• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2554
  • Last Modified:

680180.net Hijack help

I ahev ran Adaware, Spybot, and Trend Micro's products to clean this system over and over again and each time I reboot it comes back. Any hel or suggestions would be greatly appreciated. Here is the Mijckthis log

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\OfficeScan NT\ofcdog.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\goidr.exe
C:\WINNT\system32\keyword.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\RUNDLL32.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\SCANJET\PrecisionScan\hpppt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\administrator.TOF\Desktop\HijackThis1980.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SDWin32 Class - {13672C82-7E3F-417B-9087-878F35A80903} - C:\WINNT\system32\nstro.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\downloaded program files\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [nstroc] C:\WINNT\system32\nstroc.exe
O4 - HKLM\..\Run: [stcloader] C:\WINNT\system32\stcloader.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [goidr] C:\WINNT\goidr.exe
O4 - HKLM\..\Run: [aqadcup] C:\WINNT\aqadcup.exe
O4 - HKLM\..\Run: [version] C:\WINNT\system32\manage.exe
O4 - HKLM\..\Run: [WinEssential] C:\WINNT\system32\keyword.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Parallel Port Test.lnk = C:\SCANJET\PrecisionScan\hpppt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TOF
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TOF
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TOF
O20 - AppInit_DLLs: NVDESK32.DLL
0
kevinlw1974
Asked:
kevinlw1974
  • 4
  • 2
1 Solution
 
SheharyaarSaahilCommented:
Hello kevinlw1974 =)

First Download these tools and install Adaware and Spybot:
========================================================
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot  ==> http://www.spychecker.com/program/spybot.html
CoolWebShredder ==> http://www.spychecker.com/program/coolwebshredder.html
ToolBar Cop >> http://www.mvps.org/sramesh2k/toolbarcop.htm
Stinger >> http://vil.nai.com/vil/stinger
========================================================
then TURN OFF UR SYSTEM RESTORE >> http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405
then fix the following entries in hijakchtis !!

========================================================
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - (no file)
O2 - BHO: SDWin32 Class - {13672C82-7E3F-417B-9087-878F35A80903} - C:\WINNT\system32\nstro.dll
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [nstroc] C:\WINNT\system32\nstroc.exe
O4 - HKLM\..\Run: [stcloader] C:\WINNT\system32\stcloader.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [goidr] C:\WINNT\goidr.exe
O4 - HKLM\..\Run: [aqadcup] C:\WINNT\aqadcup.exe
O4 - HKLM\..\Run: [version] C:\WINNT\system32\manage.exe
O4 - HKLM\..\Run: [WinEssential] C:\WINNT\system32\keyword.exe
====================================================================
then.....

1. Restart ur machine
2. Boot into safemode and Login as Administrator
3. Run the AntiVirus tool and delete all viruses it found
4. Run the Spyware Removal tools and delete everything they detect
5. Then goto C:\Documents and Settings\ur usernmae\Local Settings\Temp and delete all files present here
6. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temporary Internet Files, and delete the folder of ContentIE
7. Goto C:\Documents and Settings\ur usernmae\Cookies, and delete all cookies present here.
8. Reboot back in Normal Mode and check if problems are gone
9. If YES then Great, otherwise Create a New user and check there for the popups problems..... post back the results !!

!! Good Luck !!
0
 
kevinlw1974Author Commented:
Thanks...I am trying that now.
0
 
SheharyaarSaahilCommented:
hmmmmmmm, good luck  :)
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
kevinlw1974Author Commented:
Thanks that worked. That was driving me crazy and saved me a rebuild.
0
 
SheharyaarSaahilCommented:
great ^_^
0
 
pinaldaveCommented:
hello SheharyaarSaahil
Your answers are wonderful . I refer them so much. You are true genious. I usually contribute in the area of ColdFusion.
Regards,
---Pinal
0
 
SheharyaarSaahilCommented:
thanx Pinal for these kind words =)
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now