Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Is my computer infected?


  • This topic is locked This topic is locked

#1
sukaira-ku

sukaira-ku

    Member

  • Member
  • PipPip
  • 56 posts
I'm afraid my computer is infected, below is my HijackThis log, help is appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 12:41:59 PM, on 3/4/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\DOCUME~1\Daisy\LOCALS~1\Temp\1.exe
C:\DOCUME~1\Daisy\LOCALS~1\Temp\9.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Daisy\Desktop\HijackThis.exe

F3 - REG:win.ini: run=
O1 - Hosts: 222.208.183.175 www.kirinkwy.com.cn
O1 - Hosts: 222.208.183.175 3707229.sx.5151j.net
O1 - Hosts: 222.208.183.175 www.7282214.cn
O1 - Hosts: 222.208.183.175 www.wg77169.cn
O1 - Hosts: 222.208.183.175 www.233049.com
O1 - Hosts: 222.208.183.175 sou2.m369m.com
O1 - Hosts: 222.208.183.175 sou3.m369m.com
O1 - Hosts: 222.208.183.175 sou4.m369m.com
O1 - Hosts: 222.208.183.175 www.79793.com
O1 - Hosts: 222.208.183.175 www.58aa.cn
O1 - Hosts: 220.101.223.5 www.318282.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [wsvbs] C:\WINDOWS\wsvbs.exe
O4 - HKLM\..\Run: [Win64SDK] C:\DOCUME~1\Daisy\LOCALS~1\Temp\1.exe
O4 - HKLM\..\Run: [BaoFeng32] C:\DOCUME~1\Daisy\LOCALS~1\Temp\9.exe
O4 - HKLM\..\Run: [upxdnd] C:\DOCUME~1\Daisy\LOCALS~1\Temp\upxdnd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ScanRegistry] C:\Program Files\Common Files\update\update.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay11...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1136918882453
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/d...r/int_ver34.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: GrayPigeonServer - Unknown owner - C:\WINDOWS\G_Server2006.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServerIs - Unknown owner - C:\WINDOWS\ServerIs.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe

I'm not sure what all that host stuff is......is my computer being hacked or something?
  • 0

Advertisements


#2
RiP

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Hello sukaira-ku,

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
  • 0

#3
sukaira-ku

sukaira-ku

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
First of all, thank you for taking the time to help me. Below is the uninstall list

Ad-Aware SE Personal
Adobe Photoshop 7.0
Adobe Reader 7.0.7
Apple Software Update
ArcSoft VideoImpression 1.6FP
BitComet 0.70
CD-DA X-Tractor v0.24
Dell Laser Printer 1110 Software Uninstall
DirectVobSub (remove only)
DivX Player
DVD Shrink 3.2
FinePixViewer Ver.2.0
FUJIFILM USB Driver
HijackThis 1.99.1
iPod for Windows
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 7
Jasc Paint Shop Pro 9
K-Lite Mega Codec Pack 1.65
LimeWire 4.10.5
Macromedia Flash Player 8
Macromedia Shockwave Player
MaxBlast 4
Microsoft Global IME for Office XP (Simplified Chinese)
Microsoft Office Word Viewer 2003
Microsoft Office XP Professional with FrontPage
mIRC
MP3 Player Utilities 1.48
MSN Messenger 7.5
Nero Digital
Nero Media Player
Nero OEM
PC-cillin 2000
PCI Audio Driver
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
U.S. Robotics V.92 PCI Faxmodem
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
VideoLAN VLC media player 0.8.4a
VobSub v2.23 (Remove Only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892944
Windows XP Hotfix - KB905915
Windows XP Hotfix (SP2) [See q329112 for more information]
Windows XP Service Pack 1a
WinRAR archiver
WinZip
  • 0

#4
RiP

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Hello sukaira-ku,

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

  • 0

#5
sukaira-ku

sukaira-ku

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Here are the results of my scan. It seems my computer has a lot of trojans

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:33:53 PM 3/5/2007

+ Scan result:



C:\Program Files\Common Files\SysProtect\PCheck.dll -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SysProtect -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vtstu.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KDA9W7G1\gz[1].exe -> Backdoor.Hupigon : Cleaned with backup (quarantined).
C:\WINDOWS\ServerIs.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\~temp351.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP477\A0064638.DLL -> Backdoor.Hupigon.apx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP478\A0065638.DLL -> Backdoor.Hupigon.apx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP478\A0066638.DLL -> Backdoor.Hupigon.apx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP479\A0067638.DLL -> Backdoor.Hupigon.apx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP479\A0067646.DLL -> Backdoor.Hupigon.apx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP479\A0068646.DLL -> Backdoor.Hupigon.apx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP480\A0069643.DLL -> Backdoor.Hupigon.apx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP480\A0070644.DLL -> Backdoor.Hupigon.apx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP481\A0070673.DLL -> Backdoor.Hupigon.apx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP483\A0072789.DLL -> Backdoor.Hupigon.apx : Cleaned with backup (quarantined).
C:\WINDOWS\G_Server2006.DLL -> Backdoor.Hupigon.apx : Cleaned with backup (quarantined).
C:\WINDOWS\G_Servr2006.DLL -> Backdoor.Hupigon.apx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP481\A0070746.exe -> Backdoor.Hupigon.dtc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP481\A0070747.exe -> Backdoor.Hupigon.dtc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP481\A0070772.exe -> Backdoor.Hupigon.dtc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP483\A0073009.exe -> Backdoor.Hupigon.dtc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP478\A0065640.DLL -> Backdoor.Hupigon.ejl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP478\A0066640.DLL -> Backdoor.Hupigon.ejl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP479\A0067640.DLL -> Backdoor.Hupigon.ejl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP479\A0067648.DLL -> Backdoor.Hupigon.ejl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP479\A0068648.DLL -> Backdoor.Hupigon.ejl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP480\A0069645.DLL -> Backdoor.Hupigon.ejl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP480\A0070648.DLL -> Backdoor.Hupigon.ejl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP481\A0070669.DLL -> Backdoor.Hupigon.ejl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP483\A0072788.DLL -> Backdoor.Hupigon.ejl : Cleaned with backup (quarantined).
C:\WINDOWS\G_SERVER2006KEY.DLL -> Backdoor.Hupigon.ejl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\oobe\setup\compname.htm -> Downloader.Agent.bp : Cleaned with backup (quarantined).
C:\Program Files\Common Files\update\pp1.exe -> Downloader.Delf.arb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP475\A0064435.exe -> Downloader.Delf.arb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP481\A0070773.exe -> Downloader.Delf.arb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP483\A0073011.exe -> Downloader.Delf.arb : Cleaned with backup (quarantined).
C:\Program Files\Common Files\update\update.exe -> Downloader.Delf.asb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\a.exe -> Downloader.Delf.asb : Cleaned with backup (quarantined).
C:\Documents and Settings\Chunli\Local Settings\Temp\g0ld.com -> Downloader.Delf.asj : Cleaned with backup (quarantined).
C:\Documents and Settings\Chunli\Local Settings\Temporary Internet Files\Content.IE5\8OI02KY5\pp[1].exe -> Downloader.Delf.asj : Cleaned with backup (quarantined).
C:\Documents and Settings\Daisy\Local Settings\Temp\1.exe -> Downloader.Murlo.ez : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP481\A0070749.exe -> Downloader.Small.czl : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\vikokihuh.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\Windows NT\xumymuk.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Documents and Settings\Daisy\Cookies\daisy@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Chunli\Cookies\chunli@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Daisy\Cookies\daisy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Emily\Cookies\emily@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Chunli\Cookies\chunli@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Chunli\Cookies\chunli@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Daisy\Cookies\daisy@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Daisy\Cookies\daisy@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Emily\Cookies\emily@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Emily\Cookies\emily@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Daisy\Cookies\daisy@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Daisy\Cookies\daisy@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Emily\Cookies\emily@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Chunli\Cookies\chunli@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Emily\Cookies\emily@ehg-corusentertainment.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Chunli\Cookies\chunli@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\WINDOWS\system32\windhcp.ocx -> Trojan.Agent.abf : Cleaned with backup (quarantined).
C:\Program Files\Trend Micro\PC-cillin 2000\fgpcbazu.dll -> Trojan.Agent.jy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP483\A0073001.dll -> Trojan.Agent.jy : Cleaned with backup (quarantined).
[280] c:\program files\trend micro\pc-cillin 2000\fgpcbazu.dll -> Trojan.Agent.jy : Cleaned with backup (quarantined).
[768] c:\program files\trend micro\pc-cillin 2000\fgpcbazu.dll -> Trojan.Agent.jy : Cleaned with backup (quarantined).
C:\Documents and Settings\Daisy\Local Settings\Temp\8.exe -> Trojan.Delf.ub : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USYP_0001_N69M1703NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\jaasnt.dll -> Trojan.Favadd : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\jar1.5.2.dll -> Trojan.Favadd : Cleaned with backup (quarantined).
C:\Documents and Settings\Chunli\Local Settings\Temporary Internet Files\Content.IE5\6R2VEXUR\nc[1].gif -> Trojan.Lmir.awg : Cleaned with backup (quarantined).
C:\WINDOWS\391231M.BMP -> Trojan.Lmir.bav : Cleaned with backup (quarantined).
C:\WINDOWS\system32\KB8964225.log -> Trojan.Lmir.bcd : Cleaned with backup (quarantined).
C:\nxldr.dat -> Trojan.Lmir.bcr : Cleaned with backup (quarantined).
C:\WINDOWS\wsvbs.exe -> Trojan.OnLineGames.es : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP475\A0064432.dll -> Trojan.OnLineGames.gk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP477\A0064642.dll -> Trojan.OnLineGames.gk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP478\A0065643.dll -> Trojan.OnLineGames.gk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP479\A0067647.dll -> Trojan.OnLineGames.gk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP479\A0068647.dll -> Trojan.OnLineGames.gk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP480\A0069648.dll -> Trojan.OnLineGames.gk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP480\A0070647.dll -> Trojan.OnLineGames.gk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP481\A0070670.dll -> Trojan.OnLineGames.gk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP481\A0070771.dll -> Trojan.OnLineGames.gk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP483\A0072792.dll -> Trojan.OnLineGames.gk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP483\A0073007.dll -> Trojan.OnLineGames.gk : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wsvbs.dll -> Trojan.OnLineGames.gk : Cleaned with backup (quarantined).
C:\Documents and Settings\Daisy\Local Settings\Temp\temp.frAC0B -> Trojan.QQPass.qx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP480\A0070655.dll -> Trojan.QQPass.qx : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\MSInfo\30449015.dat -> Trojan.QQRob.iy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP481\A0070725.exe -> Trojan.QQRob.iy : Cleaned with backup (quarantined).
C:\WINDOWS\Help\wshmcepts.chm -> Trojan.QQRob.iy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\KB3912316.LOG -> Trojan.WOW.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP481\A0070744.exe -> Trojan.WOW.pt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D310A1A9-A70E-4326-A6AA-18F96C77312E}\RP481\A0070745.exe -> Trojan.WOW.pt : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Ad-aware Pro Crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Adobe Acrobat Reader crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Adobe Golive v6.0 Keygen.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Adobe Illustrator v10.0 Time Limit Crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Adobe ImageReady v1.0 crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Adobe PageMaker v7.0 Keygen.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Adobe Photoshop 7 keygen.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Adobe Photoshop all.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Adobe Serial Generator v2.0.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Age Of Mythology - The Titans no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Age Of Mythology no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Age of Empires II The Age of Kings NO CD crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Alias Acclaim crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\All Macromedia Products Keygen.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Anti-Trojan 4.0.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Avant Browser.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Backyard Baseball 2003 no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Backyard Wrestling 2 - There Goes the Neighborhood Eidos Interactive crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Battlefield 1942 no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Battlefield Vietnam EA Games crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Battlefield Vietnam Multiplayer Online Crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Besieger Strategy DreamCatcher Interactive crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Blinx 2 - Masters of Time & Space Microsoft crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Blitzkrieg - Burning Horizon Strategy CDV Software GmbH crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Call Of Duty no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Call of Duty Activision crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\City of Heroes Role-Playing NCsoft crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Civilization III crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Classic NES Series - The Legend of Zelda GBA Role-Playing Nintendo crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\CloneDVD v1.x crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Command & Conquer - Generals Zero Hour no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Command & Conquer - Generals no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Command & Conquer - Generals Zero Hour Strategy EA Games crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Counter-Strike Condition Zero Keygen.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Credit card generator.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Crusader Kings Strategy Paradox Entertainment crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Cubase Audio XT 3.X crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\DRIV3R Atari crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Dark Age Of Camelot - Trials Of Atlantis no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Dark Matter - The Baryon Proj crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Deus Ex Invisible War NO CD Crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Diablo 2 no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\DivX Player and Codec.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Doom 3 Activision crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Doom 3 NO CD Crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Download Accelerator Plus (spyware free).exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Dragon Ball Z - Budokai 3 Atari crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Dragon Ball Z - Supersonic Warriors GBA Atari crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Dragon Warrior VIII Role-Playing Square Enix crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Dungeon Lords Role-Playing DreamCatcher Interactive crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Dungeon Siege no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\ESPN NFL 2K5 Sega crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Enter the Matrix Atari crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\F.E.A.R. VU Games crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Fable Role-Playing Microsoft crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Far Cry Ubisoft crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Final Fantasy VII - Advent Children PSP Role-Playing Square Enix crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Final Fantasy XI - Square Enix USA no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Final Fantasy XII Role-Playing Square Enix crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Fire Emblem - Seima no Kouseki GBA Role-Playing Nintendo crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\FlashFXP 2 RC2 Crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\FlashFXP v1.4.1 Crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\FlashFXP v1.4.3 Crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\FlashFXP v2.0 Crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\FlashFXP v2.1 crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\FlashFXP v2.2 crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\FlashGet.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Forgotten Realms - Demon Stone Atari crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Forgotten Realms - Demon Stone crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Freedom Force no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Front Mission 4 Strategy Square Enix crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Full Spectrum Warrior Strategy THQ crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\GTA crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Geist GC Nintendo crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Goblin Commander - Unleash the Horde Strategy Jaleco Entertainment crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Gran Turismo 4 SCEA crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Grand Theft Auto - San Andreas Rockstar Games crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Grand Theft Auto 3 no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Grand Theft Auto III no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Grand Theft Auto San Andreas NO CD crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Grand Theft Auto Vice City NO CD crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Half-Life 2 Keygen.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Half-Life 2 NO CD Crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Half-Life 2 VU Games crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Halo - Combat Evolved - Microsoft no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Halo 2 crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Harry Potter & The Sorcerers Stone no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Harry Potter and the Prisoner of Azkaban Adventure EA Games crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Harry Potter and the Sorcerers Stone no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Heroes of Might & Magic IV no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Hidden & Dangerous 2 NO CD Crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\ICQ 4.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\ICQ Pro 2003b.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Icewind Dale 2 no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Jedi Academy NO CD Crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Joint Operations - Typhoon Rising NovaLogic crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Juiced Acclaim crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Kingdom Hearts II Role-Playing Square Enix crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Knights Apprentice Memoricks Adventures Games crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\LimeWire server scanner.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\MS Office XP Activation Crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\MS Zoo Tycoon no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\MSN Toolbar advert remover.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\MSN advert remover.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\MVP Baseball 2004 EA crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Macromedia ColdFusion MX crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Macromedia Contribute v2.0 crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Macromedia Director 8 Crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Macromedia Dreamweaver 4.0 Patch.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Macromedia Dreamweaver MX v6.0 crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Macromedia Dreamweaver UltraDev 4.0 Patch.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Macromedia Fireworks 4.0 Patch.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Macromedia Flash All Versions keygen.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Macromedia Flash MX v6.0 crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Macromedia Flash SWF-Unprotect v2.0.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Macromedia FreeHand v10 Loader.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Madden NFL 2003 no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Madden NFL 2005 EA crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Mafia no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Malice Mud Duck Productions crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Mario Pinball Land GBA Puzzle Nintendo crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Mario Tennis GC Nintendo crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Matrix Screensaver.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Max Payne 2 Fall Of Max Payne no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Max Payne 2 NO CD Crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Max Payne 2 The Fall of Max Payne NO CD crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\MaxPayne 2 The Fall Of Max Payne Crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\McFarlanes Evil Prophecy Konami crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Medal Of Honor - Allied Assault no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Medal Of Honor - Allied Assault BreakThrough no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Medal Of Honor - Allied Assault no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Medal of Honor Pacific Assault EA Games crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Medal of Honor- Allied Assault no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Medieval - Total War no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Mega Man Anniversary Collection GC Capcom crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Metal Gear Acid PSP Strategy Konami crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Metal Gear Solid 3 - Snake Eater Konami crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Microsoft Flight Simulator 2004 - A Century Of Flight no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Microsoft Office 2000 Regmaker.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Microsoft Office XP Activation Crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Microsoft Office XP Activation Killer.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Microsoft Office XP Professional Crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Microsoft Office XP Professional Serial.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Microsoft Office XP Universal Activator v1.0.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Midnight Club 3 - DUB Edition Rockstar Games crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Morpheus patch.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\NBA Live 2003 crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\NBA Live 2004 crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\NCAA Football 2005 EA crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Need For Speed 5 - no cd.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Need for Speed Hot Pursuit 2 CD KeyGenerator.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Need for Speed Underground 2 Electronic Arts crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Need for Speed Underground 2 NO CD crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Need for Speed Underground 2 crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Need for Speed Underground NO CD crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Need for Speed4 - NOCD.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Need for speed underground - nocd.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\NeedforspeedUnderground-nocd.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Nero Burning ROM v6.x crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Ninja Gaiden Tecmo crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Norton AntiVirus 2004 crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Onimusha 3 - Demon Siege Adventure Capcom crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Psi-Ops - The Mindgate Conspiracy Midway crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Purge Jihad Freeform Interactive LLC crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\RYL crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\RealPlayer crack (keygen).exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Red Dead Revolver Rockstar Games crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Resident Evil 4 GC Adventure Capcom crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Rise of Nations - Thrones & Patriots Strategy Microsoft crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\RoboForm crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Roller Coaster Tycoon no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Second Life Role-Playing Linden Lab crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Shadow Ops - Red Mercury Atari crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\ShellShock - Nam 67 Eidos Interactive crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Silent Storm - Sentinels Strategy _No Company crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Sim City 4 - Rush Hour no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Sim City 4 Deluxe no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Sim Theme Park World no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Singles - Flirt Up Your Life Strategy Eidos Interactive crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Snood crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Snowblind Eidos Interactive crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\SolSuite 2004 - Solitaire Card Games Suite crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Soldier of Fortune II- Double Helix no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Sonic the Hedgehog 3 crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Spider-Man 2 Activision crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Spider-Man 2 GC Activision crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Sponge Bob Square Pants - Operation Krabby Patty no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Spybot Search and Destroy.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Star Wars - Jedi Knight - Jedi Academy no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Star Wars - Knights of the Old Republic Role-Playing LucasArts crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Star Wars Galactic Battlegrounds- Clone Campaigns no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Star Wars Jedi Knight II - Jedi Outcast no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Star Wars Jedi Knight II- Jedi Outcast no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Star Wars Knights of the Old Republic II - The Sith Lords Role-Playing LucasArts crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Starcraft - Battlechest no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Chronicles of Riddick - Escape From Butcher Bay VU Games crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Elder Scrolls III - Morrowind Game of the Year Edition Role-Playing Bethesda Softworks crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Legend of Zelda (working title) GC Nintendo crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Legend of Zelda - Four Swords Adventures GC Nintendo crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Legend of Zelda - The Minish Cap GBA Nintendo crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Lord of the Rings The Battle for Middle-earth Strategy EA Games crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Lord of the Rings The Return of The King crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Sims no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Sims - Hot Date Expansion Pack no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Sims - Makin Magic Expansion Pack no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Sims - Superstar Expansion Pack no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Sims - Unleashed Expansion Pack no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Sims - Vacation Expansion Pack no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Sims - Hot Date Expansion Pack no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Sims - Vacation Expansion Pack no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Sims 2 crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Sims Deluxe no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Sims Deluxe no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Sims Double Deluxe no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Sims no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Sims- Vacation no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Suffering Encore Software Inc. crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\The Suffering Midway crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Thief - Deadly Shadows Eidos Interactive crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Tiger Woods PGA Tour 2004 crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Tom Clancy's Splinter Cell Pandora Tomorrow crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Tom Clancys Ghost Recon - Desert Siege no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Tom Clancys Splinter Cell Pandora Tomorrow Ubisoft crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Tom Clancys Splinter Cell Ubisoft crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Tony Hawks Underground crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Trillian crasher.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Unreal Tournament 2003 no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Unreal Tournament 2004 Atari crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Unreal Tournament 2004 NO CD crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Unreal Tournament 2004 crack (keygen).exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Vampire - The Masquerade - Bloodlines Role-Playing Activision crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\VirtualLab Data Recovery crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\WWE Day of Reckoning GC THQ crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\WWE SmackDown! vs. Raw THQ crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Warcraft III - Reign Of Chaos no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Warez P2P.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Webroot Spy Sweeper.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\WinRAR crack (keygen).exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\WinZIP v9.0 Keygen.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\WinZip All Versions keygen.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\WinZip Self-Extractor v2.2 Patch.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\WinZip Self-Extractor v2.2 keygen.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\WinZip v8.0 Keygen.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\WinZip v8.x - v9.x patch.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\WinZip v9.0 Registration.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Windows XP Activation Crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Windows XP Professional crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Windows XP home edition Activation.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Winzip keygen.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\World of Warcraft Role-Playing Blizzard Entertainment crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Worms Armageddon NO CD crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\XBOX X-Fer Ripper and Transfer.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Yoshinoya Success crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\ZoneAlarm crack (keygen).exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Zoo Tycoon - Complete Collection no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Zoo Tycoon no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\Zoo Tycoon- Dinosaur Digs no cd crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\iMesh patch.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\mIRC 6.X crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\mirc 6.1x reg entries.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).
C:\WINDOWS\SoftwareDistribution\Download\windows server 2003 crack.exe -> Worm.Krepper.c : Cleaned with backup (quarantined).


::Report end
  • 0

#6
RiP

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Please post a new HijackThis log for review.
  • 0

#7
sukaira-ku

sukaira-ku

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Here is my new hijack this scan results

Logfile of HijackThis v1.99.1
Scan saved at 4:00:06 PM, on 3/6/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Documents and Settings\Daisy\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\DOCUME~1\Daisy\LOCALS~1\Temp\9.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Daisy\Desktop\HijackThis.exe

F3 - REG:win.ini: run=
O1 - Hosts: 222.208.183.175 www.kirinkwy.com.cn
O1 - Hosts: 222.208.183.175 3707229.sx.5151j.net
O1 - Hosts: 222.208.183.175 www.7282214.cn
O1 - Hosts: 222.208.183.175 www.wg77169.cn
O1 - Hosts: 222.208.183.175 www.233049.com
O1 - Hosts: 222.208.183.175 sou2.m369m.com
O1 - Hosts: 222.208.183.175 sou3.m369m.com
O1 - Hosts: 222.208.183.175 sou4.m369m.com
O1 - Hosts: 222.208.183.175 www.79793.com
O1 - Hosts: 222.208.183.175 www.58aa.cn
O1 - Hosts: 220.101.223.5 www.318282.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [BaoFeng32] C:\DOCUME~1\Daisy\LOCALS~1\Temp\9.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Daisy\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ScanRegistry] C:\Program Files\Common Files\update\update.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay11...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1136918882453
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/d...r/int_ver34.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Daisy\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: GrayPigeonServer - Unknown owner - C:\WINDOWS\G_Server2006.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServerIs - Unknown owner - C:\WINDOWS\ServerIs.exe (file missing)
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
  • 0

#8
RiP

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts

  • 0

#9
RiP

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts

  • 0

#10
RiP

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts

Hello sukaira-ku,

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Please download the Killbox by Option^Explicit. ( Save it to your desktop. )

Note: In the event you already have Killbox, this is a new version that I need you to download.

Please copy (Ctrl C) and paste (Ctrl V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop.

sc stop GrayPigeonServer
sc delete GrayPigeonServer
sc stop ServerIs
sc delete ServerIs
exit


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

F3 - REG:win.ini: run=
O1 - Hosts: 222.208.183.175 www.kirinkwy.com.cn
O1 - Hosts: 222.208.183.175 3707229.sx.5151j.net
O1 - Hosts: 222.208.183.175 www.7282214.cn
O1 - Hosts: 222.208.183.175 www.wg77169.cn
O1 - Hosts: 222.208.183.175 www.233049.com
O1 - Hosts: 222.208.183.175 sou2.m369m.com
O1 - Hosts: 222.208.183.175 sou3.m369m.com
O1 - Hosts: 222.208.183.175 sou4.m369m.com
O1 - Hosts: 222.208.183.175 www.79793.com
O1 - Hosts: 222.208.183.175 www.58aa.cn
O1 - Hosts: 220.101.223.5 www.318282.com
O4 - HKLM\..\Run: [BaoFeng32] C:\DOCUME~1\Daisy\LOCALS~1\Temp\9.exe
O4 - HKCU\..\Run: [ScanRegistry] C:\Program Files\Common Files\update\update.exe
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/d...r/int_ver34.CAB


Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.

Boot into Safe Mode:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Run ATF Cleaner:Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Double click FixServices.bat. A window will open and close. This is normal.

Using Windows Explorer delete the following folder (if present):

C:\Program Files\Common Files\update

Run Killbox:
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\DOCUME~1\Daisy\LOCALS~1\Temp\9.exe
    C:\WINDOWS\G_Server2006.exe


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Reboot into Normal Mode.

In your next reply please include the following:
  • A new HijackThis log.


  • 0

Advertisements


#11
sukaira-ku

sukaira-ku

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I have done as you instructed, here is my new log

Logfile of HijackThis v1.99.1
Scan saved at 7:32:41 PM, on 3/6/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Daisy\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Daisy\Desktop\HijackThis.exe

F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Daisy\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay11...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1136918882453
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Daisy\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
  • 0

#12
sukaira-ku

sukaira-ku

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Also, was the graypidgeon and the host things in my last scan what was causing an open proxy on my computer?
  • 0

#13
RiP

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Hello sukaira-ku,

It's possible that's why an open proxy was there, let's do a couple more scans to make sure, though.

Download the HostsXpert 3.7 - Hosts File Manager.
  • Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Download WinPFind2.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind2 on your desktop.
  • Open the folder and double-click on winpfind2.exe to start the program.
  • Click on the Services tab.
  • From the two drop down boxes next to Filter list:, on the left one choose List all type of services and on the right one choose List all services.
  • Click on the Configuration tab.
  • Keep the standard settings and then in the AddOn-Options box click the checkboxes for
    • HKCU_IEDesktop.def
    • Policies.def
    • SID_Run_Policies.def
    to select them.
  • Under File Options click Select All
  • Under Other Options put a check to both Show All boxes
  • Please maximize the window in order to be able to view the Status Bar where you can see the progress of the scan.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is, click on it to uncheck it and then please post that report into this topic. After posting please check if the whole report fit into the post. If it did fit, it should say <End of Report> at the end. If not, please post the section that was cut off in a second post.

Edited by __RiP_ChAiN_, 07 March 2007 - 07:49 AM.

  • 0

#14
sukaira-ku

sukaira-ku

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
winpfind2 always seems to freeze and I get the not responding message. Am I suppose to run it in safe mode? Currently I am running it in normal mode with all other applications closed.
  • 0

#15
sukaira-ku

sukaira-ku

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Also, what should I do with all the files put in quarantine after the AVG anti-spyware scan?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP