pop up problem--help me with my Hijack This log file! **UPDATE**

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
nick1985

nick1985

Lifer
Dec 29, 2002
27,153
6
81
i ran spywareblaster and i selected all of the files to protect against. as soon as i got done with that i got nailed with another wave of pop ups...the same ones as before. is there a way i can tell my computer to not allow content froma website, and then just enter the websites that is giving me pop ups?
 
T

TechnoKid

Diamond Member
Feb 12, 2001
5,575
0
0
Try running all those programs I mentioned in safe mode. You may also have to restart for spywareblaster to take effect. You can edit your hosts file to block certain websites, but I'm not sure how to do this.
 
T

TechnoKid

Diamond Member
Feb 12, 2001
5,575
0
0
Originally posted by: nick1985
i just ran hijackthis

THIS is the logs it gave me

what do i need to get rid of?
Click to expand...

I'm not sure exactly what to remove, but this forum can help you better. Just make a post titled "Constant pop-ups --HELP" and copy and paste the scan log it scanned. You don't need to register a name. forums.spywareinfo.com I could tell you some stuff to remove, but, I'm not sure if some of the stuf you have installed needs to be installed.
 
T

TechnoKid

Diamond Member
Feb 12, 2001
5,575
0
0
Originally posted by: nick1985
bbzzdd is unauthorized. :(

can anyone help me with my hijcak this log file?
Click to expand...

Huh? Ok, copy and paste the text and post it here and I will cross-post it on that other forum.
 
T

TechnoKid

Diamond Member
Feb 12, 2001
5,575
0
0
Originally posted by: nick1985
it wont let me copy and past the log files. i cant select more than 1 of them
Click to expand...

You have to save the scan to a text file, then open that text file, and then copy and paste.
 
nick1985

nick1985

Lifer
Dec 29, 2002
27,153
6
81
Logfile of HijackThis v1.97.7
Scan saved at 4:16:28 PM, on 12/25/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\cmd32.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Common Files\slmss\slmss.exe
C:\WINDOWS\mwsvm.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\svchost.exe
C:\Program Files\United Devices\UD.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\United Devices\ud_1706422.exe
C:\Program Files\United Devices\ud_1706422_0.dir\ud_ligfit_Release.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nick\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.anandtech.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.anandtech.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?session=500CA143-0EC6-47E0-9A7B-E0BE09A3C5E1&version_id=18
R3 - URLSearchHook: PerfectNavBHO Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\cmd32.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\cmd32.exe
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\ieasst.dll
O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Program Files\ClearSearch\IE_ClrSch.DLL
O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [CMD] cmd32.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O9 - Extra button: AIM (HKLM)
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install011.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 
D

dpm

Golden Member
Apr 24, 2002
1,513
0
0
after a quick readthru of your hijack this log, one thing pops out - slmss.exe.

I think I remember this one being a trojan/adware, but I'm not entirely sure - time for a google...
 
D

dpm

Golden Member
Apr 24, 2002
1,513
0
0
D'oh! How did I miss this;

"O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install011.exe"

and this;
"O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe"

in your log?

You actually have programmes fighting over who gets to show you pop ups!

Have you downloaded and run Adaware? It should clean this 2ndthought and Clearthought crap off your pc for you.

Also, do you run a firewall? Surely a firewall would have spotted these programs trying to access the net and download new ads.
 
nick1985

nick1985

Lifer
Dec 29, 2002
27,153
6
81
Originally posted by: dpm
D'oh! How did I miss this;

"O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - <a href="http://www.2nd-thought.com/files/install011.exe">http://www.2nd-thought.com/files/install011.exe</A>"

and this;
"O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe"

in your log?

You actually have programmes <STRONG>fighting</STRONG> over who gets to show you pop ups!

Have you downloaded and run Adaware? It should clean this 2ndthought and Clearthought crap off your pc for you.

Also, do you run a firewall? Surely a firewall would have spotted these programs trying to access the net and download new ads.
Click to expand...


i just deleted those 2 files taht you pointed out. i thought my lynksys router had a built in firewall....

 
Colt45

Colt45

Lifer
Apr 18, 2001
19,720
1
0
Originally posted by: nick1985
Originally posted by: dpm
D'oh! How did I miss this;

"O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - <a href="http://www.2nd-thought.com/files/install011.exe">http://www.2nd-thought.com/files/install011.exe</A>"

and this;
"O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe"

in your log?

You actually have programmes <STRONG>fighting</STRONG> over who gets to show you pop ups!

Have you downloaded and run Adaware? It should clean this 2ndthought and Clearthought crap off your pc for you.

Also, do you run a firewall? Surely a firewall would have spotted these programs trying to access the net and download new ads.
Click to expand...


i just deleted those 2 files taht you pointed out. i thought my lynksys router had a built in firewall....
Click to expand...


Firewalls don't stop stupidity
 
nick1985

nick1985

Lifer
Dec 29, 2002
27,153
6
81
im stupid for using the internet?

anyway, the pop ups are back. this is rediculous. any other lines in that log file that i need to delete?
 
D

dpm

Golden Member
Apr 24, 2002
1,513
0
0
Nick - the very next thing you need to do is go to lavasoft, download Adaware, update it, and run it.
Even if you are on dial-up, its only 1.7 meg and is an absolut essential.

It'll probably tell you a couple of things i missed, and most importantly - it'll clean them off your system completely.

If you aren't running a firewall, and if even I can spot evils in your hijackthis log, then you've got problems.
Next step is a trip to zonealarm, where you will download and install zonalarm free. Set it to block attack s silently, but make programs ask for permission before they can access the net.

Then reboot and see if you are still getting popups.

By the way, are you running an antivirus program?
 
D

dpm

Golden Member
Apr 24, 2002
1,513
0
0
Also, i think wupdater.exe runs a bell - it might be a trojan. check it out.

And I should have said that hardware firewalls are very good, and built in router firewalls are ok, but you need to know what you are doing to use them, and you should really have a software one as well.
 
D

dighn

Lifer
Aug 12, 2001
22,820
4
81
in addition to what dpm suggested, get rid of (maybe overlap)

O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe

R3 - URLSearchHook: PerfectNavBHO Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\ieasst.dll
O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Program Files\ClearSearch\IE_ClrSch.DLL
O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe

why is your system loaded with these things. you should be more careful
 
S

Sid59

Lifer
Sep 2, 2002
11,879
3
81
i dont see how a firewall is gonna stop you from downloading content that will install.

should always clean adaware, spybot. bhodemon .. last hi jack this. hihack is the most confusing and easy to botch other programs if you dont know what you are doing.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom