Another case of hijacked desktop[inactive]
Hi,
I have been struggling over the last few days with a hijacked desktop. I have the Red background with black rectangle "Danger:Spyware" notice. I have not been able to fix this. Can you please help?
I have run everything that you recommend, SpyBot, AdAware, I have emptied all temporal folders and coockies, and I have disabled system restore. I have run Panda antivirus including the online scan as well as Housecall.
Is there anything else I can do before reformating the hard drive and re-installing eveything?
Thanks for any help. I have included the latest HJT log (after doing all of the above):
Logfile of HijackThis v1.99.1
Scan saved at 10:01:17 PM, on 3/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\WINDOWS\system32\Amf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\system32\ntddetect.exe
O4 - HKLM\..\Run: [Apq] C:\WINDOWS\system32\Gpv.exe
O4 - HKLM\..\Run: [Dto] C:\WINDOWS\Bdh.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Aua] C:\WINDOWS\system32\Amf.exe
O4 - HKLM\..\Run: [Fmu] C:\WINDOWS\system32\Tfe.exe
O4 - HKLM\..\Run: [Sev] C:\WINDOWS\system32\Ldh.exe
O4 - HKLM\..\Run: [Mua] C:\WINDOWS\system32\Vpm.exe
O4 - HKLM\..\Run: [Gtc] C:\WINDOWS\Cra.exe
O4 - HKLM\..\Run: [Eav] C:\WINDOWS\system32\Kvk.exe
O4 - HKLM\..\Run: [Vpr] C:\WINDOWS\Gru.exe
O4 - HKLM\..\Run: [Rjg] C:\WINDOWS\Ase.exe
O4 - HKLM\..\Run: [Imn] C:\WINDOWS\Ofg.exe
O4 - HKLM\..\Run: [Okg] C:\WINDOWS\Hav.exe
O4 - HKLM\..\Run: [Ibo] C:\WINDOWS\Pnm.exe
O4 - HKLM\..\Run: [Kjm] C:\WINDOWS\system32\Mka.exe
O4 - HKLM\..\Run: [Sdd] C:\WINDOWS\Jrt.exe
O4 - HKLM\..\Run: [Fkj] C:\WINDOWS\system32\Qbc.exe
O4 - HKLM\..\Run: [Lcr] C:\WINDOWS\system32\Afd.exe
O4 - HKLM\..\Run: [Bav] C:\WINDOWS\Qlk.exe
O4 - HKLM\..\Run: [Nvb] C:\WINDOWS\system32\Hgm.exe
O4 - HKLM\..\Run: [Gcm] C:\WINDOWS\Tdu.exe
O4 - HKLM\..\Run: [Ccj] C:\WINDOWS\system32\Atf.exe
O4 - HKLM\..\Run: [Quh] C:\WINDOWS\system32\Gsa.exe
O4 - HKLM\..\Run: [Pbd] C:\WINDOWS\Thd.exe
O4 - HKLM\..\Run: [Otj] C:\WINDOWS\Cib.exe
O4 - HKLM\..\Run: [Hvu] C:\WINDOWS\system32\Nsf.exe
O4 - HKLM\..\Run: [Qbq] C:\WINDOWS\Iop.exe
O4 - HKLM\..\Run: [Cop] C:\WINDOWS\system32\Qcu.exe
O4 - HKLM\..\Run: [Eqm] C:\WINDOWS\system32\Udj.exe
O4 - HKLM\..\Run: [Dad] C:\WINDOWS\Iui.exe
O4 - HKLM\..\Run: [Nke] C:\WINDOWS\Nvn.exe
O4 - HKLM\..\Run: [Amf] C:\WINDOWS\system32\Iml.exe
O4 - HKLM\..\Run: [Fvc] C:\WINDOWS\system32\Fin.exe
O4 - HKLM\..\Run: [Klo] C:\WINDOWS\system32\Fau.exe
O4 - HKLM\..\Run: [Uob] C:\WINDOWS\system32\Snu.exe
O4 - HKLM\..\Run: [Iba] C:\WINDOWS\system32\Rll.exe
O4 - HKLM\..\Run: [Sqq] C:\WINDOWS\Cps.exe
O4 - HKLM\..\Run: [Auj] C:\WINDOWS\Cso.exe
O4 - HKLM\..\Run: [Iej] C:\WINDOWS\Adf.exe
O4 - HKLM\..\Run: [Tiv] C:\WINDOWS\Gla.exe
O4 - HKLM\..\Run: [Qbo] C:\WINDOWS\Tbc.exe
O4 - HKLM\..\Run: [Cvj] C:\WINDOWS\Bbo.exe
O4 - HKLM\..\Run: [Tqg] C:\WINDOWS\system32\Puh.exe
O4 - HKLM\..\Run: [Cir] C:\WINDOWS\Bvv.exe
O4 - HKLM\..\Run: [Shb] C:\WINDOWS\system32\Kni.exe
O4 - HKLM\..\Run: [Fnn] C:\WINDOWS\system32\Ito.exe
O4 - HKLM\..\Run: [Ugk] C:\WINDOWS\Jhl.exe
O4 - HKLM\..\Run: [Qni] C:\WINDOWS\system32\Mpi.exe
O4 - HKLM\..\Run: [Ksq] C:\WINDOWS\Idk.exe
O4 - HKLM\..\Run: [Vdv] C:\WINDOWS\system32\Gle.exe
O4 - HKLM\..\Run: [Aci] C:\WINDOWS\system32\Uvv.exe
O4 - HKLM\..\Run: [Pbi] C:\WINDOWS\Pof.exe
O4 - HKLM\..\Run: [Uav] C:\WINDOWS\Mqt.exe
O4 - HKLM\..\Run: [Hsc] C:\WINDOWS\system32\Ris.exe
O4 - HKLM\..\Run: [Oku] C:\WINDOWS\system32\Ubf.exe
O4 - HKLM\..\Run: [Gtu] C:\WINDOWS\Euq.exe
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\system32\ntddetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [Gfm] C:\WINDOWS\Rik.exe
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\system32\ntddetect.exe
O4 - HKCU\..\Run: [Vrn] C:\WINDOWS\Rkh.exe
O4 - HKCU\..\Run: [Qqq] C:\WINDOWS\Dks.exe
O4 - HKCU\..\Run: [Rrf] C:\WINDOWS\Hjc.exe
O4 - HKCU\..\Run: [Isa] C:\WINDOWS\system32\Lrt.exe
O4 - HKCU\..\Run: [Jsu] C:\WINDOWS\system32\Rmg.exe
O4 - HKCU\..\Run: [Esj] C:\WINDOWS\Cee.exe
O4 - HKCU\..\Run: [Apq] C:\WINDOWS\system32\Gpv.exe
O4 - HKCU\..\Run: [Aua] C:\WINDOWS\system32\Amf.exe
O4 - HKCU\..\Run: [Fmu] C:\WINDOWS\system32\Tfe.exe
O4 - HKCU\..\Run: [Sev] C:\WINDOWS\system32\Ldh.exe
O4 - HKCU\..\Run: [Mua] C:\WINDOWS\system32\Vpm.exe
O4 - HKCU\..\Run: [Gtc] C:\WINDOWS\Cra.exe
O4 - HKCU\..\Run: [Eav] C:\WINDOWS\system32\Kvk.exe
O4 - HKCU\..\Run: [Vpr] C:\WINDOWS\Gru.exe
O4 - HKCU\..\Run: [Rjg] C:\WINDOWS\Ase.exe
O4 - HKCU\..\Run: [Imn] C:\WINDOWS\Ofg.exe
O4 - HKCU\..\Run: [Okg] C:\WINDOWS\Hav.exe
O4 - HKCU\..\Run: [Ibo] C:\WINDOWS\Pnm.exe
O4 - HKCU\..\Run: [Kjm] C:\WINDOWS\system32\Mka.exe
O4 - HKCU\..\Run: [Sdd] C:\WINDOWS\Jrt.exe
O4 - HKCU\..\Run: [Fkj] C:\WINDOWS\system32\Qbc.exe
O4 - HKCU\..\Run: [Lcr] C:\WINDOWS\system32\Afd.exe
O4 - HKCU\..\Run: [Bav] C:\WINDOWS\Qlk.exe
O4 - HKCU\..\Run: [Nvb] C:\WINDOWS\system32\Hgm.exe
O4 - HKCU\..\Run: [Gcm] C:\WINDOWS\Tdu.exe
O4 - HKCU\..\Run: [Ccj] C:\WINDOWS\system32\Atf.exe
O4 - HKCU\..\Run: [Quh] C:\WINDOWS\system32\Gsa.exe
O4 - HKCU\..\Run: [Pbd] C:\WINDOWS\Thd.exe
O4 - HKCU\..\Run: [Otj] C:\WINDOWS\Cib.exe
O4 - HKCU\..\Run: [Hvu] C:\WINDOWS\system32\Nsf.exe
O4 - HKCU\..\Run: [Qbq] C:\WINDOWS\Iop.exe
O4 - HKCU\..\Run: [Cop] C:\WINDOWS\system32\Qcu.exe
O4 - HKCU\..\Run: [Eqm] C:\WINDOWS\system32\Udj.exe
O4 - HKCU\..\Run: [Dad] C:\WINDOWS\Iui.exe
O4 - HKCU\..\Run: [Nke] C:\WINDOWS\Nvn.exe
O4 - HKCU\..\Run: [Amf] C:\WINDOWS\system32\Iml.exe
O4 - HKCU\..\Run: [Fvc] C:\WINDOWS\system32\Fin.exe
O4 - HKCU\..\Run: [Klo] C:\WINDOWS\system32\Fau.exe
O4 - HKCU\..\Run: [Uob] C:\WINDOWS\system32\Snu.exe
O4 - HKCU\..\Run: [Iba] C:\WINDOWS\system32\Rll.exe
O4 - HKCU\..\Run: [Sqq] C:\WINDOWS\Cps.exe
O4 - HKCU\..\Run: [Auj] C:\WINDOWS\Cso.exe
O4 - HKCU\..\Run: [Iej] C:\WINDOWS\Adf.exe
O4 - HKCU\..\Run: [Tiv] C:\WINDOWS\Gla.exe
O4 - HKCU\..\Run: [Qbo] C:\WINDOWS\Tbc.exe
O4 - HKCU\..\Run: [Cvj] C:\WINDOWS\Bbo.exe
O4 - HKCU\..\Run: [Tqg] C:\WINDOWS\system32\Puh.exe
O4 - HKCU\..\Run: [Cir] C:\WINDOWS\Bvv.exe
O4 - HKCU\..\Run: [Shb] C:\WINDOWS\system32\Kni.exe
O4 - HKCU\..\Run: [Fnn] C:\WINDOWS\system32\Ito.exe
O4 - HKCU\..\Run: [Ugk] C:\WINDOWS\Jhl.exe
O4 - HKCU\..\Run: [Qni] C:\WINDOWS\system32\Mpi.exe
O4 - HKCU\..\Run: [Ksq] C:\WINDOWS\Idk.exe
O4 - HKCU\..\Run: [Vdv] C:\WINDOWS\system32\Gle.exe
O4 - HKCU\..\Run: [Aci] C:\WINDOWS\system32\Uvv.exe
O4 - HKCU\..\Run: [Pbi] C:\WINDOWS\Pof.exe
O4 - HKCU\..\Run: [Uav] C:\WINDOWS\Mqt.exe
O4 - HKCU\..\Run: [Hsc] C:\WINDOWS\system32\Ris.exe
O4 - HKCU\..\Run: [Oku] C:\WINDOWS\system32\Ubf.exe
O4 - HKCU\..\Run: [Gtu] C:\WINDOWS\Euq.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted IP range: 213.159.117.202
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - AppInit_DLLs: PAVWAIT.DLL
O23 - Service: Acrt160ta - - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
I have been struggling over the last few days with a hijacked desktop. I have the Red background with black rectangle "Danger:Spyware" notice. I have not been able to fix this. Can you please help?
I have run everything that you recommend, SpyBot, AdAware, I have emptied all temporal folders and coockies, and I have disabled system restore. I have run Panda antivirus including the online scan as well as Housecall.
Is there anything else I can do before reformating the hard drive and re-installing eveything?
Thanks for any help. I have included the latest HJT log (after doing all of the above):
Logfile of HijackThis v1.99.1
Scan saved at 10:01:17 PM, on 3/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\WINDOWS\system32\Amf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\system32\ntddetect.exe
O4 - HKLM\..\Run: [Apq] C:\WINDOWS\system32\Gpv.exe
O4 - HKLM\..\Run: [Dto] C:\WINDOWS\Bdh.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Aua] C:\WINDOWS\system32\Amf.exe
O4 - HKLM\..\Run: [Fmu] C:\WINDOWS\system32\Tfe.exe
O4 - HKLM\..\Run: [Sev] C:\WINDOWS\system32\Ldh.exe
O4 - HKLM\..\Run: [Mua] C:\WINDOWS\system32\Vpm.exe
O4 - HKLM\..\Run: [Gtc] C:\WINDOWS\Cra.exe
O4 - HKLM\..\Run: [Eav] C:\WINDOWS\system32\Kvk.exe
O4 - HKLM\..\Run: [Vpr] C:\WINDOWS\Gru.exe
O4 - HKLM\..\Run: [Rjg] C:\WINDOWS\Ase.exe
O4 - HKLM\..\Run: [Imn] C:\WINDOWS\Ofg.exe
O4 - HKLM\..\Run: [Okg] C:\WINDOWS\Hav.exe
O4 - HKLM\..\Run: [Ibo] C:\WINDOWS\Pnm.exe
O4 - HKLM\..\Run: [Kjm] C:\WINDOWS\system32\Mka.exe
O4 - HKLM\..\Run: [Sdd] C:\WINDOWS\Jrt.exe
O4 - HKLM\..\Run: [Fkj] C:\WINDOWS\system32\Qbc.exe
O4 - HKLM\..\Run: [Lcr] C:\WINDOWS\system32\Afd.exe
O4 - HKLM\..\Run: [Bav] C:\WINDOWS\Qlk.exe
O4 - HKLM\..\Run: [Nvb] C:\WINDOWS\system32\Hgm.exe
O4 - HKLM\..\Run: [Gcm] C:\WINDOWS\Tdu.exe
O4 - HKLM\..\Run: [Ccj] C:\WINDOWS\system32\Atf.exe
O4 - HKLM\..\Run: [Quh] C:\WINDOWS\system32\Gsa.exe
O4 - HKLM\..\Run: [Pbd] C:\WINDOWS\Thd.exe
O4 - HKLM\..\Run: [Otj] C:\WINDOWS\Cib.exe
O4 - HKLM\..\Run: [Hvu] C:\WINDOWS\system32\Nsf.exe
O4 - HKLM\..\Run: [Qbq] C:\WINDOWS\Iop.exe
O4 - HKLM\..\Run: [Cop] C:\WINDOWS\system32\Qcu.exe
O4 - HKLM\..\Run: [Eqm] C:\WINDOWS\system32\Udj.exe
O4 - HKLM\..\Run: [Dad] C:\WINDOWS\Iui.exe
O4 - HKLM\..\Run: [Nke] C:\WINDOWS\Nvn.exe
O4 - HKLM\..\Run: [Amf] C:\WINDOWS\system32\Iml.exe
O4 - HKLM\..\Run: [Fvc] C:\WINDOWS\system32\Fin.exe
O4 - HKLM\..\Run: [Klo] C:\WINDOWS\system32\Fau.exe
O4 - HKLM\..\Run: [Uob] C:\WINDOWS\system32\Snu.exe
O4 - HKLM\..\Run: [Iba] C:\WINDOWS\system32\Rll.exe
O4 - HKLM\..\Run: [Sqq] C:\WINDOWS\Cps.exe
O4 - HKLM\..\Run: [Auj] C:\WINDOWS\Cso.exe
O4 - HKLM\..\Run: [Iej] C:\WINDOWS\Adf.exe
O4 - HKLM\..\Run: [Tiv] C:\WINDOWS\Gla.exe
O4 - HKLM\..\Run: [Qbo] C:\WINDOWS\Tbc.exe
O4 - HKLM\..\Run: [Cvj] C:\WINDOWS\Bbo.exe
O4 - HKLM\..\Run: [Tqg] C:\WINDOWS\system32\Puh.exe
O4 - HKLM\..\Run: [Cir] C:\WINDOWS\Bvv.exe
O4 - HKLM\..\Run: [Shb] C:\WINDOWS\system32\Kni.exe
O4 - HKLM\..\Run: [Fnn] C:\WINDOWS\system32\Ito.exe
O4 - HKLM\..\Run: [Ugk] C:\WINDOWS\Jhl.exe
O4 - HKLM\..\Run: [Qni] C:\WINDOWS\system32\Mpi.exe
O4 - HKLM\..\Run: [Ksq] C:\WINDOWS\Idk.exe
O4 - HKLM\..\Run: [Vdv] C:\WINDOWS\system32\Gle.exe
O4 - HKLM\..\Run: [Aci] C:\WINDOWS\system32\Uvv.exe
O4 - HKLM\..\Run: [Pbi] C:\WINDOWS\Pof.exe
O4 - HKLM\..\Run: [Uav] C:\WINDOWS\Mqt.exe
O4 - HKLM\..\Run: [Hsc] C:\WINDOWS\system32\Ris.exe
O4 - HKLM\..\Run: [Oku] C:\WINDOWS\system32\Ubf.exe
O4 - HKLM\..\Run: [Gtu] C:\WINDOWS\Euq.exe
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\system32\ntddetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [Gfm] C:\WINDOWS\Rik.exe
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\system32\ntddetect.exe
O4 - HKCU\..\Run: [Vrn] C:\WINDOWS\Rkh.exe
O4 - HKCU\..\Run: [Qqq] C:\WINDOWS\Dks.exe
O4 - HKCU\..\Run: [Rrf] C:\WINDOWS\Hjc.exe
O4 - HKCU\..\Run: [Isa] C:\WINDOWS\system32\Lrt.exe
O4 - HKCU\..\Run: [Jsu] C:\WINDOWS\system32\Rmg.exe
O4 - HKCU\..\Run: [Esj] C:\WINDOWS\Cee.exe
O4 - HKCU\..\Run: [Apq] C:\WINDOWS\system32\Gpv.exe
O4 - HKCU\..\Run: [Aua] C:\WINDOWS\system32\Amf.exe
