my mp3 files keep being modified! (has hijackthis log)

jasyn · #1 11-07-2004, 12:36 AM

these past few weeks i've noticed something funny. i keep my music folder's listing to be viewed by date of modified (in descending).. and recently, i've been noticing that many of my music files seem to be modified and being moved to the bottom of the list when i don't even listen to those songs. i think i may have a trojan or a backdoor or someone's accessing my music files. can someone help me! what tools can i use to find what's on my computer that may be causing this?

here's my hijackthis log

Logfile of HijackThis v1.98.2
Scan saved at 10:18:02 PM, on 11/6/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RivaTuner\RivaTuner.exe
C:\WINDOWS\system32\rundll32.exe
C:\program files\AtomTime Pro\AtomTime.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Pyrenean\eDexter\eDexter.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 61.115.219.174:8081
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner\RivaTuner.exe" /T
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AtomTime] "C:\program files\AtomTime Pro\AtomTime.EXE"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] F:\Program Files\Steam\Steam.exe -silent
O4 - Startup: eDexter.lnk = C:\Program Files\Pyrenean\eDexter\eDexter.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFA0F2F2-C01F-4B09-9F92-46CB8C335C1C}: NameServer = 4.2.2.2

Play_The_0dds · #2 11-07-2004, 09:46 AM

it's usually a good idea to double check on-board virus scanners with a on-line scan.
http://www.google.com/search?hl=en&q=panda+active+scan

and a good spyware scan, remember to update the refference file.
http://www.download.com/3000-2144-10...age&tag=button

looked like you had some spyware, may not be the problem though, the new versions of media player are bad about updating the files you have when you are on the net. windows media player 9 and 10 when installed ask you about do you want to allow it to acquire license info among other things when you first use it/set it up.

jasyn · #3 11-07-2004, 12:08 PM

Quote:

Originally posted by Play_The_0dds
it's usually a good idea to double check on-board virus scanners with a on-line scan.
http://www.google.com/search?hl=en&q=panda+active+scan

and a good spyware scan, remember to update the refference file.
http://www.download.com/3000-2144-10...age&tag=button

looked like you had some spyware, may not be the problem though, the new versions of media player are bad about updating the files you have when you are on the net. windows media player 9 and 10 when installed ask you about do you want to allow it to acquire license info among other things when you first use it/set it up.

i run spybot search and destroy .. lavasoft adaware .. and spywareblaster all on my computer.

i also run nod32 for my anvitirus.

as for wmp .. i still run version 9 kuz 10 was so buggy.