I need help. I can not get rid of this bug called 680180.net. I have ran adware & spyware SD and I have not been able to remove the bug. Can anyone help?

Logfile of HijackThis v1.97.7
Scan saved at 11:27:41 AM, on 7/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SAV\DefWatch.exe
C:\WINNT\System32\cba\pds.exe
C:\WINNT\System32\NMSSvc.exe
C:\PROGRA~1\SAV\Rtvscan.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\PROGRA~1\Symantec\QUARAN~1\Server\qserver.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Symantec\QUARAN~1\Server\ScanExplicit.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\MsgSys.EXE
C:\PROGRA~1\Symantec\QUARAN~1\Server\IcePack.exe
C:\WINNT\system32\ams_ii\hndlrsvc.exe
C:\WINNT\system32\ams_ii\iao.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\system32\fxssvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\PROMon.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SAV\vptray.exe
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\WINNT\goidr.exe
C:\WINNT\System32\itqtijj.exe
C:\Program Files\ACT\act.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.worldnet.att.net/ie4/search/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.worldnet.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07828E6F-D5D1-4045-B1AD-BA107F44BF6E} - C:\WINNT\System32\hltfg.dll
O2 - BHO: (no name) - {0F660F64-F4C9-477F-8529-44181B717472} - C:\Program Files\AT&T\WnClient\Programs\CSMBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WorkFlo] D:\Installs\WorkFlow.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\vptray.exe
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [service] C:\WINNT\services.exe -serv
O4 - HKLM\..\Run: [goidr] C:\WINNT\goidr.exe
O4 - HKLM\..\Run: [hltfgc] C:\WINNT\System32\hltfgc.exe
O4 - HKLM\..\Run: [vblujk] C:\WINNT\System32\itqtijj.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: AnyWho (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwcb.ops.placeware.com/etc/place/...quicksilver.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7866.3568634259
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pst-domain.local
O17 - HKLM\Software\..\Telephony: DomainName = pst-domain.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pst-domain.local

Please start by running online antivirus scans at both of these sites and letting them remove anything they find:

http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.pandasoftware.com/activescan/

Next, please download the latest version of Hijack This from here and unzip it to a folder of its own: http://www.downloads.subratam.org/hijackthis.zip

Please then enable viewing of hidden/system files per the instructions here: http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Reboot to Safe Mode.

In Safe Mode, with all windows closed, scan with Hijack This, put checks next to all the items I've listed below that remain and then click "Fix Checked":



Reboot to normal mode, scan again with Hijack This and post a new log here.