Viruses!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

satcom

Thread Starter
Joined
Jan 16, 2004
Messages
87
Hey guys, This PC is running win2kPro. It is running really, really slow. AVG found lovsan.a and healed it and spybot.14.aq and put it into the vault. CWS removed cws.smartsearch. Here is the HJT log. I cant find a removal tool for the spybot trojan so I was hopoing you could tell me if there is something in this log that needed to go.

Thanks a million!

Logfile of HijackThis v1.97.7
Scan saved at 2:11:43 PM, on 4/19/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\MMKeybd.exe
C:\WINNT\loadqm.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Netropa\OSD.exe
C:\PROGRA~1\NORTON~1\Navapw32.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\FRU\Remind32.exe
C:\PROGRA~1\HEWLET~1\HPOFFI~1\bin\hpoevm07.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\SatCom\merijn\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50018
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50018
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50018
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DellTouch] C:\WINNT\MMKeybd.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TB_ANI~1.EXE /dcheck
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [Windows Service] WINSVC.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\Navapw32.exe
O4 - HKLM\..\Run: [Rundll32] sounds.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [Rundll32] sounds.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Windows Service] WINSVC.EXE
O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\FRU\Remind32.exe
O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Thanks again!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top