Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

680180.net

Status
Not open for further replies.
teddysherri

teddysherri

Technical User
Nov 18, 2003
137
GB
Hello all

I have a problem with a laptop that was infested with viruses and apyware. I have got rid of most issues but i still cannot get to Windows update, also when i open up IE i popups from 680180.net and cannot get rid of them.

Does anyone have these issues.

Cheers
 
Sort by date Sort by votes
If you have run adaware and spybot already and cleaned up what they found, go ahead and post a hijackthis log so we can see what you have running. That way we can give you some comments that relate specifically to your machine.

-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
 
Upvote 0 Downvote
Cheers for the reply have used spybot, adaware and cwshredder. Here is the Hijackthis log:


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [EnableDCOM] N
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [AVGW] C:\PROGRA~1\Grisoft\AVG6\avgw.exe /RUNONCE
O4 - Global Startup: AOL 8.0 Tray Icon.lnk.disabled
O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
Cheers
 
Upvote 0 Downvote
O4 - HKLM\..\RunServices: [EnableDCOM] N
This is a line I'm unfamiliar with.
A number of hits with google recommend fixing it. Is it something you've set?

See links provided by chaslang below kaoboth log for more info.

Maybe someone else will have some other ideas.

-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
 
Upvote 0 Downvote
I also suggest getting pest patrol from
It always finds the stuff ad-aware misses. Its a trial version, but you can remove it after you scan if you like. You'll need to buy it to remove problems, but it will at least give you an idea of what is still there.

Matt J.

Please always take the time to backup any and all data before performing any actions suggested for ANY problem, regardless of how minor a change it might seem. Also test the backup to make sure it is intact.
 
Upvote 0 Downvote
My personal rule of thumb is that if it takes longer than 3 hours to clean it, you're better off reinstalling from scratch.

Use Knoppix to copy everything off, Reinstall, and you're done.

-------------------------------------------
 
Upvote 0 Downvote
Frankly, I see throwing in the towel and doing the old reformat/reinstall as knuckling under to the low life who produce the malwares.

Granted, not everyone has as much time to spend keeping up on things as some of us, but...I've yet to come across an infection that took me over three hours let alone two, to clear up -- and I've dealt with some infections that would make your toes curl.

By the time one has made sweeps with the heavy hitters (CWShredder, SpyBot, Adaware, Bazooka, SpySweeper ... in no particular order) you should be down to brass tacks and be fairly able to home in on the offending file(s).
Reformat and reinstall, IMHO, should be reserved for the most extreme cases.

I personally learn nothing from a reformat.
I learn a lot by looking and testing.

I'm not coming at you personally, StockPhoto.
I'm just saying that there is little to be gained from "reformat/reinstall" as a rule of thumb.
As I step off my pulpit, think of where we'd be if reformat/reinstall were the accepted conventional wisdom.
There'd be no tools, there'd be no discussions like this forum, there'd be no progress.
"They" would have us by the shorties.
"They" would be the winners.
We would only be borrowing our machines, because, in reality, they'd own our boxes.
These forums are for discussion of solutions...real solutions...and new ideas.
(Criminy, I'm starting to sound like an evangelical.)

Tired of waiting for an answer? Try asking better questions. See: faq222-2244
 
Upvote 0 Downvote
I'd also point out that in a business environment, reformatting and reinstalling is not always an option. It is not uncommon for me to get a pc from one of the corporate bigwigs that is crawling with spyware, and they tell me that the pc "won't work" or it "won't let them open such and such file and/or website", and "it's been acting weird for a while, now", and they absolutely MUST save such and such file(s).

It doesn't matter how much you try to educate them on when you should and when you shouldn't click, or that they should be storing important data on the servers - they are going to do what they want to do.

I look at it philosophically and tell myself that it's job security. [pc3]

"The Crystal Wind is the storm, and the storm is data, and the data is life. You have been slaves, denied the storm, denied the freedom of your data. That is now ended; the whirlwind is upon you . . . . . . Whether you like it or not."

"Trent the Uncatchable" in The Long Run by Daniel Keys Moran
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Curious network activity over port 445
Replies
8
Views
345
DrB0b
DrB0b
lowKut
  • Locked
  • Question
Clients are Getting Numerous Network Threat Protection Block IPs
Replies
3
Views
137
lowKut
lowKut
stduc
  • Locked
  • Helpful tip
Avast v6.0.1000 causes networked files issue
Replies
1
Views
78
stduc
stduc
DPlank
  • Locked
  • Question
CheckMessenger2.Net
Replies
1
Views
51
BadBigBen
BadBigBen
Pippinlady
  • Locked
  • Question
I think ClamXav is causing conflict with Netfxupdate on shut down 1
Replies
17
Views
191
BadBigBen
BadBigBen

Part and Inventory Search

Sponsor

Back
Top