Error message on start up

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Smurfette

Thread Starter
Joined
Aug 2, 2003
Messages
144
I get this error message when I boot up, right when it gets to the desktop. "Error loading NvQTwk The specified module could not be found." I then click OK and it is ok after that. I also have spyware and adware and run them everyday.


Thanks, Tammy


Here is my hijack this log in case you need it.


Logfile of HijackThis v1.97.2
Scan saved at 9:48:40 PM, on 4/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\sys_ai_client_loader.exe
C:\WINDOWS\hhjxeeij.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tammy Dunbar\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: (no name) - {E5701474-4FBC-4AA0-99CA-29DD78536FF0} - C:\WINDOWS\zyrneez.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\WINDOWS\sys_ai_client_loader.exe" /HideUninstall /PC="AM.RNGS" /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [fxtral] C:\WINDOWS\hhjxeeij.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Search.vbs
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Support (HKCU)
O9 - Extra button: Help (HKCU)
O9 - Extra button: ComcastHSI (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet/backgammon/backgammon-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet/videoblackjack/videoblackjack-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet/cribbage/cribbage-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://domino03.pogo.com/applet/domino/domino-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet/euchre/euchre-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://temp36.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet/superbingo/superbingo-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet/hearts/hearts-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://temp92.pogo.com/applet/videopoker2/jokerswild-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
O16 - DPF: Keno by pogo - http://keno.pogo.com/applet/keno/keno-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo.com/applet/mahjong/mahjong-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet/freecell/freecell-ob-assets.cab
O16 - DPF: Pebble Beach Golf by pogo - http://pebble.pogo.com/applet/pebble/pebble-ob-assets.cab
O16 - DPF: Perfect Passer by pogo - http://perfectpasser01.pogo.com/applet/perfectpasser/perfectpasser-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks11.pogo.com/applet/piratesgold/piratesgold-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit09.pogo.com/applet/poppit/poppit-ob-assets.cab
O16 - DPF: Sawgrass Golf by pogo - http://sawgrass.pogo.com/applet/sawgrass/sawgrass-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet/slots/scifi-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades03.pogo.com/applet/spades/spades-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweet07.pogo.com/applet/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem07.pogo.com/applet/holdem/holdem-ob-assets.cab
O16 - DPF: Top Down Baseball by pogo - http://topdown02.pogo.com/applet/topdown/topdown-ob-assets.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://temp36.pogo.com/applet/jumbee/jumbee-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://turbo16.pogo.com/applet/turbo21/turbo21-ob-assets.cab
O16 - DPF: Word Riot by pogo - http://wordriot.pogo.com/applet/wordriot/wordriot-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdown/whackdown-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass/worldclass-ob-assets.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://shizmoo.com/activex/web665.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4018/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/tilecity/tilecity.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GINWORDSSINGLE Class) - http://66.98.132.156/g_bin_eng/wordssingle_2_0_0_22.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GINMAHJONG Class) - http://66.98.132.156/g_bin_eng/mahjong_2_0_0_10.cab
 
Joined
Feb 23, 2003
Messages
16,274
To remove the error follow the steps below.

Go to START
Select RUN
Type in MSCONFIG
Choose the STARTUP tab.
Locate the line NvQTwk
Uncheck the option.
--
 
Joined
Feb 23, 2003
Messages
16,274
If that doesn't work then reload the latest detonator drivers for your video card.
 
Joined
Aug 11, 2001
Messages
2,872
Hi Smufette,
Remove these from startup:
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

This is your startup error, just remove it from startup :
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

This is spyware :
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\WINDOWS\sys_ai_client_loader.exe" /HideUninstall /PC="AM.RNGS" /ShowLegalNote=nonbranded

 

Smurfette

Thread Starter
Joined
Aug 2, 2003
Messages
144
Yes, TW that took care of the error. TYVM! Also, the item down below that you said is spyware. It showed in my log the first time, but when I went back to remove what you told me to remove, it was the only one that wasn't there. Just wondering about it.

Thanks, Tammy



This is spyware :
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\WINDOWS\sys_ai_client_loader.exe" /HideUninstall /PC="AM.RNGS" /ShowLegalNote=nonbranded
 
Joined
Dec 9, 2000
Messages
45,855
You should check these items as well if they remain in the Scanlog, then select "fix checked":

O4 - HKLM\..\Run: [fxtral] C:\WINDOWS\hhjxeeij.exe

O4 - Global Startup: Search.vbs

Don't know what happened to the other item, but post another Scanlog anyway after doing the above.

You should also delete the file:

C:\WINDOWS\hhjxeeij.exe

Search.vbs may need to be manually deleted from the folder:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Also I think TW56 may have inadvertantly included this item to remove:

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

Program Name: CcRegVfy
Executable Name: ccRegVfy.exe
Required: Yes
Comments: Part of Norton AntiVirus 2003. "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"

It is a legitimate Symantec startup. You can restore it by opening HijackThis, selecting Config > Backups and restoring it from the backup folder.
 

Smurfette

Thread Starter
Joined
Aug 2, 2003
Messages
144
Here is my updated Hijack log. Thank you for all of your help.

Tammy



Logfile of HijackThis v1.97.2
Scan saved at 12:47:14 AM, on 4/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\hhjxeeij.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\KeyText\KeyText.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Documents and Settings\Tammy Dunbar\Local Settings\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\hhjxeeij.exe
C:\WINDOWS\hhjxeeij.exe
C:\WINDOWS\sys_ai_client_loader.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\hhjxeeij.exe
C:\WINDOWS\hhjxeeij.exe
C:\WINDOWS\System32\WScript.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: (no name) - {E5701474-4FBC-4AA0-99CA-29DD78536FF0} - C:\WINDOWS\zyrneez.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\WINDOWS\sys_ai_client_loader.exe" /HideUninstall /PC="AM.RNGS" /ShowLegalNote=nonbranded
O4 - Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Support (HKCU)
O9 - Extra button: Help (HKCU)
O9 - Extra button: ComcastHSI (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet/backgammon/backgammon-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet/videoblackjack/videoblackjack-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet/cribbage/cribbage-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://domino03.pogo.com/applet/domino/domino-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet/euchre/euchre-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://temp36.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet/superbingo/superbingo-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet/hearts/hearts-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://temp92.pogo.com/applet/videopoker2/jokerswild-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
O16 - DPF: Keno by pogo - http://keno.pogo.com/applet/keno/keno-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo.com/applet/mahjong/mahjong-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet/freecell/freecell-ob-assets.cab
O16 - DPF: Pebble Beach Golf by pogo - http://pebble.pogo.com/applet/pebble/pebble-ob-assets.cab
O16 - DPF: Perfect Passer by pogo - http://perfectpasser01.pogo.com/applet/perfectpasser/perfectpasser-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks11.pogo.com/applet/piratesgold/piratesgold-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit09.pogo.com/applet/poppit/poppit-ob-assets.cab
O16 - DPF: Sawgrass Golf by pogo - http://sawgrass.pogo.com/applet/sawgrass/sawgrass-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet/slots/scifi-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades03.pogo.com/applet/spades/spades-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweet07.pogo.com/applet/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem07.pogo.com/applet/holdem/holdem-ob-assets.cab
O16 - DPF: Top Down Baseball by pogo - http://topdown02.pogo.com/applet/topdown/topdown-ob-assets.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://temp36.pogo.com/applet/jumbee/jumbee-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://turbo16.pogo.com/applet/turbo21/turbo21-ob-assets.cab
O16 - DPF: Word Riot by pogo - http://wordriot.pogo.com/applet/wordriot/wordriot-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdown/whackdown-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass/worldclass-ob-assets.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://shizmoo.com/activex/web665.cab
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4018/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/tilecity/tilecity.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GINWORDSSINGLE Class) - http://66.98.132.156/g_bin_eng/wordssingle_2_0_0_22.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GINMAHJONG Class) - http://66.98.132.156/g_bin_eng/mahjong_2_0_0_10.cab
 
Joined
Aug 1, 2003
Messages
51,988
NvQTwk----this is an Nvidia video accelerator library. Go to www.nvidia.com and download the latest official drivers.

Startup items should only be dusabled in msconfig for diagnostic purposes. To be disabled permanently, they need to be removed from their startup point in the registry or Startup folder.
 

Smurfette

Thread Starter
Joined
Aug 2, 2003
Messages
144
Hi, you told me to go back and get the backup for the file I wasn't suppose to delete. When I go to backup on hijack this, there is nothing there. I looked at the settings and I have checked create backups before fixing items. I also tried to restore my computer. It said that it cannot be restored at this time. I went back even to the earlist that I could restore it. PLEASE HELP!!

Thanks, Tammy
 
Joined
Feb 23, 2003
Messages
16,274
Hi Tammy..Im afraid you may be in for reinstalling Norton again to replace that file as it seems that you didn't download hijack this to its own folder rather you ran it from temp files...I would try removing Norton first from add/remove programs then reboot and try reinstalling from scratch.
 

Smurfette

Thread Starter
Joined
Aug 2, 2003
Messages
144
Well, I'm in luck then. My Norton Anti-Virus expires today. I have a new one to install, so I would have to install it anyway.

Thanks, Tammy
 
Joined
Dec 9, 2000
Messages
45,855
I'm afraid the Scanlog is still showing serious problems. Best to have these instructions in a convenient Notepad file as you will need to restart in Safe Mode to follow them and no internet connection should be established. Also ensure "show hidden files" is checked in Folder Options > View.

To start in Safe Mode, run msconfig and select the Boot.ini tab. Put a check in /safeboot there. This will have to be removed to return to normal mode.

In Safe Mode run HijackThis and put checks in and "fix" the following entries:

O2 - BHO: (no name) - {E5701474-4FBC-4AA0-99CA-29DD78536FF0} - C:\WINDOWS\zyrneez.dll

O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\WINDOWS\sys_ai_client_loader.exe" /HideUninstall /PC="AM.RNGS" /ShowLegalNote=nonbranded

>>> Next, go to Start > Run, enter cmd (a command shell will open)

Carefully type and enter each of these commands:

del C:\WINDOWS\hhjxeeij.exe
del "C:\WINDOWS\sys_ai_client_loader.exe"


>> be sure to include the quotes in this last command.

Post another Scanlog after rebooting.
 

Smurfette

Thread Starter
Joined
Aug 2, 2003
Messages
144
Hi, here is my updated Hijack log. I couldn't find the 2nd one on this that you wanted me to delete, but I don't see it now.

Thanks, Tammy


Logfile of HijackThis v1.97.2
Scan saved at 9:24:13 AM, on 4/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\KeyText\KeyText.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tammy Dunbar\Local Settings\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Support (HKCU)
O9 - Extra button: Help (HKCU)
O9 - Extra button: ComcastHSI (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet/backgammon/backgammon-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet/videoblackjack/videoblackjack-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet/cribbage/cribbage-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://domino03.pogo.com/applet/domino/domino-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet/euchre/euchre-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://temp36.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet/superbingo/superbingo-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet/hearts/hearts-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://temp92.pogo.com/applet/videopoker2/jokerswild-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
O16 - DPF: Keno by pogo - http://keno.pogo.com/applet/keno/keno-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo.com/applet/mahjong/mahjong-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet/freecell/freecell-ob-assets.cab
O16 - DPF: Pebble Beach Golf by pogo - http://pebble.pogo.com/applet/pebble/pebble-ob-assets.cab
O16 - DPF: Perfect Passer by pogo - http://perfectpasser01.pogo.com/applet/perfectpasser/perfectpasser-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks11.pogo.com/applet/piratesgold/piratesgold-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit09.pogo.com/applet/poppit/poppit-ob-assets.cab
O16 - DPF: Sawgrass Golf by pogo - http://sawgrass.pogo.com/applet/sawgrass/sawgrass-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet/slots/scifi-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades03.pogo.com/applet/spades/spades-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweet07.pogo.com/applet/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem07.pogo.com/applet/holdem/holdem-ob-assets.cab
O16 - DPF: Top Down Baseball by pogo - http://topdown02.pogo.com/applet/topdown/topdown-ob-assets.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://temp36.pogo.com/applet/jumbee/jumbee-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://turbo16.pogo.com/applet/turbo21/turbo21-ob-assets.cab
O16 - DPF: Word Riot by pogo - http://wordriot.pogo.com/applet/wordriot/wordriot-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdown/whackdown-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass/worldclass-ob-assets.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://shizmoo.com/activex/web665.cab
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4018/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/tilecity/tilecity.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GINWORDSSINGLE Class) - http://66.98.132.156/g_bin_eng/wordssingle_2_0_0_22.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GINMAHJONG Class) - http://66.98.132.156/g_bin_eng/mahjong_2_0_0_10.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
 
Joined
Dec 9, 2000
Messages
45,855
Good! The trojan/adware stuff is gone.

The only thing I would delete from here is this 016 entry:

O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB

One doesn't like to see "dialer" applications in this folder as they can sometimes be used to bypass normal modem dialups and result in inflated phone bills.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top