1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Solved] hijack log and spybot log help

Discussion in 'Virus & Other Malware Removal' started by Cindy0515, Apr 2, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Cindy0515

    Cindy0515 Thread Starter

    Joined:
    Feb 22, 2004
    Messages:
    58
    hello

    i need some help again :confused:
    Here is my log that will not go away in spybot.. these items keep appearing
    DoubleClick: Tracking cookie (Internet Explorer: Cindy Nicoletti) (Cookie, nothing done)


    Look2Me: Class ID (Registry key, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}

    VX2/h.ABetterInternet: Global settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}


    --- Spybot - Search && Destroy version: 1.3 beta 6 ---
    2004-02-26 Includes\Cookies.sbi
    2004-02-29 Includes\Dialer.sbi
    2004-02-29 Includes\Hijackers.sbi
    2004-02-26 Includes\Keyloggers.sbi
    2004-02-22 Includes\LSP.sbi
    2004-02-29 Includes\Malware.sbi
    2004-02-22 Includes\plugin-ignore.ini
    2004-03-09 Includes\Revision.sbi
    2004-02-26 Includes\Security.sbi
    2004-02-29 Includes\Spybots.sbi
    2004-02-26 Includes\Tracks.uti
    2004-02-29 Includes\Trojans.sbi



    Ok now here is my hijack log

    Logfile of HijackThis v1.97.7
    Scan saved at 9:38:44 PM, on 4/2/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Norton Internet Security\ccPxySvc.exe
    C:\Program Files\EPSON\ESM2\eEBSVC.exe
    C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\wanmpsvc.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\GWMDMMSG.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\IM Grabber\IMGrabber.exe
    C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
    C:\PROGRA~1\McAfee.com\Personal Firewall\MpfAgent.exe
    C:\Program Files\America Online 9.0a\waol.exe
    C:\Program Files\America Online 9.0a\shellmon.exe
    C:\Program Files\America Online 9.0a\aolwbspd.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Cindy Nicoletti\Local Settings\Temp\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\IncrediFind\BHO\IncFindBHO.dll (file missing)
    O2 - BHO: (no name) - {B338E732-512F-4D0E-9764-3C2E866907A5} - C:\WINNT\System32\aoltcvp16.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
    O4 - HKLM\..\Run: [AutoProp] C:\PROGRA~1\MI1933~1\Office10\bots\fp_wmp\regprop.exe C:\PROGRA~1\MI1933~1\Office10\bots\fp_wmp\WMPaddin.dll
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [IM Grabber] C:\Program Files\IM Grabber\IMGrabber.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
    O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O9 - Extra button: AIM (HKLM)
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} - http://www.ea.com/downloads/games/common/boot_strap/iegils.cab
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - http://support.gateway.com/support/serialharvest/gwCID.CAB
    O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - http://activex.microsoft.com/activex/controls/agent2/tv_enua.exe
    O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file=stamps.cab
    O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
    O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FBD5F671-A36C-405B-A69C-4A1BB5C4169B}: NameServer = 205.188.146.146



    What is going on... Please help me...
    Thank You Cindy
    ;) ;)
     
  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Please download the KillBox from here:

    http://download.broadbandmedic.com/VbStuff/KillBox.zip

    Unzip it to it's own folder and click on Find in the upper right corner then click on Find msg{}.dll. This will open a new window that will create a list of .dll's. In that window click on File then Create Log. A box will pop up asking if you want to "Show log in notepad?". Click Yes and the log will open in notepad. Got to Edit > Select All then Edit > Copy. Come back here and paste the contents of that log in a reply.
     
  3. Cindy0515

    Cindy0515 Thread Starter

    Joined:
    Feb 22, 2004
    Messages:
    58
    Log for KillBox ver.2.0.1
    --------------------------

    ---msg{}dll search---
    C:\WINNT\System32\msg117.dll
    C:\WINNT\System32\msg118.dll
    C:\WINNT\System32\msgina.dll
    C:\WINNT\System32\msgsvc.dll
    C:\WINNT\System32\msguard.dll
    C:\WINNT\System32\dllcache\msgr3en.dll
    C:\WINNT\System32\dllcache\msgsvc.dll
    C:\WINNT\System32\Setup\msgrocm.dll


    Thank You for your help so quickly...:D
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    It's just what I thought. You have been infected by the Look2Me parasite.

    Go here and download the Msg121Fix!.zip-2K/XP file and unzip it. Follow the directions on that page.

    *Note: Be sure you unzip the file first. It will not work if you don't

    When you've done that come back here and post another Hijack This log.
     
  5. Cindy0515

    Cindy0515 Thread Starter

    Joined:
    Feb 22, 2004
    Messages:
    58
    Logfile of HijackThis v1.97.7
    Scan saved at 11:10:46 PM, on 4/2/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Norton Internet Security\ccPxySvc.exe
    C:\Program Files\EPSON\ESM2\eEBSVC.exe
    C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\wanmpsvc.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\GWMDMMSG.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
    C:\PROGRA~1\McAfee.com\Personal Firewall\MpfAgent.exe
    C:\Program Files\America Online 9.0a\waol.exe
    C:\Program Files\America Online 9.0a\shellmon.exe
    C:\Program Files\America Online 9.0a\aolwbspd.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Cindy Nicoletti\Local Settings\Temp\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\IncrediFind\BHO\IncFindBHO.dll (file missing)
    O2 - BHO: (no name) - {B338E732-512F-4D0E-9764-3C2E866907A5} - C:\WINNT\System32\aoltcvp16.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
    O4 - HKLM\..\Run: [AutoProp] C:\PROGRA~1\MI1933~1\Office10\bots\fp_wmp\regprop.exe C:\PROGRA~1\MI1933~1\Office10\bots\fp_wmp\WMPaddin.dll
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [IM Grabber] C:\Program Files\IM Grabber\IMGrabber.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
    O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O9 - Extra button: AIM (HKLM)
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} - http://www.ea.com/downloads/games/common/boot_strap/iegils.cab
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - http://support.gateway.com/support/serialharvest/gwCID.CAB
    O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - http://activex.microsoft.com/activex/controls/agent2/tv_enua.exe
    O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file=stamps.cab
    O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
    O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FBD5F671-A36C-405B-A69C-4A1BB5C4169B}: NameServer = 205.188.146.146
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\IncrediFind\BHO\IncFindBHO.dll (file missing)

    O2 - BHO: (no name) - {B338E732-512F-4D0E-9764-3C2E866907A5} - C:\WINNT\System32\aoltcvp16.dll

    O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)


    Restart your computer.

    Now Click here to download LspFix

    Launch the application, and click the "I know what I'm doing" checkbox.
    Check all instances of inetadpt.dll (and nothing else) , and move them to the "Remove" pane.
    Then click Finish.

    Now start your computer in Safe Mode, and delete:

    The c:\winnt\system32\inetadpt.dll file

    How to start your computer in safe mode
     
  7. Cindy0515

    Cindy0515 Thread Starter

    Joined:
    Feb 22, 2004
    Messages:
    58
    I did everything exactly as you said. I ran spybot again
    two things still came up..I appreciate your help...


    VX2/h.ABetterInternet: Global settings (Registry value, fixed)
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}

    Look2Me: Class ID (Registry key, fixed)
    HKEY_CLASSES_ROOT\CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}


    --- Spybot - Search && Destroy version: 1.3 beta 6 ---
    2004-02-26 Includes\Cookies.sbi
    2004-02-29 Includes\Dialer.sbi
    2004-02-29 Includes\Hijackers.sbi
    2004-02-26 Includes\Keyloggers.sbi
    2004-02-22 Includes\LSP.sbi
    2004-02-29 Includes\Malware.sbi
    2004-02-22 Includes\plugin-ignore.ini
    2004-03-09 Includes\Revision.sbi
    2004-02-26 Includes\Security.sbi
    2004-02-29 Includes\Spybots.sbi
    2004-02-26 Includes\Tracks.uti
    2004-02-29 Includes\Trojans.sbi