O4 - HKCU\..\Run: [Fmu] C:\WINDOWS\system32\Tfe.exe
O4 - HKCU\..\Run: [Sev] C:\WINDOWS\system32\Ldh.exe
O4 - HKCU\..\Run: [Mua] C:\WINDOWS\system32\Vpm.exe
O4 - HKCU\..\Run: [Gtc] C:\WINDOWS\Cra.exe
O4 - HKCU\..\Run: [Eav] C:\WINDOWS\system32\Kvk.exe
O4 - HKCU\..\Run: [Vpr] C:\WINDOWS\Gru.exe
O4 - HKCU\..\Run: [Rjg] C:\WINDOWS\Ase.exe
O4 - HKCU\..\Run: [Imn] C:\WINDOWS\Ofg.exe
O4 - HKCU\..\Run: [Okg] C:\WINDOWS\Hav.exe
O4 - HKCU\..\Run: [Ibo] C:\WINDOWS\Pnm.exe
O4 - HKCU\..\Run: [Kjm] C:\WINDOWS\system32\Mka.exe
O4 - HKCU\..\Run: [Sdd] C:\WINDOWS\Jrt.exe
O4 - HKCU\..\Run: [Fkj] C:\WINDOWS\system32\Qbc.exe
O4 - HKCU\..\Run: [Lcr] C:\WINDOWS\system32\Afd.exe
O4 - HKCU\..\Run: [Bav] C:\WINDOWS\Qlk.exe
O4 - HKCU\..\Run: [Nvb] C:\WINDOWS\system32\Hgm.exe
O4 - HKCU\..\Run: [Gcm] C:\WINDOWS\Tdu.exe
O4 - HKCU\..\Run: [Ccj] C:\WINDOWS\system32\Atf.exe
O4 - HKCU\..\Run: [Quh] C:\WINDOWS\system32\Gsa.exe
O4 - HKCU\..\Run: [Pbd] C:\WINDOWS\Thd.exe
O4 - HKCU\..\Run: [Otj] C:\WINDOWS\Cib.exe
O4 - HKCU\..\Run: [Hvu] C:\WINDOWS\system32\Nsf.exe
O4 - HKCU\..\Run: [Qbq] C:\WINDOWS\Iop.exe
O4 - HKCU\..\Run: [Cop] C:\WINDOWS\system32\Qcu.exe
O4 - HKCU\..\Run: [Eqm] C:\WINDOWS\system32\Udj.exe
O4 - HKCU\..\Run: [Dad] C:\WINDOWS\Iui.exe
O4 - HKCU\..\Run: [Nke] C:\WINDOWS\Nvn.exe
O4 - HKCU\..\Run: [Amf] C:\WINDOWS\system32\Iml.exe
O4 - HKCU\..\Run: [Fvc] C:\WINDOWS\system32\Fin.exe
O4 - HKCU\..\Run: [Klo] C:\WINDOWS\system32\Fau.exe
O4 - HKCU\..\Run: [Uob] C:\WINDOWS\system32\Snu.exe
O4 - HKCU\..\Run: [Iba] C:\WINDOWS\system32\Rll.exe
O4 - HKCU\..\Run: [Sqq] C:\WINDOWS\Cps.exe
O4 - HKCU\..\Run: [Auj] C:\WINDOWS\Cso.exe
O4 - HKCU\..\Run: [Iej] C:\WINDOWS\Adf.exe
O4 - HKCU\..\Run: [Tiv] C:\WINDOWS\Gla.exe
O4 - HKCU\..\Run: [Qbo] C:\WINDOWS\Tbc.exe
O4 - HKCU\..\Run: [Cvj] C:\WINDOWS\Bbo.exe
O4 - HKCU\..\Run: [Tqg] C:\WINDOWS\system32\Puh.exe
O4 - HKCU\..\Run: [Cir] C:\WINDOWS\Bvv.exe
O4 - HKCU\..\Run: [Shb] C:\WINDOWS\system32\Kni.exe
O4 - HKCU\..\Run: [Fnn] C:\WINDOWS\system32\Ito.exe
O4 - HKCU\..\Run: [Ugk] C:\WINDOWS\Jhl.exe
O4 - HKCU\..\Run: [Qni] C:\WINDOWS\system32\Mpi.exe
O4 - HKCU\..\Run: [Ksq] C:\WINDOWS\Idk.exe
O4 - HKCU\..\Run: [Vdv] C:\WINDOWS\system32\Gle.exe
O4 - HKCU\..\Run: [Aci] C:\WINDOWS\system32\Uvv.exe
O4 - HKCU\..\Run: [Pbi] C:\WINDOWS\Pof.exe
O4 - HKCU\..\Run: [Uav] C:\WINDOWS\Mqt.exe
O4 - HKCU\..\Run: [Hsc] C:\WINDOWS\system32\Ris.exe
O4 - HKCU\..\Run: [Oku] C:\WINDOWS\system32\Ubf.exe
O4 - HKCU\..\Run: [Gtu] C:\WINDOWS\Euq.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted IP range: 213.159.117.202
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - AppInit_DLLs: PAVWAIT.DLL
O23 - Service: Acrt160ta - - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
0
This discussion has been closed.
