I have a problem every time I open internet explorer instead of landing on my chosen home page I receive Search paga.com. I have tried to remove it but it keeps coming back. There is also a programme 127058.exe that keeps on placing itself on my desktop, the simple remove proceedure I use does not get rid of it.
I have Ad Aware installed on my computer. I also have the Norman virus and firewall programmes on my computer. I hope someone can help me. Here is my log.
Logfile of HijackThis v1.99.1
Scan saved at 20:31:34, on 07-03-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUMENTS AND SETTINGS\GARY\SKRIVEBORD\nvc\BIN\NPFSVICE.EXE
C:\Documents and Settings\Gary\Skrivebord\NVC\BIN\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pd7.exe
C:\Program Files\Media Pass\MediaPass.exe
C:\WINDOWS\system32\gah95on6.exe
C:\Programmer\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Media Pass\MediaPassK.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\DOCUMENTS AND SETTINGS\GARY\SKRIVEBORD\nvc\BIN\nvcoas.exe
C:\DOCUMENTS AND SETTINGS\GARY\SKRIVEBORD\nvc\BIN\NJEEVES.EXE
C:\DOCUMENTS AND SETTINGS\GARY\SKRIVEBORD\nvc\BIN\NVCSCHED.EXE
C:\DOCUMENTS AND SETTINGS\GARY\SKRIVEBORD\Nvc\BIN\nipsvc.exe
C:\WINDOWS\inetdata\services.exe
C:\Programmer\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\wisptis.exe
C:\Documents and Settings\Gary\Skrivebord\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10039/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\inetdata\services.exe
O1 - Hosts: 207.44.240.65 rad.msn.com
O2 - BHO: CDownCom Class - {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} - C:\WINDOWS\DOWNLO~1\ipreg32.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\system32\DSMANA~1.DLL
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\system32\pd7.exe
O4 - HKLM\..\Run: [printer] C:\WINDOWS\helpsys.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPass.exe
O4 - HKLM\..\Run: [yvwlqbqj] C:\WINDOWS\yvwlqbqj.exe
O4 - HKLM\..\Run: [rre7WPM4K] C:\WINDOWS\ldwjtgk.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Programmer\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\system32\pd7.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Programmer\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.hta
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Programmer\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://netplayer.swdc.dk/Rawflow.cab
O16 - DPF: {0996AF24-960F-753A-34DB-238934176D51} - http://69.50.182.94/1/rdgDK896.exe
O16 - DPF: {0DB0D457-EF33-11D6-51A0-1D090E0403B7} - http://69.50.182.94/1/rdgDK896.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c7.cab
O16 - DPF: {25563693-FF9B-33FC-D234-16637B4C6FC7} - http://69.50.182.94/1/rdgDK1837.exe
O16 - DPF: {2D7884E2-DB7A-73EB-46C2-3C8631D0720C} - http://69.50.182.94/1/rdgDK896.exe
O16 - DPF: {2EADA1BC-EB60-0F8A-3B73-0A4B58671DDB} - http://69.50.182.94/1/rdgDK896.exe
O16 - DPF: {34DD008C-7C33-1E91-08B6-7A3552D1B3C3} - http://69.50.182.94/1/rdgDK896.exe
O16 - DPF: {35D50AF7-C2C8-5793-009B-7D83277F9C8A} - http://69.50.182.94/1/rdgDK994.exe
O16 - DPF: {3999FFD6-6C0D-4301-E956-5EA376D1C059} - http://69.50.182.94/1/rdgDK896.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {47F44CFB-5B5F-7A85-EB75-3B3A454995AB} - http://69.50.182.94/1/rdgDK896.exe
O16 - DPF: {4AB095A1-548E-12DE-5043-12776CBB1D37} - http://69.50.182.94/1/rdgDK896.exe
O16 - DPF: {4C272F3C-6BFC-43B1-D64E-0D913351A92B} - http://69.50.182.94/1/rdgDK896.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...tzip/RdxIE6.cab
O16 - DPF: {662A6B83-904C-475A-5312-0CCE564AE24D} - http://69.50.182.94/1/rdgDK896.exe
O16 - DPF: {666CF7A8-46D3-6C42-2C50-3FD1159ADFDC} - http://69.50.182.94/1/rdgDK896.exe
O16 - DPF: {667F0743-FE92-623E-2FCE-249915FFE118} - http://69.50.182.94/1/rdgDK896.exe
O16 - DPF: {68B42CE2-5A45-65D7-64AE-545F45503A49} - http://69.50.182.94/1/rdgDK896.exe
O16 - DPF: {6ABBBBD9-FE97-46B7-C25E-0C922C8B52D4} - http://69.50.182.94/1/rdgDK896.exe
O16 - DPF: {6B80D865-36AE-3ADD-1779-79925976386E} - http://69.50.182.94/1/rdgDK896.exe
O16 - DPF: {787F1AB1-8EF1-5709-91A8-0FCA0C0F52C7} - http://69.50.182.94/1/rdgDK994.exe
O16 - DPF: {7A8C576C-4D35-7CCB-2655-780628C35705} - http://69.50.182.94/1/rdgDK896.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.axis.com/...sCamControl.ocx
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://www.globalpho...ionale_ver4.CAB
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.exe
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O21 - SSODL: System - {B5126E46-756D-43F8-A32B-81F5331E05C0} - C:\WINDOWS\system32\system32.dll
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\DOCUMENTS AND SETTINGS\GARY\SKRIVEBORD\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\DOCUMENTS AND SETTINGS\GARY\SKRIVEBORD\nvc\BIN\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\DOCUMENTS AND SETTINGS\GARY\SKRIVEBORD\nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Documents and Settings\Gary\Skrivebord\NVC\BIN\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\DOCUMENTS AND SETTINGS\GARY\SKRIVEBORD\nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\DOCUMENTS AND SETTINGS\GARY\SKRIVEBORD\nvc\BIN\NVCSCHED.EXE