 |  |  |  |  |  |  |  |
Random popups, even when not online
 |
OS: XP
Location: English Room
The computer will be just sitting there, on the network (We share a LAN for I-Net) and the computer will just randomly popup with something. I have looked at the running processes and I found MWSUM.EXE (aka STLOADER.EXE) and SLMSS.EXE. I know that these programs are in relation to spyware and this might be the cause of the problem. I have also looked in the registry to see if the file was there that it makes for itself, and it is not.
How do I get rid of this little problem?
Location: English Room
The computer will be just sitting there, on the network (We share a LAN for I-Net) and the computer will just randomly popup with something. I have looked at the running processes and I found MWSUM.EXE (aka STLOADER.EXE) and SLMSS.EXE. I know that these programs are in relation to spyware and this might be the cause of the problem. I have also looked in the registry to see if the file was there that it makes for itself, and it is not.
How do I get rid of this little problem?
"I am a common man, with common thoughts, and I've lived a common life.
There are no monuments dedicated to me and my name will soon be forgotten..."
-an excerpt from The Notebook by Nicholas Sparks
The Avatar is from Here
There are no monuments dedicated to me and my name will soon be forgotten..."
-an excerpt from The Notebook by Nicholas Sparks
The Avatar is from Here
•
•
Join Date: Feb 2004
Posts: 9,929
Reputation: 
Solved Threads: 710
Download HijackThis from http://209.133.47.200/~merijn/files/HijackThis.exe & unzip it into it's own, permanent folder, not a temporary one. Start HJT & press the scan button. When the scan is finished the scan button will change to save. Save the log to a text file & paste it into the body of your post. DO NOT FIX ANYTHING YET.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
what exactly is Hijack This?
"I am a common man, with common thoughts, and I've lived a common life.
There are no monuments dedicated to me and my name will soon be forgotten..."
-an excerpt from The Notebook by Nicholas Sparks
The Avatar is from Here
There are no monuments dedicated to me and my name will soon be forgotten..."
-an excerpt from The Notebook by Nicholas Sparks
The Avatar is from Here
Here is the Log
Logfile of HijackThis v1.97.7
Scan saved at 3:53:52 PM, on 4/13/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\WINDOWS\SYSTEM\SISAUDUT.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
\\ATHENA SERVER\ALSDATA03\STAR UPDATE 2.3\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [SiS7012Utility] C:\WINDOWS\SYSTEM\SiSAudUt.exe -wdm
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O10 - Broken Internet access because of LSP provider 'c:\windows\system\inetadpt.dll' missing
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...902.3134259259
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
Logfile of HijackThis v1.97.7
Scan saved at 3:53:52 PM, on 4/13/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\WINDOWS\SYSTEM\SISAUDUT.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
\\ATHENA SERVER\ALSDATA03\STAR UPDATE 2.3\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [SiS7012Utility] C:\WINDOWS\SYSTEM\SiSAudUt.exe -wdm
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O10 - Broken Internet access because of LSP provider 'c:\windows\system\inetadpt.dll' missing
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...902.3134259259
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
"I am a common man, with common thoughts, and I've lived a common life.
There are no monuments dedicated to me and my name will soon be forgotten..."
-an excerpt from The Notebook by Nicholas Sparks
The Avatar is from Here
There are no monuments dedicated to me and my name will soon be forgotten..."
-an excerpt from The Notebook by Nicholas Sparks
The Avatar is from Here
•
•
Join Date: May 2003
Posts: 865
Reputation:
Solved Threads: 43
Practically a Posting Shark
•
•
•
•
Originally Posted by bluedos82
Here is the Log -- 041304
musemaker then responded with: It worked! And here's the process order:
* Run LSPfix.
* Delete all Dial-up adapters and network protcols.
* Delete all Winsock and Winsock2 registry keys.
* Under Add/Remove programs uncheck all of the listings under Communications.
* Reboot and then add back ALL the Communications items (although netmeeting and chat weren't necessary). It didn't work for me the first time as I have no need for a dial-up adapter, but it is the only way to get Windows to add back winsock2.
* Reinstall network protocol settings.
Also, there are some free prevention measures you can take as well, including SpywareBlaster and SpywareGuard. Considering the number of machines you deal with, they might lighten your load.
Now on to what your HjT log shows, and what should be removed:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system\inetadpt.dll' missing
This indicates a possible problem. It's why I mentioned LSPFix earlier.
Reboot into safe mode and remove the following directories:
C:\Program Files\Common Files\slmss
C:\Program Files\Common files\updater
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Here's a couple that are resource wasters:
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
This one should only show up if you have just installed something new and not rebooted yet. What's it doing here?
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
-- Michael RudasHow To Ask Questions The Smart Way (article by Eric Raymond).
Dealing with Malware
My Articles page.
My Best-of-Breed Free Software for Windows list
Other Windows- & Microsoft-related links
The Audio Tech's Page
My blog
The Oak Park Computer Club
PenguiCon 4.0 Open Source & Science Fiction convention, April 21-23, 2006.
Knoppix Linux (CD-bootable) download. information, & support.
I can't get to it. The site is blocked where I am
"I am a common man, with common thoughts, and I've lived a common life.
There are no monuments dedicated to me and my name will soon be forgotten..."
-an excerpt from The Notebook by Nicholas Sparks
The Avatar is from Here
There are no monuments dedicated to me and my name will soon be forgotten..."
-an excerpt from The Notebook by Nicholas Sparks
The Avatar is from Here
•
•
Join Date: May 2003
Posts: 865
Reputation:
Solved Threads: 43
Practically a Posting Shark
•
•
•
•
Originally Posted by bluedos82
I can't get to it. The site is blocked where I am
-- Michael RudasHow To Ask Questions The Smart Way (article by Eric Raymond).
Dealing with Malware
My Articles page.
My Best-of-Breed Free Software for Windows list
Other Windows- & Microsoft-related links
The Audio Tech's Page
My blog
The Oak Park Computer Club
PenguiCon 4.0 Open Source & Science Fiction convention, April 21-23, 2006.
Knoppix Linux (CD-bootable) download. information, & support.
the`site for the LSPFix
"I am a common man, with common thoughts, and I've lived a common life.
There are no monuments dedicated to me and my name will soon be forgotten..."
-an excerpt from The Notebook by Nicholas Sparks
The Avatar is from Here
There are no monuments dedicated to me and my name will soon be forgotten..."
-an excerpt from The Notebook by Nicholas Sparks
The Avatar is from Here
•
•
Join Date: May 2003
Posts: 865
Reputation:
Solved Threads: 43
Practically a Posting Shark
•
•
•
•
Originally Posted by bluedos82
the`site for the LSPFix
-- Michael RudasHow To Ask Questions The Smart Way (article by Eric Raymond).
Dealing with Malware
My Articles page.
My Best-of-Breed Free Software for Windows list
Other Windows- & Microsoft-related links
The Audio Tech's Page
My blog
The Oak Park Computer Club
PenguiCon 4.0 Open Source & Science Fiction convention, April 21-23, 2006.
Knoppix Linux (CD-bootable) download. information, & support.
Thanx for all the help!
Wait a second. I gave you the wrong computer. Here is the correct HiJakc This file:
Wait a second. I gave you the wrong computer. Here is the correct HiJakc This file:
"I am a common man, with common thoughts, and I've lived a common life.
There are no monuments dedicated to me and my name will soon be forgotten..."
-an excerpt from The Notebook by Nicholas Sparks
The Avatar is from Here
There are no monuments dedicated to me and my name will soon be forgotten..."
-an excerpt from The Notebook by Nicholas Sparks
The Avatar is from Here
|
Similar Threads
- Random PopUps (HJT log) (Viruses, Spyware and other Nasties)
Other Threads in the Windows NT / 2000 / XP Forum
- Previous Thread: Help ME! I am getting a BRIDGE DLL ERROR
- Next Thread: Bridge.dll. Need help.
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Windows NT / 2000 / XP Posts
- Today's Posts
- Unanswered Threads
.net 3.5 3daccelertion 2007 2010 activedirectory alaris android application appstore arm auto black blue book cellphones chinese collaboration combofix computer computerfreezes crash deployment desktop desktops dns domain dotnetnuke drive error errors features folder fontmanagers fonts format framework gadgets intel interoperability killprocess laptop laptops latitude lcd linux load login mac markshuttleworth microsoft mobile monitor netbooks novell nvidia opensource operatingsystems osinstallationproblem osx outlook partition patch product proxy raid rds remotedesktop remotedesktopconnection replacingraiddrive screen server. simplifiedchinese sp1 sp3 studios ubuntu unreadable update upgrade usb verizon videodrivers videogames virtual virus vista visual vulnerability wab webos weecam win win32/heur windows windows7 windowsxp windowsxpnotstartingup. worm xp