I ran the Lavasoft Ad-Aware and removed some "WINANTIVIRUSPRO" things. Ran the Panda ActiveScan, it detected and removed 2 viruses. It also told me I had 9 Spywares and 4 Hacking tools and rootkits (It did not disinfect them).
I've been getting some weird sites popping up from "Amaena.." Although they haven't shown up since I've ran the scans.
I ran Windows Defender and removed some process thing It considered dangerous.
Did a system restore. Ran the Windows Defender again. Turned up clean. Ran Panda ActiveScan again. 8 Spywares and 3 Hacking tools and rootkits. There's still a problem.
Here is the HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 8:51:24 PM, on 6/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\vcdplayx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Van Hofwegen Family\Desktop\HijackThis-2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\Van Hofwegen Family\Application Data\Mozilla\Profiles\default\4g6ruq4y.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Van Hofwegen Family\Application Data\Mozilla\Profiles\default\4g6ruq4y.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {165F8FF0-FEE2-4A9E-9207-B9DA25671ADf} - C:\WINDOWS\system32\duskrhwd.dll
O2 - BHO: (no name) - {41262378-77C3-4E8F-8269-2E4B06909A4E} - C:\WINDOWS\system32\awtqn.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\jfesumqs.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Van Hofwegen Family\Local Settings\Temp\TICHD003.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office12\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1141096466296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1148497382057
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcopho...ostcoUpload.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: awtqn - C:\WINDOWS\system32\awtqn.dll
O20 - Winlogon Notify: rqrstro - C:\WINDOWS\SYSTEM32\rqrstro.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Here is the Ad-Aware Quarantine Log: (Stuff I removed)
ArchiveData(auto-quarantine- 2007-06-05 21-46-15.bckp)
Referencefile : SE1R174 04.06.2007
======================================================
WINANTIVIRUSPRO
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=RegKey : interface\{2e01311b-c322-4b0a-bd77-b90cfdc8dce7}
obj[1]=RegKey : interface\{50ea08b0-dd1b-4664-9a50-c2f40f4bd79a}
obj[2]=RegKey : interface\{50ea08b1-dd1b-4664-9a50-c2f40f4bd79a}
obj[3]=RegKey : interface\{50ea08b2-dd1b-4664-9a50-c2f40f4bd79a}
obj[4]=RegKey : interface\{50ea08b3-dd1b-4664-9a50-c2f40f4bd79a}
obj[5]=RegKey : interface\{50ea08b4-dd1b-4664-9a50-c2f40f4bd79a}
obj[6]=RegKey : interface\{50ea08b5-dd1b-4664-9a50-c2f40f4bd79a}
obj[7]=RegKey : interface\{50ea08b6-dd1b-4664-9a50-c2f40f4bd79a}
obj[8]=RegKey : interface\{50ea08b7-dd1b-4664-9a50-c2f40f4bd79a}
obj[9]=RegKey : interface\{50ea08b8-dd1b-4664-9a50-c2f40f4bd79a}
obj[10]=RegKey : interface\{50ea08b9-dd1b-4664-9a50-c2f40f4bd79a}
obj[11]=RegKey : interface\{50ea08ba-dd1b-4664-9a50-c2f40f4bd79a}
obj[12]=RegKey : interface\{50ea08bb-dd1b-4664-9a50-c2f40f4bd79a}
obj[13]=RegKey : interface\{50ea08bc-dd1b-4664-9a50-c2f40f4bd79a}
obj[14]=RegKey : interface\{50ea08bd-dd1b-4664-9a50-c2f40f4bd79a}
obj[15]=RegKey : interface\{50ea08be-dd1b-4664-9a50-c2f40f4bd79a}
obj[16]=RegKey : interface\{c90352f5-643c-4fbc-bb23-e996eb2d51fd}
obj[17]=RegKey : interface\{fa4bb38c-faf9-4cca-9302-d1dd0fe520db}
obj[18]=RegKey : system\controlset001\services\vxd
obj[19]=RegKey : system\currentcontrolset\services\vxd
obj[20]=RegKey : system\controlset003\services\vxd
obj[21]=File : C:\Documents and Settings\Van Hofwegen Family\Application Data\Mozilla\Firefox\Profiles\Default User\Cache(6)\A23E4567d01
obj[22]=File : C:\Documents and Settings\Van Hofwegen Family\Local Settings\Temporary Internet Files\Content.IE5\944KSFFD\NewSoftware2007Install[1].cab
obj[23]=File : C:\WINDOWS\system32\mfc71.dll
Here is the Panda ActiveScan log:
(going to post when the scan is finished)
Thank you so much for your time and help.
Edited by xooma, 05 June 2007 - 11:40 PM.