Comments
How to see hidden files in Windows
Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:
O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\system32\ntddetect.exe
O4 - HKLM\..\Run: [Apq] C:\WINDOWS\system32\Gpv.exe
O4 - HKLM\..\Run: [Dto] C:\WINDOWS\Bdh.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Aua] C:\WINDOWS\system32\Amf.exe
O4 - HKLM\..\Run: [Fmu] C:\WINDOWS\system32\Tfe.exe
O4 - HKLM\..\Run: [Sev] C:\WINDOWS\system32\Ldh.exe
O4 - HKLM\..\Run: [Mua] C:\WINDOWS\system32\Vpm.exe
O4 - HKLM\..\Run: [Gtc] C:\WINDOWS\Cra.exe
O4 - HKLM\..\Run: [Eav] C:\WINDOWS\system32\Kvk.exe
O4 - HKLM\..\Run: [Vpr] C:\WINDOWS\Gru.exe
O4 - HKLM\..\Run: [Rjg] C:\WINDOWS\Ase.exe
O4 - HKLM\..\Run: [Imn] C:\WINDOWS\Ofg.exe
O4 - HKLM\..\Run: [Okg] C:\WINDOWS\Hav.exe
O4 - HKLM\..\Run: [Ibo] C:\WINDOWS\Pnm.exe
O4 - HKLM\..\Run: [Kjm] C:\WINDOWS\system32\Mka.exe
O4 - HKLM\..\Run: [Sdd] C:\WINDOWS\Jrt.exe
O4 - HKLM\..\Run: [Fkj] C:\WINDOWS\system32\Qbc.exe
O4 - HKLM\..\Run: [Lcr] C:\WINDOWS\system32\Afd.exe
O4 - HKLM\..\Run: [Bav] C:\WINDOWS\Qlk.exe
O4 - HKLM\..\Run: [Nvb] C:\WINDOWS\system32\Hgm.exe
O4 - HKLM\..\Run: [Gcm] C:\WINDOWS\Tdu.exe
O4 - HKLM\..\Run: [Ccj] C:\WINDOWS\system32\Atf.exe
O4 - HKLM\..\Run: [Quh] C:\WINDOWS\system32\Gsa.exe
O4 - HKLM\..\Run: [Pbd] C:\WINDOWS\Thd.exe
O4 - HKLM\..\Run: [Otj] C:\WINDOWS\Cib.exe
O4 - HKLM\..\Run: [Hvu] C:\WINDOWS\system32\Nsf.exe
O4 - HKLM\..\Run: [Qbq] C:\WINDOWS\Iop.exe
O4 - HKLM\..\Run: [Cop] C:\WINDOWS\system32\Qcu.exe
O4 - HKLM\..\Run: [Eqm] C:\WINDOWS\system32\Udj.exe
O4 - HKLM\..\Run: [Dad] C:\WINDOWS\Iui.exe
O4 - HKLM\..\Run: [Nke] C:\WINDOWS\Nvn.exe
O4 - HKLM\..\Run: [Amf] C:\WINDOWS\system32\Iml.exe
O4 - HKLM\..\Run: [Fvc] C:\WINDOWS\system32\Fin.exe
O4 - HKLM\..\Run: [Klo] C:\WINDOWS\system32\Fau.exe
O4 - HKLM\..\Run: [Uob] C:\WINDOWS\system32\Snu.exe
O4 - HKLM\..\Run: [Iba] C:\WINDOWS\system32\Rll.exe
O4 - HKLM\..\Run: [Sqq] C:\WINDOWS\Cps.exe
O4 - HKLM\..\Run: [Auj] C:\WINDOWS\Cso.exe
O4 - HKLM\..\Run: [Iej] C:\WINDOWS\Adf.exe
O4 - HKLM\..\Run: [Tiv] C:\WINDOWS\Gla.exe
O4 - HKLM\..\Run: [Qbo] C:\WINDOWS\Tbc.exe
O4 - HKLM\..\Run: [Cvj] C:\WINDOWS\Bbo.exe
O4 - HKLM\..\Run: [Tqg] C:\WINDOWS\system32\Puh.exe
O4 - HKLM\..\Run: [Cir] C:\WINDOWS\Bvv.exe
O4 - HKLM\..\Run: [Shb] C:\WINDOWS\system32\Kni.exe
O4 - HKLM\..\Run: [Fnn] C:\WINDOWS\system32\Ito.exe
O4 - HKLM\..\Run: [Ugk] C:\WINDOWS\Jhl.exe
O4 - HKLM\..\Run: [Qni] C:\WINDOWS\system32\Mpi.exe
O4 - HKLM\..\Run: [Ksq] C:\WINDOWS\Idk.exe
O4 - HKLM\..\Run: [Vdv] C:\WINDOWS\system32\Gle.exe
O4 - HKLM\..\Run: [Aci] C:\WINDOWS\system32\Uvv.exe
O4 - HKLM\..\Run: [Pbi] C:\WINDOWS\Pof.exe
O4 - HKLM\..\Run: [Uav] C:\WINDOWS\Mqt.exe
O4 - HKLM\..\Run: [Hsc] C:\WINDOWS\system32\Ris.exe
O4 - HKLM\..\Run: [Oku] C:\WINDOWS\system32\Ubf.exe
O4 - HKLM\..\Run: [Gtu] C:\WINDOWS\Euq.exe
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\system32\ntddetect.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [Gfm] C:\WINDOWS\Rik.exe
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\system32\ntddetect.exe
O4 - HKCU\..\Run: [Vrn] C:\WINDOWS\Rkh.exe
O4 - HKCU\..\Run: [Qqq] C:\WINDOWS\Dks.exe
O4 - HKCU\..\Run: [Rrf] C:\WINDOWS\Hjc.exe
O4 - HKCU\..\Run: [Isa] C:\WINDOWS\system32\Lrt.exe
O4 - HKCU\..\Run: [Jsu] C:\WINDOWS\system32\Rmg.exe
O4 - HKCU\..\Run: [Esj] C:\WINDOWS\Cee.exe
O4 - HKCU\..\Run: [Apq] C:\WINDOWS\system32\Gpv.exe
O4 - HKCU\..\Run: [Aua] C:\WINDOWS\system32\Amf.exe
O4 - HKCU\..\Run: [Fmu] C:\WINDOWS\system32\Tfe.exe
O4 - HKCU\..\Run: [Sev] C:\WINDOWS\system32\Ldh.exe
O4 - HKCU\..\Run: [Mua] C:\WINDOWS\system32\Vpm.exe
O4 - HKCU\..\Run: [Gtc] C:\WINDOWS\Cra.exe
O4 - HKCU\..\Run: [Eav] C:\WINDOWS\system32\Kvk.exe
O4 - HKCU\..\Run: [Vpr] C:\WINDOWS\Gru.exe
O4 - HKCU\..\Run: [Rjg] C:\WINDOWS\Ase.exe
O4 - HKCU\..\Run: [Imn] C:\WINDOWS\Ofg.exe
O4 - HKCU\..\Run: [Okg] C:\WINDOWS\Hav.exe
O4 - HKCU\..\Run: [Ibo] C:\WINDOWS\Pnm.exe
O4 - HKCU\..\Run: [Kjm] C:\WINDOWS\system32\Mka.exe
O4 - HKCU\..\Run: [Sdd] C:\WINDOWS\Jrt.exe
O4 - HKCU\..\Run: [Fkj] C:\WINDOWS\system32\Qbc.exe
O4 - HKCU\..\Run: [Lcr] C:\WINDOWS\system32\Afd.exe
O4 - HKCU\..\Run: [Bav] C:\WINDOWS\Qlk.exe
O4 - HKCU\..\Run: [Nvb] C:\WINDOWS\system32\Hgm.exe
O4 - HKCU\..\Run: [Gcm] C:\WINDOWS\Tdu.exe
O4 - HKCU\..\Run: [Ccj] C:\WINDOWS\system32\Atf.exe
O4 - HKCU\..\Run: [Quh] C:\WINDOWS\system32\Gsa.exe
O4 - HKCU\..\Run: [Pbd] C:\WINDOWS\Thd.exe
O4 - HKCU\..\Run: [Otj] C:\WINDOWS\Cib.exe
O4 - HKCU\..\Run: [Hvu] C:\WINDOWS\system32\Nsf.exe
O4 - HKCU\..\Run: [Qbq] C:\WINDOWS\Iop.exe
O4 - HKCU\..\Run: [Cop] C:\WINDOWS\system32\Qcu.exe
O4 - HKCU\..\Run: [Eqm] C:\WINDOWS\system32\Udj.exe
O4 - HKCU\..\Run: [Dad] C:\WINDOWS\Iui.exe
O4 - HKCU\..\Run: [Nke] C:\WINDOWS\Nvn.exe
O4 - HKCU\..\Run: [Amf] C:\WINDOWS\system32\Iml.exe
O4 - HKCU\..\Run: [Fvc] C:\WINDOWS\system32\Fin.exe
O4 - HKCU\..\Run: [Klo] C:\WINDOWS\system32\Fau.exe
O4 - HKCU\..\Run: [Uob] C:\WINDOWS\system32\Snu.exe
O4 - HKCU\..\Run: [Iba] C:\WINDOWS\system32\Rll.exe
O4 - HKCU\..\Run: [Sqq] C:\WINDOWS\Cps.exe
O4 - HKCU\..\Run: [Auj] C:\WINDOWS\Cso.exe
O4 - HKCU\..\Run: [Iej] C:\WINDOWS\Adf.exe
O4 - HKCU\..\Run: [Tiv] C:\WINDOWS\Gla.exe
O4 - HKCU\..\Run: [Qbo] C:\WINDOWS\Tbc.exe
O4 - HKCU\..\Run: [Cvj] C:\WINDOWS\Bbo.exe
O4 - HKCU\..\Run: [Tqg] C:\WINDOWS\system32\Puh.exe
O4 - HKCU\..\Run: [Cir] C:\WINDOWS\Bvv.exe
O4 - HKCU\..\Run: [Shb] C:\WINDOWS\system32\Kni.exe
