computer is porn bombed?
-
computer is porn bombed?
Can you help me with this computer
Logfile of HijackThis v1.99.1
Scan saved at 3:31:33 PM, on 08/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\AIM\aim.exe
C:\Program Files\Iomega\Iomega Automatic Backup\iBackup.exe
C:\Program Files\Retail STAR\StarSchd.exe
C:\Program Files\Retail STAR\dbntsrv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\javaka32.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\WINDOWS\winjq.exe
C:\Documents and Settings\The Village Hat Shop\Local Settings\Temporary Internet Files\Content.IE5\DWW4K1OH\hijackthis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hvctg.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hvctg.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hvctg.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hvctg.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hvctg.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hvctg.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hvctg.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0B4DACA1-181A-DBF9-29CD-2BF9C12D5462} - C:\WINDOWS\iejj32.dll
O2 - BHO: Class - {504A2B11-7F3E-86D5-102D-1D344B1C7102} - C:\WINDOWS\system32\apipc.dll
O2 - BHO: Class - {71E94D83-8173-542B-9A66-5DEB602D769D} - C:\WINDOWS\iplv32.dll
O2 - BHO: Class - {9AB504D8-11C6-8294-FA52-67AB6C5871F1} - C:\WINDOWS\mfctw32.dll
O2 - BHO: Class - {E85F58C5-E2B2-8040-BB31-A3C07B0E22C1} - C:\WINDOWS\system32\apiev.dll
O4 - HKLM\..\Run: [javawr.exe] C:\WINDOWS\system32\javawr.exe
O4 - HKLM\..\Run: [winuq.exe] C:\WINDOWS\system32\winuq.exe
O4 - HKLM\..\Run: [apild.exe] C:\WINDOWS\system32\apild.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [netoe.exe] C:\WINDOWS\netoe.exe
O4 - HKLM\..\Run: [appnp32.exe] C:\WINDOWS\appnp32.exe
O4 - HKLM\..\Run: [sdkyn.exe] C:\WINDOWS\system32\sdkyn.exe
O4 - HKLM\..\Run: [sysml.exe] C:\WINDOWS\sysml.exe
O4 - HKLM\..\Run: [sdkpd.exe] C:\WINDOWS\system32\sdkpd.exe
O4 - HKLM\..\Run: [atlrp32.exe] C:\WINDOWS\system32\atlrp32.exe
O4 - HKLM\..\Run: [ntwh.exe] C:\WINDOWS\system32\ntwh.exe
O4 - HKLM\..\Run: [javaka32.exe] C:\WINDOWS\system32\javaka32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\iBackup.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Startup: Schedule STAR.lnk = C:\Program Files\Retail STAR\StarSchd.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16756ba3929e88e3c801/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114459429156
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EADB5F57-B4C5-4584-B2D8-8DD5B3F5A13E}: NameServer = 206.13.31.12 206.13.28.12
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä�#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\winjq.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Centura SQLBase - Centura Software - C:\Program Files\Retail STAR\dbntsrv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
-
Hello,zachisbest & Welcome
First run this online scan tell us anything that
could not be removed
http://www.ewido.net/en/onlinescan/
also please move HijackThis to a folder
in C:\Drive like so C:\HJT
then run a new scan show us new logfile.
HGD
Junior Member
