My computer is fucked.

Alright, So lately I've been having problems with my computer, and I have no idea what's causing them. I suspect it has something to do with my MSN. First off, MSN windows will randomly open themselves. Next, my computer types things(on its own) to my contacts, which is annoying as hell. Next, ever since the last two problems started, i've been getting the BSOD an unusual amount of times. Weirdest part aboot that is that it never shuts down when I'm in the middle of doing something, it's always just when I'm aboot to turn my computer off. I've tried scanning for viruses and stuff, but nothing comes up. Then, I came to the conclusion that it seems a little bit like an unauthorized form of remote assistance, so I checked that, but nothing came up there either. So yeah, I have no idea what's wrong, but any help would be appreciated. Thanks.

-Caity

Well if it types stuff to your contacts it's definetly one of those, I'm assuming no1 would go to the bother of writing a virus to do that so disconnect your internet for a while and see what happens.

Happysmileman wrote: Well if it types stuff to your contacts it's definetly one of those, I'm assuming no1 would go to the bother of writing a virus to do that so disconnect your internet for a while and see what happens.

Agreed.

I think you have been hacked, check for netcat, sub7, etc while you are at it

BC

Yeeesh I haven't seen BSOD's since windows 95 :o

Sounds like you have unauthorized visitors. Do you have Abel installed on your machine?

Do you have any other 'hacking' software installed?

Check out all possible solutions and when in doubt…turn off remote assistance in windows and change your administrator password ;)

Thought of another one while I was cleaning my computer room.

Run EtheReal on your computer and listen in when your computer starts to go wonkey. Read the log and poof you will find the IP of your intruder and you will be able to trace the program they are running on your machine.

When all else fails use http://www.spywareinfo.com/~merijn/programs.php#hijackthis to check for applications running and post yer log ;)

Here is my recomendation. You need to make sure that whatever is starting up doesn't this way it doesn't run when you disable it. To do this go to

run>msconfig

it will popup a screen that looks like the image below

from there disable everything from starting up that you do not recignise. If it doesn't have a name disable it.

then run an ativirus like Nod32 (free 30 day demo) or hijack this as suggested above.

and if none of that works just format :)

First off, thanks everyone for your responses and such. Next:

AldarHawk wrote: Sounds like you have unauthorized visitors. Do you have Abel installed on your machine?

Do you have any other 'hacking' software installed?

As far as hacking software goes, I think I just have Cain & Abel.

Edit: Oh, and I forgot to add that I don't HAVE the admin password, as I am not admin of this computer, and I'd rather fix this without asking my dad to change the pass and stuff because I only got my computer back under the condition that I try to stay safe on the internet and not get hacked/hack other people. So yeah, Telling my parents is a bad idea.

cubeman372 wrote: Yeeesh I haven't seen BSOD's since windows 95 :o

Lol then you didn't have Windows Millenium xD

Btw Caity, if you can't find any backdoor etc with the latest virus definitions, I'd advise you to format and reinstall Windows if that isn't too much work ^^.

I don't think it's any of those problems above…

I think it's a device driver problem; At this day in age, BSODs are mostly caused b/c of device drivers. Try updating throught windows updates, then through your specific vendor's site.

If the problem persists, then I'd recommend lying to your parents (sorry for the unethical suggestion, but seems like it's the only alternative to get the job done), so you can reinstall the OS and start fresh.

*Maybe it is MSN tho, that's why I don't use that shit. It sux.

I had the exact same problem with the shutdowns. Although, i formatted my computer and now all seems okay. I didn't get the random message sending though :(.

-Jay.

CrazyCaity123 wrote: As far as hacking software goes, I think I just have Cain & Abel.

There is more than likely your problem then. Abel is a backdoor software and it is a sort of trojan. Uninstall the abel portion and you will be fine and dandy. if the problem persists then I would suggest running HiJack This! and posting the listing here so some of the 'experts' can look it over.

The site I posted has many good programs for fixing malware and spyware infestations.

Try it out. When in doubt…ASK.

I will keep an eye on this post to see how you are getting along Caity.

scan your network,for suspicious activity… get NMAP. www.insecure.org

peace

yes, caity, Abel its a bitch to mess with, when I run C&A, I always remove abel. Aldarhawk could be right, but I have seen a 'backdoor trojan' that can cause BSoD or unrepairable BSoD. When I saw that I was saying WTF. Get a network packet logger - like snort - Then see if theres any strange ports open. I would look for a port list to see if there are any trojan ports open too. Do netstat -n to make sure.

Bl4ckC4t

Alright, here's my logs.

