Ll New Stuff On My Puter This Morning

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

BadDracula

Thread Starter
Joined
Jun 7, 2004
Messages
251
there was a whole bunch of porn on my Win Media player 10, I no longer can open an albw by hitting send because send does not exist in the drop down menu , stuff like burn list, and rip do and I have never had it like that. The worst is that there are files now on my puter that I cannot open because they say they are password protected, like the winZip and some other stuff I am using XP sp2 I have Pen 4 1.80 ghz and I am pretty low on mem ihave been using an accelerator til i get paid to buy some memory, a recent new thing I did was I d/l'd WINMX I tried emule but Norton sent me a notice of something being unsafe so I removed that, I installed Skunk RealArcade but right away these probs I am speaking of started so I dumped that. I have installed the accelerator RAM Def XT to keep my mem goin I mean it can get really low under 50 and I added new mem last yeaR (1 year ago to bring me to 384mb) i do lots of d/l of mp3 (not all at legal sites. whats my best course of action? oh I have like 6 different spyware (adaware, spybot,spyblaster,spyware dr.,CCcleaner, CWshredder (they have NEVER caused any probs) :(
 
Joined
Jul 5, 2004
Messages
36
Have you got a younger (or older) brother?

Sounds to me like you've got a rogue downloader with access to your computer :eek:
 

BadDracula

Thread Starter
Joined
Jun 7, 2004
Messages
251
thanks for asking....no i am the only one with admin privileges and I thought that means no one else can download, so thats what freaks me out. Where did this all come from?would you be willing to look at my HJT and see if you see anything out of the ordinary?
 

BadDracula

Thread Starter
Joined
Jun 7, 2004
Messages
251
Here is this am HJT


Logfile of HijackThis v1.99.0
Scan saved at 10:25:37 AM, on 2/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [PCPerf] "C:\Program Files\PC Accelerator 2005 Trial Demo\pcperf.exe"
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103862509467
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 
Joined
Jul 5, 2004
Messages
36
Sorry, I can't help you with HJT....but on three of the four comps in my house people use p2p apps on non-admin accounts. And also, are you sure nobody knows your password?

All the problems you mentioned sounded like they would most likely be caused by an actual human with physical access to your computer, rather than a virus or hacker.

I don't suppose it's impossible though, and I'm no expert so you'll want to get someone else to help you with HJT etc.
 
Joined
Aug 27, 2004
Messages
318
Hi,
Ad-Aware, SpyBot and SpywareBlaster, CCleaner...etc. are NOT spyware programs, they are ANTI-SPYWARE programs, when properly updated and used, they REMOVE spyware that gets installed with KaZaa, eMule, Shearaza, Grokster, Napster, BearShare...etc. (all free P2P programs)
Update all of these programs and scan your PC using them. They should get rid of the gunk in your PC...

Do also an online virus scan here:
http://housecall.trendmicro.com/ (open this site in IE)

--> Second, it appears that you have No firewall program (or maybe just Windows Firewall, but that's not enough), you should get a good FREE program (legal) like ZoneAlarm!! That'll prevent any sort of hacks to your system...

--> Make sure you have Norton AV updated and Auto-Protect enabled...

--> Third: You Do NOT need PC Tools, Ad-Aware and SpyBot as well as CCleaner and others are more than enough, you're just slowing your PC down with all of them at the same time...
---> Definitely read this: http://www.spywarewarrior.com/rogue_anti-spyware.htm

----> Most of the sites that allow you to download MP3s (illegally) do tons of driveby spyware downloads to your PC without you even knowing it !!!

--> Use SpySweeper from http://www.webroot.com/ (even the trial version allows you to update for a few days! use it and scan your system)

---> Finally: Go to Windows Update and get the latest updates from there, just recently there has been a security update released for SP2... and dump IE, use a much more secure and less resource hogging browser like FireFox !
http://www.getfirefox.com/

EDIT: Even non-admin accounts can download files...
 

BadDracula

Thread Starter
Joined
Jun 7, 2004
Messages
251
I know what spyware progs are for. thanks, just how do I dump IE ?doesn't it need to be on the puter to run it????
Now lets see if this thing will ALLOW me to update the SP2. but the HJT looks ok ? hmmm I can really mess up a puter ! thanks a lot for your input anyone else is also appreciated
 
Joined
Jul 5, 2004
Messages
36
Just never use it, and make Firefox your new default browser. The option is there when you install it I think. It also imports your Favorites from IE.

Definitely get Firefox, you'll wonder why you didn't have it before.
 
Joined
Jul 5, 2004
Messages
36
I'd seriously think about using something other than WMP10 as well. Maybe it's just personal preference or whatever but I find it really annoying. Apollo for audio and MPC for video if you want my opinion. I don't really stream stuff so I don't know if those two will be best for you, but there are plenty of other options. Apparently the Core Media Player is good for basically everything, but I've never used it.
 
Joined
Jul 24, 2004
Messages
9
If you dump internet explorer for Firefox it will be almost impossible to download windows Updates.
 
Joined
Jul 5, 2004
Messages
36
Just don't use IE. Don't try to uninstall it, just don't use it. Then if you ever need it you can still use it.
 
Joined
Aug 27, 2004
Messages
318
You cannot dump Internet Explorer because it is part of the Windows XP core. Also you need to get Windows Updates since the Windows Update site will not allow you to download updates using FireFox or anything other than IE....
 

Couriant

James
Trusted Advisor
Spam Fighter
Joined
Mar 26, 2002
Messages
36,291
There was a whole bunch of porn on my Win Media player 10
You need to be more more specific than that. The only thing that would have happened is someone downloaded and ran a porn video file.

In fact I could not understand anything you have typed. Please can you write down in detail the issue/s that you are having.

Also the HJT log is clean.
 

BadDracula

Thread Starter
Joined
Jun 7, 2004
Messages
251
thank you so much for the comment on HJT being clean, maybe you are reading my posts without comprhension, plus anyway I think I am very low on mem and that has much to do with stuff going wrong... gonna pick up tomorrow now I am listed as having 384 (i do) how much more can I use on pent 4 180ghz xp sp2 Dell 8200? can I keep going til i reach 2 gigs?? How much mem is that in mb? (sorry I am not into tech stuff) after I get mem I will go over to Firefox (we also have AOHell on here) sorry if I am unclear in my posts I will work on that, promise. :rolleyes:
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top