680180 with possibly more problems!

By carnage012 ยท 4 replies
Jan 4, 2006
  1. Sorry, you must get these types of questions but I am really am stuck on this one, I was looking through my little brothers computer, and have found he has inherent problems with his system slowing and Popups, namely the 680180 ones but i believe he may have more, ive done spybot, adaware and Spyware Blaster but the problem is still continuing, Attached is a HijackThis Log file, would anyone be so kind as to look this over for me and instruct me on what and how to delete. My thanks in advance for any assistance you can provide. :)
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    You sure it was the little brother, and not the Dad himself?

    Before you start, ONLY download, install and run updates where necessary of ALL the programs indicated in the next 2 posts.
    Read: How to remove Trojans and its ilk!
    Read: How to remove Begin2Search/Coolwebsearch and Other Nasties

    Next, disconnect your PC from the internet.
    Next, clean up all your cookies and Internet Temporary Files (In IE, click on Tools/Internet Options)

    C:\DOCUME~1\Dad\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
    Put HijackThis in e.g. C:\Program Files\HJT and NOT in Temp or on the Desktop!.

    Next, run this stuff:
    Read: How to remove Trojans and its ilk!

    Next, follow these instructions EXACTLY using the info mentioned underneath.
    Read: How to remove Begin2Search/Coolwebsearch and Other Nasties

    The following is all adware/spyware/trojan/virus and what-have-you!
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://results.searchscout.com/cont...m=MzU2NDIwOTU3&t=1000120168&d=0&k=pda&c=17979
    O1 - Hosts: zer.com
    O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\xxwxu.dll (file missing)
    O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINDOWS\prflbmsgp32.dll
    O2 - BHO: (no name) - {4208F879-AB9D-76CF-0B0A-E0E81EC1408A} - C:\DOCUME~1\Dad\APPLIC~1\Regspoll\Mess Ooze.exe
    O2 - BHO: ShowBarObj Class - {43AE45CB-DDA7-454B-9650-93A4C090BDB8} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
    O2 - BHO: C:\WINDOWS\adsldpbc.dll - {5E8D25E3-180D-4ECA-917E-D5F52D832C75} - C:\WINDOWS\adsldpbc.dll (file missing)
    O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\System32\SWin32.dll
    O2 - BHO: C:\WINDOWS\system32\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B712} - C:\WINDOWS\system32\adsldpbd.dll (file missing)
    O2 - BHO: MSEvents Object - {85597C9D-3994-4B7F-8CE3-515E632297A1} - C:\WINDOWS\java\winkey.dll
    O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\WINDOWS\mpatrol.dll
    O2 - BHO: C:\WINDOWS\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbf.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [close grey acid info] C:\Documents and Settings\All Users\Application Data\joypollclosegrey\Thisfind.exe
    O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\system32\automove.exe
    O4 - HKCU\..\Run: [PedalToTheMetalSetup.exe] C:\DOWNLO~1\PEDALT~1.EXE /r
    O4 - HKCU\..\Run: [WormsArmageddon.exe] C:\DOWNLO~1\WORMSA~1.EXE /r
    O4 - HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [sixthpop] C:\DOCUME~1\Dad\APPLIC~1\MFCDRE~1\Fast Great.exe
    O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

    Tick/Fix ALL your O16 - DPF: entries

    O17 - HKLM\System\CCS\Services\Tcpip\..\{10E27239-DB7A-414C-87D5-0DBED0A14C87}: NameServer =
    O17 - HKLM\System\CS1\Services\Tcpip\..\{10E27239-DB7A-414C-87D5-0DBED0A14C87}: NameServer =
    O20 - Winlogon Notify: gs - C:\WINDOWS\system32\adsldpbd.dll (file missing)
    O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
    O20 - Winlogon Notify: winkey - C:\WINDOWS\java\winkey.dll
    O20 - Winlogon Notify: xxwxu - xxwxu.dll (file missing)
  3. carnage012

    carnage012 TS Rookie Topic Starter

    They all use the "Dad" account, so it could have been any of them!

    You sir, are a genius, my wholehearted thanks to you for your help, I will do all of this tonight and post here if I have any problems, although it all looks simple enough. Thank you again for your help :)
  4. carnage012

    carnage012 TS Rookie Topic Starter

    Thank you so much, its working perfectly, no popups, no nothing. I cannot thank you enough. It was rigged with so much rubbish. Again, Thank you. Take Care :)
  5. Tedster

    Tedster Techspot old timer..... Posts: 6,002   +15

    did you run your anti-virus and antispyware software like a good little computer user should? If not, why not?
    HJT doesn't tell much.....

    Do your homework before requesting help! post results after running spybot, ad-aware, and ewido and your anti-virus :suspiciou

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...