Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Control Panel Missing, Ctrl+alt+ Tab Problem; All Admin Rights Revoked; More, Need Help To Remove


  • This topic is locked This topic is locked
3 replies to this topic

#1 Khannjan

Khannjan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 19 January 2008 - 05:21 AM

Hi folks,
Big problems on my PC running XP Home version.

1) Control Panel has disappeared

2) All tasks that require admin rights (including correcting the clock) are unavailable and generate the following message: "Restrictions: The operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator. "

3) a pop up box titled "Copying..." appears every 2-3 minutes and spends 15 seconds copying with

4) a pop up box titled "Windows Security Alert" appears every 2-3 minutes with the following text " Warning! Potential Sptware Operation! Your computer is making unauthorized copies of your system and Internet files. Run full scan now to prevent any unathorised access to your files! Click here to download Spyware Remover...". .

5) I have IE as my default browser yet every 4-5 miinutes an IE session starts up and attempts to access this URL "http://81.13.38.39/alert.htm"

6)My internet speed has reduced a lot

My hijackthis.log is

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:57 PM, on 1/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\AVG Anti-Spyware 7.5\guard.exe
I:\WINDOWS\Explorer.exe
I:\Program Files\Common Files\LightScribe\LSSrvc.exe
I:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
i:\program files\common files\mcafee\mna\mcnasvc.exe
i:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
I:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
I:\Program Files\McAfee\MPF\MPFSrv.exe
E:\PowerDVD\PDVDServ.exe
I:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Microsoft Office 2007\Office12\GrooveMonitor.exe
I:\Program Files\SiteAdvisor\6172\SiteAdv.exe
E:\iTunes\iTunesHelper.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
I:\Program Files\McAfee.com\Agent\mcagent.exe
I:\Program Files\Common Files\Real\Update_OB\realsched.exe
I:\WINDOWS\system32\pctspk.exe
I:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\AVG Anti-Spyware 7.5\avgas.exe
I:\Program Files\Cyberlink\Shared files\RichVideo.exe
I:\WINDOWS\system32\winter.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\SiteAdvisor\6172\SAService.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
I:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
I:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
I:\WINDOWS\system32\wscntfy.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
I:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
I:\Program Files\ATI Technologies\ATI.ACE\cli.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\FREEDO~1\fdm.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe I:\WINDOWS\system32\proper.exe
F2 - REG:system.ini: UserInit=I:\WINDOWS\system32\userinit.exe,I:\WINDOWS\system32\pdbcopy.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - I:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - i:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - I:\WINDOWS\system32\bronto.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - I:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] e:\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] e:\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "I:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] I:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SiteAdvisor] I:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [ATICCC] "I:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PC Suite for Smartphones] "E:\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] I:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Undefined] I:\WINDOWS\system32\winter.exe
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LaunchList] E:\Pinnacle Studio Plus 11\LaunchList2.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Undefined] I:\WINDOWS\system32\winter.exe
O4 - Startup: infos.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Microsoft Office 2007\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = I:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = I:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: autos.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download all with Free Download Manager - file://E:\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://E:\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{20671896-A180-4F96-A1D6-A7643EF05252}: NameServer = 202.88.130.67,202.88.130.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{C45263EB-C24C-483C-ACBA-A22AF175BF96}: NameServer = 202.88.130.15,202.88.130.67
O17 - HKLM\System\CS1\Services\Tcpip\..\{20671896-A180-4F96-A1D6-A7643EF05252}: NameServer = 202.88.130.67,202.88.130.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{20671896-A180-4F96-A1D6-A7643EF05252}: NameServer = 202.88.130.67,202.88.130.15
O17 - HKLM\System\CS3\Services\Tcpip\..\{20671896-A180-4F96-A1D6-A7643EF05252}: NameServer = 202.88.130.67,202.88.130.15
O17 - HKLM\System\CS4\Services\Tcpip\..\{20671896-A180-4F96-A1D6-A7643EF05252}: NameServer = 202.88.130.67,202.88.130.15
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\MICROS~4\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: I:\WINDOWS\system32\sof629.txt
O20 - Winlogon Notify: crehcjid - crehcjid.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - I:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - I:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - i:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - I:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - i:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - I:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - I:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Microsoft P2P Service - Unknown owner - I:\WINDOWS\system32\_svchost.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - I:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - I:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - I:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - I:\WINDOWS\system32\pctspk.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - I:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SiteAdvisor Service - Unknown owner - I:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - I:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11382 bytes


Please Help me in this matter.

BC AdBot (Login to Remove)

 


#2 Khannjan

Khannjan
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 19 January 2008 - 06:18 AM

Hi folks,
Big problems on my PC running XP Home version.

1) Control Panel has disappeared

2) All tasks that require admin rights (including correcting the clock) are unavailable and generate the following message: "Restrictions: The operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator. "

3) a pop up box titled "Copying..." appears every 2-3 minutes and spends 15 seconds copying with

4) a pop up box titled "Windows Security Alert" appears every 2-3 minutes with the following text " Warning! Potential Sptware Operation! Your computer is making unauthorized copies of your system and Internet files. Run full scan now to prevent any unathorised access to your files! Click here to download Spyware Remover...". .

5) I have IE as my default browser yet every 4-5 miinutes an IE session starts up and attempts to access this URL "http://81.13.38.39/alert.htm"

6)My internet speed has reduced a lot

My hijackthis.log is

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:57 PM, on 1/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\AVG Anti-Spyware 7.5\guard.exe
I:\WINDOWS\Explorer.exe
I:\Program Files\Common Files\LightScribe\LSSrvc.exe
I:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
i:\program files\common files\mcafee\mna\mcnasvc.exe
i:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
I:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
I:\Program Files\McAfee\MPF\MPFSrv.exe
E:\PowerDVD\PDVDServ.exe
I:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Microsoft Office 2007\Office12\GrooveMonitor.exe
I:\Program Files\SiteAdvisor\6172\SiteAdv.exe
E:\iTunes\iTunesHelper.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
I:\Program Files\McAfee.com\Agent\mcagent.exe
I:\Program Files\Common Files\Real\Update_OB\realsched.exe
I:\WINDOWS\system32\pctspk.exe
I:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\AVG Anti-Spyware 7.5\avgas.exe
I:\Program Files\Cyberlink\Shared files\RichVideo.exe
I:\WINDOWS\system32\winter.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\SiteAdvisor\6172\SAService.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
I:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
I:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
I:\WINDOWS\system32\wscntfy.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
I:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
I:\Program Files\ATI Technologies\ATI.ACE\cli.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\FREEDO~1\fdm.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe I:\WINDOWS\system32\proper.exe
F2 - REG:system.ini: UserInit=I:\WINDOWS\system32\userinit.exe,I:\WINDOWS\system32\pdbcopy.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - I:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - i:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - I:\WINDOWS\system32\bronto.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - I:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] e:\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] e:\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "I:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] I:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SiteAdvisor] I:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [ATICCC] "I:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PC Suite for Smartphones] "E:\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] I:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Undefined] I:\WINDOWS\system32\winter.exe
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LaunchList] E:\Pinnacle Studio Plus 11\LaunchList2.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Undefined] I:\WINDOWS\system32\winter.exe
O4 - Startup: infos.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Microsoft Office 2007\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = I:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = I:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: autos.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download all with Free Download Manager - file://E:\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://E:\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{20671896-A180-4F96-A1D6-A7643EF05252}: NameServer = 202.88.130.67,202.88.130.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{C45263EB-C24C-483C-ACBA-A22AF175BF96}: NameServer = 202.88.130.15,202.88.130.67
O17 - HKLM\System\CS1\Services\Tcpip\..\{20671896-A180-4F96-A1D6-A7643EF05252}: NameServer = 202.88.130.67,202.88.130.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{20671896-A180-4F96-A1D6-A7643EF05252}: NameServer = 202.88.130.67,202.88.130.15
O17 - HKLM\System\CS3\Services\Tcpip\..\{20671896-A180-4F96-A1D6-A7643EF05252}: NameServer = 202.88.130.67,202.88.130.15
O17 - HKLM\System\CS4\Services\Tcpip\..\{20671896-A180-4F96-A1D6-A7643EF05252}: NameServer = 202.88.130.67,202.88.130.15
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\MICROS~4\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: I:\WINDOWS\system32\sof629.txt
O20 - Winlogon Notify: crehcjid - crehcjid.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - I:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - I:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - i:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - I:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - i:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - I:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - I:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Microsoft P2P Service - Unknown owner - I:\WINDOWS\system32\_svchost.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - I:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - I:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - I:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - I:\WINDOWS\system32\pctspk.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - I:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SiteAdvisor Service - Unknown owner - I:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - I:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11382 bytes


Please Help me in this matter.





Folks I have used SDFix and its report is shown below

SDFix: Version 1.127

Run by Administrator on Sat 01/19/2008 at 04:11 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: I:\SDFix

Safe Mode:
Checking Services:

Name:
smtpdrv

Path:
System32\DRIVERS\smtpdrv.sys

smtpdrv - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

I:\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe - Deleted
I:\Documents and Settings\Administrator\Start Menu\Programs\Startup\infos.exe - Deleted
I:\WINDOWS\system32\winter.exe - Deleted




Removing Temp Files...

ADS Check:

I:\WINDOWS
No streams found.

I:\WINDOWS\system32
No streams found.

I:\WINDOWS\system32\svchost.exe
No streams found.

I:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 16:26:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e2,02,04,06,02,83,d5,4c,ab,c6,d8,1e,5e,19,a3,12,cd,92,67,fc,ad,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="f:\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e2,02,04,06,02,83,d5,4c,ab,c6,d8,1e,5e,19,a3,12,cd,92,67,fc,ad,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,85,3f,5c,f6,32,e5,9c,65,8d,50,ef,88,83,50,e8,58,7b,..
"khjeh"=hex:47,e6,d5,e9,f4,35,35,24,9a,d2,71,18,bc,45,ba,d7,34,a5,98,95,8f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,02,00,e0,68,6d,00,51,77,f1,d9,d8,05,00,00,6e,6b,20,00,56,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="f:\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e2,02,04,06,02,83,d5,4c,ab,c6,d8,1e,5e,19,a3,12,cd,92,67,fc,ad,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,85,3f,5c,f6,32,e5,9c,65,8d,50,ef,88,83,50,e8,58,7b,..
"khjeh"=hex:47,e6,d5,e9,f4,35,35,24,9a,d2,71,18,bc,45,ba,d7,34,a5,98,95,8f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c6,48,95,53,98,62,79,ff,77,77,21,32,45,e9,ba,1f,1b,86,85,54,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:8ea581c6
"s2"=dword:d855e163
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e2,02,04,06,02,83,d5,4c,ab,c6,d8,1e,5e,19,a3,12,cd,92,67,fc,ad,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"="E:\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"E:\\Microsoft Office 2007\\Office12\\GROOVE.EXE"="E:\\Microsoft Office 2007\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"E:\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"="E:\\Microsoft Office 2007\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"E:\\Pinnacle Studio Plus 11\\programs\\RM.exe"="E:\\Pinnacle Studio Plus 11\\programs\\RM.exe:*:Enabled:Render Manager"
"E:\\Pinnacle Studio Plus 11\\programs\\Studio.exe"="E:\\Pinnacle Studio Plus 11\\programs\\Studio.exe:*:Enabled:Studio"
"E:\\Pinnacle Studio Plus 11\\programs\\PMSRegisterFile.exe"="E:\\Pinnacle Studio Plus 11\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"E:\\Pinnacle Studio Plus 11\\programs\\umi.exe"="E:\\Pinnacle Studio Plus 11\\programs\\umi.exe:*:Enabled:umi"
"E:\\iTunes\\iTunes.exe"="E:\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"I:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="I:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"E:\\Yahoo!\\Messenger\\YahooMessenger.exe"="E:\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"E:\\Yahoo!\\Messenger\\YServer.exe"="E:\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"J:\\Kane and Lynch\\kaneandlynch.exe"="J:\\Kane and Lynch\\kaneandlynch.exe:*:Enabled:Kane & Lynch: Dead Men"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - I:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 8 Sep 2007 193 ..SH. --- "I:\BOOT.BAK"
Thu 17 Jan 2008 20,487 A.SHR --- "I:\Program Files\McAfee\MQC\MRU.bak"
Thu 17 Jan 2008 211 A.SHR --- "I:\Program Files\McAfee\MQC\qcconf.bak"
Thu 17 Jan 2008 151,105 A..H. --- "I:\WINDOWS\SoftwareDistribution\Download\b54528191e99a817679c5ba3ee641572\BIT18.tmp"
Tue 11 Dec 2007 1,332 ...HR --- "I:\Documents and Settings\Khannjan\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!


and Hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47, on 2008-01-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\AVG Anti-Spyware 7.5\guard.exe
I:\Program Files\Common Files\LightScribe\LSSrvc.exe
I:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
i:\program files\common files\mcafee\mna\mcnasvc.exe
i:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
I:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
I:\Program Files\McAfee\MPF\MPFSrv.exe
I:\WINDOWS\system32\pctspk.exe
I:\Program Files\Cyberlink\Shared files\RichVideo.exe
I:\Program Files\SiteAdvisor\6172\SAService.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
I:\WINDOWS\system32\svchost.exe
I:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
I:\PROGRA~1\McAfee.com\Agent\mcagent.exe
I:\WINDOWS\system32\wscntfy.exe
I:\WINDOWS\Explorer.EXE
E:\PowerDVD\PDVDServ.exe
I:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Microsoft Office 2007\Office12\GrooveMonitor.exe
I:\Program Files\SiteAdvisor\6172\SiteAdv.exe
I:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\iTunes\iTunesHelper.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
I:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\AVG Anti-Spyware 7.5\avgas.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
I:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
I:\Documents and Settings\Khannjan\Start Menu\Programs\Startup\infos.exe
I:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
I:\Program Files\ATI Technologies\ATI.ACE\cli.exe
I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.in/
F2 - REG:system.ini: UserInit=I:\WINDOWS\system32\userinit.exe,I:\WINDOWS\system32\pdbcopy.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - I:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - i:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Free Download Manager\iefdmcks.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - I:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] e:\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] e:\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "I:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] I:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SiteAdvisor] I:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [ATICCC] "I:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PC Suite for Smartphones] "E:\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] I:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Undefined] I:\WINDOWS\system32\winter.exe
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LaunchList] E:\Pinnacle Studio Plus 11\LaunchList2.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Undefined] I:\WINDOWS\system32\winter.exe
O4 - Startup: infos.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Microsoft Office 2007\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = I:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = I:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: autos.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download all with Free Download Manager - file://E:\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://E:\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{20671896-A180-4F96-A1D6-A7643EF05252}: NameServer = 202.88.130.67,202.88.130.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{C45263EB-C24C-483C-ACBA-A22AF175BF96}: NameServer = 202.88.130.15,202.88.130.67
O17 - HKLM\System\CS1\Services\Tcpip\..\{20671896-A180-4F96-A1D6-A7643EF05252}: NameServer = 202.88.130.67,202.88.130.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{20671896-A180-4F96-A1D6-A7643EF05252}: NameServer = 202.88.130.67,202.88.130.15
O17 - HKLM\System\CS3\Services\Tcpip\..\{20671896-A180-4F96-A1D6-A7643EF05252}: NameServer = 202.88.130.67,202.88.130.15
O17 - HKLM\System\CS4\Services\Tcpip\..\{20671896-A180-4F96-A1D6-A7643EF05252}: NameServer = 202.88.130.67,202.88.130.15
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\MICROS~4\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: I:\WINDOWS\system32\sof629.txt
O20 - Winlogon Notify: crehcjid - crehcjid.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - I:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - I:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - i:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - I:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - i:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - I:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - I:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Microsoft P2P Service - Unknown owner - I:\WINDOWS\system32\_svchost.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - I:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - I:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - I:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - I:\WINDOWS\system32\pctspk.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - I:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SiteAdvisor Service - Unknown owner - I:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - I:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11285 bytes

#3 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:12:17 AM

Posted 02 February 2008 - 02:40 PM

Hello Khannjan,

Sorry for the late reply, but as you can see we handle more than our fair share of logs. If you still have problems please post a fresh HijackThis log and we can begin the cleaning process.

Regards,
SNOWHITE
Posted Image

#4 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:12:17 AM

Posted 10 February 2008 - 05:58 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Thank you :thumbsup:
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users