    Logfile of HijackThis v1.97.7
    Scan saved at 12:27:25 AM, on 4/3/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Norton Internet Security\ccPxySvc.exe
    C:\Program Files\EPSON\ESM2\eEBSVC.exe
    C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\wanmpsvc.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\GWMDMMSG.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\IM Grabber\IMGrabber.exe
    C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
    C:\PROGRA~1\McAfee.com\Personal Firewall\MpfAgent.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\America Online 9.0a\waol.exe
    C:\Program Files\America Online 9.0a\shellmon.exe
    C:\Program Files\America Online 9.0a\aolwbspd.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Cindy Nicoletti\Local Settings\Temp\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
    O4 - HKLM\..\Run: [AutoProp] C:\PROGRA~1\MI1933~1\Office10\bots\fp_wmp\regprop.exe C:\PROGRA~1\MI1933~1\Office10\bots\fp_wmp\WMPaddin.dll
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [IM Grabber] C:\Program Files\IM Grabber\IMGrabber.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
    O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} - http://www.ea.com/downloads/games/common/boot_strap/iegils.cab
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - http://support.gateway.com/support/serialharvest/gwCID.CAB
    O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - http://activex.microsoft.com/activex/controls/agent2/tv_enua.exe
    O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file=stamps.cab
    O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
    O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FBD5F671-A36C-405B-A69C-4A1BB5C4169B}: NameServer = 205.188.146.146
     
  8. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    The log is clean. Restart your computer and run Spybot again and see if it detects those again. If it does post another log from KillBox again like you did before.
     
  9. Cindy0515

    Cindy0515 Thread Starter

    Joined:
    Feb 22, 2004
    Messages:
    58
    Log for KillBox ver.2.0.1
    --------------------------

    ---msg{}dll search---
    C:\WINNT\System32\msg118.dll
    C:\WINNT\System32\msgina.dll
    C:\WINNT\System32\msgsvc.dll
    C:\WINNT\System32\msguard.dll
    C:\WINNT\System32\dllcache\msgr3en.dll
    C:\WINNT\System32\dllcache\msgsvc.dll
    C:\WINNT\System32\Setup\msgrocm.dll


    I am going to redo everything again. I know or at least I think I did it correctly.... Thank You Cindy
     
  10. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Well you've still got these:

    C:\WINNT\System32\msg118.dll
    C:\WINNT\System32\msguard.dll


    Those are L2M files. When did the removal steps before, did you follow all the directions on that page? If you did, did everything go according to the directions?
     
  11. Cindy0515

    Cindy0515 Thread Starter

    Joined:
    Feb 22, 2004
    Messages:
    58
    Hi I redid everything and ran spybot and both are still there

    I ran kill log and it is below also
    Is there anything else I can do?
    Cindy


    VX2/h.ABetterInternet: Global settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}

    Look2Me: Class ID (Registry key, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}


    --- Spybot - Search && Destroy version: 1.3 beta 6 ---
    2004-02-26 Includes\Cookies.sbi
    2004-02-29 Includes\Dialer.sbi
    2004-02-29 Includes\Hijackers.sbi
    2004-02-26 Includes\Keyloggers.sbi
    2004-02-22 Includes\LSP.sbi
    2004-02-29 Includes\Malware.sbi
    2004-02-22 Includes\plugin-ignore.ini
    2004-03-09 Includes\Revision.sbi
    2004-02-26 Includes\Security.sbi
    2004-02-29 Includes\Spybots.sbi
    2004-02-26 Includes\Tracks.uti
    2004-02-29 Includes\Trojans.sbi

    Log for KillBox ver.2.0.1
    --------------------------

    ---msg{}dll search---
    C:\WINNT\System32\msg118.dll
    C:\WINNT\System32\msgina.dll
    C:\WINNT\System32\msgsvc.dll
    C:\WINNT\System32\msguard.dll
    C:\WINNT\System32\dllcache\msgr3en.dll
    C:\WINNT\System32\dllcache\msgsvc.dll
    C:\WINNT\System32\Setup\msgrocm.dll
     
  12. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Sorry it took so long to reply, but I've been extremely busy.

    Did you go offline before you ran the Msg121Fix ?
     
  13. Cindy0515

    Cindy0515 Thread Starter

    Joined:
    Feb 22, 2004
    Messages:
    58
    Hi flrman1

    I did it offline and I just did it again offline....
    Is there any other fix for this look2me?
    Help Help LOL
    My computer when it starts takes forever to load I cannot believe all these problems.
    Thanks again Cindy
     
  14. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
  15. Cindy0515

    Cindy0515 Thread Starter

    Joined:
    Feb 22, 2004
    Messages:
    58
    Hi
    Is this correct I open taskmanager by right clicking the taskbar? And click taskbar and then look in processes? It is checked on the bottom to show all.
    There is no rundll32 running. Am I looking in the right spot?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/217002

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice