Solve : How can I tell if someone is on my computer??

1.	Solve : How can I tell if someone is on my computer??
Answer» Ok my computer has been acting a little funny latly, and I was woundering if it is possible if someone had maybe cracked my computer. What are some of the signs that someone else is using your computer/system? I have heard of things called Trojan Horses before but what else could it be? And what can I do to get rid of whatever it might be or tell if there is even anything wrong at all? I only use avg and I run it everyday. Is there any other free anti virus programs that I can dowload to help keep my computer safe? -Melissa-Hello Melissa Please can you give more details as to what you mean by "a little funny". ***************** Also do this. If you are on Windows 2000 or XP download Ewido/AVG Anti Spyware from here …. http://www.ewido.net/en/ It has a fully working 30 day trial period. Install it and update it to the latest definitions. Do NOT use it yet. Now boot to safe mode. Here’s a “how to” if you’re not sure .. http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 When in safe mode run a full system scan with AVGAS and let it fix what it wants to. REMEMBER TO SAVE THE SCAN REPORT and also remember where you saved it. Reboot to normal mode and use the computer as you would usually do. [FOOTNOTE > this is a good program to use as an “on demand” scanner even after the trial period is over. Keep it updated and use it to scan your computer from time to time]. *************** If this doesn’t succeed in fixing the problem download a self-extracting copy of HijackThis from here ……. http://downloads.malwareremoval.com/hijackthis_sfx.exe Save it to your Desktop. Double-click on the file hijackthis_sfx.exe file and it will self-extract into its own FOLDER …… C:\Program Files\HijackThis Go to this folder and run the hijackthis.exe file. From the MENU click on "Do a system scan and save a logfile". Copy and paste both the AVG AS scan report and the HJT logfile to this thread. More specific removal instructions will follow for whatever it is that's CAUSING the problem. OJOk well for staters its really slow starting up and when I say slow I mean like it takes a good 10 min to just start the computer up and get it to a point where I can actually do things on it without it freezing. Another is that when Im playing online games, sometimes the charecter Im using or the game in it self, will just start playing by itself. Like the charecter will start running around the screen by itself with out me touching anything. (And this is in the middle of the game after everything is already loaded) Another is that the mouse flips all over the screen. Im on a laptop and that seems a little funny to me. And my biggest problem is that someone has been screwing around with my llife big time using a computer. On msn and Nexopia someone figured out my passwords and was sending msgs to my friends and boyfriend, telling them that I was no good and that I was cheating (which I wasent) And that (and this came from whoever is doing this themselfs) that even if I changed my passwords on all of my accounts, that they would still have access to them because they were already logged in. Now I thought that you get logged out of most of these things as soon as your computer gets turned off or goes into sleep mode, which means that this person would pretty much have to sit in front of there computer 24/7 to keep there computer from shutting off, just so that they could stay on my accounts. Seems pretty weird to me. And also whoever is doing this seems to know me pretty well. Like they know even small stuff about me like bad habbits and the way I act and stuff I have done in the past. Which means that its probably someone I know. But the think is that no one I know has the capability to do all of this. So im really stuck and lost and I dont know who to trust out of my friends cause really it could be anyone. Wow sorry that was a really long post. I dont know if thats spamming or not. If it is then Im really sorry and you can just delete this. -Melissa-OK. This is my recommended course of action. If I were you I would report this behavior to the moderators/administrators of the sites in question. Next, derigister from ALL the organisations/websites and stay away from them for a few days. Don't tell anyone if you're suspicious of your "friends". Now run through the AVG AntiSpyware & HijackThis instructions I gave you in my earlier advice. Post back the AVG scan report and the HijackThis logfile. We will see if there's anything obviously bad, fix that first then, when you're clean, you can think about rejoining the sites. But that's me. You do what you think is best but I must see those two scan reports please. Post back as soon as you can. OJNo, a long post it not spamming. LOL. But, a long paragraph is hard to read. Are you using a firewall on your computer? Are you using Windows XP? Do you have Service Pack 2 (SP2) installed?Quote Do you have Service Pack 2 (SP2) installed? Mellisa ... if you don't have SP2 installed DO NOT** install it yet. If your computer in infected with malware SP2 will not install correctly and could make your problems worse. OJLogfile of HijackThis v1.99.1 Scan saved at 1:41:56 PM, on 3/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\admServ.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\RioMSC.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TELUS eCare\bin\mpbtn.exe C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\winlogon.exe C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE C:\Program Files\TELUS eCare\bin\mad.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Melissa\Local Settings\Temporary Internet Files\Content.IE5\C04X7RVQ\setup[1].exe C:\DOCUME~1\Melissa\LOCALS~1\Temp\is-A65TL.tmp\is-SQL77.tmp C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [TELUS] E:\Install\TELUS.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\IO4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Melissa\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe OK Melissa. Having looked at your log, and remembering your concerns, you have two options. OPTION 1 If you are still concerned about other people somehow having access to your personal information the only real way to fix it is this ... 1. Save all your important information, music, pictures etc. 2. Reformat/wipe your hard drive clean 3. Reinstall the operating system, all programs and information/pictures etc. That way you can be virtually certain that any unauthorised access to your computer will be gone. THEN you can re-register with any sites WITH NEW USERNAMES AND PASSWORDS. OPTION 2 You can try to fix whatever is causing your concerns but there are no guarantees here and it will take a long time. Certainly longer than Option 1. If you want to try Option 2 to this is the first stage ........ There are things wrong with the log so let's address those first. This first fix will be over two posts. Please print out or copy both posts to Notepad in order to assist you when carrying out the following instructions. Read everything to ensure you understand it all before you start work. ************ I suspect many of your problems come from using P2P. Limewire in particular. My advice is for you to stop using P2P and remove Limewire completely. It's a magent to malware. If you decide to do this tell us in your next post. ********** Go to My Computer >Tools >Folder Options >View tab and select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK. ********** Download Ccleaner from the link below but ensure you install it WITHOUT the optional Yahoo Toolbar download (you must untick/uncheck the relevant box on download) … http://www.ccleaner.com/ Run the program immediately with the default settings and let it clean out/remove the clutter from your system. ********** Download Ewido/AVG Anti Spyware from here …. http://www.ewido.net/en/ It has a fully working 30 day trial period. Install it and update it to the latest definitions. Do NOT use it until you reboot into safe mode later in this fix. ********** Go to this file ... C:\Program Files\TELUS eCare\bin\mad.exe Right click > properties & see if it’s a Microsoft file.Tell us what you find. This file is found on Windows NT4/2000/XP/2003 Server editions only. This service is the System Attendant Service for Microsoft Exchange Server from version 4.0 onwards. Do you know why you have this file on your system? ********** Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Here’s a “how to” if you’re not sure .. http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 Login on your usual account. Make sure to close any open browsers. ********** Click > Start > Control Panel > Add / Remove Programs and uninstall the following program (IF it still exists): BroadJump ********** Run a full system scan with AVGAS and let it fix what it wants to. REMEMBER TO SAVE THE SCAN REPORT and also remember where you saved it. Reboot to normal mode and use the computer as you would usually do. [FOOTNOTE > this is a good program to use as an “on demand” scanner even after the trial period is over. Keep it updated and use it to scan your computer from time to time]. ********** Open HijackThis and click on 'Do a System Scan Only'. Check the following ENTRIES (If they still exist, make sure you do not miss any)...... R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - Startup: PowerReg Scheduler V3.exe O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM O20 - AppInit_DLLs: Please remember to close all other windows, including browsers then click Fix checked. ********** Delete the following Folder and Files indicated in BOLD IF they still exist ..... C:\Program Files\BroadJump .... whole folder PowerReg Scheduler V3.exe >> run a system wide search for this file and delete it IF found ********** Reboot your system in Normal Mode. Now do what I advise in the next post. OJ Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6*. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications"….. Click the "Download" button to the right. Check the box that says: "Accept* License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version. *************** There is one piece if scumware that hides itself if it knows HJT is running so you need to rename the HijackThis program. This will reveal it. Right click on the HJT file itself and click on rename. Change the name to "MelissaHJT.exe". Now run the MelissaHJT.exe file (which still HJT with a new name) and post the log. Please also post the AVG Anti Spyware log AND an update on how you feel your computer is working now (or if you've decided to choose Option 1 instead). [By the way please take care when you post your HJT log. The last line at the end of your post number 6 has been cut off. Please make sure you post everything] OJI think you scared her off with Option 2... Who knows. Melissa............And there you have it...Due to lack of response this thread now locked. Should the original poster require it re-opening please PM GX1_Man or a moderator.

