|
|
|||||||
| Spyware Cleaning Section Closed!! |
| Notice: The spyware cleaning (HijackThis) section is closed. Wilders Security no longer provides one on one spyware cleaning assistance. Please see this announcement for a list of websites that provide such services. |
|
|
Thread Tools | Search this Thread |
|
#1
April 7th, 2004, 12:40 PM
|
|||
|
|||
Tried everything to get rid of MSG121.dll
OK, I've tried everything posted on this site. I downloaded Hijack this:
Logfile of HijackThis v1.97.7 Scan saved at 9:12:13 AM, on 4/7/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sygate\SSA\Smc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe C:\PROGRA~1\navnt\DefWatch.exe C:\PROGRA~1\navnt\Rtvscan.exe C:\WINDOWS\SavRoam.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe C:\Program Files\Common Files\ActivCard\acautoreg.exe C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Compaq\EAB\EabServr.exe C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe C:\WINDOWS\System32\atiptaxx.exe C:\Program Files\Compaq\Hotkey Software\hkss.exe C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\navnt\vptray.exe C:\Program Files\Jabber\Messenger\JabberMessenger.exe C:\Program Files\Compaq Wireless LAN\Client Manager\CMCOM.EXE C:\Program Files\eRoom 6\ERClient.exe C:\Unzipped\hijackthis[1]\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.portal.hp.com/search/iesearchpane/pane.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Hewlett-Packard R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy/autoproxy/autoproxy R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = web-proxy.cv.hp.com:8088 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file) O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start O4 - HKLM\..\Run: [IDA] C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\navnt\vptray.exe O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c O4 - HKCU\..\Run: [Jabber Messenger] C:\Program Files\Jabber\Messenger\JabberMessenger.exe -hidden O4 - Startup: Monitor My eRooms.lnk = C:\Program Files\eRoom 6\ERClient.exe O4 - Global Startup: Compaq Client Manager.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O15 - Trusted Zone: http://ie.config.asia.compaq.com O15 - Trusted Zone: http://ie.config.eur.compaq.com O15 - Trusted Zone: http://ie.config.im.hou.compaq.com O15 - Trusted Zone: http://ie.config.jp.compaq.com O15 - Trusted Zone: http://ie.config.ecom.dec.com O15 - Trusted Zone: http://ie.config.tandem.com O16 - DPF: HPVC component - http://vrm08.win2000.hpe-learning.com/hpvcpw/lib/hp/dc/lib/component401131.cab O16 - DPF: HPVC resources - http://vrm08.win2000.hpe-learning.com/hpvcpw/lib/hp/dc/lib/resources40147.cab O16 - DPF: HPVC signed - http://vrm08.win2000.hpe-learning.com/hpvcpw/lib/hp/dc/lib/signed40139.cab O16 - DPF: HPVC support - http://vrm08.win2000.hpe-learning.com/hpvcpw/lib/hp/dc/lib/support4016.cab O16 - DPF: HPVC vminfo - https://www.hpe-learning.com/testsetup/vminfo.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38061.4257986111 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {D36DB929-4E4C-11D0-BDC3-0040053958FE} (WComboBoxControl.WComboBox) - http://boi1168.boise.itc.hp.com:8080/treecontrol/WComboBox.CAB O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} (ERPageAddin Class) - https://eroom3.external.hp.com/eroomsetup/client.cab I ran the Kill Box: Log for KillBox Version: 2.00.0176 ------------------------------------ Input Entry C:\WINDOWS\system32\msg121.dll c:\windows\system32\msg121.dll Could Not be Deleted ---msg{}dll search--- C:\WINDOWS\System32\msg121.dll C:\WINDOWS\System32\msgina.dll C:\WINDOWS\System32\msgsvc.dll C:\WINDOWS\System32\Msgsys.dll C:\WINDOWS\System32\dllcache\msgina.dll C:\WINDOWS\System32\dllcache\msgr3en.dll C:\WINDOWS\System32\dllcache\msgrocm.dll C:\WINDOWS\System32\dllcache\msgsvc.dll C:\WINDOWS\System32\Setup\msgrocm.dll Input Entry C:\WINDOWS\System32\Setup\msgrocm.dll I downloaded the MSG121 Finder!: A C:\WINDOWS\System32\msg121.cpy.dll A C:\WINDOWS\System32\msg121.dll File not found - C:\WINDOWS\System32\msguard.dll Following processes use 'msguard.dll' [Access denied] 0 [Unknown] 4 [Access denied] 932 [Access denied] 1648 [Access denied] 1660 [Access denied] 288 [Access denied] 844 [Access denied] 2140 Following processes use 'msg120.cpy.dll' [Access denied] 0 [Unknown] 4 [Access denied] 932 [Access denied] 1648 [Access denied] 1660 [Access denied] 288 [Access denied] 844 [Access denied] 2140 Following processes use 'msg120.dll' [Access denied] 0 [Unknown] 4 [Access denied] 932 [Access denied] 1648 [Access denied] 1660 [Access denied] 288 [Access denied] 844 [Access denied] 2140 Following processes use 'msg121.cpy.dll' [Access denied] 0 [Unknown] 4 [Access denied] 932 [Access denied] 1648 [Access denied] 1660 [Access denied] 288 [Access denied] 844 rundll32.exe 260 [Access denied] 2140 Following processes use 'msg121.dll' [Access denied] 0 [Unknown] 4 [Access denied] 932 winlogon.exe 956 [Access denied] 1648 [Access denied] 1660 [Access denied] 288 [Access denied] 844 [Access denied] 2140 "File(s) not found: ***good news***!!!" "File(s) found: ***bad news***!!!" And the MSG121Fix! tool which wouldn't reboot my computer automatically. The instructions say not to touch the screen's prompt box (!) but it kept timing out and just hanging there when it would try to log off. So I'm still stuck with this MSG121 problem. Please help. :'( |
|
#2
April 7th, 2004, 03:43 PM
|
||||
|
||||
|
Re:Tried everything to get rid of MSG121.dll
Hi JennyN,
Check the following items in HijackThis. Close all windows except HijackThis and click Fix checked: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file) Then copy and paste the text in bold into your IE addressbar and post the results that get displayed: javascript:navigator.userAgent Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
|
#4
April 8th, 2004, 03:16 AM
|
||||
|
||||
|
Re:Tried everything to get rid of MSG121.dll
Hi JennyN,
Did you get the files here: http://www10.brinkster.com/expl0iter/freeatlast/L2M/Msg121.htm and did you follow the instructions for Win2k/XP ? Let me know if you succeed this time. If not, I will ask FreeAtLast to assist. Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
|
#5
April 16th, 2004, 01:44 PM
|
|||
|
|||
|
Re: Tried everything to get rid of MSG121.dll
Quote:
Here's my new HiJack This log (it seems to be getting worse!) Logfile of HijackThis v1.97.7 Scan saved at 10:40:04 AM, on 4/16/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sygate\SSA\Smc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe C:\PROGRA~1\navnt\DefWatch.exe C:\PROGRA~1\navnt\Rtvscan.exe C:\WINDOWS\SavRoam.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe C:\Program Files\Common Files\ActivCard\acautoreg.exe C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Compaq\EAB\EabServr.exe C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe C:\WINDOWS\System32\atiptaxx.exe C:\Program Files\Compaq\Hotkey Software\hkss.exe C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\navnt\vptray.exe C:\Program Files\eRoom 6\ERClient.exe C:\Program Files\Jabber\Messenger\JabberMessenger.exe C:\WINDOWS\System32\PSCN604P.exe C:\WINDOWS\System32\PSCN604P.exe C:\Program Files\Nortel Networks\Extranet.exe C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE C:\WINDOWS\msagent\AgentSvr.exe C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Unzipped\hijackthis[1]\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://athp.hp.com/portal/index.jsp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Hewlett-Packard R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy/autoproxy/autoproxy R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = web-proxy.cv.hp.com:8088 O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start O4 - HKLM\..\Run: [IDA] C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\navnt\vptray.exe O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c O4 - HKCU\..\Run: [Jabber Messenger] C:\Program Files\Jabber\Messenger\JabberMessenger.exe -hidden O4 - Startup: Monitor My eRooms.lnk = C:\Program Files\eRoom 6\ERClient.exe O4 - Global Startup: Compaq Client Manager.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O15 - Trusted Zone: http://ie.config.asia.compaq.com O15 - Trusted Zone: http://ie.config.eur.compaq.com O15 - Trusted Zone: http://ie.config.im.hou.compaq.com O15 - Trusted Zone: http://ie.config.jp.compaq.com O15 - Trusted Zone: http://ie.config.ecom.dec.com O15 - Trusted Zone: http://ie.config.tandem.com O16 - DPF: HPVC component - http://vrm08.win2000.hpe-learning.co...nent401131.cab O16 - DPF: HPVC resources - http://vrm08.win2000.hpe-learning.co...urces40147.cab O16 - DPF: HPVC signed - http://vrm08.win2000.hpe-learning.co...igned40139.cab O16 - DPF: HPVC support - http://vrm08.win2000.hpe-learning.co...upport4016.cab O16 - DPF: HPVC vminfo - https://www.hpe-learning.com/testsetup/vminfo.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...061.4257986111 O16 - DPF: {A1BFBE93-8D91-427C-965B-72088CFAADF4} (CCertificateDelete Object) - https://hppkis01.can.hp.com/userweb/vscertdel.cab O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://hppkis01.can.hp.com/userweb/capicom.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {D36DB929-4E4C-11D0-BDC3-0040053958FE} (WComboBoxControl.WComboBox) - http://boi1168.boise.itc.hp.com:8080.../WComboBox.CAB O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} (ERPageAddin Class) - https://eroom3.external.hp.com/eroomsetup/client.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6FF9C4ED-9821-4952-8821-99B499EFF816}: NameServer = 15.243.160.51,15.235.240.51 Here's my Finder Log: A C:\WINDOWS\System32\msg121.dll File not found - C:\WINDOWS\System32\msguard.dll Following processes use 'msguard.dll' [Access denied] 0 [Unknown] 4 [Access denied] 928 [Access denied] 1616 [Access denied] 1628 [Access denied] 260 [Access denied] 792 Following processes use 'msg120.cpy.dll' [Access denied] 0 [Unknown] 4 [Access denied] 928 [Access denied] 1616 [Access denied] 1628 [Access denied] 260 [Access denied] 792 Following processes use 'msg120.dll' [Access denied] 0 [Unknown] 4 [Access denied] 928 [Access denied] 1616 [Access denied] 1628 [Access denied] 260 [Access denied] 792 Following processes use 'msg121.cpy.dll' [Access denied] 0 [Unknown] 4 [Access denied] 928 [Access denied] 1616 [Access denied] 1628 [Access denied] 260 [Access denied] 792 Following processes use 'msg121.dll' [Access denied] 0 [Unknown] 4 [Access denied] 928 winlogon.exe 952 [Access denied] 1616 [Access denied] 1628 [Access denied] 260 [Access denied] 792 "File(s) not found: ***good news***!!!" "File(s) found: ***bad news***!!!" I some how got rid of the ...cpy.msg121.dll file - not sure how. Maybe Ad Aware was able to delete that one, but still have the original file msg121.dll Thanks for your help. |
|
#6
April 16th, 2004, 02:17 PM
|
||||
|
||||
|
Re: Tried everything to get rid of MSG121.dll
Quote:
Hi JennyN, Please answer Pieter's questions so we can decide where to go from here. Thanks, Kent
__________________
Best regards, Kent AX64 Time Machine - Travel in Time Current Version 1.1.0.996 |
|
#7
May 5th, 2004, 04:23 PM
|
|||
|
|||
|
Re: Tried everything to get rid of MSG121.dll
Sorry, I haven't checked lately....
 It mysteriously disappeared one day. I kept running adaware 6.0, and it must have gotten rid of it somehow. I now have one showing up called 6004svc.copy.dll Is this a new 'bad' file? Thanks, and I'll check back more frequently in the future!! Jenny |
|
#8
May 6th, 2004, 03:53 AM
|
||||
|
||||
|
Re: Tried everything to get rid of MSG121.dll
Yes there have been some major changes since the last time you checked.
http://forums.broadbandmedic.com/cgi...;f=1;t=6;st=10 Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
|
#9
May 13th, 2004, 02:56 PM
|
|||
|
|||
Re: Tried everything to get rid of MSG121.dll
Thank you for directing me to that web site. It was tedious to go through all the steps, but now I'm free!!
Free at last! Free at last, thank God Almighty! I'm free at last!!!  |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
