Jump to content


Photo

Home Search Hijacker


  • Please log in to reply
7 replies to this topic

#1 Keusen

Keusen

    Member

  • New Member
  • Pip
  • 4 posts

Posted 11 July 2004 - 06:02 AM

I read all the FAQs and followed the directions, without success.
I tried AdAware, Spybot and CWshredder to remove the hijacker.
I ran the newest version of HijckThis. I fixed the R1 and R0 entries.
The Hijack returns after restarting the computer but I am afraid I couldn't find which entry to fix in the run section.

Can anyone help?
Andy




Here's my HijackThis Log:


Logfile of HijackThis v1.98.0
Scan saved at 12:43:12, on 11.07.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ienx32.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Programme\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Programme\Eicon\Diva\DiTask.exe
C:\Programme\Eicon\Diva\Divamon.exe
C:\Programme\Eicon\Diva\watch.exe
C:\Programme\Eicon\Diva\cgserver.exe
C:\Programme\Eicon\Diva\diinfo.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\sdkfq.exe
C:\Programme\Sony Corporation\Image Transfer\SonyTray.exe
C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\Andreas Keusen\Eigene Dateien\Downloads\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gpmsn.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://gpmsn.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://gpmsn.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gpmsn.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gpmsn.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://gpmsn.dll/index.html#96676
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {39B55E7F-513F-C3C3-44BF-B0378C8CBFEF} - C:\WINDOWS\system32\netys32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CXMon] "C:\Programme\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DiTask.exe] "C:\Programme\Eicon\Diva\DiTask.exe"
O4 - HKLM\..\Run: [Divamon.exe] "C:\Programme\Eicon\Diva\Divamon.exe"
O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Programme\Eicon\Diva\watch.exe"
O4 - HKLM\..\Run: [CGServer] "C:\Programme\Eicon\Diva\cgserver.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Programme\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [sdkfq.exe] C:\WINDOWS\sdkfq.exe
O4 - HKLM\..\RunOnce: [ienx32.exe] C:\WINDOWS\system32\ienx32.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition-Anschluss.lnk = C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O18 - Protocol: msencarta - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\MSREF.DLL
O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\msero.dll
O18 - Protocol: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\MSREF.DLL

#2 Racktracker

Racktracker

    Hunter of Malware

  • Retired Staff
  • PipPipPipPipPip
  • 1,306 posts

Posted 11 July 2004 - 03:47 PM

Download About:Buster from Here

http://www.downloads...AboutBuster.zip

Unzip it to your desktop. Double click it and hit Ok, then Start, then Ok to start the scan. The scan should take a few seconds. Once it is done save the report. Post the report and a new Hijack this log here.
Posted Image

#3 Keusen

Keusen

    Member

  • New Member
  • Pip
  • 4 posts

Posted 12 July 2004 - 02:44 AM

OK,

The Buster Log is:

-- Scan 1 --------
About:Buster Version 1.27
Removed! : C:\WINDOWS\ntrr32.exe
Removed! : C:\WINDOWS\timxba.dat
Removed! : C:\WINDOWS\xhukl.dat
Removed! : C:\WINDOWS\System32\ntbb.dll
Removed! : C:\WINDOWS\System32\qkngy.dll
Removed! : C:\WINDOWS\System32\wppib.dat
Attempted Clean Of Temp folder.
Removed LEGACY___NS_Service_3 Key
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!


And the new HJT log is:

Logfile of HijackThis v1.98.0
Scan saved at 09:39:22, on 12.07.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Programme\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Programme\Eicon\Diva\DiTask.exe
C:\Programme\Eicon\Diva\Divamon.exe
C:\Programme\Eicon\Diva\watch.exe
C:\Programme\Eicon\Diva\cgserver.exe
C:\Programme\Eicon\Diva\diinfo.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\sdkfq.exe
C:\Programme\Sony Corporation\Image Transfer\SonyTray.exe
C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\Andreas Keusen\Eigene Dateien\Downloads\HJT\HijackThis.exe
C:\WINDOWS\system32\syshu32.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3E92881C-5DEB-061D-127B-BAA4818F8349} - C:\WINDOWS\system32\ntbb.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CXMon] "C:\Programme\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DiTask.exe] "C:\Programme\Eicon\Diva\DiTask.exe"
O4 - HKLM\..\Run: [Divamon.exe] "C:\Programme\Eicon\Diva\Divamon.exe"
O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Programme\Eicon\Diva\watch.exe"
O4 - HKLM\..\Run: [CGServer] "C:\Programme\Eicon\Diva\cgserver.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Programme\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [sdkfq.exe] C:\WINDOWS\sdkfq.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition-Anschluss.lnk = C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O18 - Protocol: msencarta - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\MSREF.DLL
O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\msero.dll
O18 - Protocol: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\MSREF.DLL

#4 Racktracker

Racktracker

    Hunter of Malware

  • Retired Staff
  • PipPipPipPipPip
  • 1,306 posts

Posted 12 July 2004 - 07:44 PM

Boot into safe mode and run another scan with About:buster.

Then scan with adaware and run CW shredder (make sure you click the fix button)

Then boot back into normal mode and post a fresh hijackthis log and an About:buster report.
Posted Image

#5 Keusen

Keusen

    Member

  • New Member
  • Pip
  • 4 posts

Posted 13 July 2004 - 12:28 PM

The safe mode HJT log is:

Logfile of HijackThis v1.98.0
Scan saved at 19:14:04, on 13.07.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Dokumente und Einstellungen\Andreas Keusen\Eigene Dateien\Downloads\HJT\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {65987126-98A1-4B3E-486F-57E4F99A69FD} - C:\WINDOWS\sysjv.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CXMon] "C:\Programme\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DiTask.exe] "C:\Programme\Eicon\Diva\DiTask.exe"
O4 - HKLM\..\Run: [Divamon.exe] "C:\Programme\Eicon\Diva\Divamon.exe"
O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Programme\Eicon\Diva\watch.exe"
O4 - HKLM\..\Run: [CGServer] "C:\Programme\Eicon\Diva\cgserver.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Programme\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [sdkfq.exe] C:\WINDOWS\sdkfq.exe
O4 - HKLM\..\RunOnce: [winiq.exe] C:\WINDOWS\system32\winiq.exe
O4 - HKLM\..\RunOnce: [addyo.exe] C:\WINDOWS\addyo.exe
O4 - HKLM\..\RunOnce: [appel32.exe] C:\WINDOWS\appel32.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition-Anschluss.lnk = C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O18 - Protocol: msencarta - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\MSREF.DLL
O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\msero.dll
O18 - Protocol: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\MSREF.DLL


And the safe mode About:buster report is:


- Scan 1 --------
About:Buster Version 1.27
Removed! : C:\WINDOWS\cjelox.dat
Removed! : C:\WINDOWS\krpgf.dat
Removed! : C:\WINDOWS\ngyomq.dat
Removed! : C:\WINDOWS\oztrkm.dat
Removed! : C:\WINDOWS\pxjzow.dat
Removed! : C:\WINDOWS\sysjv.dll
Removed! : C:\WINDOWS\System32\joxkk.dat
Removed! : C:\WINDOWS\System32\ljvbh.dll
Removed! : C:\WINDOWS\System32\syshu32.exe
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

#6 Racktracker

Racktracker

    Hunter of Malware

  • Retired Staff
  • PipPipPipPipPip
  • 1,306 posts

Posted 13 July 2004 - 07:41 PM

Run about:buster in normal mode. Then reboot and post a fresh hijackthis log and about:buster report.
Posted Image

#7 Keusen

Keusen

    Member

  • New Member
  • Pip
  • 4 posts

Posted 14 July 2004 - 03:42 AM

The normal mode About:Buster log is:

-- Scan 1 --------
About:Buster Version 1.27
Removed! : C:\WINDOWS\krpgf.dat
Removed! : C:\WINDOWS\System32\joxkk.dat
Removed! : C:\WINDOWS\System32\ljvbh.dll
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

Here's the fresh HJT log:

Logfile of HijackThis v1.98.0
Scan saved at 10:39:49, on 14.07.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winiq.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Programme\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Programme\Eicon\Diva\DiTask.exe
C:\Programme\Eicon\Diva\Divamon.exe
C:\Programme\Eicon\Diva\watch.exe
C:\Programme\Eicon\Diva\cgserver.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\sdkfq.exe
C:\Programme\Eicon\Diva\diinfo.exe
C:\Programme\Sony Corporation\Image Transfer\SonyTray.exe
C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE
C:\Dokumente und Einstellungen\Andreas Keusen\Eigene Dateien\Downloads\HJT\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {65987126-98A1-4B3E-486F-57E4F99A69FD} - C:\WINDOWS\sysjv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CXMon] "C:\Programme\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DiTask.exe] "C:\Programme\Eicon\Diva\DiTask.exe"
O4 - HKLM\..\Run: [Divamon.exe] "C:\Programme\Eicon\Diva\Divamon.exe"
O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Programme\Eicon\Diva\watch.exe"
O4 - HKLM\..\Run: [CGServer] "C:\Programme\Eicon\Diva\cgserver.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Programme\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [sdkfq.exe] C:\WINDOWS\sdkfq.exe
O4 - HKLM\..\RunOnce: [winiq.exe] C:\WINDOWS\system32\winiq.exe
O4 - HKLM\..\RunOnce: [addyo.exe] C:\WINDOWS\addyo.exe
O4 - HKLM\..\RunOnce: [appel32.exe] C:\WINDOWS\appel32.exe
O4 - HKLM\..\RunOnce: [iefd32.exe] C:\WINDOWS\system32\iefd32.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition-Anschluss.lnk = C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O18 - Protocol: msencarta - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\MSREF.DLL
O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\msero.dll
O18 - Protocol: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\MSREF.DLL

#8 St Germain

St Germain

    Member

  • New Member
  • Pip
  • 3 posts

Posted 14 July 2004 - 04:53 AM

I've got this problem too and have run all the programs in safe and normal mode of xp. Can't wait to hear what I need to get rid of lol. =)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button