help with adware IE

Discussion in 'System Security & Infection Support' started by horent135, Oct 31, 2004.

  1. horent135

    horent135

    Joined:
    Oct 31, 2004
    Messages:
    58
    Likes Received:
    0
    Location:
    East side
    Everytime i used the IE, there this ad program pop up. It from 180search, and i know that like a spyware or adware stuff. It ask me if i want to install the 180search. But everytime i click No, it comes back up saying if i want to install it or not. And i keep pressing no. After like 5 trys, it stops. But if i close the IE and open the IE again or new winder of IE, it comes back. Help me to stop this?? and Also i get pop up ad, poping up even i don' used the IE. HELP PLZ!!

    I use spybot and adware to remove spyware and adware but i still have the problem!
     
    horent135, Oct 31, 2004
    #1
    1. Advertisements

  2. horent135

    D Schrute Assistant Sensei VIP Member

    Joined:
    Aug 31, 2004
    Messages:
    1,201
    Likes Received:
    19
    Location:
    VA & NC
    Did it relocate your home page to something of their company and that is the reason for the pop up prompt? I would recommend downloading mozilla to use as a browser after you straighten it out.
     
    D Schrute, Oct 31, 2004
    #2
    1. Advertisements

  3. horent135

    horent135

    Joined:
    Oct 31, 2004
    Messages:
    58
    Likes Received:
    0
    Location:
    East side
    it relocate me to msn.com
     
    horent135, Oct 31, 2004
    #3
  4. horent135

    D Schrute Assistant Sensei VIP Member

    Joined:
    Aug 31, 2004
    Messages:
    1,201
    Likes Received:
    19
    Location:
    VA & NC
    No thank won't be the problem then, usually adware will redirect you to something along the lines of supersearch.info
     
    D Schrute, Oct 31, 2004
    #4
  5. horent135

    James Photojournalist

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    Hi, it sounds like you still have some registry entries that need to be removed. Post your HijackThis log here. You can find HJT from our Handy Tools.
     
    James, Oct 31, 2004
    #5
  6. horent135

    ruslanb76 pivo prosim VIP Member

    Joined:
    Jul 17, 2004
    Messages:
    442
    Likes Received:
    5
    Location:
    usa
    Did you try just going into your control panel internet settings homepage and changing that back to your usual homepage? I've had this happen and corrected it like that. Obviously something is there you need to get rid of. Have you tried Cool Web Shredder?
     
    ruslanb76, Oct 31, 2004
    #6
  7. horent135

    D Schrute Assistant Sensei VIP Member

    Joined:
    Aug 31, 2004
    Messages:
    1,201
    Likes Received:
    19
    Location:
    VA & NC
    I was asking horent125 if it was doing that, which it isn't.
     
    D Schrute, Oct 31, 2004
    #7
  8. horent135

    horent135

    Joined:
    Oct 31, 2004
    Messages:
    58
    Likes Received:
    0
    Location:
    East side
    Logfile of HijackThis v1.98.2
    Scan saved at 1:06:25 PM, on 10/31/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\windows\redirect9a.exe
    C:\WINDOWS\System32\RUNDLL32.exe
    C:\WINDOWS\updatetc.exe
    C:\WINDOWS\System32\wintask.exe
    C:\WINDOWS\System32\ykuiyk.exe
    C:\WINDOWS\System32\gawofu.exe
    C:\PROGRA~1\AIM95\aim.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsgSys.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\CxtPls\CxtPls.exe
    C:\WINDOWS\System32\srrenh.exe
    C:\WINDOWS\System32\panbis.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    C:\Documents and Settings\horent135\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.112.64.244:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\CxtPls\CxtPls.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Searchfst Class - {000277A3-7D84-406a-9799-D12A81594693} - C:\WINDOWS\srchfst.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [redirect] C:\windows\redirect9a.exe
    O4 - HKLM\..\Run: C:\WINDOWS\Registration\url.exe O4...s - [url="file://C:Program"]file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=
    O14 - IERESET.INF: START_PAGE_URL=
    O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...38209026a235:cde33b3c6fd3e8f66ff6d10e72219b44
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} -
    O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} -
    O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://www.pussyharem.com/stream/mmp.cab
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} -


    Those are my logs, I think i block some of the registery by using Spybot search and destory with teatimer. But i want them to be delete.
     
    horent135, Oct 31, 2004
    #8
  9. horent135

    James Photojournalist

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    I would install SP2 for Windows XP. Remove these items...

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e
    C:\windows\redirect9a.exe
    C:\WINDOWS\System32\MsgSys.EXEC:\Program Files\CxtPls\CxtPls.exe
    C:\WINDOWS\System32\srrenh.exe
    C:\WINDOWS\System32\panbis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 198.112.64.244:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;http://localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\CxtPls\CxtPls.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Searchfst Class - {000277A3-7D84-406a-9799-D12A81594693} - C:\WINDOWS\srchfst.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) -
     
    James, Oct 31, 2004
    #9
  10. horent135

    horent135

    Joined:
    Oct 31, 2004
    Messages:
    58
    Likes Received:
    0
    Location:
    East side
    how u install the SP2, im a noob
     
    Last edited: Oct 31, 2004
    horent135, Oct 31, 2004
    #10
  11. horent135

    D Schrute Assistant Sensei VIP Member

    Joined:
    Aug 31, 2004
    Messages:
    1,201
    Likes Received:
    19
    Location:
    VA & NC
    [size=-1]windowsupdate.microsoft.com/[/size] > you need to be using internet explorer. If you haven't update ever you will have to go throught a series of installs and restarts until you reach installing service pack
     
    D Schrute, Oct 31, 2004
    #11
  12. horent135

    James Photojournalist

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    Check out this [thread=2480]thread[/thread] for more info on SP2. You can download SP2 from there, look for the express version.
     
    James, Oct 31, 2004
    #12
  13. horent135

    horent135

    Joined:
    Oct 31, 2004
    Messages:
    58
    Likes Received:
    0
    Location:
    East side
    Ok i just install the SP2 Pack, how do i get rid of those items?
     
    horent135, Nov 2, 2004
    #13
  14. horent135

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    Open up HijackThis, and place a checkbox next to all of those that James suggested above. Click 'Ok' and reboot.
     
    Fenis-Wolf, Nov 2, 2004
    #14
  15. horent135

    horent135

    Joined:
    Oct 31, 2004
    Messages:
    58
    Likes Received:
    0
    Location:
    East side
    ok i did the hijackthis program and delete the stuff that i needed to be delete (adware and spyware). But then i reboot my computer, and rescan it. it comes back. So i don't think that helps.
     
    horent135, Nov 3, 2004
    #15
  16. horent135

    James Photojournalist

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    Will you post your log? There's something lingering.
     
    James, Nov 3, 2004
    #16
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.