Solved: Hijack repair log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

einbks

Thread Starter
Joined
Feb 4, 2005
Messages
26
Here is our logfile - in setting up Internet Explorer again we ended up with a range of viruses & spyware. We have scanned using AVG & run AdAware & Spybot. We are getting about:blank wanting to be home page plus an unwanted toolbar with links to gambling, sex etc on Internet Explorer.

I'd like some advice on which items we need to remove from the log.

Logfile of HijackThis v1.99.0
Scan saved at 2:11:00 PM, on 5/02/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\internat.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\qwsxp.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\qwsxp.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\qwsxp.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\qwsxp.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet Cable
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {83B52BE0-68B0-4A41-976A-83E24D29B64F} - C:\WINNT\System32\qwsxp.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-716D61788264} - C:\WINNT\System32\max8264.dll (file missing)
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINNT\System32\iesp2.dll
O3 - Toolbar: AdwareFilter - {1028F737-81E7-452B-A860-E50CAD90A08C} - C:\Program Files\AdwareFilterToolBar\AdwareFilter.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Hot_Tarts_Au] C:\Program Files\Video1\Dialers\Hot_Tarts_Au\Hot_Tarts_Au.exe /dontdial
O4 - HKLM\..\Run: [Virgins_au] C:\Program Files\Video1\Dialers\Virgins_au\Virgins_au.exe /dontdial
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4426/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBA7FB62-35CD-453D-9163-9A81DEC937C3}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31
O18 - Filter: text/html - {24D3B395-5853-49A4-A4EF-ABA90D9B91D1} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òeEÆR - {24D3B395-5853-49A4-A4EF-ABA90D9B91D1} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òÏTÆR - {D3D9A006-58EC-4A26-8679-957FD293AFDE} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òÒEÆR - {A04E1EF5-E53E-4814-808D-579001F22F62} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òöEÆR - {B00BAB65-021B-4D64-A216-9CD358748A7C} - C:\WINNT\System32\qwsxp.dll
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Thanks - einbks
 

einbks

Thread Starter
Joined
Feb 4, 2005
Messages
26
:( I keep getting a Spyware Browser Alert that my IE Search page has been changed & then I have to click four times to keep my existing home page - if I don't it becomes about:blank.

I have used AVG virus scanner & Ad Aware & Spybot, but can't remove this problem. Would someone please look at my log & let me know what I need to do.

Logfile of HijackThis v1.99.0
Scan saved at 10:26:23 PM, on 7/02/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\internat.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet Cable
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {83B52BE0-68B0-4A41-976A-83E24D29B64F} - C:\WINNT\System32\qwsxp.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-716D61788264} - C:\WINNT\System32\max8264.dll (file missing)
O3 - Toolbar: AdwareFilter - {1028F737-81E7-452B-A860-E50CAD90A08C} - C:\Program Files\AdwareFilterToolBar\AdwareFilter.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4426/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBA7FB62-35CD-453D-9163-9A81DEC937C3}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31
O18 - Filter: text/html - {10796BDF-F294-4051-86B3-0CA10CFC0928} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5ò EÆR - {10796BDF-F294-4051-86B3-0CA10CFC0928} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5ò1EÆR - {DBC4BD16-1228-4037-8AA5-49360CF538AE} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5ò2EÆR - {DEF71504-B58E-4F83-B904-7CEA1E58A336} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òeEÆR - {24D3B395-5853-49A4-A4EF-ABA90D9B91D1} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òÏTÆR - {D3D9A006-58EC-4A26-8679-957FD293AFDE} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òÒEÆR - {A04E1EF5-E53E-4814-808D-579001F22F62} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òöEÆR - {B00BAB65-021B-4D64-A216-9CD358748A7C} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òßFÆR - {A8151F7C-52D1-485C-8933-6D4F59E4C779} - C:\WINNT\System32\qwsxp.dll
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Thanks - Einbks
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi einbks, Welcome to TSG!! :)


I have combined both of your threads into this one. Please don't create a new thread for the same problem, continue to reply here.


Click on the link below to download CWshredder.
http://www.intermute.com/spysubtract/cwshredder_download.html

Run the program and let it do it's thing. Make sure to click on "Fix" and not scan only.

__________________________

Run HJT again and put a check in the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {83B52BE0-68B0-4A41-976A-83E24D29B64F} - C:\WINNT\System32\qwsxp.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-716D61788264} - C:\WINNT\System32\max8264.dll (file missing)
O3 - Toolbar: AdwareFilter - {1028F737-81E7-452B-A860-E50CAD90A08C} - C:\Program Files\AdwareFilterToolBar\AdwareFilter.dll (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBA7FB62-35CD-453D-9163-9A81DEC937C3}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31
O18 - Filter: text/html - {10796BDF-F294-4051-86B3-0CA10CFC0928} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5ò EÆR - {10796BDF-F294-4051-86B3-0CA10CFC0928} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5ò1EÆR - {DBC4BD16-1228-4037-8AA5-49360CF538AE} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5ò2EÆR - {DEF71504-B58E-4F83-B904-7CEA1E58A336} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òeEÆR - {24D3B395-5853-49A4-A4EF-ABA90D9B91D1} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òÏTÆR - {D3D9A006-58EC-4A26-8679-957FD293AFDE} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òÒEÆR - {A04E1EF5-E53E-4814-808D-579001F22F62} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òöEÆR - {B00BAB65-021B-4D64-A216-9CD358748A7C} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òßFÆR - {A8151F7C-52D1-485C-8933-6D4F59E4C779} - C:\WINNT\System32\qwsxp.dll

Close all applications and browser windows before you click "fix checked".

Download Spybot http://www.majorgeeks.com/download.php?det=2471


Click on "Search For updates" When prompted.

Next, close all Internet Explorer windows, and click Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED.

__________________________________________________


Download Adaware SE http://lavasoft.element5.com/software/adaware/

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

From main window: Click Start then under Select a scan Mode tick Perform full system scan.

Next deselect Search for negligible risk entries.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Reboot and post another HJT log for review.
 

einbks

Thread Starter
Joined
Feb 4, 2005
Messages
26
Dear Cybertech Moderator
Thanks so much for your help. The problem seems to be solved.
Here is a copy of my curretn HJT Log

einbks

Logfile of HijackThis v1.99.0
Scan saved at 9:32:46 PM, on 15/02/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\internat.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet Cable
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4426/mcfscan.cab
O18 - Filter: tœ†5ò
EÆR - {F90BA1DE-821E-4B81-9F18-D57005F4EC86} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òNLÆR - {2985EC10-A9CB-4C0E-9A4A-BDDCEBB84D3A} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òÈFÆR - {C7AE0063-8F04-4343-8733-C046F30E9A4C} - (no file)
O18 - Filter: tœ†5òÊFÆR - {9C97D5CA-B01A-4A4F-9D89-68C3016B85F2} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òËFÆR - {E21CBB83-402B-408F-929A-5A385AAC348C} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òÏTÆR - {D3D9A006-58EC-4A26-8679-957FD293AFDE} - C:\WINNT\System32\qwsxp.dll
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run HJT again and put a check in the following:

O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan
O18 - Filter: tœ†5ò
EÆR - {F90BA1DE-821E-4B81-9F18-D57005F4EC86} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òNLÆR - {2985EC10-A9CB-4C0E-9A4A-BDDCEBB84D3A} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òÈFÆR - {C7AE0063-8F04-4343-8733-C046F30E9A4C} - (no file)
O18 - Filter: tœ†5òÊFÆR - {9C97D5CA-B01A-4A4F-9D89-68C3016B85F2} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òËFÆR - {E21CBB83-402B-408F-929A-5A385AAC348C} - C:\WINNT\System32\qwsxp.dll
O18 - Filter: tœ†5òÏTÆR - {D3D9A006-58EC-4A26-8679-957FD293AFDE} - C:\WINNT\System32\qwsxp.dll

Close all applications and browser windows before you click "fix checked".


Restart in Safe Mode

Uninstall Spyware Vanisher in add/remove programs.
Delete the folder: C:\spywarevanisher-free
Delete the file: C:\WINNT\System32\qwsxp.dll

Reboot.
 

einbks

Thread Starter
Joined
Feb 4, 2005
Messages
26
Thanks - I've run HJT & fix checked what you indicated.

However when I go to uninstall Spyware Vanisher I get the following error message - could not load initialization file.

I have not deleted the folder & file as yet in case they need to be done in that order.
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
I would go ahead and delete the folder, your other choice would be to reload it to be able to remove it in add/remove programs. I'm guessing the initializaion file was probably in your temporary internet files.
 

einbks

Thread Starter
Joined
Feb 4, 2005
Messages
26
Thanks - Couldn't find the folder or file. I searched via windows explorer & find. Can I assume that they don't exist? All seems to be working fine now.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top