[damned]

I did do alot of coding on my computer. until I found out that after I cut / paste some code from my original program into a new text document, the original code that I pasted in the text document (notepad.exe) will change to "Was unable to change your desktop" and if I go and press ctrl-z (undo) it doesn't do anything.

Do you guys know if this is spyware or something else? Maybe because my pc is rather old, about 5 years old.

Please advise...

Here's my HJT log file

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:37:12 PM, on 9/22/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\Program Files\Pop up Blocker Pro\pdie.exe

C:\Server\abyssws.exe

C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe

C:\Server\abyssws.exe

C:\WINDOWS\System32\cidaemon.exe

C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\serviceb.exe



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [Pop up Blocker Pro] "C:\Program Files\Pop up Blocker Pro\pdie.exe" Minimize

O4 - HKCU\..\Run: [AbyssWebServer] C:\Server\abyssws.exe

O4 - HKCU\..\Run: [MilShieldSlave] "C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" -logon

O4 - Startup: Wildcat! Navigator.lnk = C:\Program Files\WcNavigator\wildcat.exe

O4 - Startup: Wildcat! Startup.lnk = C:\WC5\wcstart.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Pop up Blocker Pro - {D1A91299-4F1C-4FD3-B636-68D71953513C} - C:\Program Files\Pop up Blocker Pro\pdie.exe

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab

O20 - Winlogon Notify: swgg - C:\WINDOWS\SYSTEM32\click.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: MilShieldCleaner - Unknown owner - C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe



--

End of file - 6646 bytes

It's been over 3 hours...Still nothing? ...And you call yourselves geeks?

No luck after 24 hours? You guys aren't that good, I am going else ware, and I won't pass a good word about you guys, I should've at least had a response that said sorry, can't figure this one out.

Thank you

Edited by damned, 23 September 2008 - 04:28 PM.

[Advertisements]

damned,

Take a look around - we have hundreds of people that need help every day, and only so many helpers. Each and every one of us is a volunteer - we have lives, families, work, etc., and we do this in our spare time. Patience is a virtue. Rudeness is not.

By the way - your Windows is very out-of-date. You should at least be on XP SP2 at this point.

[sari]

damned,

Take a look around - we have hundreds of people that need help every day, and only so many helpers. Each and every one of us is a volunteer - we have lives, families, work, etc., and we do this in our spare time. Patience is a virtue. Rudeness is not.

By the way - your Windows is very out-of-date. You should at least be on XP SP2 at this point.

[damned]

sari,

Take a look around - we have hundreds of people that need help every day, and only so many helpers. Each and every one of us is a volunteer - we have lives, families, work, etc., and we do this in our spare time. Patience is a virtue. Rudeness is not.

Ok, I agree, but I looked at the name geekstogo.com and figured this site would be the quickest...Sorry for the rudeness. I thought that would speed you up. Again sorry. And if you find a solution to my computer, please post.

By the way - your Windows is very out-of-date. You should at least be on XP SP2 at this point.

But with only 1 gig of memory in my computer, a new upgrade will bog it down even more (SP2).

Thanks.

Edited by damned, 25 September 2008 - 01:53 PM.

[sari]

damned,

1 gig is plenty to run XP, and SP2 shouldn't bog it down. Let's look at a few things here.

Please go to Uploadmalware to upload a suspicious file for analysis.

• Enter your username from this forum
• Copy and paste the link to this thread
• Browse for this filename: C:\WINDOWS\system32\serviceb.exe
• Go the then next box and browse for this filename: C:\WINDOWS\SYSTEM32\click.dll
• In the comments, please mention that I asked you to upload this file
• Click on Send File

Please run the MGA Diagnostic Tool and post back the report it shall produce:

• Download MGADiag to your desktop.
• Double-click on MGADiag.exe to launch the program
• Click "Continue"
• Ensure that the "Windows" tab is selected (it should be by default).
• Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
• Paste the MGA Diagnostic Report back here in your next reply.

Thanks,

sari