Jump to content



Sign up for a free account to remove the pop-up ads

Signing up for an account is fast and free. As a member you can join in the conversation, enter contests and remove the pop-up ads that guests get. Click here to create your free account.


Photo
- - - - -

PC trouble, am I in trouble here?


  • You cannot start a new topic
  • Please log in to reply
13 replies to this topic

#1 of 14 OFFLINE   Marc_E

Marc_E

    Supporting Actor



  • 771 posts
  • Join Date: Oct 09 2001

Posted February 18 2006 - 07:19 AM

I recently noticed in the event log of activity (McAfee Privacy service) that my computer has relentlessly tried to access a particular website which when I try to go directly to it, does not come up 'page may have been removed'. The log shows attempts 100-200 times a day. My spyware seek and destroy doesn't show me something that pops out (says a lot of backweb stuff). What should I do? Could it be transmitting my info? How do I stop this and get rid of it? I have temporarily pulled the plug on the PC so it does not access the web. Thanks in advance for any advice. Marc

#2 of 14 OFFLINE   Mike LS

Mike LS

    Supporting Actor



  • 840 posts
  • Join Date: Jun 29 2000

Posted February 18 2006 - 07:31 AM

Have you tried any other spyware removers? Adaware etc? If not, give some other free programs a try and see if they find anything. Have you done a full virus scan since you noticed this activity? You can also run a scan with a program called hijackthis (do a google search) and post the log on a forum such as tech-forums.net (there's a sub forum especially for these logs) and someone will check it for suspicious entries. Also, does your privacy suite include a firewall? If so, and assuming it's set up correctly, it should be blocking all attempts to send any info to this site, so you shouldn't have anything to worry about while you search for the culprit. If you don't have a firewall, download a free one like Zone Alarm and let it do it's thing for now. It'll keep you from having to yank the network cable when you're not using it.

#3 of 14 OFFLINE   SethH

SethH

    Screenwriter



  • 2,867 posts
  • Join Date: Dec 17 2003

Posted February 18 2006 - 07:34 AM

You might dig through the processes that are running and look them up. If you do a quick google search on the proccesses you don't recognize you should come up with sites that identify those processes. Someone may have installed a rouge program on your computer. Also, make sure that your computer has all the Windows updates and update your anti-virus and run that.

#4 of 14 OFFLINE   Sami Kallio

Sami Kallio

    Screenwriter



  • 1,035 posts
  • Join Date: Jan 06 2004

Posted February 18 2006 - 07:47 AM

Also, run full tests from http://www.pcpitstop.com

You get info on running processes among other things. Just click on the "Windows" subfolder to see what your processes are.

#5 of 14 OFFLINE   Marc_E

Marc_E

    Supporting Actor



  • 771 posts
  • Join Date: Oct 09 2001

Posted February 18 2006 - 07:51 AM

cool, thanks for those responses. The strange thing is that if you try to go to the site it is not there. Looking up hijackthis... Yes, I do have firewall. Can I specifically block that site? I did a virus scan when I noticed it and got 1 infected file, quarantined and deleted. Marc

#6 of 14 OFFLINE   Mike_J_Potter

Mike_J_Potter

    Second Unit



  • 262 posts
  • Join Date: Dec 26 2003

Posted February 19 2006 - 01:39 AM

I would also try running a program called active ports on the pc. This will show you all the programs that have ports open on the pc and where they are connected to or trying to connect to. Find the one in the list that is trying to go out to that site then google the program name. Here is the link.

http://www.download.....age&tag=button
Mike Potter

Last 3 films watched
Natural Born Killers (DVD)
Duece Bigalow 2 (theater)Forrest Gump (1080I)

#7 of 14 OFFLINE   Marc_E

Marc_E

    Supporting Actor



  • 771 posts
  • Join Date: Oct 09 2001

Posted February 19 2006 - 10:20 AM

It got worse.... Now evertime I open IE, I can't get my homepage. Instead I get this page 'www.todaywarnings.com' with some links to spyware and such type programs for removal. I have tried blocking it in every way I can think. I do not think it is accessing a site but loading an html document somewhere on my pc. This is making me freakin nuts!

#8 of 14 OFFLINE   SethH

SethH

    Screenwriter



  • 2,867 posts
  • Join Date: Dec 17 2003

Posted February 19 2006 - 10:25 AM

Have you been able to use HiJackThis? That usually takes care of things like you just mentioned. Honestly, if it keeps getting worse, you might just consider backing everything up and reformatting.

