Annoying 680130.net pop ups

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

JUSSI75

Thread Starter
Joined
Feb 1, 2005
Messages
6
Hi guys,

Can anybody help me try to get rid of the annoying pop up window which is labelled 680130.net. I've tried programs such as Ad-Aware, Spyware Blaster & Spybot - Search & Destroy but none of these seem to work. Please can you help me out?

:mad:
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi JUSSI75, Welcome to TSG!!

Create a permanent folder on your hard drive for Hijackthis, like My Documents\HJT
Click on this link: http://www.spywareinfo.com/~merijn/files/HijackThis.exe and "Save" hijackthis to the folder you have created.

Double click on the program to run hijackthis, click "scan" then click on "Save Log".

Post a copy back here and someone will be happy to review it.

Don't make any changes until instructed to do so.
 

mjack547

Malware Specialist
Joined
Sep 1, 2003
Messages
3,181
I have posted your log for you

Logfile of HijackThis v1.99.0
Scan saved at 16:32:30, on 01/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\INV32CLI.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\WUSER32.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\MS\SMS\BIN\pcmwin32.exe
C:\MS\SMS\BIN\appctl32.exe
C:\WINDOWS\system32\ntvdm.exe
C:\MS\SMS\BIN\climonnt.exe
C:\Program Files\AutoCAD 2004\acad.exe
C:\DOCUME~1\JF789~1.HIN\LOCALS~1\Temp\~e5d141.tmp
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
I:\J. Hinsley\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
F3 - REG:win.ini: load=smsrun32.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\System32\htiwege.dll
O2 - BHO: (no name) - {3D11B23C-B381-7D9B-43D7-499EFDC43AA8} - C:\WINDOWS\Xkqorijv.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\system32\mqwuw.dll
O2 - BHO: SDWin32 Class - {FB0C53D7-A3E0-4BE7-8F6B-B32E05182244} - C:\WINDOWS\system32\mqwuw.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O3 - Toolbar: Search - {8B88DD86-3696-D399-0861-DE90850EBB0A} - C:\WINDOWS\Xkqorijv.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - Startup: System Instrumentation.lnk = Profiles\M.Gilmore\Favorites\Links\Toggle Images.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1097485306578
O17 - HKLM\System\CCS\Services\Tcpip\..\{C864664D-81F9-4D6A-8EA6-4C93F016B307}: NameServer = 194.119.131.65,194.119.131.66
O23 - Service: ASF Agent - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
 

mjack547

Malware Specialist
Joined
Sep 1, 2003
Messages
3,181
Run Hijackthis and fix the following items. Be sure all windows are closed except for hijackthis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

F3 - REG:win.ini: load=smsrun32.exe

O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\System32\htiwege.dll

O2 - BHO: (no name) - {3D11B23C-B381-7D9B-43D7-499EFDC43AA8} - C:\WINDOWS\Xkqorijv.dll (file missing)

O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\system32\mqwuw.dll

O2 - BHO: SDWin32 Class - {FB0C53D7-A3E0-4BE7-8F6B-B32E05182244} - C:\WINDOWS\system32\mqwuw.dll

O3 - Toolbar: Search - {8B88DD86-3696-D399-0861-DE90850EBB0A} - C:\WINDOWS\Xkqorijv.dll (file missing)

O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe

O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe

Reboot in safe mode

Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"


and delet these

C:\WINDOWS\satmat.exe

C:\WINDOWS\farmmext.exe

Reboot and post a new hijackthis log
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Add these to the list of fixes!

Run HJT again and put a check in the following:

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

Close all applications and browser windows before you click "fix checked".
 

JUSSI75

Thread Starter
Joined
Feb 1, 2005
Messages
6
Hi,
When trying to reboot in Safe mode, my computer won't recognize my usual password. Is this normal or am i doing something wrong.
 

JUSSI75

Thread Starter
Joined
Feb 1, 2005
Messages
6
This problem was solved by removing the Yahoo & google toolbars. They seemed to be the problem.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top