internet problem pop up problem

Discussion in 'Networking and Internet' started by horent135, Dec 5, 2004.

  1. horent135

    horent135

    Joined:
    Oct 31, 2004
    Messages:
    58
    Likes Received:
    0
    Location:
    East side
    Everytime i use IE and Avant broswer, i go to some website, especially ebay. I get a pop-up saying I have to click OK to access the internet. Which is B.S. I click on OK for few times becuase that pop up goes back up after i click on OK. It wants me to install a componet called 180search which some kind of virus, or ad-ware. So the pop-up goes back on everytime i load a page, especially on ebay. I install popup blocker but it doesn't do it's job. It still poping up. Is there any way to get rid of it???
     
    horent135, Dec 5, 2004
    #1
    1. Advertisements

  2. horent135

    D Schrute Assistant Sensei VIP Member

    Joined:
    Aug 31, 2004
    Messages:
    1,201
    Likes Received:
    19
    Location:
    VA & NC
    D Schrute, Dec 5, 2004
    #2
    1. Advertisements

  3. horent135

    horent135

    Joined:
    Oct 31, 2004
    Messages:
    58
    Likes Received:
    0
    Location:
    East side
    Logfile of HijackThis v1.98.2
    Scan saved at 10:44:02 PM, on 12/4/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\NavNT\vptray.exe
    C:\windows\redirect9a.exe
    C:\WINDOWS\updatetc.exe
    C:\WINDOWS\System32\wintask.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    C:\WINDOWS\system32\ykuiyk.exe
    C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\AIM95\aim.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\horent135\Desktop\HijackThis.exe
    C:\WINDOWS\notepad.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    O2 - BHO: (no name) - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - (no file)
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [redirect] C:\windows\redirect9a.exe
    O4 - HKLM\..\Run: C:\WINDOWS\Registration\url.exe O4...- [url="file:///C:Program"]file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=
    O14 - IERESET.INF: START_PAGE_URL=
    O16 - DPF: ConferenceRoom Java Client -
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...38209026a235:cde33b3c6fd3e8f66ff6d10e72219b44
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} -
    O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} -
    O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} -
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} -
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} -
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
     
    horent135, Dec 5, 2004
    #3
  4. horent135

    D Schrute Assistant Sensei VIP Member

    Joined:
    Aug 31, 2004
    Messages:
    1,201
    Likes Received:
    19
    Location:
    VA & NC
    Remove the Following... there is bound to be more but I just want to get the ones im sure of...

    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=
    O14 - IERESET.INF: START_PAGE_URL=
    C:\WINDOWS\system32\cidaemon.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

    And this one if you want to get rid of your smut.

    http://stream.pussyharem.com/stream/mmp.cab
     
    D Schrute, Dec 5, 2004
    #4
  5. horent135

    horent135

    Joined:
    Oct 31, 2004
    Messages:
    58
    Likes Received:
    0
    Location:
    East side
    C:\WINDOWS\system32\cidaemon.exe

    i can't delete it!! it says that im using that program, so i alt+ctrl+del and went under process, and i say CIDAEMON.EXE and the user name was under system. So i can't delete it!! wat should i do?
     
    horent135, Dec 5, 2004
    #5
  6. horent135

    horent135

    Joined:
    Oct 31, 2004
    Messages:
    58
    Likes Received:
    0
    Location:
    East side
    btw i think 180search is a ActiveX protection, and i chose NO to install it, i think that why im having that pop-up. Any way to get rid of it??
     
    horent135, Dec 5, 2004
    #6
  7. horent135

    spike228 ST 38 VIP Member

    Joined:
    Jul 18, 2004
    Messages:
    2,256
    Likes Received:
    18
    Location:
    Honolulu, Hawaii
    DO NOT click any of the options in the popup. do not click "no" or "ok". always click the "x" to close it.
     
    spike228, Dec 5, 2004
    #7
  8. horent135

    D Schrute Assistant Sensei VIP Member

    Joined:
    Aug 31, 2004
    Messages:
    1,201
    Likes Received:
    19
    Location:
    VA & NC
    Like I said there are probably more... I just don't want to mess up your computer so I post the ones for which I'm confident.
     
    D Schrute, Dec 5, 2004
    #8
  9. horent135

    horent135

    Joined:
    Oct 31, 2004
    Messages:
    58
    Likes Received:
    0
    Location:
    East side
    i click on the "x", it still comes back.. Any more ideas?? i just want to get rid of that thing, it **** me off alot.
     
    horent135, Dec 5, 2004
    #9
  10. horent135

    James Photojournalist VIP Member

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    Location:
    Maine, USA
    Don't remove CIDAEMON. Remove these and the Run Ad-Aware, reboot and see if this has helped at all:

    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=
    O14 - IERESET.INF: START_PAGE_URL=
    O16 - DPF: ConferenceRoom Java Client -
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...6d10e72219 b44
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} -
    O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} -
    O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} -
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} -
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} -
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...wn.cab31267.cab
    O4 - HKLM\..\Run: [redirect] C:\windows\redirect9a.exe
    O4 - HKLM\..\Run: file:///C:\Program" target="_blank">http://C:\WINDOWS\Registration\url....e:///C:\Program Files\Yahoo!\Common/ycdict.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    O2 - BHO: (no name) - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - (no file)
     
    James, Dec 5, 2004
    #10
  11. horent135

    horent135

    Joined:
    Oct 31, 2004
    Messages:
    58
    Likes Received:
    0
    Location:
    East side
    done that and ran ad-ware, still havin the problem :(
     
    horent135, Dec 6, 2004
    #11
  12. horent135

    James Photojournalist VIP Member

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    Location:
    Maine, USA
    Ok, re-post your log. Also, lets trying running HJT in Safe Mode.
     
    James, Dec 6, 2004
    #12
  13. horent135

    horent135

    Joined:
    Oct 31, 2004
    Messages:
    58
    Likes Received:
    0
    Location:
    East side
    ok i ran the ad-ware the day before, and the next day in the morning, the pop-up thingy stops. And then later at night, it came back.. :(

    What is HJT??
     
    horent135, Dec 8, 2004
    #13
  14. horent135

    spike228 ST 38 VIP Member

    Joined:
    Jul 18, 2004
    Messages:
    2,256
    Likes Received:
    18
    Location:
    Honolulu, Hawaii
    HiJack This
     
    spike228, Dec 8, 2004
    #14
  15. horent135

    horent135

    Joined:
    Oct 31, 2004
    Messages:
    58
    Likes Received:
    0
    Location:
    East side
    how do u run it in Safe mode?
     
    horent135, Dec 8, 2004
    #15
  16. horent135

    D Schrute Assistant Sensei VIP Member

    Joined:
    Aug 31, 2004
    Messages:
    1,201
    Likes Received:
    19
    Location:
    VA & NC
    Hit F8 or F6 (depends on retailer) as you boot up before Windows.
     
    D Schrute, Dec 8, 2004
    #16
  17. horent135

    Goober THQ's Jester Moderator

    Joined:
    Jul 26, 2004
    Messages:
    2,864
    Likes Received:
    35
    Location:
    Colorado
    hey what about this one???
    C:\WINDOWS\system32\lsass.exe, or am i thinking of somting different? (such as i-worm/sasser.a-f) if not im reeally out of it.


    i would suggest using mozilla, or firefox, spywareguard, spywareblaster, avg, ad-aware, to prevent/remove any of those problems.
     
    Goober, Dec 8, 2004
    #17
  18. horent135

    James Photojournalist VIP Member

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    Location:
    Maine, USA
    Do not remove LSASS... Once you're in Safe Mode remove the options we suggested. Or, post your log, then let us tell you what to remove, print this thread and remove the options in Safe Mode.
     
    James, Dec 9, 2004
    #18
  19. horent135

    Goober THQ's Jester Moderator

    Joined:
    Jul 26, 2004
    Messages:
    2,864
    Likes Received:
    35
    Location:
    Colorado
    oh thats an "L" oh my, im glad i didnt remove that form some dudes laptop i was fixin' up
     
    Goober, Dec 10, 2004
    #19
  20. horent135

    horent135

    Joined:
    Oct 31, 2004
    Messages:
    58
    Likes Received:
    0
    Location:
    East side
    i don't think it possible to get rid of it. ill just reformat my HD
     
    horent135, Dec 12, 2004
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.