# Solved: When I Try Openinig Any Of My Pc Games An Error [Moved from XP; needs Security Help]



## map4442646 (Apr 15, 2006)

WHEN I TRY TO OPEN ANY OF MY PC GAMES (NOT EMULATOR, ETC....) AN ERROR COMES OUT WITH THIS MESSAGE:

An unhandled win32 execption occured in (name of the game) [3744]. Just-in-Time debugging this exception failed with the following error: No installed debugger has Just-in-Time debbugging can be enabled from Tools/Options/debugging/Just-in-Time

Check the documentation index for Just-in-Time debugging errors for more info.

but i dont know where i can find any of this things.... plus i dont have any debbuger installed on my pc...

System info: windows xp proffessional, 384 ram, 600 mhz pentium 3 processor, 3D fuzion GeForce MX 4000 PCI 128mb DDR Graphic card


----------



## Rollin' Rog (Dec 9, 2000)

What games? That is not an error message that one would normally associate with most retail games.

You should be getting some other error. 
Run *eventvwr.msc* and look at the "applications" log.

Check for game related errors there. Double click to read the description and use the "double-paper" copy icon to copy the descriptions to the clipboard and paste here.

This is all I know about "just-in-time" debugging. Never heard of it before, except relating to Java installations.

http://msdn2.microsoft.com/en-US/library/5hs4b7a6.aspx


----------



## map4442646 (Apr 15, 2006)

An unhandled win32 exception occurred in process #1392. Just-In-Time debugging this exception failed with the following error: The process ID is invalid.

Check the documentation index for 'Just-in-time debugging, errors' for more information.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

this all i saw that is related to JIT


----------



## map4442646 (Apr 15, 2006)

i tryed hijack this and this are the results

Logfile of HijackThis v1.99.1
Scan saved at 11:44:19 PM, on 4/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\issvcyd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe
C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\log_qtine.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Usuario\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: Shell=explorer.exe "
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: LimeWire PRO 4.10.0.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143251902043
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: semd32 - C:\WINDOWS\SYSTEM32\semd32.dll
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Log Service (Network Associates Log Service) - Network Associates, Inc. - C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
O23 - Service: McAfee Outbreak Manager (Outbreak Manager) - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
O23 - Service: Network Associates WebShield SMTP MailCfg (WebShield SMTP MailCfg) - Network Associates, Inc. - C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
O23 - Service: Network Associates WebShield SMTP MailScan (WebShield SMTP MailScan) - Network Associates, Inc. - C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe

is there something related to my problem?


----------



## map4442646 (Apr 15, 2006)

Bump!


----------



## Rollin' Rog (Dec 9, 2000)

You have multiple security related issues; I really don't handle these any more so I will move your thread to the Security forum and request help. You will have to be patient, but if you don't get a response in 24 hours, PM me.

These are the obvious issues:

C:\WINDOWS\issvcyd.exe

O4 - HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s

>> svchost.exe is only legitmate when it runs from the system32 folder

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O20 - Winlogon Notify: semd32 - C:\WINDOWS\SYSTEM32\semd32.dll
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)

These problems are without a doubt the direct result of your using a file sharing application, Limewire.

You will probably be instructed to uninstall that if you want further help.


----------



## map4442646 (Apr 15, 2006)

iigth so i unistalled LimeWire... and this is the new hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 1:08:19 AM, on 4/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\issvcyd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe
C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\log_qtine.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Usuario\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: Shell=explorer.exe "
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: LimeWire PRO 4.10.0.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143251902043
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: semd32 - C:\WINDOWS\SYSTEM32\semd32.dll
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Log Service (Network Associates Log Service) - Network Associates, Inc. - C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
O23 - Service: McAfee Outbreak Manager (Outbreak Manager) - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
O23 - Service: Network Associates WebShield SMTP MailCfg (WebShield SMTP MailCfg) - Network Associates, Inc. - C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
O23 - Service: Network Associates WebShield SMTP MailScan (WebShield SMTP MailScan) - Network Associates, Inc. - C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe


----------



## Flrman1 (Jul 26, 2002)

* *Click here* to download haxfix.exe and save it to your desktop.
Double click on *haxfix.exe* to install haxfix. (standard installation path is c:\program Files\haxfix)
Checkmark "Create a desktop icon"
Click "Next"
When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
Click "Finish"
A red "dos window" (dos box) will open with options:
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix

Select option *1. Make logfile* by typing *1* and then pressing Enter
Haxfix will start scanning the computer. When it is finished a logfile will open: *haxlog.txt* > (c:\haxfix.txt)
Copy the contents of that logfile and paste it into this thread.


----------



## map4442646 (Apr 15, 2006)

well, I started Haxfix, pressed any key and then option 1, after that a pop-up window came out with this message: 16 bit MS-DOS Subsystem(as a title) then 
Haxfix
C:/WINDOWS/System32/autoexec.nt. The system file is not suitable for running MS-DOS and microsoft windows applications. Choose 'close' to terminate the application.

But after that, this report came out in a notepad window:
HAXFIX logfile - by Marckie
--------------
version 2.31 
Sun 04/16/2006 13:31:49.89 

checking for ps.a3d....
ps.a3d is present!

checking for p2s2.a3d....
p2s2.a3d not found

checking for matching notify keys....
no matching notify keys found 

checking for matching services....
no matching services found 

checking for matching safeboot services....
no matching safeboot services found


----------



## map4442646 (Apr 15, 2006)

Bump!!


----------



## ~Candy~ (Jan 27, 2001)

Um, no need to bump after 16 minutes. This isn't live tech support. Have some patience please. When flrman1 comes back online, he'll get back to you.


----------



## ~Candy~ (Jan 27, 2001)

http://support.microsoft.com/default.aspx?scid=kb;en-us;324767

Have a read thru that link....but I'd still wait for flrman1's reply before doing anything else.


----------



## map4442646 (Apr 15, 2006)

oh... sorrry


----------



## ~Candy~ (Jan 27, 2001)

No problem. As a general rule, once someone has started to assist with a Hijack This Log, none of the other security folks get involved as it can become too confusing


----------



## Rollin' Rog (Dec 9, 2000)

Here's an easier fix for the error you are getting:

http://forums.techguy.org/2178768-post2.html


----------



## ~Candy~ (Jan 27, 2001)

Thanks Rog, I dug around looking for that


----------



## map4442646 (Apr 15, 2006)

thank you guys... appreciate the help


----------



## map4442646 (Apr 15, 2006)

so i tryed the 16bit subsystemxp that you asked me to download, and after it did i rebooted, just in case, the i tryed the game again, and the pop-up window still came out saying the same thing about Just-in-Time debbuging.

o, and someone asked me to run some program called haxfix, well here are the results:
HAXFIX logfile - by Marckie
--------------
version 2.31 
Sun 04/16/2006 19:15:21.74 

checking for ps.a3d....
ps.a3d is present!

checking for p2s2.a3d....
p2s2.a3d not found

checking for matching notify keys....
no matching notify keys found 

checking for matching services....
no matching services found 

checking for matching safeboot services....
no matching safeboot services found 

:s


----------



## Rollin' Rog (Dec 9, 2000)

When Mark (flrman1) gives you a clean bill of health -- we'll return this to the XP or Games forum if necessary to resolve the game issue. I've never seen any such message produced by retail games. You'll need to be specific about what games you are trying run and whether they are retail bought or something picked up through file sharing. If the latter, that's not going to something we can address.

Right now the indication is that you have a "haxdoor" infection.


----------



## map4442646 (Apr 15, 2006)

I bougth all of ma PC games from best buy, since they hard to download. The only kind of games that i download are emulators and stuffs like that but they work perfectly, and im sure that i have all the requirements that the games needs...

How do i fix the "haxdoor" infection? is there a program, or do i gotta buy a software for it?


----------



## map4442646 (Apr 15, 2006)

thanks rolling rog, you helped me fix my background problem, i scaned and removed the haxdoor, and know i can choose bbackground again, but now when i open any games the usual pop-up window comes out..... any help please? THANKS TO EVERY ONE THAT HAVE HELPED ME, I APPRECIATE THE HELP... I THINK IM GOING TO DONATE...


----------



## Flrman1 (Jul 26, 2002)

Post a new Hijack This log please.


----------



## Rollin' Rog (Dec 9, 2000)

If this is the "just-in-time" thing that is still bugging you, let's see if we can disable or delete it.

http://msdn2.microsoft.com/en-US/library/k8kf6y2a(VS.80).aspx

Or, run *regedit* and right click on these registry keys or values if they exist and delete them:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\*Debugger* >> right pane value

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\*DbgManagedDebugger*

reboot afterwards.


----------



## map4442646 (Apr 15, 2006)

Thanks Rollin' Rog, i tryed the registry search, but the registry address that you told me to delete dont exist.... one of the problem is that i dont have visual studio on my computer, oh and Flrman here is the HJT log
Logfile of HijackThis v1.99.1
Scan saved at 4:05:04 PM, on 4/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\issvcyd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe
C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\log_qtine.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ask.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ask.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: Shell=explorer.exe "
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143251902043
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: semd32 - C:\WINDOWS\SYSTEM32\semd32.dll
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Log Service (Network Associates Log Service) - Network Associates, Inc. - C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
O23 - Service: McAfee Outbreak Manager (Outbreak Manager) - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
O23 - Service: Network Associates WebShield SMTP MailCfg (WebShield SMTP MailCfg) - Network Associates, Inc. - C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
O23 - Service: Network Associates WebShield SMTP MailScan (WebShield SMTP MailScan) - Network Associates, Inc. - C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe

i wonder what else i can do to fix this problem, oh and any of you can move this subcription, the security part is already fix.... i deleted the haxdoor.... THANK YOU ALL!!!


----------



## Rollin' Rog (Dec 9, 2000)

You still have evidence of infection, but Mark will handle that.


However, I'm pretty sure you have this address:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger 

Note that in the Right Pane I have an entry for "Dr Watson" under "debugger"; If that's all you have don't bother to delete the key -- you are looking for something else that might be there --

Make sure you are looking in the "Windows NT" branch of the Microsoft tree.


----------



## Flrman1 (Jul 26, 2002)

* Run Haxfix again:

A red "dos window" (dos box) will open with options:
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix

Select option *2. Run auto fix* by typing *2* and then pressing Enter
If an infection is found, you'll get a message to close all other open windows.
Close all open windows *except* the red dos window from *haxfix* and then press Enter
The computer will reboot
After reboot a logfile will open > (c:\haxfix.txt)
Post the contents of that logfile along with a new HijackThis log.


----------



## map4442646 (Apr 15, 2006)

ok, so i run haxfix, and selected option two, the answer was that there was no haxdoor infection detected, so i selected choice number 1, and heres the log:
HAXFIX logfile - by Marckie
--------------
version 2.31 
Mon 04/17/2006 17:46:06.16 

checking for ps.a3d....
ps.a3d is present!

checking for p2s2.a3d....
p2s2.a3d not found

checking for matching notify keys....
matching notify keys found 
semd

checking for matching services....
matching services found 
ASPI32
semd64

checking for matching safeboot services....
matching safeboot services found 
semd32.sys
semd64.sys


----------



## Flrman1 (Jul 26, 2002)

I don't know why it would tell you there is no infection found when the log you just posted clearly says there is. Try running the fix again (option 2) exactly as described in my previous post.

When it is finished come back here and post the contents of haxfix.txt along with a new HijackThis log.

If that doesn't work this time we'll try another way.


----------



## map4442646 (Apr 15, 2006)

ok, so i just found the key that you asked me to delete Rollin' Rog, and i deleted it, now when i open the games, t says that the game has and error and, those kind of error that you have to report to microsoft, do you think that the games or is there something else going wrong?


----------



## map4442646 (Apr 15, 2006)

ok, so i just performed the hexfix, i did it about 4 times, until it asked me to close all the windows that is going to reboot, and after the reboot heres the log:
HAXFIX logfile - by Marckie
--------------
version 2.31 
Mon 04/17/2006 18:14:14.71

Auto Haxdoorfix

haxdoor key: semd 
searching for services....
services found 
deleting services..... 
[SWSC] DeleteService FAIL
[SWSC] DeleteService SUCCESS
[SWSC] DeleteService FAIL
[SWSC] DeleteService FAIL

rebooting the computer.....

haxdoor key: semd 
searching for services....
services not found

checking if files are found.....
semd32.dll exist
semd32.sys not found
semd64.sys not found
semd16.dll not found
semd16.sys not found
semd24.sys not found
semdxt.dll not found
semdxt.sys not found
semdxm.sys not found
semdtt.dll not found
semdtt.sys not found
semdmm.sys not found

omg, where are these files


----------



## Flrman1 (Jul 26, 2002)

Rescan with Hijack This and post a new log please.


----------



## Rollin' Rog (Dec 9, 2000)

Per the game problem -- that is what I expected to happen; We'll try to address that, if it remains, after the Security issues are cleared up.


----------



## map4442646 (Apr 15, 2006)

Logfile of HijackThis v1.99.1
Scan saved at 6:47:59 PM, on 4/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\issvcyd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe
C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ask.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ask.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: Shell=explorer.exe "
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143251902043
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Log Service (Network Associates Log Service) - Network Associates, Inc. - C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
O23 - Service: McAfee Outbreak Manager (Outbreak Manager) - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
O23 - Service: Network Associates WebShield SMTP MailCfg (WebShield SMTP MailCfg) - Network Associates, Inc. - C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
O23 - Service: Network Associates WebShield SMTP MailScan (WebShield SMTP MailScan) - Network Associates, Inc. - C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe


----------



## Flrman1 (Jul 26, 2002)

* *Click here* to download ATF Cleaner by Atribune and save it to your desktop.

Double-click *ATF-Cleaner.exe* to run the program.
Under *Main* choose: *Select All*
Click the *Empty Selected* button.
*If you use Firefox:*
Click *Firefox* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.


*If you use Opera:*
Click *Opera* at the top and choose: *Select All*
Click the *Empty Selected* button.
*[*]NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.


Click *Exit* on the Main menu to close the program.

* Run Hijack This again and put a check by these. Close *ALL* windows except HijackThis and click "Fix checked"

*R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)*

* Restart your computer.

* Run ActiveScan online virus scan *here*

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

*Post a new HiJackThis log along with the results from ActiveScan*


----------



## map4442646 (Apr 15, 2006)

HJT LOG:
Logfile of HijackThis v1.99.1
Scan saved at 8:51:33 PM, on 4/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\issvcyd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe
C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ask.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ask.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: Shell=explorer.exe "
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143251902043
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Log Service (Network Associates Log Service) - Network Associates, Inc. - C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
O23 - Service: McAfee Outbreak Manager (Outbreak Manager) - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
O23 - Service: Network Associates WebShield SMTP MailCfg (WebShield SMTP MailCfg) - Network Associates, Inc. - C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
O23 - Service: Network Associates WebShield SMTP MailScan (WebShield SMTP MailScan) - Network Associates, Inc. - C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe


----------



## map4442646 (Apr 15, 2006)

Antivirus check:

Incident Status Location

Adware:Adware/WUpd Not disinfected C:\WINDOWS\system32\winoscnfg.exe 
Virus:Bck/Agent.BRQ Not disinfected C:\WINDOWS\system\svchost.exe 
Virus:Bck/Agent.BRQ Not disinfected C:\WINDOWS\system\svchost.dll  
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\new6u8u9.default\cookies.txt[] 
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Usuario\Application Data\Mozilla\Firefox\Profiles\mxz40mr0.default\cookies.txt[]


----------



## Flrman1 (Jul 26, 2002)

* Open Firefox.
Click on Tools, then Options
Select the Privacy icon in the left-hand panel
Click on Cookies
Click on View Cookies
Click on the Remove All Cookies button

* *Click Here* and download Killbox and save it to your desktop.

* Double-click on Killbox.exe to run it. 
Put a tick by *Delete on Reboot*. 
Copy the following list of files to clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

*C:\WINDOWS\system32\winoscnfg.exe 
C:\WINDOWS\system\svchost.exe 
C:\WINDOWS\system\svchost.dll *

Next in Killbox go to *File > Paste from clipboard*
Click on the *All Files* button. 
Next click on the button that has the red circle with the white X in the middle.
It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now. 
Click Yes and let the computer reboot.
* After it reboots, run Kaspersky online virus scan *here*.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

*Post a new HiJackThis log along with the results from Kaspersky scan*


----------



## Flrman1 (Jul 26, 2002)

Also please do this:

Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Go to the forum *here* and upload the C:\WINDOWS\*issvcyd.exe* file.

Here are the directions for uploading the file:

Just click "New Topic", fill in the needed details and post a link to your thread here. Click the "Browse" button. Navigate to the file on your computer. When the file is listed in the window click "Post" to upload the file.

*Don't forget to post a link to your thread here.*


----------



## map4442646 (Apr 15, 2006)

i was wondering... Which is the best video card ever? and by best i mean affordable and good performance... if you buy, for example a pc100 128mb ram mem. and a pc133 128mb ram mem., how can you tell which one is better( i know that if you put them together the pc wont start up)i was wondering if one of you know some info that you can tell me.... apreciate any answer.


----------



## map4442646 (Apr 15, 2006)

http://www.thespykiller.co.uk/forum/index.php?topic=1380.0
Here's the link for the file...


----------



## map4442646 (Apr 15, 2006)

virus scan:
Tuesday, April 18, 2006 6:12:00 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 18/04/2006
Kaspersky Anti-Virus database records: 188620
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 56714
Number of viruses found 12
Number of infected objects 58
Number of suspicious objects 0
Duration of the scan process 02:12:18

Infected Object Name Virus Name Last Action
C:\WINDOWS\system\ctldlg32.dll Infected: Trojan-Spy.Win32.Agent.lv skipped
C:\WINDOWS\system\svchost.exe Infected: Backdoor.Win32.Agent.xb skipped
C:\WINDOWS\system\svchost.dll Infected: Backdoor.Win32.Agent.xb skipped
C:\Program Files\XoftSpySE2\uninstall.exe/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Program Files\XoftSpySE2\uninstall.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP54\A0009787.dll Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP55\A0010274.DLL Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP55\A0010288.DLL Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP55\A0010314.DLL Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP55\A0010327.exe/data0003 Infected: HackTool.Win32.VB.ao skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP55\A0010327.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP55\A0010358.exe/AutoPlay/Docs/Get RapidShare 6.0.rar/Get RapidShare 6.0/get-rapidshare.exe Infected: Virus.Win32.Parite.b skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP55\A0010358.exe/AutoPlay/Docs/Get RapidShare 6.0.rar Infected: Virus.Win32.Parite.b skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP55\A0010358.exe/AutoPlay/Docs/MaC Rapid v1.6a Beta11.rar/MaC Rapid v1.6a Beta11/MaCRapid.exe Infected: Virus.Win32.Parite.b skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP55\A0010358.exe/AutoPlay/Docs/MaC Rapid v1.6a Beta11.rar Infected: Virus.Win32.Parite.b skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP55\A0010358.exe/AutoPlay/Docs/More RapidShare.rar/More RapidShare/more-rapid.exe Infected: Virus.Win32.Parite.b skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP55\A0010358.exe/AutoPlay/Docs/More RapidShare.rar Infected: Virus.Win32.Parite.b skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP55\A0010358.exe ZIP: infected - 6 skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP57\A0010526.exe/run.exe Infected: Trojan-Downloader.Win32.Harnig.bg skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP57\A0010526.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP60\A0010724.DLL Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP60\A0010731.DLL Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP62\A0010777.DLL Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP62\A0011776.dll Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP63\A0011821.exe/run.exe Infected: Trojan-Downloader.Win32.Harnig.bh skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP63\A0011821.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP63\A0011884.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP63\A0011887.exe/username.exe Infected: Trojan-Downloader.Win32.Small.ya skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP63\A0011887.exe/shell32.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP63\A0011887.exe SetupFactory: infected - 2 skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP64\A0012465.DLL Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP64\A0012471.exe Infected: Trojan.Win32.EliteBar.h skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP65\A0013572.DLL Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP65\A0013629.exe/username.exe Infected: Trojan-Downloader.Win32.Small.ya skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP65\A0013629.exe/shell32.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP65\A0013629.exe SetupFactory: infected - 2 skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP72\A0013777.DLL Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP72\A0013801.DLL Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP72\A0013812.DLL Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP72\A0013826.DLL Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP75\A0013897.DLL Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP76\A0013950.dll Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP76\A0014003.DLL Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP76\A0014018.exe/run.exe Infected: Trojan-Downloader.Win32.Harnig.bh skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP76\A0014018.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP76\A0014021.exe/data0058 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP76\A0014021.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP76\A0014024.exe/run.exe Infected: Trojan-Downloader.Win32.Harnig.bh skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP76\A0014024.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP76\A0014025.dll Infected: Backdoor.Win32.Haxdoor.ic skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP76\A0014043.exe/data0035 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP76\A0014043.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP76\A0014046.exe/data0034 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP76\A0014046.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1219497E-AE0C-4E26-808A-881783AA5B88}\RP76\A0014192.DLL Infected: Backdoor.Win32.Haxdoor.ic skipped
D:\My Documents\My Documents\Sims2 University.exe/username.exe Infected: Trojan-Downloader.Win32.Small.ya skipped
D:\My Documents\My Documents\Sims2 University.exe/shell32.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
D:\My Documents\My Documents\Sims2 University.exe SetupFactory: infected - 2 skipped
Scan process completed.


----------



## map4442646 (Apr 15, 2006)

HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 6:15:20 AM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\issvcyd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe
C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ask.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ask.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 381.381.1.254:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
F2 - REG:system.ini: Shell=explorer.exe "
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143251902043
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Log Service (Network Associates Log Service) - Network Associates, Inc. - C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
O23 - Service: McAfee Outbreak Manager (Outbreak Manager) - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
O23 - Service: Network Associates WebShield SMTP MailCfg (WebShield SMTP MailCfg) - Network Associates, Inc. - C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
O23 - Service: Network Associates WebShield SMTP MailScan (WebShield SMTP MailScan) - Network Associates, Inc. - C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe


----------



## map4442646 (Apr 15, 2006)

Bump!


----------



## Flrman1 (Jul 26, 2002)

Thanks for uploading the file. It is adware from rightmedia.

* Copy these instructions to notepad and save them to your desktop. You will need them to refer to.

* Restart your computer into safe mode now. Perform the following steps in safe mode:

* Double-click on Killbox.exe to run it. 

Put a tick by *Standard File Kill*. 
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

*C:\WINDOWS\system32\winoscnfg.exe

C:\WINDOWS\system\svchost.exe

C:\WINDOWS\system\svchost.dll

C:\WINDOWS\issvcyd.exe

C:\WINDOWS\system\ctldlg32.dll

D:\My Documents\My Documents\Sims2 University.exe *

Click on the button that has the red circle with the X in the middle after you enter each file. 
It will ask for confimation to delete the file. 
Click Yes. 
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
Killbox may tell you that one or more files do not exist. 
If that happens, just continue on with all the files. Be sure you don't miss any.
Exit the Killbox.

* Restart back into Windows normally now.

* Go here and do the BitDefender online virus scan.

Click "I Agree" to agree to the EULA.
Allow the ActiveX control to install when prompted.
Click "Click here to scan" to begin the scan.
Please refrain from using the computer until the scan is finished.
When the scan is finished, click on "Click here to export the scan results"
Save the report to your desktop then come back here and *attach* it to your next reply along with a new Hijack This log..


----------



## map4442646 (Apr 15, 2006)

this the largest of the scans, almost two days scanning, and keeps scanning


----------



## map4442646 (Apr 15, 2006)

Flrman, isnt there another way to do that scan? because everytime it gets to D:/System Volume the scanner freezes... i mean the time keeps running, the remaining time stops at 0.00.03 and then starts increasing.... i have tryed restarting the computer... and rescaning... but it always stops there.... this is the 6th time i performed it... and it still didnt work.... any idea why?


