Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

[Solved] hijack log and spybot log help

1634 Views 18 Replies 2 Participants Last post by  Flrman1

i need some help again :confused:
Here is my log that will not go away in spybot.. these items keep appearing
DoubleClick: Tracking cookie (Internet Explorer: Cindy Nicoletti) (Cookie, nothing done)

Look2Me: Class ID (Registry key, nothing done)

VX2/h.ABetterInternet: Global settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}

--- Spybot - Search && Destroy version: 1.3 beta 6 ---
2004-02-26 Includes\
2004-02-29 Includes\
2004-02-29 Includes\
2004-02-26 Includes\
2004-02-22 Includes\
2004-02-29 Includes\
2004-02-22 Includes\plugin-ignore.ini
2004-03-09 Includes\
2004-02-26 Includes\
2004-02-29 Includes\
2004-02-26 Includes\Tracks.uti
2004-02-29 Includes\

Ok now here is my hijack log

Logfile of HijackThis v1.97.7
Scan saved at 9:38:44 PM, on 4/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\PROGRA~1\\Personal Firewall\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\IM Grabber\IMGrabber.exe
C:\PROGRA~1\\Personal Firewall\MpfTray.exe
C:\PROGRA~1\\Personal Firewall\MpfAgent.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\America Online 9.0a\aolwbspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Cindy Nicoletti\Local Settings\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\IncrediFind\BHO\IncFindBHO.dll (file missing)
O2 - BHO: (no name) - {B338E732-512F-4D0E-9764-3C2E866907A5} - C:\WINNT\System32\aoltcvp16.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [AutoProp] C:\PROGRA~1\MI1933~1\Office10\bots\fp_wmp\regprop.exe C:\PROGRA~1\MI1933~1\Office10\bots\fp_wmp\WMPaddin.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IM Grabber] C:\Program Files\IM Grabber\IMGrabber.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\\Personal Firewall\MpfTray.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: AIM (HKLM)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) -
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} -
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} -
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} -
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} -
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBD5F671-A36C-405B-A69C-4A1BB5C4169B}: NameServer =

What is going on... Please help me...
Thank You Cindy
;) ;)
See less See more
Not open for further replies.
1 - 9 of 19 Posts
Please download the KillBox from here:

Unzip it to it's own folder and click on Find in the upper right corner then click on Find msg{}.dll. This will open a new window that will create a list of .dll's. In that window click on File then Create Log. A box will pop up asking if you want to "Show log in notepad?". Click Yes and the log will open in notepad. Got to Edit > Select All then Edit > Copy. Come back here and paste the contents of that log in a reply.
It's just what I thought. You have been infected by the Look2Me parasite.

Go here and download the Msg121Fix!.zip-2K/XP file and unzip it. Follow the directions on that page.

*Note: Be sure you unzip the file first. It will not work if you don't

When you've done that come back here and post another Hijack This log.
Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\IncrediFind\BHO\IncFindBHO.dll (file missing)

O2 - BHO: (no name) - {B338E732-512F-4D0E-9764-3C2E866907A5} - C:\WINNT\System32\aoltcvp16.dll

O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)

Restart your computer.

Now Click here to download LspFix

Launch the application, and click the "I know what I'm doing" checkbox.
Check all instances of inetadpt.dll (and nothing else) , and move them to the "Remove" pane.
Then click Finish.

Now start your computer in Safe Mode, and delete:

The c:\winnt\system32\inetadpt.dll file

How to start your computer in safe mode
See less See more
The log is clean. Restart your computer and run Spybot again and see if it detects those again. If it does post another log from KillBox again like you did before.
Well you've still got these:


Those are L2M files. When did the removal steps before, did you follow all the directions on that page? If you did, did everything go according to the directions?
Sorry it took so long to reply, but I've been extremely busy.

Did you go offline before you ran the Msg121Fix ?
I guess you are going to have to try the old removal method from here:

It works you just have to do a lot of it manually. There are two methods there. I suggest that you try Method 2.
That's right. Are you clicking on the Processes tab and looking for it running there or are you looking for it in the Applications tab?
My Pleasure! :)

Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.

I'm closing this thread. If you need it reopened please PM me or one of the other mods.

Anyone else with a similar problem please start a "New Thread".
1 - 9 of 19 Posts
Not open for further replies.