all sorts of problems

Computing.Net > Forums > Security and Virus > all sorts of problems

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

all sorts of problems

Name: spillfencer
Date: January 30, 2004 at 08:57:27 Pacific
OS: Win2000 SP4
CPU/Ram: Athlon 1000/512Mb

Comment:

Help, I'm having all sorts of problems.
Windows Explorer has gone unstable, pegs CPU at 100% when I open it and displays a blank screen. Disbled the view option and at least I see filesnow. Ran spybot and adaware and found loads of things which have been cleaned. McAfee finds nothing so I've reached the end of my knowledge. Here's a listing from HiJack this please help

Logfile of HijackThis v1.97.7
Scan saved at 16:55:44, on 30/01/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
E:\WINNT\system32\CTSvcCDA.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\gearsec.exe
E:\WINNT\system32\mgabg.exe
E:\WINNT\system32\regsvc.exe
E:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
E:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\Tablet.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\MsPMSPSv.exe
E:\WINNT\system32\svchost.exe
E:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
E:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\WINNT\system32\CTHELPER.exe
E:\WINNT\system32\PDesk.exe
E:\WINNT\system32\internat.exe
E:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
E:\Program Files\Wacom\TabUserW.exe
E:\Program Files\Exif Launcher\QuickDCF.exe
E:\Program Files\3M\PSN2Lite\Psn2Lite.exe
E:\PROGRA~1\3M\PSN2Lite\PSNGive.exe
E:\WINNT\system32\taskmgr.exe
D:\downloads\HijackThis.exe
E:\WINNT\explorer.exe
E:\Program Files\Internet Explorer\iexplore.exe
D:\downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sh2.searchsprint.com/xml3.php?w=nsdotodt.exe (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.justforwomen.biz/homepage.asp?Style=1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - E:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: (no name) - {11D5C60A-BD9F-4C81-AE2A-615830163751} - E:\WINNT\xmohacae.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - E:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - E:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.exe
O4 - HKLM\..\Run: [UpdReg] E:\WINNT\UpdReg.exe
O4 - HKLM\..\Run: [Jet Detection] "E:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Progra~1\REGSHAVE\REGSHAVE.exe /autorun
O4 - HKLM\..\Run: [Matrox Powerdesk] E:\WINNT\system32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [NeroCheck] E:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nodajlmb] E:\WINNT\salqmnxs.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] E:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [qzinwyle] E:\WINNT\nsdotodt.exe
O4 - HKLM\..\Run: [TrojanScanner] E:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "E:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Startup: Launch Outlook Express (2).lnk = E:\Program Files\Outlook Express\msimn.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.exe
O4 - Global Startup: TabUserW.lnk = E:\Program Files\Wacom\TabUserW.exe
O4 - Global Startup: Exif Launcher.lnk = E:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: Post-it� Software Notes Lite.lnk = E:\Program Files\3M\PSN2Lite\Psn2Lite.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16756c74754dc506ef14/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37867.2499652778
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F420A442-7538-48DF-A3F1-C55BDE3BBB56} (jimmyload.jimmycont) - http://www.roings.com/sec.cab

Sponsored Link

Ads by Google

Response Number 1

Name: iceblue
Date: January 31, 2004 at 00:23:04 Pacific

Reply:

Gday Phil,
Close all windows explorer and browser windows
and have Hjt fix checked the following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sh2.searchsprint.com/xml3.php?w=nsdotodt.exe (obfuscated)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {11D5C60A-BD9F-4C81-AE2A-615830163751} - E:\WINNT\xmohacae.dll
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdReg] E:\WINNT\UpdReg.exe
O4 - HKLM\..\Run: [nodajlmb] E:\WINNT\salqmnxs.exe
O4 - HKLM\..\Run: [qzinwyle] E:\WINNT\nsdotodt.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16756c74754dc506ef14/netzip/RdxIE601.cab
O16 - DPF: {F420A442-7538-48DF-A3F1-C55BDE3BBB56} (jimmyload.jimmycont) - http://www.roings.com/sec.cab

Rename this file to realsched.bak
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Reboot, make sure that you can view hidden files and folders, find and delete these files if present;
E:\WINNT\nsdotodt.exe
E:\WINNT\salqmnxs.exe
Reboot, rescan and repost the new HjT log.
Thanks,
and have a nice day on the net.
Ice
hmmm�and go get spywareBlaster and SpywareGuard.
<winks>

Response Number 2

Name: spillfencer
Date: January 31, 2004 at 02:11:57 Pacific

Reply:

First of all many thanks for taking the time to help me out. It is very much appreciated.
Were you serious about the spywareblaster and spywareguard ?
Here is the new log...
Logfile of HijackThis v1.97.7
Scan saved at 10:08:21, on 31/01/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
E:\WINNT\system32\CTSvcCDA.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\gearsec.exe
E:\WINNT\system32\mgabg.exe
E:\WINNT\system32\regsvc.exe
E:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
E:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\Tablet.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\MsPMSPSv.exe
E:\WINNT\system32\svchost.exe
E:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
E:\WINNT\Explorer.exe
E:\WINNT\system32\CTHELPER.exe
E:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
E:\WINNT\system32\PDesk.exe
E:\WINNT\system32\ezSP_Px.exe
E:\WINNT\system32\internat.exe
E:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
E:\Program Files\Wacom\TabUserW.exe
E:\Program Files\Exif Launcher\QuickDCF.exe
E:\Program Files\3M\PSN2Lite\Psn2Lite.exe
E:\PROGRA~1\3M\PSN2Lite\PSNGive.exe
D:\downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.justforwomen.biz/homepage.asp?Style=1
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - E:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - E:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - E:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.exe
O4 - HKLM\..\Run: [Jet Detection] "E:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Progra~1\REGSHAVE\REGSHAVE.exe /autorun
O4 - HKLM\..\Run: [Matrox Powerdesk] E:\WINNT\system32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [NeroCheck] E:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] E:\WINNT\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "E:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: TabUserW.lnk = E:\Program Files\Wacom\TabUserW.exe
O4 - Global Startup: Exif Launcher.lnk = E:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: Post-it� Software Notes Lite.lnk = E:\Program Files\3M\PSN2Lite\Psn2Lite.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37867.2499652778
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Regards
Phil

Response Number 3

Name: iceblue
Date: January 31, 2004 at 03:25:32 Pacific

Reply:

Yes, the pointers to SpywareBlaster and SpywareGuard were genuine. They provide background protection from parasites loading onto your system and are widely regarded as essential equipment.
Spywareblaster
SpywareGuard
Looks good to go, and have a nice day on the net.
hth,
Ice

Response Number 4

Name: spillfencer
Date: January 31, 2004 at 04:38:57 Pacific

Reply:

Many thanks Ice
works like a dream now, great to have my old machine back instead of the one with two brains!
regards
Phil

Sponsored Link

Ads by Google

matrox g100a-e aix sort java all divisors of number	all versions of Linux remove ALL traces of AOL list of all versions of windows
See More

still got problems...new ...

Cannot get rid of blaster...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: all sorts of problems

Help with Hijackthis log

Summary

www.computing.net/answers/security/help-with-hijackthis-log/18159.html

Firewall and ICS

Summary

www.computing.net/answers/security/firewall-and-ics/12735.html

ip address

Summary

www.computing.net/answers/security/ip-address/14797.html

From the Geek Dictionary
Emo - Emo is an abbreviation for Emotionally Disturbed teen or pre-teen person. O...

Ask a Question!

Weekly Poll
Do you believe in Video Game Addiction?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
Damaged FAT

powerpoint toolbar

Hit by lightning

Can't install windows xp correctly

This is very interesting.

All Awaiting Reply

Tom's News
Queues in Manhattan Form as DROID Launches

Report: $99 iPhone 3GS in Time For the Holidays

Game Boy, Ball Gets Into Toy Hall of Fame

iPhone Developer Stealing Private Info

Nintendo: There is No Wii HD

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE