Access denied to Administrator

Discussion in 'Software' started by g_goyal2000, Dec 4, 2006.

  1. g_goyal2000

    g_goyal2000 Private E-2

    I am the adminstrator of my PC.
    I have Windows XP Pro SP2 installed with all the latest updates.

    The problem is:
    Since past 2-3 days, I have been getting Access Denied error.
    Whenever I try to modify any service or change in System Configuration Utility (msconfig.exe), I

    get an Access Denied error. But the case is, the changes actually happen inspite of giving me the error.

    The error says:
    An Access Denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes.

    Actually, I am able to run all the windows programs & services.

    I have been using Zonealarm Pro for past 5-6 years and never faced any problem due to it.
    I update it as soon as a new version is available. I never faced this problem dur to Zonealarm before.
    Anyway, I checked the settings & the OS Firewall was off. I anyway keep it off cos it causes most of Windows Components to ask permission which is quite a nag.
    So, back to the problem. No, ZOnealarm Pro's OS Firewall is not causing the problem.

    I have scanned my computer with Ad-aware, Spybot S&D, Spyware Doctor, Pc-cillin 2006, Zonealarm Anti-spyware using latest definitions. But found nothing.

    I checked my system for any other problem such as this and found none.
    Have already tried replacing the current msconfig.exe with one from ServicePackFiles but of no use.

    I didn't play around with any tweaking software or gpedit.
    Plus, I always make a backup before doing any serious changes to my system.

    I also tried creating a new user with admin rights.
    Then ran msconfig.exe in that user.
    The problem was still there with msconfig.exe.

    It seems that the rights for the "Administrators" group have been messed up with.
    ------------------------------------------------------------------------------

    Also, I found a couple of posts on net about how to reset my system policies & rights.
    Some of them are as follows:

    The first solution was:

    secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

    The problem with above command is, it actually executes but later says that the file is missing.

    "secsetup.inf" file is there in my system but there is no "secsetup.sdb" file.
    So, basically this solution was a big flop. I'm posting it's log file:

    Sunday, December 03, 2006 9:47:23 PM
    ----Configuration engine was initialized successfully.----

    ----Reading Configuration Template info...


    ----Configure User Rights...
    Configure S-1-5-20.
    Configure S-1-5-19.
    Configure S-1-5-32-551.
    Configure S-1-5-32-544.
    Configure S-1-1-0.
    Configure S-1-5-32-545.
    Configure S-1-5-32-547.
    Configure S-1-5-21-527237240-1220945662-839522115-501.
    Configure S-1-5-32-555.

    User Rights configuration was completed successfully.


    ----Configure Group Membership...
    Configure Users.
    remove FAMILY-PC\Gaurav 1.

    Group Membership configuration was completed successfully.


    ----Configure Registry Keys...
    Configure users\.default.
    Configure users\.default\software\microsoft\netdde.
    Configure machine\software.
    Configure machine\software\classes.
    Configure machine\software\classes\.hlp.
    Configure machine\software\classes\helpfile.
    Configure machine\software\microsoft\ads\providers\ldap\exte nsions.
    Configure machine\software\microsoft\ads\providers\nds.
    Configure machine\software\microsoft\ads\providers\nwcompat.
    Configure machine\software\microsoft\ads\providers\winnt.
    Configure machine\software\microsoft\command processor.
    Configure machine\software\microsoft\cryptography.
    Configure machine\software\microsoft\cryptography\calais.
    Configure machine\software\microsoft\driver signing.
    Configure machine\software\microsoft\enterprisecertificates.
    Configure machine\software\microsoft\netdde.
    Configure machine\software\microsoft\non-driver signing.
    Configure machine\software\microsoft\ole.
    Configure machine\software\microsoft\rpc.
    Configure machine\software\microsoft\secure.
    Configure machine\software\microsoft\systemcertificates.
    Configure machine\software\microsoft\upnp device host.
    Configure machine\software\microsoft\windows\currentversion\ explorer\user shell folders.
    Configure machine\software\microsoft\windows\currentversion\ reliability.
    Configure machine\software\microsoft\windows\currentversion\ runonce.
    Configure machine\software\microsoft\windows\currentversion\ runonceex.
    Configure machine\software\microsoft\windows\currentversion\ telephony.
    Configure machine\software\microsoft\windows nt\currentversion\accessibility.
    Configure machine\software\microsoft\windows nt\currentversion\aedebug.
    Configure machine\software\microsoft\windows nt\currentversion\asr\commands.
    Configure machine\software\microsoft\windows nt\currentversion\classes.
    Configure machine\software\microsoft\windows nt\currentversion\drivers32.
    Configure machine\software\microsoft\windows nt\currentversion\efs.
    Configure machine\software\microsoft\windows nt\currentversion\font drivers.
    Configure machine\software\microsoft\windows nt\currentversion\fontmapper.
    Configure machine\software\microsoft\windows nt\currentversion\image file execution options.
    Configure machine\software\microsoft\windows nt\currentversion\inifilemapping.
    Configure machine\software\microsoft\windows nt\currentversion\perflib.
    Configure machine\software\microsoft\windows nt\currentversion\profilelist.
    Configure machine\software\microsoft\windows nt\currentversion\secedit.
    Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole.
    Configure machine\software\microsoft\windows nt\currentversion\svchost.
    Configure machine\software\microsoft\windows nt\currentversion\terminal

    server\install\software\microsoft\windows\currentv ersion\runonce.
    Configure machine\software\microsoft\windows nt\currentversion\time zones.
    Configure machine\software\microsoft\windows nt\currentversion\windows.
    Configure machine\software\microsoft\windows nt\currentversion\winlogon.
    Configure machine\software\policies.
    Configure machine\system.
    Configure machine\system\currentcontrolset\control\class.
    Configure machine\system\currentcontrolset\control\keyboard layout.
    Configure machine\system\currentcontrolset\control\keyboard layouts.
    Configure machine\system\currentcontrolset\control\network.
    Configure machine\system\currentcontrolset\control\securepip eservers\winreg.
    Configure machine\system\currentcontrolset\control\session manager\executive.
    Configure machine\system\currentcontrolset\control\timezonei nformation.
    Configure machine\system\currentcontrolset\control\wmi\secur ity.
    Warning 5: Access is denied.
    Error setting security on machine\system\currentcontrolset\services\sptd\Cfg .
    Error 234: More data is available.
    Error enumerating info for machine\system\currentcontrolset\services.

    Configuration of Registry Keys was completed with one or more errors.


    ----Configure File Security...
    No acl support on volume D:\.
    No acl support on volume C:\.

    File Security configuration was completed successfully.


    ----Configure General Service Settings...
    Configure W32Time.
    Configure upnphost.
    Configure TrkWks.
    Configure SSDPSRV.
    Configure Spooler.
    Configure SENS.
    Configure seclogon.
    Configure secdrv.
    Warning 2: The system cannot find the file specified.
    Error configuring secdrv.

    General Service configuration was completed with one or more errors.


    ----Configure available attachment engines...

    Configuration of attachment engines was completed successfully.


    ----Configure Security Policy...
    Configure password information.
    LSA anonymous lookup names setting : existing SD = DD;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS).
    Configure LSA anonymous lookup setting.
    Guest account is disabled.

    System Access configuration was completed successfully.
    Configure log settings.

    Audit/Log configuration was completed successfully.
    Configure machine\software\microsoft\windowsnt\currentversion\setup\recoveryconsole\securitylevel.
    Configure machine\software\microsoft\windowsnt\currentversion\setup\recoveryconsole\setcommand.
    Configure machine\software\microsoft\windowsnt\currentversion\winlogon\allocatecdroms.
    Configure machine\software\microsoft\windowsnt\currentversion\winlogon\allocatedasd.
    Configure machine\software\microsoft\windowsnt\currentversion\winlogon\allocatefloppies.
    Configure machine\software\microsoft\windowsnt\currentversion\winlogon\cachedlogonscount.
    Configure machine\software\microsoft\windowsnt\currentversion\winlogon\forceunlocklogon.
    Configure machine\software\microsoft\windowsnt\currentversion\winlogon\passwordexpirywarning.
    Configure machine\software\microsoft\windowsnt\currentversion\winlogon\scremoveoption.
    Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
    Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
    Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
    Configure machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
    Configure machine\software\microsoft\windows\currentversion\policies\system\undockwithoutlogon.
    Configure machine\system\currentcontrolset\control\lsa\audit baseobjects.
    Configure machine\system\currentcontrolset\control\lsa\crash onauditfail.
    Configure machine\system\currentcontrolset\control\lsa\disab ledomaincreds.
    Configure machine\system\currentcontrolset\control\lsa\everyoneincludesanonymous.
    Configure machine\system\currentcontrolset\control\lsa\fipsa lgorithmpolicy.
    Configure machine\system\currentcontrolset\control\lsa\force guest.
    Configure machine\system\currentcontrolset\control\lsa\fullp rivilegeauditing.
    Configure machine\system\currentcontrolset\control\lsa\limitblankpassworduse.
    Configure machine\system\currentcontrolset\control\lsa\lmcom patibilitylevel.
    Configure machine\system\currentcontrolset\control\lsa\msv1_0\ntlmminclientsec.
    Configure machine\system\currentcontrolset\control\lsa\msv1_0\ntlmminserversec.
    Configure machine\system\currentcontrolset\control\lsa\nodefaultadminowner.
    Configure machine\system\currentcontrolset\control\lsa\nolmh ash.
    Configure machine\system\currentcontrolset\control\lsa\restrictanonymous.
    Configure machine\system\currentcontrolset\control\lsa\restrictanonymoussam.
    Configure machine\system\currentcontrolset\control\print\providers\lanmanprintservices\servers\addprinterdrivers.
    Configure machine\system\currentcontrolset\control\sessionmanager\kernel\obcaseinsensitive.
    Configure machine\system\currentcontrolset\control\sessionmanager\memorymanagement\clearpagefileatshutdown.
    Configure machine\system\currentcontrolset\control\sessionmanager\protectionmode.
    Configure machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
    Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
    Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
    Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
    Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
    Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
    Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
    Configure machine\system\currentcontrolset\services\ldap\lda pclientintegrity.
    Configure machine\system\currentcontrolset\services\netlogon\parameters\disablepasswordchange.
    Configure machine\system\currentcontrolset\services\netlogon\parameters\maximumpasswordage.
    Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
    Configure machine\system\currentcontrolset\services\netlogon\parameters\requirestrongkey.
    Configure machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechannel.
    Configure machine\system\currentcontrolset\services\netlogon\parameters\signsecurechannel.

    Configuration of Registry Values was completed successfully.


    ----Configure available attachment engines...

    Configuration of attachment engines was completed successfully.


    ----Un-initialize configuration engine...

    ------------------------------------------------------------------------------

    The second solution was:

    a. Install subinacl.msi from http://go.microsoft.com/fwlink/?LinkId=23418
    b. Create a batch file, reset.cmd, that contains the lines below, and save it to C:\Program

    Files\Windows Resource Kits\Tools

    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
    subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
    subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
    subinacl /subdirectories %SystemDrive% /grant=administrators=f

    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
    subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
    subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
    subinacl /subdirectories %SystemDrive% /grant=system=f

    c. Open a command prompt and type the following:

    c:\>cd\program files\windows resource kits\tools
    c:\program files\windows resource kits\tools>reset.cmd

    The result of this solution:
    It runs in DOS mode & very fast so unable to see what was happening. It gave a few errors but no

    log file so can't tell. Even if there was log file, I don't know where it is created.
    Anyway, I was able to identify 2 errors by watching carefully. Access was denied to following 2

    keys:
    hklm\security\policy\secrets\sai
    hklm\security\policy\secrets\sac

    I can't open them manually too using regedit.
    ------------------------------------------------------------------------------

    The HijackThis log is as follows:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:19:02 PM, on 12/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\Windows\System32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    D:\WINDOWS\System32\svchost.exe
    D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    D:\WINDOWS\system32\ZONELABS\vsmon.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
    D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\MSI\Core Center\CoreCenter.exe
    D:\Program Files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe
    D:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    F:\Installers\Security\Hijack This v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program

    Files\SiteAdvisor\SiteAdv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

    D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program

    Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program

    Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - D:\Program

    Files\SysShield Tools\Internet Eraser\PKExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program

    files\google\googletoolbar1.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -

    D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program

    Files\SiteAdvisor\SiteAdv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program

    files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [pccguide.exe] "D:\Program Files\Trend Micro\Internet Security

    2006\pccguide.exe"
    O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: CoreCenter.lnk = D:\Program Files\MSI\Core Center\CoreCenter.exe
    O4 - Global Startup: Internet Keyboard.lnk = ?
    O4 - Global Startup: APC UPS Status.lnk = ?
    O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy

    Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Download all links using BitComet - res://D:\Program

    Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download link using &BitComet - res://D:\Program

    Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program

    Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

    D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program

    Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program

    Files\ICQLite\ICQLite.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program

    Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

    D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: CuteShield Internet Eraser - {4A0EF50C-6A4A-4b30-84D8-53D5BC95C043} -

    D:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -

    http://www.aajtak.com/wfplayer/tdserver.cab
    O16 - DPF: {0606FB52-E881-4337-A77C-5C3E5ADC9C55} (XLoader Control) -

    http://testout.com/portal/AllUsers/XLoader.ocx
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

    http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://update.microsoft.com/windowsu...?1123321973562
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://update.microsoft.com/microsof...?1136479693968
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) -

    http://127.0.0.1/tsweb/msrdp.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) -

    http://gameadvisor.futuremark.com/global/msc311.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{23E3E14B-3668-4BA1-AF06-1253BAE274C8}: NameServer =

    203.94.243.70,203.94.227.70,59.179.243.70
    O17 - HKLM\System\CS1\Services\Tcpip\..\{23E3E14B-3668-4BA1-AF06-1253BAE274C8}: NameServer =

    203.94.243.70,203.94.227.70,59.179.243.70
    O17 - HKLM\System\CS2\Services\Tcpip\..\{23E3E14B-3668-4BA1-AF06-1253BAE274C8}: NameServer =

    203.94.243.70,203.94.227.70,59.179.243.70
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

    D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

    D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

    D:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: APC UPS Service - American Power Conversion Corporation - D:\Program Files\APC\APC

    PowerChute Personal Edition\mainserv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program

    Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. -

    D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program

    Files\Spyware Doctor\sdhelp.exe
    O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common

    Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. -

    D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. -

    D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

    D:\WINDOWS\system32\ZONELABS\vsmon.exe

    ------------------------------------------------------------------------------

    The HijackThis startup log file is as follows:

    StartupList report, 12/3/2006, 9:20:19 PM
    StartupList version: 1.52.2
    Started from : F:\Installers\Security\Hijack This v1.99.1.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v7.00 (7.00.5730.0011)
    * Using default options
    ==================================================

    Running processes:

    D:\WINDOWS\System32\smss.exe
    D:\Windows\System32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    D:\WINDOWS\System32\svchost.exe
    D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    D:\WINDOWS\system32\ZONELABS\vsmon.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
    D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\MSI\Core Center\CoreCenter.exe
    D:\Program Files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe
    D:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    F:\Installers\Security\Hijack This v1.99.1.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [D:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    CoreCenter.lnk = D:\Program Files\MSI\Core Center\CoreCenter.exe
    Internet Keyboard.lnk = ?
    APC UPS Status.lnk = ?