#9 of 14 OFFLINE   Marc_E

Marc_E

    Supporting Actor



  • 771 posts
  • Join Date: Oct 09 2001

Posted February 19 2006 - 10:46 AM

here is my log
Logfile of HijackThis v1.99.1
Scan saved at 6:40:58 PM, on 2/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32CTsvcCDA.exe
C:WINDOWSSystem32gearsec.exe
c:program filesmcafee.comagentmcdetect.exe
c:PROGRA~1mcafee.comagentmctskshd.exe
C:PROGRA~1McAfee.comPERSON~1MpfService.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSSystem32MsPMSPSv.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSSystem32DSentry.exe
C:PROGRA~1mcafee.comagentmcagent.exe
C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe
C:Program FilesCreativeSBLiveDiagnosticsdiagent.exe
C:Program FilesMcAfee.comVSOmcvsshld.exe
C:Program FilesCommon FilesDellEUSWSupport.exe
C:WINDOWSsystem32spooldriversw32x863hpztsb0 4.exe
c:progra~1mcafee.comvsomcvsescn.exe
C:Program FilesDellSupportAlertbinNotifyAlert.exe
C:WINDOWSkdxKHost.exe
C:Program FilesLogitechMouseWaresystemem_exec.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:PROGRA~1mcafee.commpsmscifapp.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
C:WINDOWSSystem32spoolDRIVERSW32X863E_S4I2P 1.EXE
C:Program FilesJavajre1.5.0_06binjusched.exe
C:Program FilesWinampwinampa.exe
C:PROGRA~1McAfee.comPERSON~1MpfTray.exe
C:Program FilesScanSoftOmniPage15.0Opware15.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesCAeTrust Internet Security Suitecaissdt.exe
C:PROGRA~1PANICW~1POP-UP~1POPUPS~1.EXE
C:PROGRA~1McAfee.comPERSON~1MpfAgent.exe
C:PROGRA~1SCREEN~1OCR.exe
C:Program FilesScanSoftOmniPage15.0OpAgent.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesPepidPepidMgr.exe
C:Program FilesSony HandheldHOTSYNC.EXE
C:WINDOWSsystem32cisvc.exe
C:WINDOWSsystem32cidaemon.exe
C:WINDOWSsystem32cidaemon.exe
c:PROGRA~1mcafee.comvsomcshield.exe
c:PROGRA~1mcafee.comvsoOasClnt.exe
C:Program FilesCAeTrust Internet Security SuiteeTrust PestPatrol Anti-SpywarePPActiveDetection.exe
c:program filesmcafee.comvsomcmnhdlr.exe
c:program filesmcafee.comsharedmghtml.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsMarcDesktopfoldersHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://start.earthlink.net
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.earthlink....on/search.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.earthlink....on/search.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.boston.com/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.comcast.net/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInt ernet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://login.passport.net/uilogin.srf?id=2"); (C:Documents and SettingsMarcApplication DataMozillaProfilesdefaultt96rlfj2.sltprefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:Documents and SettingsMarcApplication DataMozillaProfilesdefaultt96rlfj2.sltprefs.j s)
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:WINDOWSsystem32hp247D.tmp
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:progra~1mcafee.comvsomcvsshl.dll
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [diagent] "C:Program FilesCreativeSBLiveDiagnosticsdiagent.exe" startup
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 - HKLM..Run: [DVDSentry] C:WINDOWSSystem32DSentry.exe
O4 - HKLM..Run: [MoneyStartUp10.0] "C:Program FilesMicrosoft MoneySystemActivation.exe"
O4 - HKLM..Run: [MCAgentExe] c:PROGRA~1mcafee.comagentmcagent.exe
O4 - HKLM..Run: [MCUpdateExe] C:PROGRA~1mcafee.comagentmcupdate.exe
O4 - HKLM..Run: [AdaptecDirectCD] "C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe"
O4 - HKLM..Run: [VirusScan Online] C:Program FilesMcAfee.comVSOmcvsshld.exe
O4 - HKLM..Run: [DwlClient] C:Program FilesCommon FilesDellEUSWSupport.exe
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb0 4.exe
O4 - HKLM..Run: [VSOCheckTask] "C:PROGRA~1McAfee.comVSOmcmnhdlr.exe" /checktask
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM..Run: [kdx] C:WINDOWSkdxKHost.exe
O4 - HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [MPSExe] c:PROGRA~1mcafee.commpsmscifapp.exe /embedding
O4 - HKLM..Run: [ViewMgr] C:Program FilesViewpointViewpoint ManagerViewMgr.exe
O4 - HKLM..Run: [mmtask] C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
O4 - HKLM..Run: [EPSON PictureMate] C:WINDOWSSystem32spoolDRIVERSW32X863E_S4I2P 1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [OASClnt] C:Program FilesMcAfee.comVSOoasclnt.exe
O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 - HKLM..Run: [MPFExe] C:PROGRA~1McAfee.comPERSON~1MpfTray.exe
O4 - HKLM..Run: [FineReader7NewsReaderPro] "C:Program FilesABBYY FineReader 7.0 Professional EditionABBYYNewsReader.exe"
O4 - HKLM..Run: [SSBkgdUpdate] "C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe" -Embedding -boot
O4 - HKLM..Run: [Opware15] "C:Program FilesScanSoftOmniPage15.0Opware15.exe"
O4 - HKLM..Run: [OpScheduler] "C:Program FilesScanSoftOmniPage15.0OpScheduler.exe"
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [PDF3 Registry Controller] "C:Program FilesScanSoftOmniPage15.0PDFConverter3\Registr yController.exe"
O4 - HKLM..Run: [CaISSDT] "C:Program FilesCAeTrust Internet Security Suitecaissdt.exe"
O4 - HKLM..Run: [eTrustPPAP] "C:Program FilesCAeTrust Internet Security SuiteeTrust PestPatrol Anti-SpywarePPActiveDetection.exe"
O4 - HKCU..Run: [Ultimate Popup Killer] C:Program FilesUltimate Popup KillerPopupkiller.exe
O4 - HKCU..Run: [PopUpStopperProfessional] "C:PROGRA~1PANICW~1POP-UP~1POPUPS~1.EXE"
O4 - HKCU..Run: [Screen OCR] C:PROGRA~1SCREEN~1OCR.exe
O4 - HKCU..Run: [OpAgent] "C:Program FilesScanSoftOmniPage15.0OpAgent.exe" /agent
O4 - HKCU..Run: [updateMgr] C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_0
O4 - Startup: HotSync Manager.lnk = C:Program FilesSony HandheldHOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Launch Pepid Manager.lnk = C:Program FilesPepidPepidMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:Program FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 - Extra context menu item: Convert for CLIÉ - C:Program FilesSonyImage Convertermenu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:Program FilesScanSoftOmniPage15.0PDFConverter3IEShellE xt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:Program FilesMicrosoft MoneySystemmnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg..../c381/chat.cab
O16 - DPF: Yahoo! Spelldown - http://download.game....s/y/sdt1_x.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.rosebrand...sses/CFJava.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcaf...ed/MGBrwFld.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcaf....6/mcinsctl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama....eInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co....6/mcinsctl.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop...an/pestscan.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.....3/cpbrkpie.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf....19/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app....ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.co...aploader_v5.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O17 - HKLMSystemCCSServicesTcpip..{7D2BA7A2-BE75-44E5-9073-0B2A738B6F70}: NameServer = 207.69.188.185,207.69.188.186
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSSYSTEM32ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSSystem32CTsvcCDA.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:WINDOWSSystem32gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:program filesmcafee.comagentmcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:PROGRA~1mcafee.comvsomcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:PROGRA~1mcafee.comagentmctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:PROGRA~1McAfee.comAgentmcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:PROGRA~1McAfee.comPERSON~1MpfService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:WINDOWSSystem32NMSSvc.exe
O23 - Service: Pml Driver - HP - C:WINDOWSsystem32HPHipm09.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:PROGRA~1COMMON~1SONYSH~1AVLibSptisrv.exe

#10 of 14 OFFLINE   Marc_E

Marc_E

    Supporting Actor



  • 771 posts
  • Join Date: Oct 09 2001

Posted February 19 2006 - 12:06 PM

Can I uninstall and re-install Iexplorer?

#11 of 14 OFFLINE   SethH

SethH

    Screenwriter



  • 2,867 posts
  • Join Date: Dec 17 2003

Posted February 19 2006 - 01:32 PM

Nope, unfortunately there is no way to uninstall IE. You might consider moving to Firefox and see if that solves some of your problems. Nothing jumps out at me from your log, but you should post it on the HJT forum as I'm certainly not an expert with this program. Another option: assuming you're using XP, you could use the System Restore function to go back a couple weeks and see if that helps.

#12 of 14 OFFLINE   Marc_E

Marc_E

    Supporting Actor



  • 771 posts
  • Join Date: Oct 09 2001

Posted February 20 2006 - 02:43 AM

update, spyware doctor took care of my homepage hijacking. Odd, I used 2 other spyware programs who both claim I was clean and yet spyware doctor came up with 48 high risk trojans and such on my PC. I think the original problem of accessing the webpage still exists. Is rolling back my PC with the restore function a good idea? What are the ramifications? Marc

#13 of 14 OFFLINE   SethH

SethH

    Screenwriter



  • 2,867 posts
  • Join Date: Dec 17 2003

Posted February 20 2006 - 03:32 AM

Spyware and anti-virus programs all operate very differently from one another and often find things that others will miss. I have Norton AV on my computer but will frequently scan with online scanners to make sure I'm clean. I also use 3 different spyware programs regularly. Read up some on Windows restore. I've used it before and never had any troubles. For me, the worst case scenario has been that it didn't help me, but I've never lost anything doing it.

#14 of 14 OFFLINE   Art C

Art C

    Agent



  • 35 posts
  • Join Date: Nov 15 2001

Posted February 20 2006 - 08:28 AM

Download and run microsoft antispy that will take care of anything trying to hijack ie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users