PC trouble, am I in trouble here?

Discussion in 'Computers' started by Marc_E, Feb 18, 2006.

  1. Marc_E

    Marc_E Supporting Actor

    Joined:
    Oct 9, 2001
    Messages:
    769
    Likes Received:
    0
    I recently noticed in the event log of activity (McAfee Privacy service) that my computer has relentlessly tried to access a particular website which when I try to go directly to it, does not come up 'page may have been removed'. The log shows attempts 100-200 times a day. My spyware seek and destroy doesn't show me something that pops out (says a lot of backweb stuff). What should I do? Could it be transmitting my info? How do I stop this and get rid of it? I have temporarily pulled the plug on the PC so it does not access the web.

    Thanks in advance for any advice.
    Marc
     
  2. Mike LS

    Mike LS Supporting Actor

    Joined:
    Jun 29, 2000
    Messages:
    838
    Likes Received:
    0
    Have you tried any other spyware removers? Adaware etc?

    If not, give some other free programs a try and see if they find anything.

    Have you done a full virus scan since you noticed this activity?

    You can also run a scan with a program called hijackthis (do a google search) and post the log on a forum such as tech-forums.net (there's a sub forum especially for these logs) and someone will check it for suspicious entries.

    Also, does your privacy suite include a firewall? If so, and assuming it's set up correctly, it should be blocking all attempts to send any info to this site, so you shouldn't have anything to worry about while you search for the culprit.

    If you don't have a firewall, download a free one like Zone Alarm and let it do it's thing for now. It'll keep you from having to yank the network cable when you're not using it.
     
  3. SethH

    SethH Cinematographer

    Joined:
    Dec 17, 2003
    Messages:
    2,867
    Likes Received:
    0
    You might dig through the processes that are running and look them up. If you do a quick google search on the proccesses you don't recognize you should come up with sites that identify those processes. Someone may have installed a rouge program on your computer. Also, make sure that your computer has all the Windows updates and update your anti-virus and run that.
     
  4. Sami Kallio

    Sami Kallio Screenwriter

    Joined:
    Jan 6, 2004
    Messages:
    1,035
    Likes Received:
    0
    Also, run full tests from http://www.pcpitstop.com

    You get info on running processes among other things. Just click on the "Windows" subfolder to see what your processes are.
     
  5. Marc_E

    Marc_E Supporting Actor

    Joined:
    Oct 9, 2001
    Messages:
    769
    Likes Received:
    0
    cool, thanks for those responses. The strange thing is that if you try to go to the site it is not there.

    Looking up hijackthis...
    Yes, I do have firewall. Can I specifically block that site?
    I did a virus scan when I noticed it and got 1 infected file, quarantined and deleted.
    Marc
     
  6. Mike_J_Potter

    Mike_J_Potter Second Unit

    Joined:
    Dec 26, 2003
    Messages:
    262
    Likes Received:
    0
    I would also try running a program called active ports on the pc. This will show you all the programs that have ports open on the pc and where they are connected to or trying to connect to. Find the one in the list that is trying to go out to that site then google the program name. Here is the link.

    http://www.download.com/3000-2085-10...age&tag=button
     
  7. Marc_E

    Marc_E Supporting Actor

    Joined:
    Oct 9, 2001
    Messages:
    769
    Likes Received:
    0
    It got worse....
    Now evertime I open IE, I can't get my homepage. Instead I get this page 'www.todaywarnings.com' with some links to spyware and such type programs for removal. I have tried blocking it in every way I can think. I do not think it is accessing a site but loading an html document somewhere on my pc. This is making me freakin nuts!
     
  8. SethH

    SethH Cinematographer

    Joined:
    Dec 17, 2003
    Messages:
    2,867
    Likes Received:
    0
    Have you been able to use HiJackThis? That usually takes care of things like you just mentioned. Honestly, if it keeps getting worse, you might just consider backing everything up and reformatting.
     
  9. Marc_E

    Marc_E Supporting Actor

    Joined:
    Oct 9, 2001
    Messages:
    769
    Likes Received:
    0
    here is my log
    Logfile of HijackThis v1.99.1
    Scan saved at 6:40:58 PM, on 2/19/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSSystem32Ati2evxx.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32spoolsv.exe
    C:WINDOWSSystem32CTsvcCDA.exe
    C:WINDOWSSystem32gearsec.exe
    c:program filesmcafee.comagentmcdetect.exe
    c:PROGRA~1mcafee.comagentmctskshd.exe
    C:PROGRA~1McAfee.comPERSON~1MpfService.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSSystem32MsPMSPSv.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSExplorer.EXE
    C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
    C:WINDOWSSystem32DSentry.exe
    C:PROGRA~1mcafee.comagentmcagent.exe
    C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe
    C:Program FilesCreativeSBLiveDiagnosticsdiagent.exe
    C:Program FilesMcAfee.comVSOmcvsshld.exe
    C:Program FilesCommon FilesDellEUSWSupport.exe
    C:WINDOWSsystem32spooldriversw32x863hpztsb0 4.exe
    c:progra~1mcafee.comvsomcvsescn.exe
    C:Program FilesDellSupportAlertbinNotifyAlert.exe
    C:WINDOWSkdxKHost.exe
    C:Program FilesLogitechMouseWaresystemem_exec.exe
    C:Program FilesiTunesiTunesHelper.exe
    C:Program FilesQuickTimeqttask.exe
    C:Program FilesiPodbiniPodService.exe
    C:WINDOWSSystem32svchost.exe
    C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
    C:PROGRA~1mcafee.commpsmscifapp.exe
    C:Program FilesViewpointViewpoint ManagerViewMgr.exe
    C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
    C:WINDOWSSystem32spoolDRIVERSW32X863E_S4I2P 1.EXE
    C:Program FilesJavajre1.5.0_06binjusched.exe
    C:Program FilesWinampwinampa.exe
    C:PROGRA~1McAfee.comPERSON~1MpfTray.exe
    C:Program FilesScanSoftOmniPage15.0Opware15.exe
    C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
    C:Program FilesCAeTrust Internet Security Suitecaissdt.exe
    C:PROGRA~1PANICW~1POP-UP~1POPUPS~1.EXE
    C:PROGRA~1McAfee.comPERSON~1MpfAgent.exe
    C:PROGRA~1SCREEN~1OCR.exe
    C:Program FilesScanSoftOmniPage15.0OpAgent.exe
    C:Program FilesDigital Line DetectDLG.exe
    C:Program FilesPepidPepidMgr.exe
    C:Program FilesSony HandheldHOTSYNC.EXE
    C:WINDOWSsystem32cisvc.exe
    C:WINDOWSsystem32cidaemon.exe
    C:WINDOWSsystem32cidaemon.exe
    c:PROGRA~1mcafee.comvsomcshield.exe
    c:PROGRA~1mcafee.comvsoOasClnt.exe
    C:Program FilesCAeTrust Internet Security SuiteeTrust PestPatrol Anti-SpywarePPActiveDetection.exe
    c:program filesmcafee.comvsomcmnhdlr.exe
    c:program filesmcafee.comsharedmghtml.exe
    C:Program FilesInternet Exploreriexplore.exe
    C:Program FilesInternet Exploreriexplore.exe
    C:Documents and SettingsMarcDesktopfoldersHijackThis.exe

    R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://start.earthlink.net
    R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html
    R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.earthlink.net/partner/mor...on/search.html
    R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.boston.com/
    R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.comcast.net/
    R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Microsoft Internet Explorer provided by Comcast
    R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInt ernet Settings,ProxyOverride = localhost
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://login.passport.net/uilogin.srf?id=2"); (C:Documents and SettingsMarcApplication DataMozillaProfilesdefaultt96rlfj2.sltprefs.j s)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:Documents and SettingsMarcApplication DataMozillaProfilesdefaultt96rlfj2.sltprefs.j s)
    O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:WINDOWSsystem32hp247D.tmp
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:progra~1mcafee.comvsomcvsshl.dll
    O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
    O4 - HKLM..Run: [diagent] "C:Program FilesCreativeSBLiveDiagnosticsdiagent.exe" startup
    O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
    O4 - HKLM..Run: [DVDSentry] C:WINDOWSSystem32DSentry.exe
    O4 - HKLM..Run: [MoneyStartUp10.0] "C:Program FilesMicrosoft MoneySystemActivation.exe"
    O4 - HKLM..Run: [MCAgentExe] c:PROGRA~1mcafee.comagentmcagent.exe
    O4 - HKLM..Run: [MCUpdateExe] C:PROGRA~1mcafee.comagentmcupdate.exe
    O4 - HKLM..Run: [AdaptecDirectCD] "C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe"
    O4 - HKLM..Run: [VirusScan Online] C:Program FilesMcAfee.comVSOmcvsshld.exe
    O4 - HKLM..Run: [DwlClient] C:Program FilesCommon FilesDellEUSWSupport.exe
    O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb0 4.exe
    O4 - HKLM..Run: [VSOCheckTask] "C:PROGRA~1McAfee.comVSOmcmnhdlr.exe" /checktask
    O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
    O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM..Run: [kdx] C:WINDOWSkdxKHost.exe
    O4 - HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
    O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
    O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
    O4 - HKLM..Run: [MPSExe] c:PROGRA~1mcafee.commpsmscifapp.exe /embedding
    O4 - HKLM..Run: [ViewMgr] C:Program FilesViewpointViewpoint ManagerViewMgr.exe
    O4 - HKLM..Run: [mmtask] C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
    O4 - HKLM..Run: [EPSON PictureMate] C:WINDOWSSystem32spoolDRIVERSW32X863E_S4I2P 1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
    O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06binjusched.exe
    O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
    O4 - HKLM..Run: [OASClnt] C:Program FilesMcAfee.comVSOoasclnt.exe
    O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
    O4 - HKLM..Run: [MPFExe] C:PROGRA~1McAfee.comPERSON~1MpfTray.exe
    O4 - HKLM..Run: [FineReader7NewsReaderPro] "C:Program FilesABBYY FineReader 7.0 Professional EditionABBYYNewsReader.exe"
    O4 - HKLM..Run: [SSBkgdUpdate] "C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM..Run: [Opware15] "C:Program FilesScanSoftOmniPage15.0Opware15.exe"
    O4 - HKLM..Run: [OpScheduler] "C:Program FilesScanSoftOmniPage15.0OpScheduler.exe"
    O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
    O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
    O4 - HKLM..Run: [PDF3 Registry Controller] "C:Program FilesScanSoftOmniPage15.0PDFConverter3\Registr yController.exe"
    O4 - HKLM..Run: [CaISSDT] "C:Program FilesCAeTrust Internet Security Suitecaissdt.exe"
    O4 - HKLM..Run: [eTrustPPAP] "C:Program FilesCAeTrust Internet Security SuiteeTrust PestPatrol Anti-SpywarePPActiveDetection.exe"
    O4 - HKCU..Run: [Ultimate Popup Killer] C:Program FilesUltimate Popup KillerPopupkiller.exe
    O4 - HKCU..Run: [PopUpStopperProfessional] "C:PROGRA~1PANICW~1POP-UP~1POPUPS~1.EXE"
    O4 - HKCU..Run: [Screen OCR] C:PROGRA~1SCREEN~1OCR.exe
    O4 - HKCU..Run: [OpAgent] "C:Program FilesScanSoftOmniPage15.0OpAgent.exe" /agent
    O4 - HKCU..Run: [updateMgr] C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_0
    O4 - Startup: HotSync Manager.lnk = C:Program FilesSony HandheldHOTSYNC.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Launch Pepid Manager.lnk = C:Program FilesPepidPepidMgr.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:Program FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
    O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
    O8 - Extra context menu item: Convert for CLIÉ - C:Program FilesSonyImage Convertermenu.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
    O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:Program FilesScanSoftOmniPage15.0PDFConverter3IEShellE xt.dll /100
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:Program FilesMicrosoft MoneySystemmnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
    O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/game...s/y/sdt1_x.cab
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.rosebrand.com/CFIDE/classes/CFJava.cab
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/sh...6/mcinsctl.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...6/mcinsctl.cab
    O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...3/cpbrkpie.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...19/mcgdmgr.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
    O17 - HKLMSystemCCSServicesTcpip..{7D2BA7A2-BE75-44E5-9073-0B2A738B6F70}: NameServer = 207.69.188.185,207.69.188.186
    O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSSystem32Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:WINDOWSSYSTEM32ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSSystem32CTsvcCDA.exe
    O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:WINDOWSSystem32gearsec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:Program FilesiPodbiniPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:program filesmcafee.comagentmcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:PROGRA~1mcafee.comvsomcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:PROGRA~1mcafee.comagentmctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:PROGRA~1McAfee.comAgentmcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:PROGRA~1McAfee.comPERSON~1MpfService.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:WINDOWSSystem32NMSSvc.exe
    O23 - Service: Pml Driver - HP - C:WINDOWSsystem32HPHipm09.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:PROGRA~1COMMON~1SONYSH~1AVLibSptisrv.exe
     
  10. Marc_E

    Marc_E Supporting Actor

    Joined:
    Oct 9, 2001
    Messages:
    769
    Likes Received:
    0
    Can I uninstall and re-install Iexplorer?
     
  11. SethH

    SethH Cinematographer

    Joined:
    Dec 17, 2003
    Messages:
    2,867
    Likes Received:
    0
    Nope, unfortunately there is no way to uninstall IE. You might consider moving to Firefox and see if that solves some of your problems.

    Nothing jumps out at me from your log, but you should post it on the HJT forum as I'm certainly not an expert with this program.

    Another option: assuming you're using XP, you could use the System Restore function to go back a couple weeks and see if that helps.
     
  12. Marc_E

    Marc_E Supporting Actor

    Joined:
    Oct 9, 2001
    Messages:
    769
    Likes Received:
    0
    update, spyware doctor took care of my homepage hijacking. Odd, I used 2 other spyware programs who both claim I was clean and yet spyware doctor came up with 48 high risk trojans and such on my PC.
    I think the original problem of accessing the webpage still exists.
    Is rolling back my PC with the restore function a good idea? What are the ramifications?
    Marc
     
  13. SethH

    SethH Cinematographer

    Joined:
    Dec 17, 2003
    Messages:
    2,867
    Likes Received:
    0
    Spyware and anti-virus programs all operate very differently from one another and often find things that others will miss. I have Norton AV on my computer but will frequently scan with online scanners to make sure I'm clean. I also use 3 different spyware programs regularly.

    Read up some on Windows restore. I've used it before and never had any troubles. For me, the worst case scenario has been that it didn't help me, but I've never lost anything doing it.
     
  14. Art C

    Art C Agent

    Joined:
    Nov 15, 2001
    Messages:
    35
    Likes Received:
    0
    Download and run microsoft antispy that will take care
    of anything trying to hijack ie
     

Share This Page