O4 - HKCU\..\Run: [Fnn] C:\WINDOWS\system32\Ito.exe
O4 - HKCU\..\Run: [Ugk] C:\WINDOWS\Jhl.exe
O4 - HKCU\..\Run: [Qni] C:\WINDOWS\system32\Mpi.exe
O4 - HKCU\..\Run: [Ksq] C:\WINDOWS\Idk.exe
O4 - HKCU\..\Run: [Vdv] C:\WINDOWS\system32\Gle.exe
O4 - HKCU\..\Run: [Aci] C:\WINDOWS\system32\Uvv.exe
O4 - HKCU\..\Run: [Pbi] C:\WINDOWS\Pof.exe
O4 - HKCU\..\Run: [Uav] C:\WINDOWS\Mqt.exe
O4 - HKCU\..\Run: [Hsc] C:\WINDOWS\system32\Ris.exe
O4 - HKCU\..\Run: [Oku] C:\WINDOWS\system32\Ubf.exe
O4 - HKCU\..\Run: [Gtu] C:\WINDOWS\Euq.exe
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted IP range: 213.159.117.202
Reboot your computer into Safe Mode
Then delete these files or directories (Do not be concerned if they do not exist):
C:\WINDOWS\Adf.exe
C:\WINDOWS\Ase.exe
C:\WINDOWS\Bbo.exe
C:\WINDOWS\Bdh.exe
C:\WINDOWS\Bvv.exe
C:\WINDOWS\Cee.exe
C:\WINDOWS\Cib.exe
C:\WINDOWS\Cps.exe
C:\WINDOWS\Cra.exe
C:\WINDOWS\Cso.exe
C:\WINDOWS\Dks.exe
C:\WINDOWS\Euq.exe
C:\WINDOWS\Gla.exe
C:\WINDOWS\Gru.exe
C:\WINDOWS\Hav.exe
C:\WINDOWS\Hjc.exe
C:\WINDOWS\Idk.exe
C:\WINDOWS\Iop.exe
C:\WINDOWS\Iui.exe
C:\WINDOWS\Jhl.exe
C:\WINDOWS\Jrt.exe
C:\WINDOWS\Mqt.exe
C:\WINDOWS\Nvn.exe
C:\WINDOWS\Ofg.exe
C:\WINDOWS\Pnm.exe
C:\WINDOWS\Pof.exe
C:\WINDOWS\Qlk.exe
C:\WINDOWS\Rik.exe
C:\WINDOWS\Rkh.exe
C:\WINDOWS\Tbc.exe
C:\WINDOWS\Tdu.exe
C:\WINDOWS\Thd.exe
C:\WINDOWS\system32\Afd.exe
C:\WINDOWS\system32\Amf.exe
C:\WINDOWS\system32\Atf.exe
C:\WINDOWS\system32\Fau.exe
C:\WINDOWS\system32\Fin.exe
C:\WINDOWS\system32\Gle.exe
C:\WINDOWS\system32\Gpv.exe
C:\WINDOWS\system32\Gsa.exe
C:\WINDOWS\system32\Hgm.exe
C:\WINDOWS\system32\Iml.exe
C:\WINDOWS\system32\Ito.exe
C:\WINDOWS\system32\Kni.exe
C:\WINDOWS\system32\Kvk.exe
C:\WINDOWS\system32\Ldh.exe
C:\WINDOWS\system32\Lrt.exe
C:\WINDOWS\system32\Mka.exe
C:\WINDOWS\system32\Mpi.exe
C:\WINDOWS\system32\Nsf.exe
C:\WINDOWS\system32\ntddetect.exe
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\system32\Puh.exe
C:\WINDOWS\system32\Qbc.exe
C:\WINDOWS\system32\Qcu.exe
C:\WINDOWS\system32\Ris.exe
C:\WINDOWS\system32\Rll.exe
C:\WINDOWS\system32\Rmg.exe
C:\WINDOWS\system32\Snu.exe
C:\WINDOWS\system32\Tfe.exe
C:\WINDOWS\system32\Ubf.exe
C:\WINDOWS\system32\Udj.exe
C:\WINDOWS\system32\Uvv.exe
C:\WINDOWS\system32\Vpm.exe
Reboot your computer to go back to normal mode and post a new log.
Logfile of HijackThis v1.99.1
Scan saved at 11:44:35 PM, on 3/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - AppInit_DLLs: PAVWAIT.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
Any suggestions?
Thanks.
Click on "Desktop", "Customise Display..." and "Web".
In the box under "Web pages" look for a checkbox named "Security". If found select it and click "Delete".
Let me know if that helps.