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = D:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    Zone Labs Client = "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    NeroFilterCheck = D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    pccguide.exe = "D:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
    EM_EXEC = D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    ctfmon.exe = D:\WINDOWS\system32\ctfmon.exe

    --------------------------------------------------

    Shell & screensaver key from D:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=D:\WINDOWS\System32\3DWIND~1.SCR
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - (no file) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - D:\Program Files\SiteAdvisor\SiteAdv.dll - {089FD14D-132B-48FC-8861-0048AE113215}
    (no name) - D:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    (no name) - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
    (no name) - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll -

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (no name) - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll -

    {9030D464-4C02-4ABF-8ECC-5164760863C6}
    SysShield IE Popup Blocker - D:\Program Files\SysShield Tools\Internet Eraser\PKExt.dll -

    {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80}
    (no name) - d:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll - {B56A7D7D-6927-48C8-A975-17DF180C71AC}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    ecrunXP.job
    Critical Battery Alarm Program.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [TDServer Control]
    InProcServer32 = D:\WINDOWS\DOWNLO~1\tdserver.ocx
    CODEBASE = http://www.aajtak.com/wfplayer/tdserver.cab

    [XLoader Control]
    InProcServer32 = D:\WINDOWS\DOWNLO~1\XLoader.ocx
    CODEBASE = http://testout.com/portal/AllUsers/XLoader.ocx

    [Macromedia Authorware Web Player Control]
    InProcServer32 = D:\WINDOWS\system32\macromed\authorwa\awswax.ocx
    CODEBASE = http://fpdownload.macromedia.com/get...re/awswaxd.cab

    [Office Update Installation Engine]
    InProcServer32 = D:\WINDOWS\opuc.dll
    CODEBASE = http://office.microsoft.com/officeup...tent/opuc3.cab

    [{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}]
    CODEBASE = http://download.mcafee.com/molbin/sh...1/mcinsctl.cab

    [WUWebControl Class]
    InProcServer32 = D:\WINDOWS\system32\wuweb.dll
    CODEBASE = http://update.microsoft.com/windowsu...?1123321973562

    [MUWebControl Class]
    InProcServer32 = D:\WINDOWS\system32\muweb.dll
    CODEBASE = http://update.microsoft.com/microsof...?1136479693968

    [Microsoft RDP Client Control (redist)]
    InProcServer32 = D:\WINDOWS\DOWNLO~1\msrdp.ocx
    CODEBASE = http://127.0.0.1/tsweb/msrdp.cab

    [Update Class]
    InProcServer32 = D:\WINDOWS\system32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.co...996.2886226852

    [Measurement Services Client v.3.11]
    InProcServer32 = D:\WINDOWS\system32\FUTURE~1\MSC\MSC3.ocx
    CODEBASE = http://gameadvisor.futuremark.com/global/msc311.cab

    [Shockwave Flash Object]
    InProcServer32 = D:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
    CODEBASE = http://fpdownload.macromedia.com/get...nt/swflash.cab

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: D:\WINDOWS\system32\SHELL32.dll
    CDBurn: D:\WINDOWS\system32\SHELL32.dll
    WebCheck: D:\WINDOWS\system32\webcheck.dll
    SysTray: D:\WINDOWS\System32\stobject.dll
    WPDShServiceObj: D:\WINDOWS\system32\WPDShServiceObj.dll

    --------------------------------------------------
    End of report, 7,066 bytes
    Report generated in 0.015 seconds
    ------------------------------------------------------------------------------

    I'm keeping reinstallation as a last resort.

    Kindly help me.
     
    g_goyal2000, Dec 4, 2006
    #1

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds