About a week ago I started getting warnings from AVG about Poebot and Onekill trying to infiltrate my computer. I ran Ad-Aware, Spybot and AVG. Spybot was the only thing that actually found anything and it would delete the objects then they would show up again immediatly after rebooting. Any help would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 9:16:13 PM, on 9/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis-1.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126068942468
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7FA82B8-BD9B-4A56-94BF-6D15FF87B3F6}: NameServer = 208.201.224.11
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe



thanks again for any help

Hello and welcome to Geeks To Go,

could you please tell us what the entries were that spybot removed and returned, this will help in deciding which direction to start from.

Spybot found Alexa, Advertising.com, Avenue A, and Target.net

I rebooted in safe mode and deleted them, but Avast! still pops up warnings that I have trojans

ok, fist it appears you are running more then one Anti-virus software. this could be the main reason for your notices from Avast.

from your log I am seeing 2

avast
AVpersonal

Please choose the one you want to keep and uninstall the other one.
next, to make sure your system is clean

Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

then let us know how your system is working

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.