re: too my first request for help

Too many pop ups called 680180.net taking over computer & about blank

hi i got this pc and its full of crap that i cant get rid of with the normal adware and spyware removal tools....adware,spybot,and xoftspy.i dled and ran the hijack this and heres the log :


~ IN-LINE LOG ATTACHED ~ SPD


any help will be great ,im sure with you guys help it will soon be free of this bothersome crap....lol

thanks jwb38sbcglobal

 

Re: Too many pop ups called 680180.net taking over computer & about blank

Do not copy & paste logs into your posts; always include logs as attachments.

Welcome to MajorGeeks.com!

Please follow forum guidelines and perform cleaning steps in the sticky thread before posting HijackThis logs.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Uninstall Kazaa and run KazaaBegone.

- Run about:Buster tool twice and attach the about:Buster log.

- Follow the directions for Virtumonde aka Trojan Vundo Fix w/ Tool.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

 

hi,
thanks again for the help,i have done as told......i have dled and ran all the programs for finding spyware and adware,spybot,adaware,ccleaner,mircosoft windows antispyware ,microsoft windows malicious software removal tool,kill2me,cwshredder,aboutbuster,vundofix,kazaabegone,hsremove....
i removed all of the stuff that these programs found.....i did this after i turned off the system restore and i did it in the safe mode......after doing all this i then went online and ran the panda activescan enclosed youll find the report for it, and also the bitdefender report enclosed.also im resending the hijack this log report i hope we can fix this .....after i restarted and before i ran the two online scans i seen that it appeared to still have the same problems....thanks for working with me and ill wait to here back from someone

 

jwb38sbcglobal,

I have merged your new thread with your previous one so please post in here from now on. SPD will be with you shortly.

 

Please attach the logs I asked for. Do not do things I don't tell you to do.

 

i didnt send the reports right so here they r

 

sorry please be patience im still trying to get the hang of this site and how to us it and im not doing that too good by the looks of it

 

too my first request for help

 

Please post the about:Buster, VundoFix and Bitdefender logs.

I am working up an initial fix and I want to get as much as possible the first time. You have several different infections.

 

~ In-Line Log Attached ~ DO NOT copy & paste logs into your post, unless you are told to do so. SPD


sorry i couldnt figure out how to send that file it keep saying it wasnt a valid file so i hope it can get there like this ,......as far as the logs for the vundofix theres was anything there so it didnt keep a log

 

or the aboutbuster didnt have any either and thats weird cause i see the about blanlk when going from page to page

~ Removed Duplicate log ~ SPD

 

thanks for cleaning up my mess,as u can see im new to using these forums

 

You have HijackThis installed incorrectly. Install HijackThis to C:\Program Files\HJT as directed by the tutorial.

Follow the instructions for the following:
- Running Hoster
- Look2Me VX2 Removal

You have a Peper infection, please click here to download the PeperFix tool, save it to your desktop, doubleclick on it, click 'Find and Fix' and reboot if prompted.

In HJT Choose Open the Misc Tools Section choose Process Manager, Highlight:

Choose Kill Process

Now scan and have HJT Fix the following:

Download
- Pocket Killbox
- ExplorerXP

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.


Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.


Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Follow the directions for the following:
- Running Spy Sweeper
- Running WinPfind by OldTimer

Post all logs and a fresh HijackThis log.

 

ok ill work on them tommorrow and see if i can get it going.......thanks for your help ill post again soon

 

hi there, first off i want to thank u again for all the help and work reading these logs and helping me get this thing fixed........the good thing is that it seems to be MUCH better and i dont seem to be getting any pop up windows like it was before.i followed all the steps that u had in the list of steps....when i put the pc in safe mode and looked for the things that u said to look for i didnt see any of them (hopefully i did it right)the expolerxp program...im not sure if u wanted any other logs but the ones i think u want r in a zipped folder enclosed let me know if your able to get to them....spy sweeper,hijack this,and winpfind.....u didnt sau anything about going back and doing the panda and whatever that other one was lol i looked but didnt find the name of it again...any i hope that the hijack this is right now......thanks again ill be waiting to here back for u

 

Scan and have HJT Fix the following:

Download FixAprop to your Desktop.

Reboot to Safe Mode.

Run FixAprop.

Reboot to Safe Mode.

Run Microsoft AntiSpyware and let it fix what it finds.

Start -> Run
type REGEDIT
'OK'

Navigate to the following Registry keys:

Open Windows Explorer, navigate to and delete the following:
Some of these may not be present

Reboot to Normal Mode.

Post a fresh HijackThis log.

How is your computer running?

 

it seems to be working just fine now no popups and no starting erroes but ill do what u said in the post u just sent and then ill post the new hjt log and thats all youll want me to post then is the hjt log right or did i miss any others that u might want?
thanks jwb38

 

Just the HijackThis log.

 

windows explorer in the last step is what program?? explorer xp

 

Windows Explorer is the Windows File Manager.

 

ok im in the safe mode and im still not sure were the window file manger is ,also im not finding anything in the last two steps

Start -> Run
type REGEDIT
'OK'

Navigate to the following Registry keys:
Quote:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7488C81F-4FE6-42FC-8958-BEF4B1B8BFC4}
SDWin32 Class <---- Locate and Delete this key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
uypujc <---- Locate and Delete this key
hpasyai <---- Locate and Delete this key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Resc <---- Locate and Delete this key


none of this are there under REGEDIT

ill wait for u to tell me where it is

 

i found it

and as i said the last two steps didnt find anything
the regedit and the windows explorer so ill send the hijack this log in just a few min

thanks

 

wasnt sure if the file alone would go through so i put it in a zipped folder

 

Your log is clean.

How is your computer running?

 

as good as new ,man i cant believe how messed up it was but i do know that the teenage that owned it before it was given to me did nothing to keep it running in top shape so i kinda expected to have problems with it but not this
lol
thanks again for ALL your help and hard work,you r the king

 

Disable System Restore and then enable System Restore. This will flush all your restore points and create a new clean one for your system.

System Restore
How to Protect yourself from malware!

Safe surfing.

 

k all done ,i have a post under the software section heres the post ,do u know anything about it ??if not then ill just wait to see if anyone can help on that software post

cant get 2 windows updates to install (help)

--------------------------------------------------------------------------------

im working on getting alot of bugs gone from this pc and ive done all the windows updates on it but it wont do the last two,it was way out of date when i got it it didnt even have sp2 on it,all went well till i got to the last 2 im guessing its the last two that it needs for now its not showing that it needs anyothers they are 1)update for windows xp (kb887742)and 2)security update for windows messenger (kb887472) ive tryed to search the web for a fix but havent been able to find any ,i can turn off the auto updates to get the icon to go away but id like to fix it if possible......hopefully someone will be able to help me get them installed so i can keep the auto updates on

thanks
jwb38sbcglobal

 

please wb

 

Have you tried running Windows Update itself?

 

if u mean have i tryed to go to windows update and let it search for the updates it needs yes it finds them and then it dls them and then tells me that they can be update.... ive also try alot of times to do it with the toolbar icon that tells me it needs them by the clock..im just not sure how to make it do it so that it stops telling me that it needs them
i can always check the box that tells me to dont remind me about these updates but didnt know if they were needed to keep it safe or not so i didnt do that ....once again thanks for the help and the time it takes to read and post....
jwb38

 

cant be updated that they failed
had it wrong saying that they can be updated
sorry

 

Have a look at this thread - http://forums.majorgeeks.com/showthread.php?t=78678

 

in that post it tells u to use notepad and select all files under file type but this pc has wordpad and im not sure how to dl notepad or what to do since it doesnt have all files listed in the file type box.......can i go and dl notepad?and why does it have wordpad instead of notepad?
thannks

 

All versions of Windows come with notepad.

Start -> Run
notepad
OK

 

ok i found the notepad and i tryed the first and there now a winupfix.cmd and when u click it it opens the command promt and installs a bunch of files but after that it still wouldnt do the updates,so i moved on to the next step and i didnt really understand that one ,what i did was i opened the comand promt window and i pasted

regedit /E c:\hklmBUR.txt "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\BackupRestore\FilesNotToBackup"

it then went to the flashing cruser i dont see this or know how to (Then upload as an attachment the c:\hklmBUR.txt file that was just created. )

 

Open Windows Explorer, the file is in the root directory of drive C.

 

ok im lost i dont get it im looking in the windows explorer under c:\for \hklmBUR.txt and im not seeing that at all nothing like that,so i dont know

 

Then the file wasn't created.

Open regedit and look for the registry key. Does it exist?

 

ok i found it by using the search and its a text file can i use that to upload it? and what does that mean copy it and then paste it in the comand prompt window...im guessing i need to open the text doc and highlight the content and then paste it to the comd prompt?ill wait to here back from u

 

heres what in the file

 

OK, the key exists.

 

so im guessing i need to paste that in comand prompt

 

how do u attach a file to comd prompt

 

You don't do anything with that file, other than post it here.

Start/Run then the following --
regsvr32 oleaut32.dll
regsvr32 jscript.dll
regsvr32 vbscript.dll
regsvr32 msxml.dll

regsvr32 softpub.dll
regsvr32 wintrust.dll
regsvr32 initpki.dll
regsvr32 cryptdlg.dll

reboot

 

k i did that but i zipped it do u want me to copy the text and send it through here?and what am i suposed to do with the text u just sent ?

 

Look at my post again. I told you what to do.

 

ok well i did that start run and then one by one i put that in and it told me they were succefull so i dont know it still dont work so i dont know what the deal is

 

i went to the windows update site and looked at my review history of dled updates, and the Windows Genuine Advantage Validation Tool (KB892130) is in there with a green check mark next to it so it is on here i dont know why its not it the log, i tryed to work with that link u sent but it opened a thing to dl (LegitCheckControl.cab) its zipped after i unzipped it ,it didnt seem to do anything but give me two icons one a note and the other a like page called LegitCheckControl.dll i dont know what im supposed to do with that so there sitting in the folder where i unzipped them too.ill wait to here back ..thanks

 

ok i try that and it sayed that it was already there so i replaced it but it still wont do the updates