Please help me to remove this nasty guy.
Here is my HijackThis log file:
Logfile of HijackThis v1.99.1
Scan saved at 10:24:16, on 29.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\RemotelyAnywhere\RaMaint.exe
D:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
D:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
D:\Program Files\Kerio\WinRoute Firewall\winroute.exe
D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
D:\WINDOWS\system32\vmnetdhcp.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
D:\WINDOWS\system32\RunDLL32.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\RemotelyAnywhere\RAGui.exe
D:\Program Files\Softwin\BitDefender8\bdoesrv.exe
D:\Program Files\Softwin\BitDefender8\bdswitch.exe
D:\Program Files\D-Tools\daemon.exe
D:\WINDOWS\TBPanel.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe
D:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
D:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
D:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Softwin\BitDefender8\vsserv.exe
d:\progra~1\softwin\bitdef~1\bdmcon.exe
D:\Documents and Settings\Vlado Velkovski\Desktop\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVRemote] D:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RemotelyAnywhere GUI] "D:\Program Files\RemotelyAnywhere\RAGui.exe"
O4 - HKLM\..\Run: [BDMCon] D:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] D:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] d:\program files\softwin\bitdefender8\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] D:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Gainward] D:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [WrCtrl] "D:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe"
O4 - HKCU\..\Run: [AWMON] "D:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program Files\GetRight\getright.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128689559046
O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} (JInitiator 1.3.1.9) - http://vladocomp:888...iator/jinit.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://vladocomp:21...ivex/RACtrl.cab
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - D:\PROGRA~1\QUESTS~1\SQLNAV~1\RNetPin.dll
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll
O20 - Winlogon Notify: ckpNotify - D:\WINDOWS\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: RAinit - D:\WINDOWS\SYSTEM32\RAinit.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\Orc9Serv\bin\omtsreco.exe
O23 - Service: OracleOrc9DevlAgent - Oracle Corporation - D:\Orc9Devl\bin\agntsrvc.exe
O23 - Service: OracleOrc9DevlClientCache - Unknown owner - D:\Orc9Devl\BIN\ONRSD.EXE
O23 - Service: OracleOrc9ServAgent - Oracle Corporation - D:\Orc9Serv\bin\agntsrvc.exe
O23 - Service: OracleOrc9ServClientCache - Unknown owner - D:\Orc9Serv\BIN\ONRSD.EXE
O23 - Service: OracleOrc9ServCMAdmin - Unknown owner - D:\Orc9Serv\BIN\CMADMIN.EXE
O23 - Service: OracleOrc9ServCMan - Unknown owner - D:\Orc9Serv\BIN\CMGW.EXE
O23 - Service: OracleOrc9ServHTTPServer - Unknown owner - D:\Orc9Serv\Apache\Apache\apache.exe" --ntservice (file missing)
O23 - Service: OracleOrc9ServPagingServer - Unknown owner - D:\Orc9Serv/bin/pagntsrv.exe
O23 - Service: OracleOrc9ServSNMPPeerEncapsulator - Unknown owner - D:\Orc9Serv\BIN\ENCSVC.EXE
O23 - Service: OracleOrc9ServSNMPPeerMasterAgent - Unknown owner - D:\Orc9Serv\BIN\AGNTSVC.EXE
O23 - Service: OracleOrc9ServTNSListenerVLADODB_LSNR - Unknown owner - D:\Orc9Serv\BIN\TNSLSNR.exe
O23 - Service: OracleServiceVLADODB - Oracle Corporation - d:\orc9serv\bin\ORACLE.EXE
O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - 3am Labs, Inc. - D:\Program Files\RemotelyAnywhere\RaMaint.exe
O23 - Service: RemotelyAnywhere - 3am Labs, Inc. - D:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - D:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: Kerio WinRoute Firewall (WinRoute) - Kerio Technologies - D:\Program Files\Kerio\WinRoute Firewall\winroute.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Many thanks in advance.
-- BuGzY.