Recently(yesterday) Avast intercepted a trojan on my computer. I think it installed some viruses and spyware. Can you check these logs and tell me what I should do?
Here's my Hijack This log
Logfile of HijackThis v1.99.1
Scan saved at 19:54, on 2007-07-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:WINDOWSsystem32cquvlooe.exe
C:WINDOWSrunservice.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:ComboFixcatchme.cfexe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:WINDOWSsystem32taskmgr.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesAheadInCDInCD.exe
C:WINDOWSsystem32rundll32.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpohmr08.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesRoad RunnerMedicRRMedic.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1BROADJ~1CORREC~1CCD.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpoevm08.exe
C:WINDOWSSystem32HPZipm12.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsUserDesktophijackthisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://rr.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [InCD] C:Program FilesAheadInCDInCD.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [NI.UWAS7_0001_N91M2703] "C:Program FilespoolsvWinAntiSpyware2007FreeInstall.exe" -nag
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - Startup: Medic.lnk = C:Program FilesRoad RunnerMedicRRMedic.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsCaylaStart MenuProgramsIMVURun IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: DomainService - - C:WINDOWSsystem32cquvlooe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:WINDOWSrunservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSSystem32HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
And this is my Combofix log
2003-04-14 12:58 24064 --a------ C:QooboxQuarantineCWINDOWSsystem32msxml3a.dll.vir
2007-07-01 16:08 38400 --a------ C:QooboxQuarantineCWINDOWSsvhost.exe.vir
2007-07-01 16:09 26171 --a------ C:QooboxQuarantineCWINDOWSsystem32xxyaxxv.dll.vir
2007-07-01 16:14 124436 --a------ C:QooboxQuarantineCWINDOWSsystem32rxmpqnyu.dll.vir
2007-07-01 16:14 1854829 --a------ C:QooboxQuarantineCWINDOWSsystem32cdeeg.bak1.vir
2007-07-01 16:14 263220 --a------ C:QooboxQuarantineCWINDOWSsystem32geedc.dll.vir
2007-07-01 16:15 999567 --a------ C:QooboxQuarantineCWINDOWSsystem32uynqpmxr.ini.vir
2007-07-01 16:17 62516 --a------ C:QooboxQuarantineCWINDOWSsystem32emjhycdo.dll.vir
2007-07-02 18:50 124436 --a------ C:QooboxQuarantineCWINDOWSsystem32rlagsyod.dll.vir
2007-07-02 19:25 62516 --a------ C:QooboxQuarantineCWINDOWSsystem32xjsbtini.dll.vir
2007-07-02 19:25 999626 --a------ C:QooboxQuarantineCWINDOWSsystem32doysgalr.ini.vir
2007-07-02 19:31 1862691 --a------ C:QooboxQuarantineCWINDOWSsystem32cdeeg.ini.vir
Folder PATH listing
Volume serial number is 9C99-24B3
C:QOOBOX
---Quarantine
+---Registry_backups
---C
---WINDOWS
| svhost.exe.vir
|
---system32
msxml3a.dll.vir
emjhycdo.dll.vir
rxmpqnyu.dll.vir
rlagsyod.dll.vir
xjsbtini.dll.vir
cdeeg.ini.vir
cdeeg.bak1.vir
uynqpmxr.ini.vir
doysgalr.ini.vir
xxyaxxv.dll.vir
geedc.dll.vir