Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Notepad Problem...


  • Please log in to reply

#1
damned

damned

    New Member

  • Member
  • Pip
  • 2 posts
I did do alot of coding on my computer. until I found out that after I cut / paste some code from my original program into a new text document, the original code that I pasted in the text document (notepad.exe) will change to "Was unable to change your desktop" and if I go and press ctrl-z (undo) it doesn't do anything.

Do you guys know if this is spyware or something else? Maybe because my pc is rather old, about 5 years old.

Please advise...

Here's my HJT log file

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:37:12 PM, on 9/22/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\Program Files\Pop up Blocker Pro\pdie.exe

C:\Server\abyssws.exe

C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe

C:\Server\abyssws.exe

C:\WINDOWS\System32\cidaemon.exe

C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\serviceb.exe



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [Pop up Blocker Pro] "C:\Program Files\Pop up Blocker Pro\pdie.exe" Minimize

O4 - HKCU\..\Run: [AbyssWebServer] C:\Server\abyssws.exe

O4 - HKCU\..\Run: [MilShieldSlave] "C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" -logon

O4 - Startup: Wildcat! Navigator.lnk = C:\Program Files\WcNavigator\wildcat.exe

O4 - Startup: Wildcat! Startup.lnk = C:\WC5\wcstart.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Pop up Blocker Pro - {D1A91299-4F1C-4FD3-B636-68D71953513C} - C:\Program Files\Pop up Blocker Pro\pdie.exe

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab

O20 - Winlogon Notify: swgg - C:\WINDOWS\SYSTEM32\click.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: MilShieldCleaner - Unknown owner - C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe



--

End of file - 6646 bytes

It's been over 3 hours...Still nothing? ...And you call yourselves geeks?

No luck after 24 hours? You guys aren't that good, I am going else ware, and I won't pass a good word about you guys, I should've at least had a response that said sorry, can't figure this one out.

Thank you

Edited by damned, 23 September 2008 - 04:28 PM.

  • 0

Advertisements


#2
sari

sari

    GeekU Admin

  • Administrator
  • 21,803 posts
  • MVP
damned,

Take a look around - we have hundreds of people that need help every day, and only so many helpers. Each and every one of us is a volunteer - we have lives, families, work, etc., and we do this in our spare time. Patience is a virtue. Rudeness is not.

By the way - your Windows is very out-of-date. You should at least be on XP SP2 at this point.
  • 0

#3
damned

damned

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
sari,

Take a look around - we have hundreds of people that need help every day, and only so many helpers. Each and every one of us is a volunteer - we have lives, families, work, etc., and we do this in our spare time. Patience is a virtue. Rudeness is not.


Ok, I agree, but I looked at the name geekstogo.com and figured this site would be the quickest...Sorry for the rudeness. I thought that would speed you up. Again sorry. And if you find a solution to my computer, please post.


By the way - your Windows is very out-of-date. You should at least be on XP SP2 at this point.


But with only 1 gig of memory in my computer, a new upgrade will bog it down even more (SP2).

Thanks.

Edited by damned, 25 September 2008 - 01:53 PM.

  • 0

#4
sari

sari

    GeekU Admin

  • Administrator
  • 21,803 posts
  • MVP
damned,

1 gig is plenty to run XP, and SP2 shouldn't bog it down. Let's look at a few things here.

Please go to Uploadmalware to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Browse for this filename: C:\WINDOWS\system32\serviceb.exe
  • Go the then next box and browse for this filename: C:\WINDOWS\SYSTEM32\click.dll
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File

Please run the MGA Diagnostic Tool and post back the report it shall produce:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

Thanks,

sari
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP