680180.net & vsmon.exe

  Nic 20:13 08 Aug 04

Here are a couple of related problems that I am hoping for some help on.

The first is a pop up message from 680180.net that will not go away despite the use of ad aware and spy bot. How do I get rid of this annoyance?

In attempting to fix the above problem by reinstalling ZoneAlarm, I am getting 2nd problem with a repeating vsmon.exe error message that reads, "the instruction at '0x01cc2e14' referenced memory at '0x00000004' the memory could not be 'read'.

Clicking on ok to terminate the program brings up a microsoft error report that sends on, but does not clear the above and recurs a few seconds later. Attempting to uninstall/reinstall ZoneAlarm to clear it also doesn't work.

I would be grateful for any thoughts and advice on either of the above.

Many thanks.

  VoG II 20:19 08 Aug 04
  VoG II 20:26 08 Aug 04

Also, try completely removing ZA click here then reinstalling.

  Nic 20:45 08 Aug 04

Thanks for the quick response, VoG. I have checked in the registry editor re: the 680180.net issue, and there is no value of 'Adstartup'. Is there any other place this little pest might be hiding?

The vsmon.exe issue has gone away, so thanks for the help there as well.

  VoG II 20:54 08 Aug 04

Can you post a HJT list click here

It would help if you could double-space it so it doesn't end up as gobbeldygook. You may need to post it in two halves because of the 800 word limit on this site.

  Nic 21:19 08 Aug 04

Thanks - here is part 1 of 2.

Logfile of HijackThis v1.97.7
Scan saved at 21:10:40, on 08/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\program files\altnet\points manager\points manager.exe
C:\Program Files\WindowsSA\omniscient.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nic\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,

O1 - Hosts: search.netscape.com12.129.205.209 sitefinder.verisign.com

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {E7E843E1-B8B5-49CB-A6C0-A3CBF534C601} - C:\WINDOWS\System32\ctspu.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\Kazaa.exe /SYSTRAY

  Nic 21:21 08 Aug 04

Part 2 of 2

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

O4 - HKLM\..\Run: [Jammer2nd] C:\WINDOWS\Jammer2nd.exe

O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm

O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe

O4 - HKLM\..\Run: [Mousecntl32] c:\windows\system32\mousecntl32.exe

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [ctspuc] C:\WINDOWS\System32\ctspuc.exe

O4 - HKLM\..\Run: [glwjmgeb] c:\windows\system32\glwjmgeb.exe /install

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?

O8 - Extra context menu item: &Search - click here

O9 - Extra button: GreatDownloads (HKLM)

O9 - Extra button: Messenger (HKLM
O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O10 - Broken Internet access because of LSP provider 'osmim.dll' missing

O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!click here

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - click here

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - click here

O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - click here

O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - click here

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - click here

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - click here

  Fruit Bat /\0/\ 21:51 08 Aug 04

nls.exe = Exact Advertising (spyware)

Adware Alert – WTOOLSA.EXE

Files called wtoolsa.exe, wtoolsb.exe, wtoolss.exe, wsup.exe, and wtoolsb.dll install with an adware program called "WinTools". Wintools installs itself as a service or "legacy service" that runs on system startup. It acts as a search page and home page hijacker. This program may have been intentionally downloaded or it oculd have stealth installed along wtih Gain, Gator, or Claria.

Users report that this file is difficult to remove. You can try going to Control Panel > Add/Remove Programs then remote "Wintools", "Wintools Easy Installer", or "Wintools for Internet Explorer". While this is worth a try, it's unlikely that it will really get rid of the program. So we'd recommend maximizing WinPatrol then clicking you "Active Task" tab. Kill any of the 5 files listed above. Next, go to your IE Helpers tab and disable wtoolsb.dll. Finally, go to your "Startup Programs" tab and remove any of the 5 files that appear there.

If you've done these things and still can't rid yourself of these files, the latest version of CoolWebShredder should work. You can download that at click here. You'll find a download link near the bottom of that page.

  Fruit Bat /\0/\ 21:54 08 Aug 04

Anti Spyware :-
Adaware click here
Spybot S&D click here
Spywareblaster click here
a2 click here
CW Shredder click here

suggest you run at least a2

install spybot, adaware and spyware blaster

  VoG II 22:04 08 Aug 04

I've asked a resident expert, Nellie2, to have a look at this.

  Nic 22:25 08 Aug 04

Thanks for the info Fruit Bat. Unfortunately, the installation of Spyware and CW shredder had no effect. There is nothing in the add/remove programs either. Any other suggestions would be welcome.

This thread is now locked and can not be replied to.

Qualcomm Snapdragon 835 benchmarks: Antutu, Geekbench 4, GFXBench and PCMark results

1995-2015: How technology has changed the world in 20 years

This stop-frame animation tells a moving story of domestic violence for Refuge

New iPad 2017 preview: Apple's affordable but underspecced new iPad may appeal to the education…