680180 with possibly more problems!

[carnage012]

Sorry, you must get these types of questions but I am really am stuck on this one, I was looking through my little brothers computer, and have found he has inherent problems with his system slowing and Popups, namely the 680180 ones but i believe he may have more, ive done spybot, adaware and Spyware Blaster but the problem is still continuing, Attached is a HijackThis Log file, would anyone be so kind as to look this over for me and instruct me on what and how to delete. My thanks in advance for any assistance you can provide.

 

[RealBlackStuff]

You sure it was the little brother, and not the Dad himself?

Before you start, ONLY download, install and run updates where necessary of ALL the programs indicated in the next 2 posts.
Read: How to remove Trojans and its ilk!
Read: How to remove Begin2Search/Coolwebsearch and Other Nasties

Next, disconnect your PC from the internet.
Next, clean up all your cookies and Internet Temporary Files (In IE, click on Tools/Internet Options)

C:\DOCUME~1\Dad\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
Put HijackThis in e.g. C:\Program Files\HJT and NOT in Temp or on the Desktop!.

Next, run this stuff:
Read: How to remove Trojans and its ilk!

Next, follow these instructions EXACTLY using the info mentioned underneath.
Read: How to remove Begin2Search/Coolwebsearch and Other Nasties

The following is all adware/spyware/trojan/virus and what-have-you!
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://results.searchscout.com/cont...m=MzU2NDIwOTU3&t=1000120168&d=0&k=pda&c=17979
O1 - Hosts: zer.com
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\xxwxu.dll (file missing)
O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINDOWS\prflbmsgp32.dll
O2 - BHO: (no name) - {4208F879-AB9D-76CF-0B0A-E0E81EC1408A} - C:\DOCUME~1\Dad\APPLIC~1\Regspoll\Mess Ooze.exe
O2 - BHO: ShowBarObj Class - {43AE45CB-DDA7-454B-9650-93A4C090BDB8} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {5E8D25E3-180D-4ECA-917E-D5F52D832C75} - C:\WINDOWS\adsldpbc.dll (file missing)
O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\System32\SWin32.dll
O2 - BHO: C:\WINDOWS\system32\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B712} - C:\WINDOWS\system32\adsldpbd.dll (file missing)
O2 - BHO: MSEvents Object - {85597C9D-3994-4B7F-8CE3-515E632297A1} - C:\WINDOWS\java\winkey.dll
O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\WINDOWS\mpatrol.dll
O2 - BHO: C:\WINDOWS\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbf.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [close grey acid info] C:\Documents and Settings\All Users\Application Data\joypollclosegrey\Thisfind.exe
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\system32\automove.exe
O4 - HKCU\..\Run: [PedalToTheMetalSetup.exe] C:\DOWNLO~1\PEDALT~1.EXE /r
O4 - HKCU\..\Run: [WormsArmageddon.exe] C:\DOWNLO~1\WORMSA~1.EXE /r
O4 - HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [sixthpop] C:\DOCUME~1\Dad\APPLIC~1\MFCDRE~1\Fast Great.exe
O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

Tick/Fix ALL your O16 - DPF: entries

O17 - HKLM\System\CCS\Services\Tcpip\..\{10E27239-DB7A-414C-87D5-0DBED0A14C87}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{10E27239-DB7A-414C-87D5-0DBED0A14C87}: NameServer = 192.168.1.1
O20 - Winlogon Notify: gs - C:\WINDOWS\system32\adsldpbd.dll (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: winkey - C:\WINDOWS\java\winkey.dll
O20 - Winlogon Notify: xxwxu - xxwxu.dll (file missing)

 

[carnage012]

They all use the "Dad" account, so it could have been any of them!

You sir, are a genius, my wholehearted thanks to you for your help, I will do all of this tonight and post here if I have any problems, although it all looks simple enough. Thank you again for your help

 

[carnage012]

Thank you so much, its working perfectly, no popups, no nothing. I cannot thank you enough. It was rigged with so much rubbish. Again, Thank you. Take Care

 

[Tedster]

did you run your anti-virus and antispyware software like a good little computer user should? If not, why not?
HJT doesn't tell much.....


Do your homework before requesting help! post results after running spybot, ad-aware, and ewido and your anti-virus :suspiciou


thanks