08:00  327168  e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\system32\dllcache\tcpip.sys
2001-08-18 08:00  327168  e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\system32\drivers\tcpip.sys
2001-08-18 08:00  430080  2b0e480e975ee51f2d5ce5f068fed6e2 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 03:56  502272  01c3346c241652f43aed8e2149881bfe C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe
2001-08-18 08:00  430080  2b0e480e975ee51f2d5ce5f068fed6e2 C:\WINDOWS\system32\winlogon.exe
2001-08-18 08:00  430080  2b0e480e975ee51f2d5ce5f068fed6e2 C:\WINDOWS\system32\dllcache\winlogon.exe
2001-08-18 08:00  161536  3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 02:14  182912  558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys
2001-08-18 08:00  161536  3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\system32\dllcache\ndis.sys
2001-08-18 08:00  161536  3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\system32\drivers\ndis.sys
2002-12-12 18:09  1902080  21385934893fdaf12a713017b4f66671 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2001-08-18 08:00  1896704  46e2e3dcf54b819cfb2ebfe48a22b5c9 C:\WINDOWS\$NtUninstallQ317277$\ntkrnlpa.exe
2002-02-25 15:33  1897856  01fd1f7c82b263f1667a1cea095756c5 C:\WINDOWS\$NtUninstallQ811493$\ntkrnlpa.exe
2003-04-24 08:57  1949440  46ae6f2d416c39ffdcfc8bcb01203ea3 C:\WINDOWS\$xpsp1hfm$\Q811493\ntkrnlpa.exe
2002-12-12 18:09  1902080  21385934893fdaf12a713017b4f66671 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-08-04 01:58  2056832  947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntkrnlpa.exe
2002-12-12 18:09  1902080  21385934893fdaf12a713017b4f66671 C:\WINDOWS\system32\ntkrnlpa.exe
2002-12-12 18:08  1879936  db499be143d626fc8778be7e18185eb3 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2001-08-18 08:00  1982208  a29222d5281056e497408fcc9062f749 C:\WINDOWS\$NtUninstallQ317277$\ntoskrnl.exe
2002-02-25 15:33  1875584  257aafd1f77990355bb6e83650d52680 C:\WINDOWS\$NtUninstallQ811493$\ntoskrnl.exe
2003-04-24 08:57  1925760  97ec4ab4650da6fc521cf16f8a6ddcb0 C:\WINDOWS\$xpsp1hfm$\Q811493\ntoskrnl.exe
2002-12-12 18:08  1879936  db499be143d626fc8778be7e18185eb3 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-08-04 02:19  2180992  ce218bc7088681faa06633e218596ca7 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntoskrnl.exe
2002-12-12 18:08  1879936  db499be143d626fc8778be7e18185eb3 C:\WINDOWS\system32\ntoskrnl.exe
2001-08-18 08:00  1000960  5a26fc6010886d25b3e412493dd95ed8 C:\WINDOWS\explorer.exe
2001-08-18 08:00  1000960  5a26fc6010886d25b3e412493dd95ed8 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 03:56  1032192  a0732187050030ae399b241436565e64 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe
2001-08-18 08:00  1000960  5a26fc6010886d25b3e412493dd95ed8 C:\WINDOWS\system32\dllcache\explorer.exe
2001-08-18 08:00  101376  e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-04 03:56  108032  c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\services.exe
2001-08-18 08:00  101376  e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\system32\services.exe
2001-08-18 08:00  101376  e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\system32\dllcache\services.exe
2001-08-18 08:00  11776  8a590ea109b5e0c7629e022f8a6b17c5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-04 03:56  13312  84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsass.exe
2001-08-18 08:00  11776  8a590ea109b5e0c7629e022f8a6b17c5 C:\WINDOWS\system32\lsass.exe
2001-08-18 08:00  11776  8a590ea109b5e0c7629e022f8a6b17c5 C:\WINDOWS\system32\dllcache\lsass.exe
2001-08-18 08:00  13312  85b1054db58d13aa42d7dca778c30f57 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 03:56  15360  24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe
2001-08-18 08:00  13312  85b1054db58d13aa42d7dca778c30f57 C:\WINDOWS\system32\ctfmon.exe
2001-08-18 08:00  13312  85b1054db58d13aa42d7dca778c30f57 C:\WINDOWS\system32\dllcache\ctfmon.exe
2001-08-18 08:00  51200  9b4155ba58192d4073082b8fc5d42612 C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 03:56  57856  7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\spoolsv.exe
2001-08-18 08:00  51200  9b4155ba58192d4073082b8fc5d42612 C:\WINDOWS\system32\spoolsv.exe
2001-08-18 08:00  51200  9b4155ba58192d4073082b8fc5d42612 C:\WINDOWS\system32\dllcache\spoolsv.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-12-10 16:07 1462544]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 21:07 389120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SO5 Integrator Pass Two"="C:\WINDOWS\SOINTGR.EXE" [2000-05-08 06:20 20480]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 05:50 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-08-03 04:36 196608]
"InCD"="C:\Program Files\ahead\InCD\InCD.exe" [2001-11-30 02:05 864256]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-06-07 12:32 36864]
"LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.EXE" [2000-06-07 13:01 794112]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2007-03-07 10:58 1773568]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]
R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\System32\drivers\BsStor.sys [2001-11-08 12:00]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\System32\drivers\BsUDF.sys [2001-11-30 02:39]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe [2001-08-18 08:00]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\System32\DRIVERS\ADM8511.SYS [2001-08-17 13:11]
.
Contents of the 'Scheduled Tasks' folder
2005-01-20 C:\WINDOWS\Tasks\Disk Cleanup.job
- C:\WINDOWS\system32\cleanmgr.exe [2001-08-18 08:00]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-lphcjugj0e7dc - C:\WINDOWS\System32\lphcjugj0e7dc.exe
HKLM-Run-SMrhcnugj0e7dc - C:\Program Files\rhcnugj0e7dc\rhcnugj0e7dc.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.comcast.net/
R0 -: HKLM-Main,Start Page = hxxp://www.comcast.net/
R0 -: HKLM-Main,Window Title = Windows Internet Explorer provided by Comcast
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 22:23:18
Windows 5.1.2600  NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\TRAYHOOK.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LexBceS.exe
C:\WINDOWS\system32\Lexpps.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-08-13 22:25:39 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-14 02:25:31
Pre-Run: 34,436,669,440 bytes free
Post-Run: 35,004,657,664 bytes free
203 --- E O F --- 2008-07-16 20:08:03
 
And the Hijack...
 
ComboFix 08-08-13.02 - Comtech Customer 2008-08-13 21:59:00.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.30 [GMT -4:00]
Running from: C:\Documents and Settings\Comtech Customer\Desktop\ComboFix.exe
 * Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Comtech Customer\Application Data\rhcnugj0e7dc
C:\Documents and Settings\Phil\Application Data\macromedia\Flash Player\#SharedObjects\33U9HJRA\interclick.com
C:\Documents and Settings\Phil\Application Data\macromedia\Flash Player\#SharedObjects\33U9HJRA\interclick.com\ud.sol
C:\Documents and Settings\Phil\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Phil\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Phil\Application Data\rhcnugj0e7dc
C:\Documents and Settings\Sherry\Application Data\macromedia\Flash Player\#SharedObjects\3EKXX3WZ\interclick.com
C:\Documents and Settings\Sherry\Application Data\macromedia\Flash Player\#SharedObjects\3EKXX3WZ\interclick.com\ud.sol
C:\Documents and Settings\Sherry\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Sherry\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Sherry\Application Data\rhcnugj0e7dc
C:\Program Files\rhcnugj0e7dc
C:\WINDOWS\base64.tmp
C:\WINDOWS\hosts
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\7.tmp
C:\WINDOWS\system32\blphcjugj0e7dc.scr
C:\WINDOWS\system32\lphcjugj0e7dc.exe
C:\WINDOWS\system32\phcjugj0e7dc.bmp
C:\WINDOWS\system32\pphcjugj0e7dc.exe
C:\WINDOWS\system32\sysrest.sys
C:\WINDOWS\system32\sysrest32.exe
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_sysrest.sys

(((((((((((((((((((((((((   Files Created from 2008-07-14 to 2008-08-14  )))))))))))))))))))))))))))))))
.
2008-08-13 21:55 . 2008-08-13 21:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-13 21:50 . 2008-08-13 21:50 <DIR> d-------- C:\Program Files\CCleaner
2008-08-13 21:11 . 2008-08-13 21:11 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-08-13 21:11 . 2004-08-04 03:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-13 21:09 . 2008-08-13 21:09 <DIR> d-------- C:\WINDOWS\provisioning
2008-08-13 21:09 . 2008-08-13 21:17 <DIR> d-------- C:\WINDOWS\peernet
2008-08-13 21:07 . 2008-08-13 21:07 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-13 21:04 . 2004-08-03 22:42 20,480 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-08-13 21:03 . 2008-08-13 21:29 <DIR> d-------- C:\Documents and Settings\Comtech Customer\Application Data\COMCASTTOOLBAR
2008-08-13 21:01 . 2004-08-03 22:42 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-13 20:57 . 2008-08-13 20:57 <DIR> d-------- C:\WINDOWS\EHome
2008-08-09 19:32 . 2008-08-09 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-09 19:32 . 2008-08-09 20:55 1,372 --a------ C:\WINDOWS\WinInit.Ini
2008-07-29 16:44 . 2008-08-09 20:31 <DIR> d-------- C:\Documents and Settings\Phil\Application Data\COMCASTTOOLBAR
2008-07-27 20:40 . 2008-07-27 20:53 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-07-27 20:40 . 2008-07-27 20:40 <DIR> d-------- C:\Program Files\ComcastToolbar
2008-07-27 20:40 . 2008-08-09 20:26 <DIR> d-------- C:\Documents and Settings\Sherry\Application Data\ComcastToolbar
2008-07-22 15:00 . 2008-08-13 21:26 94,208 --a------ C:\WINDOWS\system32\24.tmp
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 17:56 --------- d-----w C:\Program Files\Spyware Cleaner
2002-04-13 03:33 25,088 -csha-w C:\Program Files\Thumbs.db
.
------- Sigcheck -------
2001-08-18 08:00  12800  0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 03:56  14336  8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe
2001-08-18 08:00  12800  0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\system32\svchost.exe
2001-08-18 08:00  12800  0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\system32\dllcache\svchost.exe
2003-09-26 14:51  528896  7c30507d3d251bf5b88048bb2d226de9 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2003-09-25 12:49  560128  32173306185f603e75c477e117f3bb8d C:\WINDOWS\$xpsp1hfm$\KB824141\user32.dll
2004-08-04 03:56  577024  c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\user32.dll
2003-09-26 14:51  528896  7c30507d3d251bf5b88048bb2d226de9 C:\WINDOWS\system32\user32.dll
2003-09-26 14:51  528896  7c30507d3d251bf5b88048bb2d226de9 C:\WINDOWS\system32\dllcache\user32.dll
2001-08-18 08:00  75264  8529c295df59b564d37a73b5629162b1 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 03:56  82944  2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ws2_32.dll
2001-08-18 08:00  75264  8529c295df59b564d37a73b5629162b1 C:\WINDOWS\system32\ws2_32.dll
2001-08-18 08:00  75264  8529c295df59b564d37a73b5629162b1 C:\WINDOWS\system32\dllcache\ws2_32.dll
2004-01-08 16:23  585216  6626545292428ae1ed5b4237404b346a C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2001-08-18 08:00  593920  cf9f1eef71f42ede71b6f4aa05d5ca1a C:\WINDOWS\$NtUninstallQ309521$\wininet.dll
2004-08-04 03:56  656384  c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wininet.dll
2004-01-08 16:23  585216  6626545292428ae1ed5b4237404b346a C:\WINDOWS\system32\wininet.dll
2004-01-08 16:23  585216  6626545292428ae1ed5b4237404b346a C:\WINDOWS\system32\dllcache\wininet.dll
2001-08-18 08:00  327168  e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 02:14  359040  9f4b36614a0fc234525ba224957de55c C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\tcpip.sys
2001-08-18 08:00  327168  e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\system32\dllcache\tcpip.sys
2001-08-18 08:00  327168  e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\system32\drivers\tcpip.sys
2001-08-18 08:00  430080  2b0e480e975ee51f2d5ce5f068fed6e2 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 03:56  502272  01c3346c241652f43aed8e2149881bfe C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe
2001-08-18 08:00  430080  2b0e480e975ee51f2d5ce5f068fed6e2 C:\WINDOWS\system32\winlogon.exe
2001-08-18 08:00  430080  2b0e480e975ee51f2d5ce5f068fed6e2 C:\WINDOWS\system32\dllcache\winlogon.exe
2001-08-18 08:00  161536  3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 02:14  182912  558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys
2001-08-18 08:00  161536  3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\system32\dllcache\ndis.sys
2001-08-18 08:00  161536  3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\system32\drivers\ndis.sys
2002-12-12 18:09  1902080  21385934893fdaf12a713017b4f66671 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2001-08-18 08:00  1896704  46e2e3dcf54b819cfb2ebfe48a22b5c9 C:\WINDOWS\$NtUninstallQ317277$\ntkrnlpa.exe
2002-02-25 15:33  1897856  01fd1f7c82b263f1667a1cea095756c5 C:\WINDOWS\$NtUninstallQ811493$\ntkrnlpa.exe
2003-04-24 08:57  1949440  46ae6f2d416c39ffdcfc8bcb01203ea3 C:\WINDOWS\$xpsp1hfm$\Q811493\ntkrnlpa.exe
2002-12-12 18:09  1902080  21385934893fdaf12a713017b4f66671 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-08-04 01:58  2056832  947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntkrnlpa.exe
2002-12-12 18:09  1902080  21385934893fdaf12a713017b4f66671 C:\WINDOWS\system32\ntkrnlpa.exe
2002-12-12 18:08  1879936  db499be143d626fc8778be7e18185eb3 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2001-08-18 08:00  1982208  a29222d5281056e497408fcc9062f749 C:\WINDOWS\$NtUninstallQ317277$\ntoskrnl.exe
2002-02-25 15:33  1875584  257aafd1f77990355bb6e83650d52680 C:\WINDOWS\$NtUninstallQ811493$\ntoskrnl.exe
2003-04-24 08:57  1925760  97ec4ab4650da6fc521cf16f8a6ddcb0 C:\WINDOWS\$xpsp1hfm$\Q811493\ntoskrnl.exe
2002-12-12 18:08  1879936  db499be143d626fc8778be7e18185eb3 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-08-04 02:19  2180992  ce218bc7088681faa06633e218596ca7 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntoskrnl.exe
2002-12-12 18:08  1879936  db499be143d626fc8778be7e18185eb3 C:\WINDOWS\system32\ntoskrnl.exe
2001-08-18 08:00  1000960  5a26fc6010886d25b3e412493dd95ed8 C:\WINDOWS\explorer.exe
2001-08-18 08:00  1000960  5a26fc6010886d25b3e412493dd95ed8 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 03:56  1032192  a0732187050030ae399b241436565e64 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe
2001-08-18 08:00  1000960  5a26fc6010886d25b3e412493dd95ed8 C:\WINDOWS\system32\dllcache\explorer.exe
2001-08-18 08:00  101376  e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-04 03:56  108032  c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\services.exe
2001-08-18 08:00  101376  e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\system32\services.exe
2001-08-18 08:00  101376  e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\system32\dllcache\services.exe
2001-08-18 08:00  11776  8a590ea109b5e0c7629e022f8a6b17c5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-04 03:56  13312  84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsass.exe
2001-08-18 08:00  11776  8a590ea109b5e0c7629e022f8a6b17c5 C:\WINDOWS\system32\lsass.exe
2001-08-18 08:00  11776  8a590ea109b5e0c7629e022f8a6b17c5 C:\WINDOWS\system32\dllcache\lsass.exe
2001-08-18 08:00  13312  85b1054db58d13aa42d7dca778c30f57 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 03:56  15360  24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe
2001-08-18 08:00  13312  85b1054db58d13aa42d7dca778c30f57 C:\WINDOWS\system32\ctfmon.exe
2001-08-18 08:00  13312  85b1054db58d13aa42d7dca778c30f57 C:\WINDOWS\system32\dllcache\ctfmon.exe
2001-08-18 08:00  51200  9b4155ba58192d4073082b8fc5d42612 C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 03:56  57856  7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\spoolsv.exe
2001-08-18 08:00  51200  9b4155ba58192d4073082b8fc5d42612 C:\WINDOWS\system32\spoolsv.exe
2001-08-18 08:00  51200  9b4155ba58192d4073082b8fc5d42612 C:\WINDOWS\system32\dllcache\spoolsv.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-12-10 16:07 1462544]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 21:07 389120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SO5 Integrator Pass Two"="C:\WINDOWS\SOINTGR.EXE" [2000-05-08 06:20 20480]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 05:50 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-08-03 04:36 196608]
"InCD"="C:\Program Files\ahead\InCD\InCD.exe" [2001-11-30 02:05 864256]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-06-07 12:32 36864]
"LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.EXE" [2000-06-07 13:01 794112]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2007-03-07 10:58 1773568]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]
R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\System32\drivers\BsStor.sys [2001-11-08 12:00]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\System32\drivers\BsUDF.sys [2001-11-30 02:39]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe [2001-08-18 08:00]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\System32\DRIVERS\ADM8511.SYS [2001-08-17 13:11]
.
Contents of the 'Scheduled Tasks' folder
2005-01-20 C:\WINDOWS\Tasks\Disk Cleanup.job
- C:\WINDOWS\system32\cleanmgr.exe [2001-08-18 08:00]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-lphcjugj0e7dc - C:\WINDOWS\System32\lphcjugj0e7dc.exe
HKLM-Run-SMrhcnugj0e7dc - C:\Program Files\rhcnugj0e7dc\rhcnugj0e7dc.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.comcast.net/
R0 -: HKLM-Main,Start Page = hxxp://www.comcast.net/
R0 -: HKLM-Main,Window Title = Windows Internet Explorer provided by Comcast
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 22:23:18
Windows 5.1.2600  NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\TRAYHOOK.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LexBceS.exe
C:\WINDOWS\system32\Lexpps.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-08-13 22:25:39 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-14 02:25:31
Pre-Run: 34,436,669,440 bytes free
Post-Run: 35,004,657,664 bytes free
203 --- E O F --- 2008-07-16 20:08:03
Thanks
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14290
  		   Posted 8-14-2008 5:58 (GMT +1)    Quote: AntivirXP08 killing the computer...HELP!Alert an admin about: AntivirXP08 killing the computer...HELP!
Hello smile


Please download Malwarebytes' Anti-Malware:
http://www.besttechie.net/tools/mbam-setup.exe
 
 to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
                     
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch


Malwarebytes' Anti-Malware, then click Finish.
                     
If an update is found, it will download and install the latest version.
                     
Once the program has loaded, select Perform full scan, then click Scan.
                     
When the scan is complete, click OK, then Show Results to view the results.
 
Be sure that everything is checked, and click Remove Selected.
 
When completed, a log will open in Notepad. Please save it to a convenient location.
 
Copy and Paste that log into your next reply, along with fresh combofix log.
 
 
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
 


Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 

wilson13
New Member


Date Joined Sep 2007
Total Posts : 10
  		   Posted 8-14-2008 11:28 (GMT +1)    Quote: AntivirXP08 killing the computer...HELP!Alert an admin about: AntivirXP08 killing the computer...HELP!
Done.  Here ya go.  Thanks again for your help.
Malwarebytes' Anti-Malware 1.24
Database version: 1052
Windows 5.1.2600
6:05:52 AM 8/14/2008
mbam-log-8-14-2008 (06-05-52).txt
Scan type: Full Scan (C:\|)
Objects scanned: 74061
Time elapsed: 20 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 18
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\rhcnugj0e7dc (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\6.tmp.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\7.tmp.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pphcjugj0e7dc.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{971AAA3A-7AF4-4667-AF56-E6CF7B83F0D3}\RP438\A0031471.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{971AAA3A-7AF4-4667-AF56-E6CF7B83F0D3}\RP438\A0031484.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{971AAA3A-7AF4-4667-AF56-E6CF7B83F0D3}\RP439\A0031495.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{971AAA3A-7AF4-4667-AF56-E6CF7B83F0D3}\RP439\A0031504.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{971AAA3A-7AF4-4667-AF56-E6CF7B83F0D3}\RP439\A0031513.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{971AAA3A-7AF4-4667-AF56-E6CF7B83F0D3}\RP439\A0031522.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{971AAA3A-7AF4-4667-AF56-E6CF7B83F0D3}\RP439\A0031535.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{971AAA3A-7AF4-4667-AF56-E6CF7B83F0D3}\RP439\A0031551.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{971AAA3A-7AF4-4667-AF56-E6CF7B83F0D3}\RP439\A0031558.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{971AAA3A-7AF4-4667-AF56-E6CF7B83F0D3}\RP439\A0032560.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{971AAA3A-7AF4-4667-AF56-E6CF7B83F0D3}\RP439\A0032578.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{971AAA3A-7AF4-4667-AF56-E6CF7B83F0D3}\RP439\A0032598.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{971AAA3A-7AF4-4667-AF56-E6CF7B83F0D3}\RP442\A0039343.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{971AAA3A-7AF4-4667-AF56-E6CF7B83F0D3}\RP442\A0039344.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\24.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Here's the ComboFix...
ComboFix 08-08-13.02 - Comtech Customer 2008-08-14  6:07:25.2 - NTFSx86
Running from: C:\Documents and Settings\Comtech Customer\Desktop\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((   Files Created from 2008-07-14 to 2008-08-14  )))))))))))))))))))))))))))))))
.
2008-08-14 05:43 . 2008-08-14 05:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-14 05:43 . 2008-08-14 05:43 <DIR> d-------- C:\Documents and Settings\Comtech Customer\Application Data\Malwarebytes
2008-08-14 05:43 . 2008-08-14 05:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-14 05:43 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-14 05:43 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-13 21:55 . 2008-08-13 21:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-13 21:50 . 2008-08-13 21:50 <DIR> d-------- C:\Program Files\CCleaner
2008-08-13 21:11 . 2008-08-13 21:11 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-08-13 21:11 . 2004-08-04 03:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-13 21:09 . 2008-08-13 21:09 <DIR> d-------- C:\WINDOWS\provisioning
2008-08-13 21:09 . 2008-08-13 21:17 <DIR> d-------- C:\WINDOWS\peernet
2008-08-13 21:07 . 2008-08-13 21:07 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-13 21:04 . 2004-08-03 22:42 20,480 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-08-13 21:03 . 2008-08-13 21:29 <DIR> d-------- C:\Documents and Settings\Comtech Customer\Application Data\COMCASTTOOLBAR
2008-08-13 21:01 . 2004-08-03 22:42 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-13 20:57 . 2008-08-13 20:57 <DIR> d-------- C:\WINDOWS\EHome
2008-08-09 19:32 . 2008-08-09 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-09 19:32 . 2008-08-09 20:55 1,372 --a------ C:\WINDOWS\WinInit.Ini
2008-07-29 16:44 . 2008-08-13 22:47 <DIR> d-------- C:\Documents and Settings\Phil\Application Data\COMCASTTOOLBAR
2008-07-27 20:40 . 2008-07-27 20:53 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-07-27 20:40 . 2008-07-27 20:40 <DIR> d-------- C:\Program Files\ComcastToolbar
2008-07-27 20:40 . 2008-08-09 20:26 <DIR> d-------- C:\Documents and Settings\Sherry\Application Data\ComcastToolbar
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 02:46 --------- d-----w C:\Program Files\Spyware Cleaner
2002-04-13 03:33 25,088 -csha-w C:\Program Files\Thumbs.db
.
------- Sigcheck -------
2001-08-18 08:00  12800  0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 03:56  14336  8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe
2001-08-18 08:00  12800  0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\system32\svchost.exe
2001-08-18 08:00  12800  0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\system32\dllcache\svchost.exe
2003-09-26 14:51  528896  7c30507d3d251bf5b88048bb2d226de9 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2003-09-25 12:49  560128  32173306185f603e75c477e117f3bb8d C:\WINDOWS\$xpsp1hfm$\KB824141\user32.dll
2004-08-04 03:56  577024  c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\user32.dll
2003-09-26 14:51  528896  7c30507d3d251bf5b88048bb2d226de9 C:\WINDOWS\system32\user32.dll
2003-09-26 14:51  528896  7c30507d3d251bf5b88048bb2d226de9 C:\WINDOWS\system32\dllcache\user32.dll
2001-08-18 08:00  75264  8529c295df59b564d37a73b5629162b1 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 03:56  82944  2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ws2_32.dll
2001-08-18 08:00  75264  8529c295df59b564d37a73b5629162b1 C:\WINDOWS\system32\ws2_32.dll
2001-08-18 08:00  75264  8529c295df59b564d37a73b5629162b1 C:\WINDOWS\system32\dllcache\ws2_32.dll
2004-01-08 16:23  585216  6626545292428ae1ed5b4237404b346a C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2001-08-18 08:00  593920  cf9f1eef71f42ede71b6f4aa05d5ca1a C:\WINDOWS\$NtUninstallQ309521$\wininet.dll
2004-08-04 03:56  656384  c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wininet.dll
2004-01-08 16:23  585216  6626545292428ae1ed5b4237404b346a C:\WINDOWS\system32\wininet.dll
2004-01-08 16:23  585216  6626545292428ae1ed5b4237404b346a C:\WINDOWS\system32\dllcache\wininet.dll
2001-08-18 08:00  327168  e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 02:14  359040  9f4b36614a0fc234525ba224957de55c C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\tcpip.sys
2001-08-18 08:00  327168  e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\system32\dllcache\tcpip.sys
2001-08-18 08:00  327168  e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\system32\drivers\tcpip.sys
2001-08-18 08:00  430080  2b0e480e975ee51f2d5ce5f068fed6e2 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 03:56  502272  01c3346c241652f43aed8e2149881bfe C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe
2001-08-18 08:00  430080  2b0e480e975ee51f2d5ce5f068fed6e2 C:\WINDOWS\system32\winlogon.exe
2001-08-18 08:00  430080  2b0e480e975ee51f2d5ce5f068fed6e2 C:\WINDOWS\system32\dllcache\winlogon.exe
2001-08-18 08:00  161536  3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 02:14  182912  558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys
2001-08-18 08:00  161536  3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\system32\dllcache\ndis.sys
2001-08-18 08:00  161536  3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\system32\drivers\ndis.sys
2002-12-12 18:09  1902080  21385934893fdaf12a713017b4f66671 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2001-08-18 08:00  1896704  46e2e3dcf54b819cfb2ebfe48a22b5c9 C:\WINDOWS\$NtUninstallQ317277$\ntkrnlpa.exe
2002-02-25 15:33  1897856  01fd1f7c82b263f1667a1cea095756c5 C:\WINDOWS\$NtUninstallQ811493$\ntkrnlpa.exe
2003-04-24 08:57  1949440  46ae6f2d416c39ffdcfc8bcb01203ea3 C:\WINDOWS\$xpsp1hfm$\Q811493\ntkrnlpa.exe
2002-12-12 18:09  1902080  21385934893fdaf12a713017b4f66671 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-08-04 01:58  2056832  947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntkrnlpa.exe
2002-12-12 18:09  1902080  21385934893fdaf12a713017b4f66671 C:\WINDOWS\system32\ntkrnlpa.exe
2002-12-12 18:08  1879936  db499be143d626fc8778be7e18185eb3 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2001-08-18 08:00  1982208  a29222d5281056e497408fcc9062f749 C:\WINDOWS\$NtUninstallQ317277$\ntoskrnl.exe
2002-02-25 15:33  1875584  257aafd1f77990355bb6e83650d52680 C:\WINDOWS\$NtUninstallQ811493$\ntoskrnl.exe
2003-04-24 08:57  1925760  97ec4ab4650da6fc521cf16f8a6ddcb0 C:\WINDOWS\$xpsp1hfm$\Q811493\ntoskrnl.exe
2002-12-12 18:08  1879936  db499be143d626fc8778be7e18185eb3 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-08-04 02:19  2180992  ce218bc7088681faa06633e218596ca7 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntoskrnl.exe
2002-12-12 18:08  1879936  db499be143d626fc8778be7e18185eb3 C:\WINDOWS\system32\ntoskrnl.exe
2001-08-18 08:00  1000960  5a26fc6010886d25b3e412493dd95ed8 C:\WINDOWS\explorer.exe
2001-08-18 08:00  1000960  5a26fc6010886d25b3e412493dd95ed8 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 03:56  1032192  a0732187050030ae399b241436565e64 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe
2001-08-18 08:00  1000960  5a26fc6010886d25b3e412493dd95ed8 C:\WINDOWS\system32\dllcache\explorer.exe
2001-08-18 08:00  101376  e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-04 03:56  108032  c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\services.exe
2001-08-18 08:00  101376  e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\system32\services.exe
2001-08-18 08:00  101376  e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\system32\dllcache\services.exe
2001-08-18 08:00  11776  8a590ea109b5e0c7629e022f8a6b17c5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-04 03:56  13312  84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsass.exe
2001-08-18 08:00  11776  8a590ea109b5e0c7629e022f8a6b17c5 C:\WINDOWS\system32\lsass.exe
2001-08-18 08:00  11776  8a590ea109b5e0c7629e022f8a6b17c5 C:\WINDOWS\system32\dllcache\lsass.exe
2001-08-18 08:00  13312  85b1054db58d13aa42d7dca778c30f57 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 03:56  15360  24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe
2001-08-18 08:00  13312  85b1054db58d13aa42d7dca778c30f57 C:\WINDOWS\system32\ctfmon.exe
2001-08-18 08:00  13312  85b1054db58d13aa42d7dca778c30f57 C:\WINDOWS\system32\dllcache\ctfmon.exe
2001-08-18 08:00  51200  9b4155ba58192d4073082b8fc5d42612 C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 03:56  57856  7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\spoolsv.exe
2001-08-18 08:00  51200  9b4155ba58192d4073082b8fc5d42612 C:\WINDOWS\system32\spoolsv.exe
2001-08-18 08:00  51200  9b4155ba58192d4073082b8fc5d42612 C:\WINDOWS\system32\dllcache\spoolsv.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-12-10 16:07 1462544]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 21:07 389120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SO5 Integrator Pass Two"="C:\WINDOWS\SOINTGR.EXE" [2000-05-08 06:20 20480]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 05:50 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-08-03 04:36 196608]
"InCD"="C:\Program Files\ahead\InCD\InCD.exe" [2001-11-30 02:05 864256]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-06-07 12:32 36864]
"LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.EXE" [2000-06-07 13:01 794112]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2007-03-07 10:58 1773568]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]
R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\System32\drivers\BsStor.sys [2001-11-08 12:00]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\System32\drivers\BsUDF.sys [2001-11-30 02:39]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe [2001-08-18 08:00]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\System32\DRIVERS\ADM8511.SYS [2001-08-17 13:11]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
2008-08-14 C:\WINDOWS\Tasks\Disk Cleanup.job
- C:\WINDOWS\system32\cleanmgr.exe [2001-08-18 08:00]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.comcast.net/
R0 -: HKLM-Main,Start Page = hxxp://www.comcast.net/
R0 -: HKLM-Main,Window Title = Windows Internet Explorer provided by Comcast
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 06:09:14
Windows 5.1.2600  NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

C:\Documents and Settings\Comtech Customer\Application Data\Gtek\GTUpdate\AUpdate\EasyLinkAdvisor\DB\{911C4AAE-AC0E-4829-8759-0944004B0D8C}.xml 712 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
Completion time: 2008-08-14  6:10:55
ComboFix-quarantined-files.txt  2008-08-14 10:10:52
ComboFix2.txt  2008-08-14 02:25:40
Pre-Run: 35,077,132,288 bytes free
Post-Run: 35,066,933,248 bytes free
153 --- E O F --- 2008-07-16 20:08:03
Again, thanks so much. 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14290
  		   Posted 8-14-2008 12:04 (GMT +1)    Quote: AntivirXP08 killing the computer...HELP!Alert an admin about: AntivirXP08 killing the computer...HELP!
Looks clean smile
 
 
How are things running ?

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 

wilson13
New Member


Date Joined Sep 2007
Total Posts : 10
  		   Posted 8-15-2008 11:41 (GMT +1)    Quote: AntivirXP08 killing the computer...HELP!Alert an admin about: AntivirXP08 killing the computer...HELP!
The PC is running fine as far as I can see.  The problem now seems to be two things.  1. The SuperAntiSpyWear that I needed to download and run.  I got it to download, but everytime I run it, the PC blue screens and says it's dumping the physical memory.  I don't know if its a real blue screen or a fake one.  2.  I can't download any updates from Windows.  This PC needs a few and when I try to download, it gives me a Error Message that I can report to Windows and says the file "wuauclt.exe" isn't working or I'm in Safe Mode...which I am not.  Any Ideas?
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14290
  		   Posted 8-16-2008 4:49 (GMT +1)    Quote: AntivirXP08 killing the computer...HELP!Alert an admin about: AntivirXP08 killing the computer...HELP!
Let´s run one more scan -
 
Kapersky Online Scanner
<!-- m -->http://www.kaspersky.com/virusscanner<!-- m -->

**Kaspersky Online Scanner works only with Internet Explorer**

Warning: The Kaspersky Online Scanner may not run successfully while any other Anti-Virus software is running. If you have Anti-Virus software installed, please
temporarily disable your AV protection before running the Kaspersky Online Scanner. Reenable it after the scan is finished.

1) Click the Kapersky Online Scanner button
2) Accept the agreement
3) Accept the installation of the required ActiveX object ( XP SP2 will show this in the Information Bar )
4) For XP SP2, click the Install button when prompted
5) The necessary files will be downloaded and installed. Please be patient
6) After Kaspersky AntiVirus Database is updated, click the Next button
7) Click the Scan Settings button
8 ) Put a mark next to extended
9) Under Scan options but a mark next to Scan Archives and Scan Mail Bases
10) Click OK
11) Click the My Computer link. If you've been instructed to click any other link, please do so
12) Be patient, the scan is comprehensive and, unlike other online antivirus scanners, will detect all malwares


13) When the scan is completed there will be an option to Save report as a .txt file. Click that button. Copy and paste the report into your reply.

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 

wilson13
New Member


Date Joined Sep 2007
Total Posts : 10
  		   Posted 8-17-2008 1:40 (GMT +1)    Quote: AntivirXP08 killing the computer...HELP!Alert an admin about: AntivirXP08 killing the computer...HELP!
After being told to download a newer version of Java and doing so, here's what I got.
 
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
 Saturday, August 16, 2008
 Operating System: Microsoft Windows XP Home Edition (build 2600)
 Kaspersky Online Scanner 7 version: 7.0.25.0
 Program database last update: Saturday, August 16, 2008 22:59:46
 Records in database: 1099301
--------------------------------------------------------------------------------
Scan settings:
 Scan using the following database: extended
 Scan archives: yes
 Scan mail databases: yes
Scan area - My Computer:
 A:\
 C:\
 D:\
Scan statistics:
 Files scanned: 34297
 Threat name: 6
 Infected objects: 7555
 Suspicious objects: 0
 Duration of the scan: 01:14:56

File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\1001 Sex and more.rtf.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\3D Studio Max 6 3dsmax.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ACDSee 10.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Adobe Photoshop 10 crack.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Adobe Photoshop 10 full.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Adobe Premiere 10.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Ahead Nero 8.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Altkins Diet.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\American Idol.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Arnold Schwarzenegger.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Best Matrix Screensaver new.scr Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Britney sex xxx.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Britney Spears and Eminem porn.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Britney Spears !!!!!!!.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Britney Spears cumshot.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Britney Spears !!!!.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Britney Spears full album.mp3.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Britney Spears porn.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Britney Spears Sexy archive.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Britney Spears Song text archive.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Britney Spears.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Britney Spears.mp3.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Clone DVD 6.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Cloning.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Cracks & Warez Archiv.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Dark Angels new.pif Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Dictionary English 2004 - France.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\DivX 8.0 final.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Doom 3 release 2.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\E-Book Archive2.rtf.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Eminem !!!!!!!.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Eminem full album.mp3.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Eminem Poster.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Eminem sex xxx.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Eminem Sexy archive.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Eminem Song text archive.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Eminem Spears porn.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Eminem.mp3.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Full album all.mp3.pif Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Gimp 1.8 Full with Key.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Harry Potter 1-6 book.txt.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Harry Potter 5.mpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Harry Potter all e.book.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Harry Potter e book.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Harry Potter game.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Harry Potter.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\How to hack new.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Internet Explorer 9 setup.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Kazaa Lite 4.0 new.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Kazaa new.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Keygen 4 all new.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Learn Programming 2004.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Lightwave 9 Update.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Magix Video Deluxe 5 beta.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Matrix.mpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Microsoft Office 2003 Crack best.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Microsoft WinXP Crack full.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\MS Service Pack 6.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\netsky source code.scr Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Norton Antivirus 2005 beta.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Opera 11.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Partitionsmagic 10 beta.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Porno Screensaver britney.scr Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\RFC compilation.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Ringtones.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Ringtones.mp3.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Saddam Hussein.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Screensaver2.scr Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Serials edition.txt.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Smashing the stack full.rtf.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Star Office 9.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Teen Porn 15.jpg.pif Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\The Sims 4 beta.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Ulead Keygen 2004.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Visual Studio Net Crack all.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Win Longhorn re.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\WinAmp 13 full.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Windows 2000 Sourcecode.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Windows 2003 crack.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Windows XP crack.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\WinXP eBook newest.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\XXX hardcore pics.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\1001 Sex and more.rtf.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\3D Studio Max 6 3dsmax.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\ACDSee 10.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Adobe Photoshop 10 crack.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Adobe Photoshop 10 full.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Adobe Premiere 10.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Ahead Nero 8.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Altkins Diet.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\American Idol.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Arnold Schwarzenegger.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Best Matrix Screensaver new.scr Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Britney sex xxx.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Britney Spears and Eminem porn.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Britney Spears !!!!!!!.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Britney Spears cumshot.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Britney Spears !!!!.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Britney Spears full album.mp3.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Britney Spears porn.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Britney Spears Sexy archive.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Britney Spears Song text archive.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Britney Spears.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Britney Spears.mp3.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Clone DVD 6.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Cloning.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Cracks & Warez Archiv.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Dark Angels new.pif Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Dictionary English 2004 - France.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\DivX 8.0 final.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Doom 3 release 2.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\E-Book Archive2.rtf.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Eminem !!!!!!!.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Eminem full album.mp3.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Eminem Poster.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Eminem sex xxx.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Eminem Sexy archive.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Eminem Song text archive.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Eminem Spears porn.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Eminem.mp3.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Full album all.mp3.pif Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Gimp 1.8 Full with Key.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Harry Potter 1-6 book.txt.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Harry Potter 5.mpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Harry Potter all e.book.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Harry Potter e book.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Harry Potter game.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Harry Potter.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\How to hack new.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Internet Explorer 9 setup.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Kazaa Lite 4.0 new.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Kazaa new.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Keygen 4 all new.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Learn Programming 2004.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Lightwave 9 Update.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Magix Video Deluxe 5 beta.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Matrix.mpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Microsoft Office 2003 Crack best.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Microsoft WinXP Crack full.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\MS Service Pack 6.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\netsky source code.scr Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Norton Antivirus 2005 beta.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Opera 11.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Partitionsmagic 10 beta.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Porno Screensaver britney.scr Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\RFC compilation.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Ringtones.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Ringtones.mp3.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Saddam Hussein.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Screensaver2.scr Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Serials edition.txt.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Smashing the stack full.rtf.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Star Office 9.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Teen Porn 15.jpg.pif Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\The Sims 4 beta.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Ulead Keygen 2004.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Visual Studio Net Crack all.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Win Longhorn re.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\WinAmp 13 full.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Windows 2000 Sourcecode.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Windows 2003 crack.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\Windows XP crack.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\WinXP eBook newest.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\#SharedObjects\3EKXX3WZ\http-trd-l3.cdn.turner.com\XXX hardcore pics.jpg.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#http-trd-l3.cdn.turner.com\1001 Sex and more.rtf.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#http-trd-l3.cdn.turner.com\3D Studio Max 6 3dsmax.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#http-trd-l3.cdn.turner.com\ACDSee 10.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#http-trd-l3.cdn.turner.com\Adobe Photoshop 10 crack.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#http-trd-l3.cdn.turner.com\Adobe Photoshop 10 full.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#http-trd-l3.cdn.turner.com\Adobe Premiere 10.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#http-trd-l3.cdn.turner.com\Ahead Nero 8.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#http-trd-l3.cdn.turner.com\Altkins Diet.doc.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Sherry\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#http-trd-l3.cdn.turner.com\American Idol.doc.exe