• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Scouts01

Internet Explorer has been hijacked

6 posts in this topic

Hallo,

 

I have a big problem with the Internet Explorer. If I use Google to search for things, the following happens. After the search completed I clicked on a link to go an have a look at the page. At bottom, the browser show the correct link. Then it says accessing the selected page, shortly later it changes and get rerouted to a other page. I don't get rerouted to the same page, but to different ones. Sometimes a popup appears as well. I ran 5 different Anti-Spam programs, but none of them could fix the problem.

 

Please someone help

Thanks

 

 

Here is the HijackThis Logfile

 

Logfile of HijackThis v1.99.1

Scan saved at 16:33:13, on 12.06.2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Drivers\trcboot.exe

C:\Program Files\Pcomnt\PCS_AGNT.EXE

C:\CMF\CMFTDF\CMFWPDF.EXE

C:\WINDOWS\System32\eelogsvc.exe

C:\WINDOWS\System32\eelssrv.exe

C:\EIA\SDA\QckAuditSvr.exe

C:\EIA\USAGE\UsageSvr.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\BRMFRSMG.EXE

C:\WINDOWS\System32\wm.exe

C:\WINDOWS\System32\Drivers\ldlcserv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Pcomnt\tpam.exe

C:\Program Files\Common Files\Entrust\ESP\eesystry.exe

C:\Program Files\Common Files\Entrust\ESP\eecwatch.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\System32\eelssrv.exe

C:\Program Files\Hardcopy\hardcopy.exe

C:\Program Files\FreePDF_XP\fpassist.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\Program Files\Citrix\ICA Client\pnagent.exe

C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe

C:\Program Files\Star Alliance Auto Update Conduit (English)\en\st_conduit_en.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

C:\Program Files\Hijackthis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ebase.dlh.de/irj/public/de/lsg

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ebase.dlh.de/irj/public/de/lsg/region/cess/deutsc

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ebase.dlh.de/irj/public/de/lsg

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Class - {A543CD96-EFF3-C298-8F15-83897F0826C8} - C:\WINDOWS\cuuvd1.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC

O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName

O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" /SYNC

O4 - HKLM\..\Run: [CMF User Note] C:\CMF\CMF\CMFUNOTE.EXE

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\Pcomnt\tpam.exe"

O4 - HKLM\..\Run: [Mufix] C:\PROGRA~1\INFOCO~1\ACCMGR32\mufix.exe

O4 - HKLM\..\Run: [eelstray] "C:\Program Files\Common Files\Entrust\ESP\eesystry.exe"

O4 - HKLM\..\Run: [espwatchdog] "C:\Program Files\Common Files\Entrust\ESP\eecwatch.exe"

O4 - HKLM\..\Run: [bginfo] "C:\Windows\bginfo.exe" C:\Windows\bginfo.bgi /timer:0

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [Hardcopy] "C:\Program Files\Hardcopy\hardcopy.exe"

O4 - HKLM\..\Run: [FreePDF Assistant] "C:\Program Files\FreePDF_XP\fpassist.exe"

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\Scansoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\AccessXP\Office10\OSA.EXE

O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe

O4 - Global Startup: SmartUI.lnk = ?

O4 - Global Startup: Snapware.lnk = C:\Program Files\Snapware\Snapware.exe

O4 - Global Startup: Star Alliance Auto Update Conduit (English).lnk = C:\Program Files\Star Alliance Auto Update Conduit (English)\en\st_conduit_en.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: START_PAGE_URL=http://ebase.dlh.de/irj/public/de/lsg/region/cess/deutsc

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.lsgsc.com

O17 - HKLM\Software\..\Telephony: DomainName = emea.lsgsc.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{540F8CCD-3EB2-4F8D-89A4-96D2EA1A72A6}: NameServer = 10.102.16.20,10.103.103.67

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.lsgsc.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nds.dlh.de,ads.dlh.de,sap.fra.dlh.de,dlh.de,emea.lsgsc.com,lsgsc.com,skychefs.com,zb.lsg.fra.dlh.de

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.154 85.255.112.67

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nds.dlh.de,ads.dlh.de,sap.fra.dlh.de,dlh.de,emea.lsgsc.com,lsgsc.com,skychefs.com,zb.lsg.fra.dlh.de

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.154 85.255.112.67

O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - C:\WINDOWS\Downloaded Program Files\mimectl.dll

O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)

O20 - Winlogon Notify: EESP - C:\WINDOWS\System32\eelsto.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\System32\Drivers\appnnode.exe

O23 - Service: CMF PDF - LAN SuperVision, Inc. - C:\CMF\CMFTDF\CMFWPDF.EXE

O23 - Service: CMF Windows Installer - LAN SuperVision Inc. - C:\CMF\CMFTDF\CMFWINST.EXE

O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe

O23 - Service: Entrust Entelligence Logging Service (eelogsvc) - Entrust® - C:\WINDOWS\System32\eelogsvc.exe

O23 - Service: Entrust Entelligence Login Service (EELSService) - Entrust® - C:\WINDOWS\System32\eelssrv.exe

O23 - Service: EIA Auditor - Unknown owner - C:\EIA\ETS\EIATSService.exe

O23 - Service: EIA PMP Server (EIAPMP) - Unknown owner - C:\EIA\SDA\QckAuditSvr.exe

O23 - Service: EIA Usage Tracker (EIAUsage) - Lan Supervision - C:\EIA\USAGE\UsageSvr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\System32\Drivers\ldlcserv.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE

O23 - Service: IBM Tracefunktion (TrcBoot) - IBM Corporation - C:\WINDOWS\System32\Drivers\trcboot.exe

O23 - Service: Webroot Spy Sweeper-Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINDOWS\System32\wm.exe

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

 

Please download FixWareout from this site:

http://downloads.subratam.org/Fixwareout.exe

 

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

 

When your system reboots, follow the prompts. Afterwards, HijackThis will launch, if it does close it.

 

Disable SpySweeper:

You have SpySweeper installed. While this is a great program, we need to temporarily disable (not uninstall) the program because it might stop our fix.

  • Open it click >Options over to the left then >program options>Uncheck "load at windows startup"
  • Over to the left click "shields" and uncheck all there.
  • Uncheck" home page shield".
  • Uncheck ''automatically restore default without notification".

After all of the fixes are complete it is very important that you enable SpySweeper again.

 

 

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

 

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {A543CD96-EFF3-C298-8F15-83897F0826C8} - C:\WINDOWS\cuuvd1.dll

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.154 85.255.112.67

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.154 85.255.112.67

 

Click on Fix Checked when finished and exit HijackThis.

 

Delete this file in bold if found.

 

C:\WINDOWS\cuuvd1.dll

 

You need to restart your computer again.

 

Enable SpySweeper.

 

Note:

If you have problems with your internet connection after this fix, try this.

Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

 

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.

Share this post


Link to post
Share on other sites

Hello,

 

thanks a lot, it worked.

 

Still sending you the logs, in case you want to have a look at them.

 

 

HIJACK-LOG

Logfile of HijackThis v1.99.1

Scan saved at 15:11:42, on 21.06.2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Drivers\trcboot.exe

C:\Program Files\Pcomnt\PCS_AGNT.EXE

C:\CMF\CMFTDF\CMFWPDF.EXE

C:\WINDOWS\System32\eelogsvc.exe

C:\WINDOWS\System32\eelssrv.exe

C:\EIA\ETS\EIATSService.exe

C:\EIA\SDA\QckAuditSvr.exe

C:\EIA\USAGE\UsageSvr.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wm.exe

C:\WINDOWS\System32\Drivers\ldlcserv.exe

C:\WINDOWS\System32\BRMFRSMG.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\sessmgr.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Pcomnt\tpam.exe

C:\Program Files\Common Files\Entrust\ESP\eesystry.exe

C:\Program Files\Common Files\Entrust\ESP\eecwatch.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\System32\eelssrv.exe

C:\Program Files\Hardcopy\hardcopy.exe

C:\Program Files\FreePDF_XP\fpassist.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\Program Files\Citrix\ICA Client\pnagent.exe

C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe

C:\Program Files\Star Alliance Auto Update Conduit (English)\en\st_conduit_en.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ebase.dlh.de/irj/public/de/lsg

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ebase.dlh.de/irj/public/de/lsg/region/cess/deutsc

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ebase.dlh.de/irj/public/de/lsg

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC

O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName

O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" /SYNC

O4 - HKLM\..\Run: [CMF User Note] C:\CMF\CMF\CMFUNOTE.EXE

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\Pcomnt\tpam.exe"

O4 - HKLM\..\Run: [Mufix] C:\PROGRA~1\INFOCO~1\ACCMGR32\mufix.exe

O4 - HKLM\..\Run: [eelstray] "C:\Program Files\Common Files\Entrust\ESP\eesystry.exe"

O4 - HKLM\..\Run: [espwatchdog] "C:\Program Files\Common Files\Entrust\ESP\eecwatch.exe"

O4 - HKLM\..\Run: [bginfo] "C:\Windows\bginfo.exe" C:\Windows\bginfo.bgi /timer:0

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [Hardcopy] "C:\Program Files\Hardcopy\hardcopy.exe"

O4 - HKLM\..\Run: [FreePDF Assistant] "C:\Program Files\FreePDF_XP\fpassist.exe"

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\Scansoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\AccessXP\Office10\OSA.EXE

O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe

O4 - Global Startup: SmartUI.lnk = ?

O4 - Global Startup: Snapware.lnk = C:\Program Files\Snapware\Snapware.exe

O4 - Global Startup: Star Alliance Auto Update Conduit (English).lnk = C:\Program Files\Star Alliance Auto Update Conduit (English)\en\st_conduit_en.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: START_PAGE_URL=http://ebase.dlh.de/irj/public/de/lsg/region/cess/deutsc

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.lsgsc.com

O17 - HKLM\Software\..\Telephony: DomainName = emea.lsgsc.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.lsgsc.com

O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - C:\WINDOWS\Downloaded Program Files\mimectl.dll

O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)

O20 - Winlogon Notify: EESP - C:\WINDOWS\System32\eelsto.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll

O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\System32\Drivers\appnnode.exe

O23 - Service: CMF PDF - LAN SuperVision, Inc. - C:\CMF\CMFTDF\CMFWPDF.EXE

O23 - Service: CMF Windows Installer - LAN SuperVision Inc. - C:\CMF\CMFTDF\CMFWINST.EXE

O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe

O23 - Service: Entrust Entelligence Logging Service (eelogsvc) - Entrust® - C:\WINDOWS\System32\eelogsvc.exe

O23 - Service: Entrust Entelligence Login Service (EELSService) - Entrust® - C:\WINDOWS\System32\eelssrv.exe

O23 - Service: EIA Auditor - Unknown owner - C:\EIA\ETS\EIATSService.exe

O23 - Service: EIA PMP Server (EIAPMP) - Unknown owner - C:\EIA\SDA\QckAuditSvr.exe

O23 - Service: EIA Usage Tracker (EIAUsage) - Lan Supervision - C:\EIA\USAGE\UsageSvr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\System32\Drivers\ldlcserv.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE

O23 - Service: IBM Tracefunktion (TrcBoot) - IBM Corporation - C:\WINDOWS\System32\Drivers\trcboot.exe

O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINDOWS\System32\wm.exe

 

 

FIXWAREOUT-LOG

Fixwareout Last edited 5/15/2007

Post this report in the forums please

...

»»»»»Prerun check

HKLM\SOFTWARE\~\Winlogon\ "System"="kdfvj.exe"

 

»»»»»

 

»»»»» Postrun check

HKLM\SOFTWARE\~\Winlogon\ "system"=""

....

....

»»»»» Misc files.

....

»»»»» Checking for older varients.

....

 

Search five digit cs, dm, kd, jb, other, files.

The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

 

 

Click browse, find the file then click submit.

http://www.virustotal.com/flash/index_en.html

Or http://virusscan.jotti.org/

 

»»»»» Other

C:\WINDOWS\Temp\kdfvj.ren 66575 29.08.2002

 

»»»»» Current runs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"

"PHIME2002ASync"="\"C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE\" /SYNC"

"PHIME2002A"="\"C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE\" /IMEName"

"SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\""

"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"

"Persistence"="C:\\WINDOWS\\System32\\igfxpers.exe"

"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"

"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"

"MSPY2002"="\"C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe\" /SYNC"

"CMF User Note"="C:\\CMF\\CMF\\CMFUNOTE.EXE"

"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""

"Tpam.exe"="\"C:\\Program Files\\Pcomnt\\tpam.exe\""

"Mufix"="C:\\PROGRA~1\\INFOCO~1\\ACCMGR32\\mufix.exe"

"eelstray"="\"C:\\Program Files\\Common Files\\Entrust\\ESP\\eesystry.exe\""

"espwatchdog"="\"C:\\Program Files\\Common Files\\Entrust\\ESP\\eecwatch.exe\""

"bginfo"="\"C:\\Windows\\bginfo.exe\" C:\\Windows\\bginfo.bgi /timer:0"

"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""

"Hardcopy"="\"C:\\Program Files\\Hardcopy\\hardcopy.exe\""

"FreePDF Assistant"="\"C:\\Program Files\\FreePDF_XP\\fpassist.exe\""

"Apoint"="\"C:\\Program Files\\Apoint\\Apoint.exe\""

"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""

@=""

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

"IndexSearch"="\"C:\\Program Files\\Scansoft\\PaperPort\\IndexSearch.exe\""

"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"

"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"

....

Hosts file was reset, If you use a custom hosts file please replace it

»»»»» End report »»»»»

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0