Scan saved at 4:22:53 PM, on 17/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe
C:\Program Files\Vidalia\vidalia.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Privoxy\privoxy.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\mIRC\mirc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Caity\LOCALS~1\Temp\Rar$EX00.860\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hellboundhackers.org/news.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDqLpVXxUyHVoycqufxULlcDtRJmfjz5DNxKoCtIYsxIdJX6cxtDnLNSJmIGBmSS+OtaDFORRdLXukBWuk656xkuyiXyH0yjEErnYu/waPNJ8=
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FDA4DFFB-2C3D-4730-8D7E-28523C7F2F67} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Visualware Security Suite] "C:\Program Files\Visualware Security Suite\tscore.exe" -autostartup
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZU
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.com/teleport/hotdate/MaxisHotDateTeleX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/getPlugin.do
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: geebc - C:\WINDOWS\system32\geebc.dll (file missing)
O20 - Winlogon Notify: pmnlk - C:\WINDOWS\system32\pmnlk.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Abel - Unknown owner - C:\Abel.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc.                          - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks again for all your help.

my friend recently recieved a virus through MSN… now im not to sure if its a similiar virus, but when he would open up MSN messenger and talk to people, it would randomly send a message to his friends saying "I cant believe i found this picture of you!" … and the link went to " pics.exe" and installed itself to his friends computers…

— i figured it was just a common messenger virus such as the ones for AIM or YAHOO where it just annoys the hell out of you, but sure enough it turned out to be even worse… his computer was getting eaten away by it.

— now, what i hear about starting up in safemode without being on the network is that it usually doesn't allow viruses to boot, im not 100% sure on this so someone back me up… but if thats true, then i suggest you boot up in safe mode and run any virus protection you have, and also any anti spyware / malware… the reason your virus scanner might not be picking it up is because it COULD possibly be spyware or malware, which hides itself very nicely… (to start up in safemode reboot your computer and while its booting just press f8 continuously until prompted wiht a screen) … im not too positive how well this will work, but give it a shot ;) it cant hurt

No, it's nothing like that. >.> Even I'M not stupid enough to fall for those.

:-P good… i find it funny when people click them, getting the virus, knowing about it, then going on like it wont do anything to their computer lol… hmm.. well ill do some research for ya, idk how much luck ill have…and im sure the people on here will figure some kind of solution for you…good luck with your troubles!

I've made this thread sticky for the time being until it gets sorted.

Okay Caity….You have a lot of applications running!

a few items that are not needed are as follows:

O2 - BHO: (no name) - {FDA4DFFB-2C3D-4730-8D7E-28523C7F2F67} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

I would look into the shaw secure stuff you got running on there because there are a lot of items running and I can guarentee that your resources are being eaten up by them.

Look over all those programs in startup and see what you actually need. I would suggest things like the LexMark and other things like that you do not need.

But hey that is just me. I would make sure to run all this by your parents before you remove anything but alot of those items are not needed services. If you do not know about an executable file I would google the exact file name and you can find out a lot of information about them.

I do not see a malware running or any spyware but again I could be wrong. Look into the Shaw Secure stuff as I have said already.

The shaw secure is my antivirus/firewall/etc. I'm not allowed to mess around with that. There's also a hell of a lot of shaw stuff cuz they're my ISP.

So yeah, I guess I'll delete all that unneeded stuff. Thanks once more for all the help.

try using Kaspersky. I and a friend made shells to hack computers with nc. no antivirus detected them (norton, macafee nod32..) but when we tryed kaspersky it showed us at least a suspicous program (we made it so it multyplied itself in temp folders but kaspersky couldnt detect the main problematic program xD). If things are being typed on your msn it can only be two things: sum1 is using remote desktop on you or a virus.

If it is remote desktop, I know many people use radmin, check the ports it uses and dl a tool to see what ports are open (kaspersky does it too). but, with radmin, u'd actually SEE your mouse moving. thus it might be a virus (specially if what is written is allways the same). try scanning with other antivirus.

AS for being hacked, unless there is some specific reason u shouldnt be hacked and BSOD hapen for: installing multiple antivirus (actually multiple programs that use the same resources (I installed 3 o them once :D computer nvr turned on again ^^). Or a virus. Being hacked hardly ever causes BSOD. If you dont know any hackers that could want to harm you or play with you for a while, it's not likely sum1 would randomly hack you for fun, so check your contacts.

At last: if you got norton: get rid of it, it sucks (exept that ip thing hehehe)

Well, like many others suggested, turn off your internet connection, and scan your whole computer. NOD32 is sapossedly the best AV software. Free trial, google it.

Also, I would check the device manager to see if anything is acting up. And also, get a firewall if you don't already have one….I perfer Sygate Personal Firewall, it's free and it works pretty damn good…

Turn off remote assistance, (like many others suggested)..

And install microsoft service pack 2, it has updated shit, but I really don't want to bother with SP2 right now…but I have SP1 and they stopped giving support for it…well…

Just do those things, then, if all else fails….format. =[.

If i were you i would just format, it will be much easier in the long run, most viruses and things install backdoors to get in again…….

ummmm.. wounder who did it

what could be wrong if MSN keeps openign up randomly is a Trojan. i had a trojan on my computer for about 4 months because it was new and couldnt be detected with the scanner. update your scanner frequently.

my trojan used to open up IE randomly and take me to sites. everything is fixed now.

if you have a recovery drive i suggest taking the easy way out and save a few things and recover.

hack4u wrote: what could be wrong if MSN keeps openign up randomly is a Trojan. i had a trojan on my computer for about 4 months because it was new and couldnt be detected with the scanner. update your scanner frequently.

my trojan used to open up IE randomly and take me to sites. everything is fixed now.

if you have a recovery drive i suggest taking the easy way out and save a few things and recover.

Er, thanks for the suggestion, but there's nothing wrong with MSN anymore :P

Actually, there's almost nothing wrong at all! :D

Just burn important files onto a DVD/CD, reformat, reinstall Window XP, download Damn Small Linux, copy the files from the DVD onto your new NTFS partition Windows set up (incase your little problem copied itself onto the DVD), and enjoy. (might be a bit extreme, but it'll get the job done)

Don't forget to set up anti-virus and firewalls before you connect your PC back to the internet, though. If you're behind a hardware firewall (IE, if you're on a wireless/wired network, it shouldn't be too much of a problem).

And lastly, use FireFox.

— Off Topic —

CrazyCaity123 wrote: Actually, there's almost nothing wrong at all! :D

LIAR, there are still racist websites on the net

— /Off Topic —

TS_Death_Angel wrote: Just burn important files onto a DVD/CD, reformat, reinstall Window XP, download Damn Small Linux, copy the files from the DVD onto your new NTFS partition Windows set up (incase your little problem copied itself onto the DVD), and enjoy. (might be a bit extreme, but it'll get the job done)

Don't forget to set up anti-virus and firewalls before you connect your PC back to the internet, though. If you're behind a hardware firewall (IE, if you're on a wireless/wired network, it shouldn't be too much of a problem).

And lastly, use FireFox.

Er, first off, I do use FF. Secondly, There is nothing wrong anymore. and @Mozzer: I'll rephrase that: There is almost nothing wrong WITH MY COMPUTER anymore. :)

id try disconnecting from the internet and running in safe mode, then search for any "unwanted" material

http://www.paretologic.com/download/xoftspyse/

Best anti virus/anti malware/anti trojan software ever. Picks up everything.

lol.

i was never hacked. chances for that happening, if you didn't anger a good hacker are so slim, you can be sure it didn't happen. now it can be just what we in school call "windows".

for instance, i couldn't boot my comp for some time. at the windows loading screen it would freeze. i couldn't enter safe mode either. after few days everything was fine. also, windows can do incredible stuff. no hacker was able to disallow drivers for graphics card to be installed, sp2 did ;D you're facing 2 things now.

bsod - windows ;D

msn - now as i see it - it could be some stupid msn worm or trojan, but any better AV would detect it. it could be abel. get rid of abel. it could be some extra special uber hacker attack on your computer. just to send random msn messages. nah. if everything's fine, your problem was windows ;)

well basically it sounded more like a msn spreader it doesn't get picked up by the virus scans because its not technically a virus if it is the spreader it will be in your internet temporary files and deleting it will be easiest, it also could be a much worse one which recopies itself once every few minutes on your comp behaviour of a virus but for some reason doesnt get picked up by the scanners but they are usually given crap names so you can find them easy or you could just check your prefetch files to stop whatever appeared on your computer executing which will solve the majority of the problem. and for next time instances if anything happens tyr using avg antispyware its a really nice program picks up things that adaware and spybot can not pick up so yeh a nice program all in all.:D oh and its free too

O23 - Service: Abel - Unknown owner - C:\Abel.exe (file missing)

It looks like abel is running, try to go offline and remove it.

Make It Public!!!!!!!!!!!!!! :angry:

i figured not to open new thread for this…

see, one of my pals has a little problem. He suspects msn.

HE SAYS (i have to go there and check it) that he can't go on any AV sites or download or run any AV programs. also he said his comp was screwed. When he deinstalled msn it was magically normal, and when he reinstalled it screwed up again. He never had such problem before, and if this is true, i've got no idea what this could be. anybody has an idea?

yep, windows live messenger

I found this in the latest copy of an UK magazine called PC Utilities…

Malware designed to steal users' Windows Live Messenger passwords has been released across the Internet. Once downloaded and installed the Trojan displays a fake Windows Live Messenger login screen and prompts for a username and password, which are then stored in a file for the hacker to pick up. Users are urged to keep their Windows patches and anti-virus programs upto date to guard against the threat and not to open unexpected email attachments.

thx for the info. i'll tell him