----------



## Rollin' Rog (Dec 9, 2000)

Try disabling the System Restore cache by following the instructions below -- then try the scan again:

http://service1.symantec.com/SUPPOR...5065b3834b10031488256b0900255ea7?OpenDocument

Reenable the System Restore cache after the scan is complete.


----------



## map4442646 (Apr 15, 2006)

Thank you!


----------



## Flrman1 (Jul 26, 2002)

Save the results of the scan when it is finished and attach it to your next post. Also post a new HJT log.


----------



## map4442646 (Apr 15, 2006)

omg!!! lol.... hey i got to the point that i ghad to mark my drive d:/ (2nd slave hard drive) so that the scan could finish... i left the computer on last nigth while doing the scan, this morning when i woked up.... it was still scaning.... the around 3pm.... i checked it and the remaining time was 00:00:00 and it was still scaning 1 last file.... so i left it for 30 min... the when i checked back it was still on the same file.... i dont know what to do now... but just in case i posted a new HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 5:14:31 PM, on 4/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\issvcyd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe
C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
C:\Program Files\AVI Movie Player\aviplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ask.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ask.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 381.381.1.254:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
F2 - REG:system.ini: Shell=explorer.exe "
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143251902043
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Log Service (Network Associates Log Service) - Network Associates, Inc. - C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
O23 - Service: McAfee Outbreak Manager (Outbreak Manager) - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
O23 - Service: Network Associates WebShield SMTP MailCfg (WebShield SMTP MailCfg) - Network Associates, Inc. - C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
O23 - Service: Network Associates WebShield SMTP MailScan (WebShield SMTP MailScan) - Network Associates, Inc. - C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe


----------



## Flrman1 (Jul 26, 2002)

How is your computer running now?

Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.


----------



## map4442646 (Apr 15, 2006)

my computer is normal....in terms of security i dont really know if we have to do something else.... you are the man.... but my game still wont work... here's yopur request:
Anapod Explorer (remove only)
ArmyOps
AVI Movie Player
Cypress USB Mass Storage Driver Installation
ffdshow (remove only)
HandoVideo Converter Pro 2.2
HaxFix 2.31
HijackThis 1.99.1
Internet Download Manager
J2SE Runtime Environment 5.0 Update 6
Kaspersky On-line Scanner
Macromedia Flash Player 8
Macromedia Shockwave Player
McAfee Anti-Spyware Enterprise Module
McAfee QuickClean 6.0
McAfee SecurityCenter
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Office Professional Edition 2003
Mozilla Firefox (1.5.0.2)
MSN Messenger 7.5
MSN Music Assistant
MSXML 6.0 Parser
Panda ActiveScan
PowerDVD
Project64 1.6
Roxio Easy Media Creator 7
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
USB Storage Adapter FX (SM1)
WebShield SMTP
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
XoftSpySE


----------



## map4442646 (Apr 15, 2006)

Bump!


----------



## Rollin' Rog (Dec 9, 2000)

Assuming there are no more current security issues that might affect gaming (and Mark will give you the all clear on that, or ask for further information) -- let's separate the Game issue from the Security issue at this time.

Since this is a gaming problem, start a NEW topic in the Games forum. describe the problem and include full, EXACT, error messages associated with the problem games. If they are different games and different messages post both. If they are the same message but different games, just let us know the games and the message.

PM me with a link to the forum thread when you've made it.


----------



## Flrman1 (Jul 26, 2002)

Everything looks to be in order as far as your security issues go.

* *Check this out* for info on how to tighten your security settings and some good free tools to help prevent this from happening again.

* Go to *Windows update* and install all "High Priority Updates".

* Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.


----------



## Flrman1 (Jul 26, 2002)

Since this problem has been solved, I'm closing this thread. If you need it reopened please PM me or one of the other mods.

Anyone else with a similar problem please start a "New Thread".


----------

