Hidden popup??

xxarlokxx · 07-07-2008, 02:43 PM

Here is the hijackthis log....i'll do the online scan now

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:05 AM, on 7/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE /P26 "EPSON Stylus CX1500 Series" /O5 "LPT1:" /M "Stylus CX1500"
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE /P35 "EPSON Stylus CX1500 Series (Copy 1)" /O6 "USB001" /M "Stylus CX1500"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stevenching28.spaces.live.com...d/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214379191747
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1162425286125
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45ABDAA6-9586-4E5E-A01E-2E395570E348}: NameServer = 203.198.23.208 205.252.144.126
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7710 bytes

cohen · 07-07-2008, 10:43 PM

I did find this

Quote:

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

Ceewi1, can you pls confirm this.

xxarlokxx, we wait for you online scanner results.

g25racer · 07-07-2008, 10:55 PM

Those ARE legit!!! It is part of Microsoft Office I believe.

cohen · 07-07-2008, 10:56 PM

Quote:

Originally Posted by g25racer

Those ARE legit!!! It is part of Microsoft Office I believe.

but if you read it, it says it was a virus / malware, and then people have comments below saying, it is a virus.

g25racer · 07-07-2008, 11:00 PM

What says it was a Virus?

xxarlokxx · 07-08-2008, 07:33 AM

here is the report....seems like alot got infected...0.o...=\=\

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, July 8, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, July 08, 2008 04:32:20
Records in database: 924835
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 78677
Threat name: 57
Infected objects: 63
Suspicious objects: 0
Duration of the scan: 02:36:44

File name / Threat name / Threats count
C:\Documents and Settings\Steven C\.housecall6.6\Quarantine\ad[2].js.bac_a05644 Infected: not-a-virus:AdWare.Win32.BHO.aai 1
C:\Documents and Settings\Steven C\.housecall6.6\Quarantine\msupx1.aux.bac_a05644 Infected: Trojan-Downloader.Win32.Tiny.bfz 1
C:\Documents and Settings\Steven C\.housecall6.6\Quarantine\__wmisog1.log.bac_a0564 4 Infected: not-a-virus:AdWare.Win32.BHO.aai 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080629-065926-506.dll Infected: Trojan-PSW.Win32.QQPass.chg 1
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll.vir Infected: not-a-virus:AdWare.Win32.Cinmus.kif 1
C:\QooBox\Quarantine\C\Program Files\Internet Explorer\IEXPLORE32.Dat.vir Infected: Trojan-Spy.Win32.Delf.cwy 1
C:\QooBox\Quarantine\C\Program Files\Internet Explorer\IEXPLORE32.Sys.vir Infected: Trojan-Spy.Win32.Delf.cwx 1
C:\QooBox\Quarantine\C\Program Files\Internet Explorer\IEXPLORE32.win.vir Infected: Trojan-Spy.Win32.Delf.cwz 1
C:\QooBox\Quarantine\C\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys.vir Infected: Trojan-PSW.Win32.QQPass.clp 1
C:\QooBox\Quarantine\C\Program Files\Microsoft Office\SYSTEM\apcdli.sys.vir Infected: not-a-virus:AdWare.Win32.Cinmus.hpc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\aitlasys.e xe.vir Infected: Trojan-PSW.Win32.OnLineGames.apms 1
C:\QooBox\Quarantine\C\WINDOWS\system32\axmsawin.e xe.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxxj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\azzxaime.e xe.vir Infected: Trojan-PSW.Win32.OnLineGames.apil 1
C:\QooBox\Quarantine\C\WINDOWS\system32\cedafb.dll .vir Infected: Trojan-GameThief.Win32.OnLineGames.rzop 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ddserh.dll .vir Infected: Trojan-GameThief.Win32.OnLineGames.ryop 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\ac pidisk.sys.vir Infected: Trojan-Dropper.Win32.Delf.boe 1
C:\QooBox\Quarantine\C\WINDOWS\system32\etshabty.e xe.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxwy 1
C:\QooBox\Quarantine\C\WINDOWS\system32\F411997C.E XE.vir Infected: Backdoor.Win32.Popwin.bfu 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ghwxattb.e xe.vir Infected: Trojan-PSW.Win32.OnLineGames.aphm 1
C:\QooBox\Quarantine\C\WINDOWS\system32\hdf453d.dl l.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxxu 1
C:\QooBox\Quarantine\C\WINDOWS\system32\hhrdxd.dll .vir Infected: Trojan-PSW.Win32.OnLineGames.rxnx 1
C:\QooBox\Quarantine\C\WINDOWS\system32\isdsasrv.e xe.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxwy 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ismhasrv.e xe.vir Infected: Trojan-GameThief.Win32.OnLineGames.saev 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jbhxabyt.e xe.vir Infected: Trojan-PSW.Win32.OnLineGames.apnd 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jfrwdh.dll .vir Infected: Trojan-GameThief.Win32.OnLineGames.rxvu 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jkhxaklo.d ll.vir Infected: Trojan-PSW.Win32.OnLineGames.aqem 1
C:\QooBox\Quarantine\C\WINDOWS\system32\kcoin32.dl l.vir Infected: Trojan-GameThief.Win32.OnLineGames.asft 1
C:\QooBox\Quarantine\C\WINDOWS\system32\kcoin32.ex e.vir Infected: Trojan-PSW.Win32.OnLineGames.arum 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lofsdjbo.d ll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxva 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lojxadwd.e xe.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxxa 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lpsgajba.e xe.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxxp 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mfdesy.dll .vir Infected: Trojan-PSW.Win32.OnLineGames.aruv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\MMHADPQG10 97.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.aqik 1
C:\QooBox\Quarantine\C\WINDOWS\system32\MMHADPQG11 00.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rzux 1
C:\QooBox\Quarantine\C\WINDOWS\system32\MMHADPQG11 01.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.saqa 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mnmhgsrv.d ll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxxl 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mpwdeapi.d ll.vir Infected: Trojan-PSW.Win32.OnLineGames.aprv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mtewdh.dll .vir Infected: Trojan-GameThief.Win32.OnLineGames.sbvy 1
C:\QooBox\Quarantine\C\WINDOWS\system32\oohxdbyt.d ll.vir Infected: Trojan-PSW.Win32.OnLineGames.apkv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\opshcbty.d ll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rzcp 1
C:\QooBox\Quarantine\C\WINDOWS\system32\oswxdttb.d ll.vir Infected: Trojan-PSW.Win32.OnLineGames.aqba 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ozfyebyt.d ll.vir Infected: Trojan-PSW.Win32.OnLineGames.aqex 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pjjxedwd.d ll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxzj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pldhadwd.e xe.vir Infected: Trojan-PSW.Win32.OnLineGames.aqfs 1
C:\QooBox\Quarantine\C\WINDOWS\system32\posqatyu.e xe.vir Infected: Trojan-PSW.Win32.OnLineGames.aqgp 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ptjhehlp.d ll.vir Infected: Trojan-PSW.Win32.OnLineGames.apke 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rfdswc.dll .vir Infected: Trojan-GameThief.Win32.OnLineGames.sakh 1
C:\QooBox\Quarantine\C\WINDOWS\system32\s2da2f323. dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.ascd 1
C:\QooBox\Quarantine\C\WINDOWS\system32\simyaapi.e xe.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxxa 1
C:\QooBox\Quarantine\C\WINDOWS\system32\siwdaapi.e xe.vir Infected: Trojan-PSW.Win32.OnLineGames.apms 1
C:\QooBox\Quarantine\C\WINDOWS\system32\spjhahlp.e xe.vir Infected: Trojan-PSW.Win32.OnLineGames.apms 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tdggrz.dll .vir Infected: Trojan-GameThief.Win32.OnLineGames.sadw 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tisqatyu.d ll.vir Infected: Trojan-PSW.Win32.OnLineGames.aqhb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wklsdd.dll .vir Infected: Trojan-GameThief.Win32.OnLineGames.sabp 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yxcschlp.d ll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxya 1
C:\QooBox\Quarantine\C\WINDOWS\system32\zaztamsn.e xe.vir Infected: Trojan-GameThief.Win32.OnLineGames.asbu 1
C:\QooBox\Quarantine\C\WINDOWS\system32\zgrjdx.dll .vir Infected: Trojan-GameThief.Win32.OnLineGames.sahx 1
C:\QooBox\Quarantine\C\WINDOWS\system32\zptlcsys.d ll.vir Infected: Trojan-PSW.Win32.OnLineGames.aplb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\zxcsahlp.e xe.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxwy 1
C:\QooBox\Quarantine\C\WINDOWS\system32\zxmsdwin.d ll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxxv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\zycbdime.d ll.vir Infected: Trojan-PSW.Win32.OnLineGames.apjc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\zyzxjime.d ll.vir Infected: Trojan-PSW.Win32.OnLineGames.apja 1
C:\WINDOWS\system32\drivers\hjjku3xohj.sys Infected: Trojan-Downloader.Win32.Hmir.doj 1

The selected area was scanned.

cohen · 07-08-2008, 07:36 AM

Quote:

Originally Posted by xxarlokxx

here is the report....seems like alot got infected...

You bet!

xxarlokxx · 07-08-2008, 07:48 AM

Quote:

Originally Posted by cohen

You bet!

what can i do??

is it hard to get it fixed??

cohen · 07-08-2008, 07:51 AM

Quote:

Originally Posted by xxarlokxx

what can i do??

is it hard to get it fixed??

well i'm have not learnt this part yet, i'm learning a few things, i can do the starting things, and i'm sure it won't be to hard to fix, wait for ceewi1 or punk or gamemaster, mostly likely it will be ceewi1 to come along.

nobbly niblets · 07-08-2008, 07:59 AM

Originally Posted by nobbly niblets

Heya xxarlokxx,

It will be hard to get fixed.

It will be a multifaceted process to repair your system. Unforunately this will require multiple scans and multiple log postings on your part.

It is not surprising that an infection of this magnitude has infected your system. You download torrents and there is no evidence of an antivirus program or firewall on your system.

Use a tool to directly target the trojan horses appearing on your system.

Download SDFix to your desktop.

http://downloads.andymanchesta.com/R...ools/SDFix.exe

Double click SDFix.exe on your desktop and it will extract the files to the root directory where your operating system resides.

Next boot your pc into "Safe mode" using the f8 key during start-up.

Please do not use msconfig method whenever booting into "Safe Mode" for malware removal as this can cause boot loop

IN SAFE MODE

1) Open the extracted SDFix folder and double click RunThis to start the script. This can be found in the root directory usually C:\SDFix.

2) Type Y to begin the cleanup process.

3) It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

4) Press any Key and it will restart the PC.

5) When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

6) Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

7) Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

07-07-2008, 10:55 PM	#33 (permalink)
g25racer Diamond Member Join Date: Feb 2008 Location: Hamilton, MI Posts: 3,852	Those ARE legit!!! It is part of Microsoft Office I believe. __________________ CPU - AMD Athlon 64x2 5200+ @ 2.6ghz Ram - 2GB Stock clock HD - 320gb seagate & Samsung 750gb 32mb cache GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz PSU - Ultra X-finity 600watt OS - Vista Home Premium(32) & Ubuntu (8.04) Ultimate Ed Audio - JVC 460watts Control - Logitech G25 Wheel & Logitech Rumblepad 2 Games - GTR2 and LFS -- Race Sim's for Life --

07-07-2008, 11:00 PM	#35 (permalink)
g25racer Diamond Member Join Date: Feb 2008 Location: Hamilton, MI Posts: 3,852	What says it was a Virus? __________________ CPU - AMD Athlon 64x2 5200+ @ 2.6ghz Ram - 2GB Stock clock HD - 320gb seagate & Samsung 750gb 32mb cache GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz PSU - Ultra X-finity 600watt OS - Vista Home Premium(32) & Ubuntu (8.04) Ultimate Ed Audio - JVC 460watts Control - Logitech G25 Wheel & Logitech Rumblepad 2 Games - GTR2 and LFS -- Race Sim's for Life --

07-08-2008, 07:59 AM	#40 (permalink)
nobbly niblets Bronze Member Join Date: Dec 2007 Posts: 42	Originally Posted by nobbly niblets Heya xxarlokxx, It will be hard to get fixed. It will be a multifaceted process to repair your system. Unforunately this will require multiple scans and multiple log postings on your part. It is not surprising that an infection of this magnitude has infected your system. You download torrents and there is no evidence of an antivirus program or firewall on your system. Use a tool to directly target the trojan horses appearing on your system. Download SDFix to your desktop. http://downloads.andymanchesta.com/R...ools/SDFix.exe Double click SDFix.exe on your desktop and it will extract the files to the root directory where your operating system resides. Next boot your pc into "Safe mode" using the f8 key during start-up. Please do not use msconfig method whenever booting into "Safe Mode" for malware removal as this can cause boot loop IN SAFE MODE 1) Open the extracted SDFix folder and double click RunThis to start the script. This can be found in the root directory usually C:\SDFix. 2) Type Y to begin the cleanup process. 3) It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. 4) Press any Key and it will restart the PC. 5) When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. 6) Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). 7) Finally paste the contents of the Report.txt back on the forum with a new HijackThis log Last edited by Buzz1927; 07-08-2008 at 09:18 AM.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Installed new theme, now I hear music..	jbrdbr111x	Computer Security	32	05-23-2008 10:12 PM
Hidden Folders	Downloader999	Operating Systems	6	02-21-2007 08:37 AM
can anybody help me in fixing errors......plssssss	krissonhead	Computer Security	31	05-25-2006 04:55 PM
hijackthis log\| HELP	dorkins	Computer Security	11	11-07-2005 01:07 AM
HijackThis Log and Rootkit Reveal	woody	Computer Security	3	11-03-2005 01:46 PM

07-07-2008, 02:43 PM	#31 (permalink)
xxarlokxx Bronze Member Join Date: Jun 2008 Posts: 45	Here is the hijackthis log....i'll do the online scan now Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:43:05 AM, on 7/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE /P26 "EPSON Stylus CX1500 Series" /O5 "LPT1:" /M "Stylus CX1500" O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE /P35 "EPSON Stylus CX1500 Series (Copy 1)" /O6 "USB001" /M "Stylus CX1500" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stevenching28.spaces.live.com...d/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214379191747 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1162425286125 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{45ABDAA6-9586-4E5E-A01E-2E395570E348}: NameServer = 203.198.23.208 205.252.144.126 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 7710 bytes

07-08-2008, 07:33 AM	#36 (permalink)
xxarlokxx Bronze Member Join Date: Jun 2008 Posts: 45	here is the report....seems like alot got infected...0.o...=\=\ -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, July 8, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, July 08, 2008 04:32:20 Records in database: 924835 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 78677 Threat name: 57 Infected objects: 63 Suspicious objects: 0 Duration of the scan: 02:36:44 File name / Threat name / Threats count C:\Documents and Settings\Steven C\.housecall6.6\Quarantine\ad[2].js.bac_a05644 Infected: not-a-virus:AdWare.Win32.BHO.aai 1 C:\Documents and Settings\Steven C\.housecall6.6\Quarantine\msupx1.aux.bac_a05644 Infected: Trojan-Downloader.Win32.Tiny.bfz 1 C:\Documents and Settings\Steven C\.housecall6.6\Quarantine\__wmisog1.log.bac_a0564 4 Infected: not-a-virus:AdWare.Win32.BHO.aai 1 C:\Program Files\Trend Micro\HijackThis\backups\backup-20080629-065926-506.dll Infected: Trojan-PSW.Win32.QQPass.chg 1 C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll.vir Infected: not-a-virus:AdWare.Win32.Cinmus.kif 1 C:\QooBox\Quarantine\C\Program Files\Internet Explorer\IEXPLORE32.Dat.vir Infected: Trojan-Spy.Win32.Delf.cwy 1 C:\QooBox\Quarantine\C\Program Files\Internet Explorer\IEXPLORE32.Sys.vir Infected: Trojan-Spy.Win32.Delf.cwx 1 C:\QooBox\Quarantine\C\Program Files\Internet Explorer\IEXPLORE32.win.vir Infected: Trojan-Spy.Win32.Delf.cwz 1 C:\QooBox\Quarantine\C\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys.vir Infected: Trojan-PSW.Win32.QQPass.clp 1 C:\QooBox\Quarantine\C\Program Files\Microsoft Office\SYSTEM\apcdli.sys.vir Infected: not-a-virus:AdWare.Win32.Cinmus.hpc 1 C:\QooBox\Quarantine\C\WINDOWS\system32\aitlasys.e xe.vir Infected: Trojan-PSW.Win32.OnLineGames.apms 1 C:\QooBox\Quarantine\C\WINDOWS\system32\axmsawin.e xe.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxxj 1 C:\QooBox\Quarantine\C\WINDOWS\system32\azzxaime.e xe.vir Infected: Trojan-PSW.Win32.OnLineGames.apil 1 C:\QooBox\Quarantine\C\WINDOWS\system32\cedafb.dll .vir Infected: Trojan-GameThief.Win32.OnLineGames.rzop 1 C:\QooBox\Quarantine\C\WINDOWS\system32\ddserh.dll .vir Infected: Trojan-GameThief.Win32.OnLineGames.ryop 1 C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\ac pidisk.sys.vir Infected: Trojan-Dropper.Win32.Delf.boe 1 C:\QooBox\Quarantine\C\WINDOWS\system32\etshabty.e xe.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxwy 1 C:\QooBox\Quarantine\C\WINDOWS\system32\F411997C.E XE.vir Infected: Backdoor.Win32.Popwin.bfu 1 C:\QooBox\Quarantine\C\WINDOWS\system32\ghwxattb.e xe.vir Infected: Trojan-PSW.Win32.OnLineGames.aphm 1 C:\QooBox\Quarantine\C\WINDOWS\system32\hdf453d.dl l.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxxu 1 C:\QooBox\Quarantine\C\WINDOWS\system32\hhrdxd.dll .vir Infected: Trojan-PSW.Win32.OnLineGames.rxnx 1 C:\QooBox\Quarantine\C\WINDOWS\system32\isdsasrv.e xe.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxwy 1 C:\QooBox\Quarantine\C\WINDOWS\system32\ismhasrv.e xe.vir Infected: Trojan-GameThief.Win32.OnLineGames.saev 1 C:\QooBox\Quarantine\C\WINDOWS\system32\jbhxabyt.e xe.vir Infected: Trojan-PSW.Win32.OnLineGames.apnd 1 C:\QooBox\Quarantine\C\WINDOWS\system32\jfrwdh.dll .vir Infected: Trojan-GameThief.Win32.OnLineGames.rxvu 1 C:\QooBox\Quarantine\C\WINDOWS\system32\jkhxaklo.d ll.vir Infected: Trojan-PSW.Win32.OnLineGames.aqem 1 C:\QooBox\Quarantine\C\WINDOWS\system32\kcoin32.dl l.vir Infected: Trojan-GameThief.Win32.OnLineGames.asft 1 C:\QooBox\Quarantine\C\WINDOWS\system32\kcoin32.ex e.vir Infected: Trojan-PSW.Win32.OnLineGames.arum 1 C:\QooBox\Quarantine\C\WINDOWS\system32\lofsdjbo.d ll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxva 1 C:\QooBox\Quarantine\C\WINDOWS\system32\lojxadwd.e xe.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxxa 1 C:\QooBox\Quarantine\C\WINDOWS\system32\lpsgajba.e xe.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxxp 1 C:\QooBox\Quarantine\C\WINDOWS\system32\mfdesy.dll .vir Infected: Trojan-PSW.Win32.OnLineGames.aruv 1 C:\QooBox\Quarantine\C\WINDOWS\system32\MMHADPQG10 97.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.aqik 1 C:\QooBox\Quarantine\C\WINDOWS\system32\MMHADPQG11 00.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rzux 1 C:\QooBox\Quarantine\C\WINDOWS\system32\MMHADPQG11 01.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.saqa 1 C:\QooBox\Quarantine\C\WINDOWS\system32\mnmhgsrv.d ll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxxl 1 C:\QooBox\Quarantine\C\WINDOWS\system32\mpwdeapi.d ll.vir Infected: Trojan-PSW.Win32.OnLineGames.aprv 1 C:\QooBox\Quarantine\C\WINDOWS\system32\mtewdh.dll .vir Infected: Trojan-GameThief.Win32.OnLineGames.sbvy 1 C:\QooBox\Quarantine\C\WINDOWS\system32\oohxdbyt.d ll.vir Infected: Trojan-PSW.Win32.OnLineGames.apkv 1 C:\QooBox\Quarantine\C\WINDOWS\system32\opshcbty.d ll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rzcp 1 C:\QooBox\Quarantine\C\WINDOWS\system32\oswxdttb.d ll.vir Infected: Trojan-PSW.Win32.OnLineGames.aqba 1 C:\QooBox\Quarantine\C\WINDOWS\system32\ozfyebyt.d ll.vir Infected: Trojan-PSW.Win32.OnLineGames.aqex 1 C:\QooBox\Quarantine\C\WINDOWS\system32\pjjxedwd.d ll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxzj 1 C:\QooBox\Quarantine\C\WINDOWS\system32\pldhadwd.e xe.vir Infected: Trojan-PSW.Win32.OnLineGames.aqfs 1 C:\QooBox\Quarantine\C\WINDOWS\system32\posqatyu.e xe.vir Infected: Trojan-PSW.Win32.OnLineGames.aqgp 1 C:\QooBox\Quarantine\C\WINDOWS\system32\ptjhehlp.d ll.vir Infected: Trojan-PSW.Win32.OnLineGames.apke 1 C:\QooBox\Quarantine\C\WINDOWS\system32\rfdswc.dll .vir Infected: Trojan-GameThief.Win32.OnLineGames.sakh 1 C:\QooBox\Quarantine\C\WINDOWS\system32\s2da2f323. dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.ascd 1 C:\QooBox\Quarantine\C\WINDOWS\system32\simyaapi.e xe.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxxa 1 C:\QooBox\Quarantine\C\WINDOWS\system32\siwdaapi.e xe.vir Infected: Trojan-PSW.Win32.OnLineGames.apms 1 C:\QooBox\Quarantine\C\WINDOWS\system32\spjhahlp.e xe.vir Infected: Trojan-PSW.Win32.OnLineGames.apms 1 C:\QooBox\Quarantine\C\WINDOWS\system32\tdggrz.dll .vir Infected: Trojan-GameThief.Win32.OnLineGames.sadw 1 C:\QooBox\Quarantine\C\WINDOWS\system32\tisqatyu.d ll.vir Infected: Trojan-PSW.Win32.OnLineGames.aqhb 1 C:\QooBox\Quarantine\C\WINDOWS\system32\wklsdd.dll .vir Infected: Trojan-GameThief.Win32.OnLineGames.sabp 1 C:\QooBox\Quarantine\C\WINDOWS\system32\yxcschlp.d ll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxya 1 C:\QooBox\Quarantine\C\WINDOWS\system32\zaztamsn.e xe.vir Infected: Trojan-GameThief.Win32.OnLineGames.asbu 1 C:\QooBox\Quarantine\C\WINDOWS\system32\zgrjdx.dll .vir Infected: Trojan-GameThief.Win32.OnLineGames.sahx 1 C:\QooBox\Quarantine\C\WINDOWS\system32\zptlcsys.d ll.vir Infected: Trojan-PSW.Win32.OnLineGames.aplb 1 C:\QooBox\Quarantine\C\WINDOWS\system32\zxcsahlp.e xe.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxwy 1 C:\QooBox\Quarantine\C\WINDOWS\system32\zxmsdwin.d ll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxxv 1 C:\QooBox\Quarantine\C\WINDOWS\system32\zycbdime.d ll.vir Infected: Trojan-PSW.Win32.OnLineGames.apjc 1 C:\QooBox\Quarantine\C\WINDOWS\system32\zyzxjime.d ll.vir Infected: Trojan-PSW.Win32.OnLineGames.apja 1 C:\WINDOWS\system32\drivers\hjjku3xohj.sys Infected: Trojan-Downloader.Win32.Hmir.doj 1 The selected area was scanned.