Tech Support Forum - View Single Post

Crazylink · 07-02-2007, 07:48 PM

Hi, I'm new here and I'm having some virus trouble.

Here's my Hijack This log
Logfile of HijackThis v1.99.1
Scan saved at 19:54, on 2007-07-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:WINDOWSsystem32cquvlooe.exe
C:WINDOWSrunservice.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:ComboFixcatchme.cfexe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:WINDOWSsystem32taskmgr.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesAheadInCDInCD.exe
C:WINDOWSsystem32rundll32.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpohmr08.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesRoad RunnerMedicRRMedic.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1BROADJ~1CORREC~1CCD.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpoevm08.exe
C:WINDOWSSystem32HPZipm12.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsUserDesktophijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://rr.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [InCD] C:Program FilesAheadInCDInCD.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [NI.UWAS7_0001_N91M2703] "C:Program FilespoolsvWinAntiSpyware2007FreeInstall.exe" -nag
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - Startup: Medic.lnk = C:Program FilesRoad RunnerMedicRRMedic.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsCaylaStart MenuProgramsIMVURun IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: DomainService - - C:WINDOWSsystem32cquvlooe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:WINDOWSrunservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSSystem32HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe

And this is my Combofix log
2003-04-14 12:58 24064 --a------ C:QooboxQuarantineCWINDOWSsystem32msxml3a.dll.vir
2007-07-01 16:08 38400 --a------ C:QooboxQuarantineCWINDOWSsvhost.exe.vir
2007-07-01 16:09 26171 --a------ C:QooboxQuarantineCWINDOWSsystem32xxyaxxv.dll.vir
2007-07-01 16:14 124436 --a------ C:QooboxQuarantineCWINDOWSsystem32rxmpqnyu.dll.vir
2007-07-01 16:14 1854829 --a------ C:QooboxQuarantineCWINDOWSsystem32cdeeg.bak1.vir
2007-07-01 16:14 263220 --a------ C:QooboxQuarantineCWINDOWSsystem32geedc.dll.vir
2007-07-01 16:15 999567 --a------ C:QooboxQuarantineCWINDOWSsystem32uynqpmxr.ini.vir
2007-07-01 16:17 62516 --a------ C:QooboxQuarantineCWINDOWSsystem32emjhycdo.dll.vir
2007-07-02 18:50 124436 --a------ C:QooboxQuarantineCWINDOWSsystem32rlagsyod.dll.vir
2007-07-02 19:25 62516 --a------ C:QooboxQuarantineCWINDOWSsystem32xjsbtini.dll.vir
2007-07-02 19:25 999626 --a------ C:QooboxQuarantineCWINDOWSsystem32doysgalr.ini.vir
2007-07-02 19:31 1862691 --a------ C:QooboxQuarantineCWINDOWSsystem32cdeeg.ini.vir

Folder PATH listing
Volume serial number is 9C99-24B3
C:QOOBOX
---Quarantine
+---Registry_backups
---C
---WINDOWS
| svhost.exe.vir
|
---system32
msxml3a.dll.vir
emjhycdo.dll.vir
rxmpqnyu.dll.vir
rlagsyod.dll.vir
xjsbtini.dll.vir
cdeeg.ini.vir
cdeeg.bak1.vir
uynqpmxr.ini.vir
doysgalr.ini.vir
xxyaxxv.dll.vir
geedc.dll.vir

I know Hijack This found problems with cquvlooe.exe and WinAntiSpyware2007FreeInstall.exe, but it doesn't recognize them.

07-02-2007, 07:48 PM	#1 (permalink)
Crazylink Registered User Join Date: Jul 2007 Posts: 11 OS: Windows XP My System	What is this stuff? HJT Log Hi, I'm new here and I'm having some virus trouble. Here's my Hijack This log Logfile of HijackThis v1.99.1 Scan saved at 19:54, on 2007-07-02 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe C:Program FilesAlwil SoftwareAvast4ashServ.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe C:WINDOWSsystem32cquvlooe.exe C:WINDOWSrunservice.exe C:WINDOWSsystem32nvsvc32.exe C:WINDOWSSystem32svchost.exe C:ComboFixcatchme.cfexe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:WINDOWSsystem32taskmgr.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe C:WINDOWSSOUNDMAN.EXE C:Program FilesAheadInCDInCD.exe C:WINDOWSsystem32rundll32.exe C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:Program FilesQuickTimeqttask.exe C:Program FilesiTunesiTunesHelper.exe C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe C:Program FilesHewlett-PackardDigital Imagingbinhpohmr08.exe C:Program FilesiPodbiniPodService.exe C:Program FilesRoad RunnerMedicRRMedic.exe C:WINDOWSSystem32svchost.exe C:PROGRA~1BROADJ~1CORREC~1CCD.exe C:Program FilesHewlett-PackardDigital Imagingbinhpoevm08.exe C:WINDOWSSystem32HPZipm12.exe C:Program FilesMozilla Firefoxfirefox.exe C:Documents and SettingsUserDesktophijackthisHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://rr.com/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [InCD] C:Program FilesAheadInCDInCD.exe O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe" O4 - HKLM..Run: [NI.UWAS7_0001_N91M2703] "C:Program FilespoolsvWinAntiSpyware2007FreeInstall.exe" -nag O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background O4 - Startup: Medic.lnk = C:Program FilesRoad RunnerMedicRRMedic.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: hp psc 1000 series.lnk = ? O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsCaylaStart MenuProgramsIMVURun IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: http://*.update.microsoft.com O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing) O23 - Service: DomainService - - C:WINDOWSsystem32cquvlooe.exe O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:WINDOWSrunservice.exe O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSSystem32HPZipm12.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe And this is my Combofix log 2003-04-14 12:58 24064 --a------ C:QooboxQuarantineCWINDOWSsystem32msxml3a.dll.vir 2007-07-01 16:08 38400 --a------ C:QooboxQuarantineCWINDOWSsvhost.exe.vir 2007-07-01 16:09 26171 --a------ C:QooboxQuarantineCWINDOWSsystem32xxyaxxv.dll.vir 2007-07-01 16:14 124436 --a------ C:QooboxQuarantineCWINDOWSsystem32rxmpqnyu.dll.vir 2007-07-01 16:14 1854829 --a------ C:QooboxQuarantineCWINDOWSsystem32cdeeg.bak1.vir 2007-07-01 16:14 263220 --a------ C:QooboxQuarantineCWINDOWSsystem32geedc.dll.vir 2007-07-01 16:15 999567 --a------ C:QooboxQuarantineCWINDOWSsystem32uynqpmxr.ini.vir 2007-07-01 16:17 62516 --a------ C:QooboxQuarantineCWINDOWSsystem32emjhycdo.dll.vir 2007-07-02 18:50 124436 --a------ C:QooboxQuarantineCWINDOWSsystem32rlagsyod.dll.vir 2007-07-02 19:25 62516 --a------ C:QooboxQuarantineCWINDOWSsystem32xjsbtini.dll.vir 2007-07-02 19:25 999626 --a------ C:QooboxQuarantineCWINDOWSsystem32doysgalr.ini.vir 2007-07-02 19:31 1862691 --a------ C:QooboxQuarantineCWINDOWSsystem32cdeeg.ini.vir Folder PATH listing Volume serial number is 9C99-24B3 C:QOOBOX ---Quarantine +---Registry_backups ---C ---WINDOWS \| svhost.exe.vir \| ---system32 msxml3a.dll.vir emjhycdo.dll.vir rxmpqnyu.dll.vir rlagsyod.dll.vir xjsbtini.dll.vir cdeeg.ini.vir cdeeg.bak1.vir uynqpmxr.ini.vir doysgalr.ini.vir xxyaxxv.dll.vir geedc.dll.vir I know Hijack This found problems with cquvlooe.exe and WinAntiSpyware2007FreeInstall.exe, but it doesn't recognize them.