[Solved] hijack log and spybot log help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Cindy0515

Thread Starter
Joined
Feb 22, 2004
Messages
58
hello

i need some help again :confused:
Here is my log that will not go away in spybot.. these items keep appearing
DoubleClick: Tracking cookie (Internet Explorer: Cindy Nicoletti) (Cookie, nothing done)


Look2Me: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}

VX2/h.ABetterInternet: Global settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}


--- Spybot - Search && Destroy version: 1.3 beta 6 ---
2004-02-26 Includes\Cookies.sbi
2004-02-29 Includes\Dialer.sbi
2004-02-29 Includes\Hijackers.sbi
2004-02-26 Includes\Keyloggers.sbi
2004-02-22 Includes\LSP.sbi
2004-02-29 Includes\Malware.sbi
2004-02-22 Includes\plugin-ignore.ini
2004-03-09 Includes\Revision.sbi
2004-02-26 Includes\Security.sbi
2004-02-29 Includes\Spybots.sbi
2004-02-26 Includes\Tracks.uti
2004-02-29 Includes\Trojans.sbi



Ok now here is my hijack log

Logfile of HijackThis v1.97.7
Scan saved at 9:38:44 PM, on 4/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\IM Grabber\IMGrabber.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfAgent.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\America Online 9.0a\aolwbspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Cindy Nicoletti\Local Settings\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\IncrediFind\BHO\IncFindBHO.dll (file missing)
O2 - BHO: (no name) - {B338E732-512F-4D0E-9764-3C2E866907A5} - C:\WINNT\System32\aoltcvp16.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [AutoProp] C:\PROGRA~1\MI1933~1\Office10\bots\fp_wmp\regprop.exe C:\PROGRA~1\MI1933~1\Office10\bots\fp_wmp\WMPaddin.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IM Grabber] C:\Program Files\IM Grabber\IMGrabber.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: AIM (HKLM)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} - http://www.ea.com/downloads/games/common/boot_strap/iegils.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - http://activex.microsoft.com/activex/controls/agent2/tv_enua.exe
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file=stamps.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBD5F671-A36C-405B-A69C-4A1BB5C4169B}: NameServer = 205.188.146.146



What is going on... Please help me...
Thank You Cindy
;) ;)
 
Joined
Jul 26, 2002
Messages
46,349
Please download the KillBox from here:

http://download.broadbandmedic.com/VbStuff/KillBox.zip

Unzip it to it's own folder and click on Find in the upper right corner then click on Find msg{}.dll. This will open a new window that will create a list of .dll's. In that window click on File then Create Log. A box will pop up asking if you want to "Show log in notepad?". Click Yes and the log will open in notepad. Got to Edit > Select All then Edit > Copy. Come back here and paste the contents of that log in a reply.
 

Cindy0515

Thread Starter
Joined
Feb 22, 2004
Messages
58
Log for KillBox ver.2.0.1
--------------------------

---msg{}dll search---
C:\WINNT\System32\msg117.dll
C:\WINNT\System32\msg118.dll
C:\WINNT\System32\msgina.dll
C:\WINNT\System32\msgsvc.dll
C:\WINNT\System32\msguard.dll
C:\WINNT\System32\dllcache\msgr3en.dll
C:\WINNT\System32\dllcache\msgsvc.dll
C:\WINNT\System32\Setup\msgrocm.dll


Thank You for your help so quickly...:D
 
Joined
Jul 26, 2002
Messages
46,349
It's just what I thought. You have been infected by the Look2Me parasite.

Go here and download the Msg121Fix!.zip-2K/XP file and unzip it. Follow the directions on that page.

*Note: Be sure you unzip the file first. It will not work if you don't

When you've done that come back here and post another Hijack This log.
 

Cindy0515

Thread Starter
Joined
Feb 22, 2004
Messages
58
Logfile of HijackThis v1.97.7
Scan saved at 11:10:46 PM, on 4/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfAgent.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\America Online 9.0a\aolwbspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Cindy Nicoletti\Local Settings\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\IncrediFind\BHO\IncFindBHO.dll (file missing)
O2 - BHO: (no name) - {B338E732-512F-4D0E-9764-3C2E866907A5} - C:\WINNT\System32\aoltcvp16.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [AutoProp] C:\PROGRA~1\MI1933~1\Office10\bots\fp_wmp\regprop.exe C:\PROGRA~1\MI1933~1\Office10\bots\fp_wmp\WMPaddin.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IM Grabber] C:\Program Files\IM Grabber\IMGrabber.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: AIM (HKLM)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} - http://www.ea.com/downloads/games/common/boot_strap/iegils.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - http://activex.microsoft.com/activex/controls/agent2/tv_enua.exe
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file=stamps.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBD5F671-A36C-405B-A69C-4A1BB5C4169B}: NameServer = 205.188.146.146
 
Joined
Jul 26, 2002
Messages
46,349
Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\IncrediFind\BHO\IncFindBHO.dll (file missing)

O2 - BHO: (no name) - {B338E732-512F-4D0E-9764-3C2E866907A5} - C:\WINNT\System32\aoltcvp16.dll

O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)


Restart your computer.

Now Click here to download LspFix

Launch the application, and click the "I know what I'm doing" checkbox.
Check all instances of inetadpt.dll (and nothing else) , and move them to the "Remove" pane.
Then click Finish.

Now start your computer in Safe Mode, and delete:

The c:\winnt\system32\inetadpt.dll file

How to start your computer in safe mode
 

Cindy0515

Thread Starter
Joined
Feb 22, 2004
Messages
58
I did everything exactly as you said. I ran spybot again
two things still came up..I appreciate your help...


VX2/h.ABetterInternet: Global settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}

Look2Me: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}


--- Spybot - Search && Destroy version: 1.3 beta 6 ---
2004-02-26 Includes\Cookies.sbi
2004-02-29 Includes\Dialer.sbi
2004-02-29 Includes\Hijackers.sbi
2004-02-26 Includes\Keyloggers.sbi
2004-02-22 Includes\LSP.sbi
2004-02-29 Includes\Malware.sbi
2004-02-22 Includes\plugin-ignore.ini
2004-03-09 Includes\Revision.sbi
2004-02-26 Includes\Security.sbi
2004-02-29 Includes\Spybots.sbi
2004-02-26 Includes\Tracks.uti
2004-02-29 Includes\Trojans.sbi

Logfile of HijackThis v1.97.7
Scan saved at 12:27:25 AM, on 4/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\IM Grabber\IMGrabber.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfAgent.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\America Online 9.0a\aolwbspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Cindy Nicoletti\Local Settings\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [AutoProp] C:\PROGRA~1\MI1933~1\Office10\bots\fp_wmp\regprop.exe C:\PROGRA~1\MI1933~1\Office10\bots\fp_wmp\WMPaddin.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IM Grabber] C:\Program Files\IM Grabber\IMGrabber.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} - http://www.ea.com/downloads/games/common/boot_strap/iegils.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - http://activex.microsoft.com/activex/controls/agent2/tv_enua.exe
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file=stamps.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBD5F671-A36C-405B-A69C-4A1BB5C4169B}: NameServer = 205.188.146.146
 
Joined
Jul 26, 2002
Messages
46,349
The log is clean. Restart your computer and run Spybot again and see if it detects those again. If it does post another log from KillBox again like you did before.
 

Cindy0515

Thread Starter
Joined
Feb 22, 2004
Messages
58
Log for KillBox ver.2.0.1
--------------------------

---msg{}dll search---
C:\WINNT\System32\msg118.dll
C:\WINNT\System32\msgina.dll
C:\WINNT\System32\msgsvc.dll
C:\WINNT\System32\msguard.dll
C:\WINNT\System32\dllcache\msgr3en.dll
C:\WINNT\System32\dllcache\msgsvc.dll
C:\WINNT\System32\Setup\msgrocm.dll


I am going to redo everything again. I know or at least I think I did it correctly.... Thank You Cindy
 
Joined
Jul 26, 2002
Messages
46,349
Well you've still got these:

C:\WINNT\System32\msg118.dll
C:\WINNT\System32\msguard.dll


Those are L2M files. When did the removal steps before, did you follow all the directions on that page? If you did, did everything go according to the directions?
 

Cindy0515

Thread Starter
Joined
Feb 22, 2004
Messages
58
Hi I redid everything and ran spybot and both are still there

I ran kill log and it is below also
Is there anything else I can do?
Cindy


VX2/h.ABetterInternet: Global settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}

Look2Me: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}


--- Spybot - Search && Destroy version: 1.3 beta 6 ---
2004-02-26 Includes\Cookies.sbi
2004-02-29 Includes\Dialer.sbi
2004-02-29 Includes\Hijackers.sbi
2004-02-26 Includes\Keyloggers.sbi
2004-02-22 Includes\LSP.sbi
2004-02-29 Includes\Malware.sbi
2004-02-22 Includes\plugin-ignore.ini
2004-03-09 Includes\Revision.sbi
2004-02-26 Includes\Security.sbi
2004-02-29 Includes\Spybots.sbi
2004-02-26 Includes\Tracks.uti
2004-02-29 Includes\Trojans.sbi

Log for KillBox ver.2.0.1
--------------------------

---msg{}dll search---
C:\WINNT\System32\msg118.dll
C:\WINNT\System32\msgina.dll
C:\WINNT\System32\msgsvc.dll
C:\WINNT\System32\msguard.dll
C:\WINNT\System32\dllcache\msgr3en.dll
C:\WINNT\System32\dllcache\msgsvc.dll
C:\WINNT\System32\Setup\msgrocm.dll
 
Joined
Jul 26, 2002
Messages
46,349
Sorry it took so long to reply, but I've been extremely busy.

Did you go offline before you ran the Msg121Fix ?
 

Cindy0515

Thread Starter
Joined
Feb 22, 2004
Messages
58
Hi flrman1

I did it offline and I just did it again offline....
Is there any other fix for this look2me?
Help Help LOL
My computer when it starts takes forever to load I cannot believe all these problems.
Thanks again Cindy
 

Cindy0515

Thread Starter
Joined
Feb 22, 2004
Messages
58
Hi
Is this correct I open taskmanager by right clicking the taskbar? And click taskbar and then look in processes? It is checked on the bottom to show all.
There is no rundll32 running. Am I looking in the right spot?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Top