I really need help, they keep on loading up pornography on my start up page and this is a family computer. Not only that whenever i type anything in the search bar, it takes me to "heretofind.com" .... heres my hijack log
Logfile of HijackThis v1.98.0
Scan saved at 12:32:09 AM, on 1/09/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\NALNTSRV.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wm.exe
C:\NOVELL\ZENRC\wuser32.exe
C:\NOVELL\ZENRC\WUOLService.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\WINNT\LTSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\System32\NWTRAY.EXE
C:\WINNT\ALDAEMON.EXE
C:\WINNT\loadqm.exe
C:\EPOAgent\naimag32.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\WindUpdates\WinKA.exe
D:\Program Files\CursorXP\CursorXP.exe
D:\Program Files\Nikon\NkView6\NkvMon.exe
C:\PROGRA~1\INTERN~1\iexplore.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\NOTEPAD.EXE
D:\HijackThis.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=0&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html#
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=0&q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html#
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://cable.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.sra.nsw.gov.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.sra.nsw.gov.au; *.staterail.nsw.gov.au;dblee01a;
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://rik.sra.nsw.gov.au/"); (C:\Program Files\Netscape\Users\default\prefs.js)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [AlDaemon] ALDAEMON.EXE
O4 - HKLM\..\Run: [hpfsched] C:\WINNT\hpfsched.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [NaimAgent_UI] C:\EPOAgent\naimag32.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] D:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = D:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: Microsoft® VBScript® Console - {9351DF5D-64C3-423F-B294-3CD725177B12} - (no file)
O9 - Extra 'Tools' menuitem: VBScript Terminal - {9351DF5D-64C3-423F-B294-3CD725177B12} - (no file)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .vmt: C:\PROGRA~1\INTERN~1\PLUGINS\NPVMT32.DLL
O13 - DefaultPrefix: http://www.heretofind.com/show.php?id=0&q=
O13 - WWW Prefix: http://www.heretofind.com/show.php?id=0&q=
O13 - Home Prefix: http://www.heretofind.com/show.php?id=0&q=
O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=0&q=
O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=0&q=
O16 - DPF: ConferenceRoom Java Client - http://chat.bigpond.com/java/cr.cab
O16 - DPF: Tarantella 3.x Framework Java Archive - http://vision1.sra.nsw.gov.au/tarantella/java/asadJ-du.cab
O16 - DPF: Tarantella 3.x Proxy Java Archive - http://vision1.sra.nsw.gov.au/tarantella/java/proxyJ-du.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=8eed54950496bfeb5899b8ba81fbaa8f52698706bfeedff388bf3e8d58cf5f61afd31721d03773ca067a2afbc699d63f22ed05f72cb55925:0db69b72ff39cfe5e585d7b34e81015d
O16 - DPF: {1d2a8890-3083-11d6-b649-00c04faedb18} (Oracle JInitiator 1.1.8.18) -
O16 - DPF: {21157916-4d49-11d4-a3e0-00c04fa32518} -
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} (AXTNS Control) - http://download.livemath.com/activex/AXTNS.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1488af232287d2d81314/netzip/RdxIE601.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/au/games4.cab
O16 - DPF: {99410CDE-6F16-42CE-9D49-3807F78F0287} (ZangoInstaller Class) - http://infinity.zango.com/gateway/resources/default/zangoinstaller.cab?productid=542
O16 - DPF: {D10B5C22-DC60-430D-B548-489CB49A2367} (FreeScan Class) - http://download.fbmsoftware.com/downloads/zerospyware/freescan/zsfreescan.cab
O16 - DPF: {DA04CC86-07A5-11D5-A700-0001031AD955} (TP_live Control) - http://www.homestead.com/~site/InstallFiles/SIFiles/live/TP_live.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://pv1fd.pav1.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com/games/v51/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{994C8057-ADBC-449B-A2A0-A09499A5DCFF}: Domain = sra.nsw.gov.au
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = sra.nsw.gov.au,staterail.nsw.gov.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = sra.nsw.gov.au,staterail.nsw.gov.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = sra.nsw.gov.au,staterail.nsw.gov.au
