Tech Support Guy banner
Status
Not open for further replies.
1 - 19 of 19 Posts

·
Registered
Joined
·
253 Posts
Discussion Starter · #1 ·
there was a whole bunch of porn on my Win Media player 10, I no longer can open an albw by hitting send because send does not exist in the drop down menu , stuff like burn list, and rip do and I have never had it like that. The worst is that there are files now on my puter that I cannot open because they say they are password protected, like the winZip and some other stuff I am using XP sp2 I have Pen 4 1.80 ghz and I am pretty low on mem ihave been using an accelerator til i get paid to buy some memory, a recent new thing I did was I d/l'd WINMX I tried emule but Norton sent me a notice of something being unsafe so I removed that, I installed Skunk RealArcade but right away these probs I am speaking of started so I dumped that. I have installed the accelerator RAM Def XT to keep my mem goin I mean it can get really low under 50 and I added new mem last yeaR (1 year ago to bring me to 384mb) i do lots of d/l of mp3 (not all at legal sites. whats my best course of action? oh I have like 6 different spyware (adaware, spybot,spyblaster,spyware dr.,CCcleaner, CWshredder (they have NEVER caused any probs) :(
 

·
Registered
Joined
·
253 Posts
Discussion Starter · #3 ·
thanks for asking....no i am the only one with admin privileges and I thought that means no one else can download, so thats what freaks me out. Where did this all come from?would you be willing to look at my HJT and see if you see anything out of the ordinary?
 

·
Registered
Joined
·
253 Posts
Discussion Starter · #4 ·
Here is this am HJT

Logfile of HijackThis v1.99.0
Scan saved at 10:25:37 AM, on 2/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [PCPerf] "C:\Program Files\PC Accelerator 2005 Trial Demo\pcperf.exe"
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103862509467
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 

·
Registered
Joined
·
36 Posts
Sorry, I can't help you with HJT....but on three of the four comps in my house people use p2p apps on non-admin accounts. And also, are you sure nobody knows your password?

All the problems you mentioned sounded like they would most likely be caused by an actual human with physical access to your computer, rather than a virus or hacker.

I don't suppose it's impossible though, and I'm no expert so you'll want to get someone else to help you with HJT etc.
 

·
Registered
Joined
·
322 Posts
Hi,
Ad-Aware, SpyBot and SpywareBlaster, CCleaner...etc. are NOT spyware programs, they are ANTI-SPYWARE programs, when properly updated and used, they REMOVE spyware that gets installed with KaZaa, eMule, Shearaza, Grokster, Napster, BearShare...etc. (all free P2P programs)
Update all of these programs and scan your PC using them. They should get rid of the gunk in your PC...

Do also an online virus scan here:
http://housecall.trendmicro.com/ (open this site in IE)

--> Second, it appears that you have No firewall program (or maybe just Windows Firewall, but that's not enough), you should get a good FREE program (legal) like ZoneAlarm!! That'll prevent any sort of hacks to your system...

--> Make sure you have Norton AV updated and Auto-Protect enabled...

--> Third: You Do NOT need PC Tools, Ad-Aware and SpyBot as well as CCleaner and others are more than enough, you're just slowing your PC down with all of them at the same time...
---> Definitely read this: http://www.spywarewarrior.com/rogue_anti-spyware.htm

----> Most of the sites that allow you to download MP3s (illegally) do tons of driveby spyware downloads to your PC without you even knowing it !!!

--> Use SpySweeper from http://www.webroot.com/ (even the trial version allows you to update for a few days! use it and scan your system)

---> Finally: Go to Windows Update and get the latest updates from there, just recently there has been a security update released for SP2... and dump IE, use a much more secure and less resource hogging browser like FireFox !
http://www.getfirefox.com/

EDIT: Even non-admin accounts can download files...
 

·
Registered
Joined
·
253 Posts
Discussion Starter · #8 ·
I know what spyware progs are for. thanks, just how do I dump IE ?doesn't it need to be on the puter to run it????
Now lets see if this thing will ALLOW me to update the SP2. but the HJT looks ok ? hmmm I can really mess up a puter ! thanks a lot for your input anyone else is also appreciated
 

·
Registered
Joined
·
36 Posts
Just never use it, and make Firefox your new default browser. The option is there when you install it I think. It also imports your Favorites from IE.

Definitely get Firefox, you'll wonder why you didn't have it before.
 

·
Registered
Joined
·
36 Posts
I'd seriously think about using something other than WMP10 as well. Maybe it's just personal preference or whatever but I find it really annoying. Apollo for audio and MPC for video if you want my opinion. I don't really stream stuff so I don't know if those two will be best for you, but there are plenty of other options. Apparently the Core Media Player is good for basically everything, but I've never used it.
 

·
Registered
Joined
·
322 Posts
You cannot dump Internet Explorer because it is part of the Windows XP core. Also you need to get Windows Updates since the Windows Update site will not allow you to download updates using FireFox or anything other than IE....
 

·
Super Moderator
Joined
·
44,283 Posts
There was a whole bunch of porn on my Win Media player 10
You need to be more more specific than that. The only thing that would have happened is someone downloaded and ran a porn video file.

In fact I could not understand anything you have typed. Please can you write down in detail the issue/s that you are having.

Also the HJT log is clean.
 

·
Registered
Joined
·
253 Posts
Discussion Starter · #15 ·
thank you so much for the comment on HJT being clean, maybe you are reading my posts without comprhension, plus anyway I think I am very low on mem and that has much to do with stuff going wrong... gonna pick up tomorrow now I am listed as having 384 (i do) how much more can I use on pent 4 180ghz xp sp2 Dell 8200? can I keep going til i reach 2 gigs?? How much mem is that in mb? (sorry I am not into tech stuff) after I get mem I will go over to Firefox (we also have AOHell on here) sorry if I am unclear in my posts I will work on that, promise. :rolleyes:
 

·
Registered
Joined
·
64 Posts
like so many others im flabergasted.....

its not that i cant fix your issues...

im not sure what your issues are....


you have porn and locked files....

so do i....

tidus4yuna probly does too (as well as many ffx pics im sure)

but we dont have issues with that


your hjt log is clean
antivir is clean
spybot scan is clean

due to your exessive mentioning of various programs....

i would say your main problem is memory

or what you call mem

i would not suggest buying more... because i can almost imagine you buying more and then compensating for the new and fresh ram by installing and running new programs...


STOP USING SO MUCH STUFF!!!!!

in fact what might help is a list of your running proccesses and the ammount of memory being used by each one

click ctrl+alt+del

then go to the processes tab....

now tell us whats in there


p.s. nevermind that comment about tidus4yuna... they prolly have no porn... im just a wierd wierd guy

p.p.s. tidus4yuna... all in fun... please dont flame or hit me... i will cry i promise
:cool:
 

·
Super Moderator
Joined
·
44,283 Posts
burn said:
p.s. nevermind that comment about tidus4yuna... they prolly have no porn... im just a wierd wierd guy

p.p.s. tidus4yuna... all in fun... please dont flame or hit me... i will cry i promise
You just saved yourself from a Blitz Ace Attack :D j/k

I forgot to ask this before, but looking up the machine, I found that this is machine is a Dell Inspiron notebook, which will make a difference. Unless there is a desktop with the same number. The maximum memory is 1Gb, which will be made from 2x 512Mb of PC2100 @ 266Mhz 200pin SO-DIMM memory modules. Kingston (PN KVR266X64SC25/512) has 512Mb for $119 direct and Crucial (PN CT246033) is $99. You may find it a little cheaper from a supplier.

Running 382Mb with Windows XP is never a good thing. You should be running at least 512Mb of RAM. Also you have a few programs in startup that are unnecessary.

Lastly IE is not really the issue, its what you are downloading via WinMX is...
 

·
Registered
Joined
·
36 Posts
I'm typing this on a desktop with XP and 256mb. Tune Up Utilities tells me that it's actually 228mb. XP is slightly stripped, but not excessively. It seems to run fine. In fact much quicker than my 512mb Win2k system.

So I think the number and quality of programs is probably the problem rather than a lack of memory.

But I don't see what any of this has to do with unknown porn on the hd, and changed preferences in WMP10. Somebody else is accessing that computer.
 
1 - 19 of 19 Posts
Status
Not open for further replies.
Top