# Porn Pop Up Removal Help Needed!



## WineGlobe (Aug 11, 2003)

I used Hijack This to come up with the following log files. would love some help as these porn popups are taking up way too many resources. My DSL is slower than a 56K modem now.

-----------------
of HijackThis v1.96.0
Scan saved at 9:17:27 AM, on 8/11/2003
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\hypertrm.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Help\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINNT\System32\wfxsnt40.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Save\Save.exe
C:\WINNT\System32\RunDLL32.exe
C:\WINNT\SYSTEM32\RMTCFG\files\mdll.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
C:\Program Files\Common Files\Services\a\WinMech.exe
C:\Program Files\Common Files\Services\a\WinMech.exe
C:\Program Files\Common Files\Services\a\WinMech.exe
C:\Program Files\Common Files\Services\a\WinMech.exe
C:\Program Files\Common Files\Services\a\WinMech.exe
C:\Program Files\Common Files\Services\a\WinMech.exe
C:\Program Files\Common Files\Services\a\WinMech.exe
C:\Program Files\Common Files\Services\a\WinMech.exe
C:\Program Files\Common Files\Services\a\WinMech.exe
C:\Program Files\Common Files\Services\a\WinMech.exe
C:\WINNT\system32\psybnc\psybnc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Download\hijackthis\HijackThis.exe
C:\Program Files\Shoreline Communications\ShoreWare Client\STCLogin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINNT\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wineglobe.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wineglobe.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wineglobe.com

-=--------


----------



## Flrman1 (Jul 26, 2002)

WineGlobe 

Welcome to TSG!

Please go back to the main security forum and start a new thread. This thread has gone on and on and needs to be closed. It gets too confusing when there are so many logs being posted back to back in the same thread. I will look for you're new thread there and have a look at your log.

I am going to request that the moderators close this one. 

Thank you,

Mark


----------



## ~Candy~ (Jan 27, 2001)

FYI, split into a separate thread


----------



## $teve (Oct 9, 2001)

wineglobe..............can you scan with H/T again,this is not the full logfile.


----------

