Help with Win32:Revop [Trj] virus!

Discussion in 'adware, spyware & hijack cleaning' started by mithrilx, May 31, 2004.

Thread Status:
Not open for further replies.
  1. mithrilx

    mithrilx Registered Member

    Joined:
    May 31, 2004
    Posts:
    1
    I ran Adware to clean up my computer and then HiJackThis.exe. Here's the log:

    Logfile of HijackThis v1.97.7
    Scan saved at 8:25:11 PM, on 5/31/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINNT\System32\smss.exe
    D:\WINNT\system32\winlogon.exe
    D:\WINNT\system32\services.exe
    D:\WINNT\system32\lsass.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\system32\spoolsv.exe
    D:\Program Files\Avast4\aswUpdSv.exe
    D:\Program Files\Avast4\ashServ.exe
    D:\WINNT\System32\svchost.exe
    D:\WINNT\system32\regsvc.exe
    D:\WINNT\system32\MSTask.exe
    D:\WINNT\system32\stisvc.exe
    D:\WINNT\System32\WBEM\WinMgmt.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\Explorer.EXE
    D:\Program Files\Microsoft Hardware\Mouse\point32.exe
    D:\PROGRA~1\Adaptec\DirectCD\directcd.exe
    D:\Program Files\Avast4\ashDisp.exe
    D:\WINNT\webshots.scr
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Avast4\ashSimpl.exe
    D:\Program Files\Avast4\ashChest.exe
    D:\PROGRA~1\DAP\DAP.EXE
    D:\Documents and Settings\Administrator\Alex\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\Spybot\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] D:\PROGRA~1\Adaptec\DirectCD\directcd.exe
    O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [avast!] D:\Program Files\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Si&milar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/wtgeneric/tradewinds/install.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    I'm not really experiencing problems with my computer yet, but I looked up Win32:Revop [Trj] on google and it took me to this forum. Could someone help?

    - mithrilx
     
  2. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi mithrilx,

    Looks clean :)

    Hope all is well

    Cheers,
     
Thread Status:
Not open for further replies.