Answer»

Ok my computer has been acting a little funny latly, and I was woundering if it is possible if someone had maybe cracked my computer. What are some of the signs that someone else is using your computer/system? I have heard of things called Trojan Horses before but what else could it be? And what can I do to get rid of whatever it might be or tell if there is even anything wrong at all? I only use avg and I run it everyday. Is there any other free anti virus programs that I can dowload to help keep my computer safe?

-Melissa-Hello Melissa

Please can you give more details as to what you mean by "a little funny".

*******************

Also do this.

If you are on Windows 2000 or XP download Ewido/AVG Anti Spyware from here ….

http://www.ewido.net/en/

It has a fully working 30 day trial period.

Install it and update it to the latest definitions.

Do NOT use it yet.

Now boot to safe mode. Here’s a “how to” if you’re not sure ..

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

When in safe mode run a full system scan with AVGAS and let it fix what it wants to.

REMEMBER TO SAVE THE SCAN REPORT and also remember where you saved it.

Reboot to normal mode and use the computer as you would usually do.

[FOOTNOTE > this is a good program to use as an “on demand” scanner even after the trial period is over. Keep it updated and use it to scan your computer from time to time].

*******************

If this doesn’t succeed in fixing the problem download a self-extracting copy of HijackThis from here …….

http://downloads.malwareremoval.com/hijackthis_sfx.exe

Save it to your Desktop.

Double-click on the file hijackthis_sfx.exe file and it will self-extract into its own FOLDER ……

C:\Program Files\HijackThis

Go to this folder and run the hijackthis.exe file.

From the MENU click on "Do a system scan and save a logfile".

Copy and paste both the AVG AS scan report and the HJT logfile to this thread. More specific removal instructions will follow for whatever it is that's CAUSING the problem.

OJOk well for staters its really slow starting up and when I say slow I mean like it takes a good 10 min to just start the computer up and get it to a point where I can actually do things on it without it freezing. Another is that when Im playing online games, sometimes the charecter Im using or the game in it self, will just start playing by itself. Like the charecter will start running around the screen by itself with out me touching anything. (And this is in the middle of the game after everything is already loaded) Another is that the mouse flips all over the screen. Im on a laptop and that seems a little funny to me. And my biggest problem is that someone has been screwing around with my llife big time using a computer. On msn and Nexopia someone figured out my passwords and was sending msgs to my friends and boyfriend, telling them that I was no good and that I was cheating (which I wasent) And that (and this came from whoever is doing this themselfs) that even if I changed my passwords on all of my accounts, that they would still have access to them because they were already logged in. Now I thought that you get logged out of most of these things as soon as your computer gets turned off or goes into sleep mode, which means that this person would pretty much have to sit in front of there computer 24/7 to keep there computer from shutting off, just so that they could stay on my accounts. Seems pretty weird to me. And also whoever is doing this seems to know me pretty well. Like they know even small stuff about me like bad habbits and the way I act and stuff I have done in the past. Which means that its probably someone I know. But the think is that no one I know has the capability to do all of this. So im really stuck and lost and I dont know who to trust out of my friends cause really it could be anyone. Wow sorry that was a really long post. I dont know if thats spamming or not. If it is then Im really sorry and you can just delete this.

-Melissa-OK. This is my recommended course of action.

If I were you I would report this behavior to the moderators/administrators of the sites in question.

Next, derigister from ALL the organisations/websites and stay away from them for a few days. Don't tell anyone if you're suspicious of your "friends".

Now run through the AVG AntiSpyware & HijackThis instructions I gave you in my earlier advice.

Post back the AVG scan report and the HijackThis logfile.

We will see if there's anything obviously bad, fix that first then, when you're clean, you can think about rejoining the sites.

But that's me. You do what you think is best but I must see those two scan reports please.

Post back as soon as you can.

OJNo, a long post it not spamming. LOL. But, a long paragraph is hard to read.

Are you using a firewall on your computer? Are you using Windows XP? Do you have Service Pack 2 (SP2) installed?Quote

Do you have Service Pack 2 (SP2) installed?

Mellisa ... if you don't have SP2 installed DO NOT install it yet. If your computer in infected with malware SP2 will not install correctly and could make your problems worse.

OJLogfile of HijackThis v1.99.1
Scan saved at 1:41:56 PM, on 3/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Program Files\TELUS eCare\bin\mad.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Melissa\Local Settings\Temporary Internet Files\Content.IE5\C04X7RVQ\setup[1].exe
C:\DOCUME~1\Melissa\LOCALS~1\Temp\is-A65TL.tmp\is-SQL77.tmp
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [TELUS] E:\Install\TELUS.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\IO4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Melissa\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe

OK Melissa. Having looked at your log, and remembering your concerns, you have two options.

OPTION 1

If you are still concerned about other people somehow having access to your personal information the only real way to fix it is this ...

1. Save all your important information, music, pictures etc.
2. Reformat/wipe your hard drive clean
3. Reinstall the operating system, all programs and information/pictures etc.

That way you can be virtually certain that any unauthorised access to your computer will be gone.

THEN you can re-register with any sites WITH NEW USERNAMES AND PASSWORDS.

OPTION 2

You can try to fix whatever is causing your concerns but there are no guarantees here and it will take a long time. Certainly longer than Option 1.

If you want to try Option 2 to this is the first stage ........

There are things wrong with the log so let's address those first. This first fix will be over two posts.

Please print out or copy both posts to Notepad in order to assist you when carrying out the following instructions.

Read everything to ensure you understand it all before you start work.

**************

I suspect many of your problems come from using P2P. Limewire in particular. My advice is for you to stop using P2P and remove Limewire completely. It's a magent to malware.

If you decide to do this tell us in your next post.

**************

Go to My Computer >Tools >Folder Options >View tab and select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK.

**************

Download Ccleaner from the link below but ensure you install it WITHOUT the optional Yahoo Toolbar download (you must untick/uncheck the relevant box on download) …

http://www.ccleaner.com/

Run the program immediately with the default settings and let it clean out/remove the clutter from your system.

**************

Download Ewido/AVG Anti Spyware from here ….

http://www.ewido.net/en/

It has a fully working 30 day trial period.

Install it and update it to the latest definitions.

Do NOT use it until you reboot into safe mode later in this fix.

**************

Go to this file ...

C:\Program Files\TELUS eCare\bin\mad.exe

Right click > properties & see if it’s a Microsoft file.Tell us what you find.

This file is found on Windows NT4/2000/XP/2003 Server editions only. This service is the System Attendant Service for Microsoft Exchange Server from version 4.0 onwards. Do you know why you have this file on your system?

**************

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Here’s a “how to” if you’re not sure ..

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Login on your usual account. Make sure to close any open browsers.

**************

Click > Start > Control Panel > Add / Remove Programs and uninstall the following program (IF it still exists):

BroadJump

**************

Run a full system scan with AVGAS and let it fix what it wants to.

REMEMBER TO SAVE THE SCAN REPORT and also remember where you saved it.

Reboot to normal mode and use the computer as you would usually do.

[FOOTNOTE > this is a good program to use as an “on demand” scanner even after the trial period is over. Keep it updated and use it to scan your computer from time to time].

**************

Open HijackThis and click on 'Do a System Scan Only'. Check the following ENTRIES (If they still exist, make sure you do not miss any)......

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - Startup: PowerReg Scheduler V3.exe

O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM

O20 - AppInit_DLLs:

Please remember to close all other windows, including browsers then click Fix checked.

**************

Delete the following Folder and Files indicated in BOLD IF they still exist .....

C:\Program Files\BroadJump .... whole folder

PowerReg Scheduler V3.exe >> run a system wide search for this file and delete it IF found

**************

Reboot your system in Normal Mode.

Now do what I advise in the next post.

OJ

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications"…..
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version.

***************

There is one piece if scumware that hides itself if it knows HJT is running so you need to rename the HijackThis program. This will reveal it.

Right click on the HJT file itself and click on rename. Change the name to "MelissaHJT.exe".

Now run the MelissaHJT.exe file (which still HJT with a new name) and post the log.

Please also post the AVG Anti Spyware log AND an update on how you feel your computer is working now (or if you've decided to choose Option 1 instead).

[By the way please take care when you post your HJT log. The last line at the end of your post number 6 has been cut off. Please make sure you post everything]

OJI think you scared her off with Option 2... Who knows. Melissa............And there you have it...Due to lack of response this thread now locked.

Should the original poster require it re-opening please PM GX1_Man or a moderator.

Solve : How can I tell if someone is on my computer??

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment