Jump to content


Photo

Please Help!! ben high jacked by 680180.net


  • Please log in to reply
1 reply to this topic

#1 kingslender

kingslender

    Member

  • New Member
  • Pip
  • 1 posts

Posted 30 July 2004 - 12:55 PM

This is killing me (680180.net pop ups) and i need any help anyone can offer Please Please help me if you can. I'm not sure if I am posting this in the right place but here is my HJT log. Any help anyone cane give I thank you so much in advance.


Logfile of HijackThis v1.97.7
Scan saved at 1:41:28 PM, on 07/30/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Apps\NU.Desktop.Asset\NU.Desktop.Asset.Migrator.exe
C:\Apps\Vypress Auvis\Auvis.exe
C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\wedkgwu.exe
C:\WINNT\plmdybn..exe
C:\WINNT\system32\hpdllhost.exe
C:\WINNT\system32\RUNDLL32.exe
C:\WINNT\system32\clbtream.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\slmss\slmss.exe
C:\WINNT\system32\clrories.exe
C:\Program Files\VBouncer\VirtualBouncer.exe
C:\WINNT\system32\ezsys.exe
C:\Program Files\SysAI\SysAI.exe
J:\My Documents\My Music\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nunet.nu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nunet.nu.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Northeast Utilities v6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL
O2 - BHO: (no name) - {00000000-0000-0000-BFA1-D7EE6696B865} - C:\WINNT\system32\icdd7ee6.dll
O2 - BHO: (no name) - {00000000-0000-47c5-A90F-2CDE8F7638DB} - C:\WINNT\system32\iel2cde8.dll
O2 - BHO: (no name) - {000277A3-7D84-406a-9799-D12A81594693} - C:\WINNT\srchfst.dll
O2 - BHO: (no name) - {000E6ED5-E3FC-4c93-99E9-D38D2A9F9B09} - C:\WINNT\system32\he3e3fc4.dll
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINNT\system32\SWin32.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O3 - Toolbar: (no name) - {EFEE6B59-ADDB-40eb-BA2C-AF860F5B42B5} - C:\WINNT\system32\readdb40.dll
O3 - Toolbar: (no name) - {223405EC-01F9-48a2-BDBB-D519913E2765} - C:\WINNT\system32\li01f948.dll
O3 - Toolbar: Searchfst Class - {000277A3-7D84-406a-9799-D12A81594693} - C:\WINNT\srchfst.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [msbb] c:\winnt\system32\msbb.exe
O4 - HKLM\..\Run: [wdr] C:\WINNT\WDR.exe
O4 - HKLM\..\Run: [odsj] C:\WINNT\odsj.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [1 - NU.Desktop.Asset.Migrator] C:\Apps\NU.Desktop.Asset\NU.Desktop.Asset.Migrator.exe
O4 - HKLM\..\Run: [2 - NU.Desktop.Asset] C:\Apps\NU.Desktop.Asset\NU.Desktop.Asset.exe
O4 - HKLM\..\Run: [Auvis] "C:\Apps\Vypress Auvis\Auvis.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [stcloader] C:\WINNT\system32\stcloader.exe
O4 - HKLM\..\Run: [nssysconf] C:\WINNT\wedkgwu.exe
O4 - HKLM\..\Run: [hpsysconf1] C:\WINNT\plmdybn..exe
O4 - HKLM\..\Run: [000hpdllhost] C:\WINNT\system32\hpdllhost.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TB_setup] C:\WINNT\TEMP\tb_setup.exe /dcheck
O4 - HKLM\..\Run: [SrchfstUpdate] C:\WINNT\srchupdt.exe
O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINNT\Temp\WTuninst.exe /remove
O4 - HKLM\..\Run: [3smg3mg] clbtream.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKCU\..\Run: [IB5mRgM4j] clrories.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: JavaConnect - http://bentnotestest...JavaConnect.cab
O16 - DPF: Sametime Meeting Room Client ST25PF1 - http://wfntsametime1...gRoomClient.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo! Vision) - http://download.yahoo.com/dl/fv/yv.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.jud2.stat...ase/FormCtl.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thoug.../install032.exe
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://N:\CC\IT Web Players\Authorware 65 Install\awswaxf.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5E00C159-73B6-479C-B534-A3CDAE0D5807} (WindowFNC.DisplayWindow) - http://passport/NU/WindowFNC.CAB
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297B} - http://downloads.aaa...t-aug-acx13.exe
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weat...uginstaller.cab
O16 - DPF: {A4E84B61-1174-4309-87F0-E795A64158CC} (JNILoader Control) - http://wfntsametime1...STJNILoader.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.bright...bin/actxcab.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.timevisio...e30/OrgPubX.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate....nloads/outc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nu.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nu.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nu.com

#2 Skier55d

Skier55d

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 30 July 2004 - 09:22 PM

See my thread for removing 680180.net:
http://forums.spywar...showtopic=18490




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button