Something is seriously wrong

My firewall has blocked over 5000 access attempts today. This worries me. It has never been like this. Its blocking like 20 things per second. I'm kind of freaked out... what should I do? Its blocking so much at one time and this is really unusual for it be be blocking so much per second.

 

Hi thank you so much. I downloaded CrapCleaner.. just to get this straight.. anything that it finds is safe to be cleaned right? It found something called DrWatson.... doesn't my computer need that? C:/windows/Q323172.log do you know what that is... theres a ton of em'.

 

Ran ad-ware it just cleared some cookies. DrWatson was found in: C:\documents and settings\All Users.windows\application data\microsoft\dr watson\user.dmp


Is it normal for it to be in there?

 

oops sorry. OS:




Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Thank you for your help! About the access attempts.. they've been slowing down thank goodness. Theres not as much of them as there were before. What do you think might have caused all of that to happen? It has never happened before until today.


All I can say is thank goodness I have a firewall.

 

one more thing...

Is it safe to scan for issues? I'm afraid that i'll mess something up.... eek

 

Re: one more thing...

Thank you... thing is though... I don't know how to backup my registry

 

Re: one more thing...

Thank you for all your help!

 

another question about issue scans

If I have CCleaner scan for issues, and it finds something will it automatically fix it, or will it ask me if I want it to be fixed?

 

I'm sure you're VERY frustrated with me right now. You're my hero LOL. Well, I scanned for issues and it found a lot... i'm not sure what to do now. I'm not sure whether to let them be or fix them. I don't know their value to my computer... so would it be okay if I type all the things it found wrong, post them in here, and have you tell me what I should fix? If you don't want to I understand you've helped me a lot. I appreciate it.

 

Should I really download Spybot? Wouldn't it find the same things Ad-ware would find?
No, I did not download the Ad-Ware reference file yet because of my parental controls on AOL it doesn't allow me to download updates for my anti-virus software, or ad-ware.(Go figure ) I'll update it later when I get a chance.

About the access attempts yes they've pretty much stopped there have only been 105 access attempts today. (I've been online for almost 5 hours)

 

Hey i'm not done with the things you've asked me to do yet (almost done!), but should I make the backups?

 

Do a backup with Spybot

If you don't mind me jumping in -- yes, it's a good time to do a backup in case you then go ahead and remove something you didn't mean to in your registry.

Someone correct me if I'm wrong

 

Dr Watson

OK - this is probably dumb to ask-- I decided to search for Dr Watson after reading this and I have WinXP and it is in C:\windows...and I386 but also similar to CaNo I found it in another place but the "folder is empty" so I figure I can delete it right? I know that sounds like a no-brainer but then you wonder why it's there (except I read where chaslang said info just gets moved...) so I'm just double checking.

C:documents & settings\all users\application data\microsoft

 

Downloaded Spyboy ran that.. it found 14 Gain/Gator things, 5 DSO Exploits, An Alexa related object, and a cookie. I'm really glad I downloaded that. Ad-ware didn't find the Gator stuff surprisingly. But anyway.... here is my Hijack This log as you resquested. I don't see anything wrong with it. I uninstalled CallWave like a month ago though should that entry be fixed?






Logfile of HijackThis v1.97.7
Scan saved at 4:23:31 PM, on 6/13/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38049.3372106481

 

In the past couple of hours i've gotten 23 access attempts. *shrugs* Do you think maybe some of the access attempts are from virus infected computer scanning and looking for other computers to infect?

 

thanks

Thanks - when they're empty - I figure there's no reason for them but hey - maybe they're waiting for something (good or bad)

 

I have A LOT of weird things like that trying to get to me.Yes I have AOL. No I do not use games that require web hosting.

This is creepy. ><

 

Here it is:



127.0.0.1 localhost

 

Thank you once again for all the time you've put in helping me. I appreciate it. Well, at least these things are getting blocked. Things wouldn't be too good if they weren't. Heh.
Also....

What is a Trace Routing Tool and how can you get one? Is it free?