I've tried to post both of the logs at the time time, but it shows that i have not DL'd the new version oh hijacker.
I just ran DSS again with the new hijacker version installed, but it wont give me another extra.txt notepad
let me see if it will let me post the new main.txt notpad
Deckard's System Scanner v20071014.68
Run by jlaxaman on 2008-08-17 13:13:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as jlaxaman.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:35 PM, on 8/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\jlaxaman\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jlaxaman.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.rudolphtech.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://us.rd.yahoo.c...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.c...//www.yahoo.comO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {20FBC8B1-6DDC-464A-A7F5-3CBC32E259EE} - C:\WINDOWS\system32\comui.dll (file missing)
O2 - BHO: (no name) - {3170C42F-5C0A-4AFA-8D42-C1AB0A0AFD58} - C:\WINDOWS\system32\khfFwxVP.dll (file missing)
O2 - BHO: (no name) - {36953122-9F7C-4461-AF35-E23242461FD7} - C:\WINDOWS\system32\urqNETmn.dll (file missing)
O2 - BHO: (no name) - {7665D216-D7AB-420C-A09E-4220EA0D0570} - C:\WINDOWS\system32\nnnnOhIA.dll (file missing)
O2 - BHO: (no name) - {76781874-9D53-4542-A5FC-BDA49E7418DC} - C:\WINDOWS\system32\awttsQgh.dll (file missing)
O2 - BHO: (no name) - {9C28EAFB-FF50-4F42-8D39-A006129CC907} - C:\WINDOWS\system32\khfETmnn.dll (file missing)
O2 - BHO: (no name) - {9DF9874E-C0ED-478F-B278-854E4BCC19A9} - C:\WINDOWS\system32\vtUlLEWn.dll (file missing)
O2 - BHO: (no name) - {B464F6A1-DC41-4F7F-9298-22E256D4FBF6} - C:\WINDOWS\system32\pmkhh.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [DriveCleaner Free] "C:\Program Files\DriveCleaner Free\UDC.exe" /min
O4 - HKLM\..\Run: [UDC6cw] "C:\Program Files\DriveCleaner Free\UDC6cw.exe" -c
O4 - HKLM\..\Run: [dnse] "C:\Program Files\Common Files\DriveCleaner Free\dnse.exe" -c
O4 - HKLM\..\Run: [dcsm] "C:\Program Files\Common Files\DriveCleaner Free\dcsm.exe"
O4 - HKLM\..\Run: [{01-19-91-1E-ZN}] C:\windows\system32\nndsregk.exe CHD003
O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\system32\nndsregk.exe CHD003
O4 - HKLM\..\Run: [98b019b1] rundll32.exe "C:\WINDOWS\system32\bqciwrgx.dll",b
O4 - HKLM\..\Run: [BM9b832a2d] Rundll32.exe "C:\WINDOWS\system32\aejnwgao.dll",s
O4 - HKLM\..\Run: [{9e879e42-bc8e-890b-0b3c-960fa76c8c2b}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\zrvtjoypnqbw.dll" DllStart
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdddz.exe] C:\WINDOWS\system32\kdddz.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Wij] "C:\Documents and Settings\jlaxaman\My Documents\??sembly\w?crtupd.exe"
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RTEC.NET
O17 - HKLM\Software\..\Telephony: DomainName = RTEC.NET
O20 - AppInit_DLLs: flyidfuj.dll
O20 - Winlogon Notify: efcBqolj - efcBqolj.dll (file missing)
O20 - Winlogon Notify: khfETmnn - khfETmnn.dll (file missing)
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll (file missing)
O20 - Winlogon Notify: urqNETmn - urqNETmn.dll (file missing)
O21 - SSODL: ovFGmn - {98B0191F-321A-B3B5-2FD0-D96E95EE0F61} - C:\WINDOWS\system32\kfdh.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) -
http://www.browning....s/2004jul_s.jpgO24 - Desktop Component 1: (no name) -
http://www.browning....s/2004jul_l.jpgO24 - Desktop Component 2: (no name) -
http://www.browning....s/2004jul_m.jpg--
End of file - 10495 bytes
-- Files created between 2008-07-17 and 2008-08-17 -----------------------------
2008-08-17 12:49:34 0 d-------- C:\Program Files\Trend Micro
2008-08-17 11:55:42 0 d-------- C:\Documents and Settings\jlaxaman\Application Data\Malwarebytes
2008-08-17 11:55:39 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-17 11:55:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-13 04:35:01 109150 --a------ C:\WINDOWS\system32\drivers\527d489f.sys
2008-08-12 03:08:21 3407872 --a------ C:\Documents and Settings\jlaxaman\ntuser.dat
2008-07-17 18:08:57 64857 --a------ C:\WINDOWS\system32\duofmsrxys.exe
-- Find3M Report ---------------------------------------------------------------
2008-08-17 12:23:03 0 d-------- C:\Program Files\Symantec AntiVirus
2008-08-17 01:07:20 0 d-------- C:\Program Files\LogMeIn
2008-08-16 22:11:27 0 d-------- C:\Program Files\Common Files
2008-08-16 22:11:23 0 d-------- C:\Program Files\Common Files\?racle
2008-07-30 22:51:34 0 d-------- C:\Program Files\Warcraft III
2008-07-25 15:35:11 859212 --ahs---- C:\WINDOWS\system32\hgQsttwa.ini2
2008-07-16 20:27:39 0 d-------- C:\Program Files\World of Warcraft
2008-06-23 23:08:11 645222 --ahs--c- C:\WINDOWS\system32\nWELlUtv.ini2
2008-06-22 13:34:54 753744 --ahs--c- C:\WINDOWS\system32\AIhOnnnn.ini2
2008-06-21 00:37:03 0 d-------- C:\Program Files\D-Link AirPlus Xtreme G
2008-06-21 00:37:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 00:26:18 0 d-------- C:\Program Files\WebEx
2008-06-21 00:10:58 0 d-------- C:\Program Files\AT&T Global Network Client
2008-06-20 22:00:48 60928 --a----c- C:\WINDOWS\system32\crap1 <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-06-07 15:32:50 76459 --a----c- C:\WINDOWS\War3Unin.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20FBC8B1-6DDC-464A-A7F5-3CBC32E259EE}]
C:\WINDOWS\system32\comui.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3170C42F-5C0A-4AFA-8D42-C1AB0A0AFD58}]
C:\WINDOWS\system32\khfFwxVP.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36953122-9F7C-4461-AF35-E23242461FD7}]
C:\WINDOWS\system32\urqNETmn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7665D216-D7AB-420C-A09E-4220EA0D0570}]
C:\WINDOWS\system32\nnnnOhIA.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76781874-9D53-4542-A5FC-BDA49E7418DC}]
C:\WINDOWS\system32\awttsQgh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C28EAFB-FF50-4F42-8D39-A006129CC907}]
C:\WINDOWS\system32\khfETmnn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DF9874E-C0ED-478F-B278-854E4BCC19A9}]
C:\WINDOWS\system32\vtUlLEWn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B464F6A1-DC41-4F7F-9298-22E256D4FBF6}]
C:\WINDOWS\system32\pmkhh.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [10/07/2005 10:13 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/13/2005 02:44 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/13/2005 02:41 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/13/2005 02:45 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 03:48 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/28/2005 09:55 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [12/28/2005 09:56 AM]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 02:30 PM C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 06:29 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/06/2006 12:58 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/02/2005 06:00 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [08/18/2005 09:50 AM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [02/28/2008 03:31 PM]
"DriveCleaner Free"="C:\Program Files\DriveCleaner Free\UDC.exe" []
"UDC6cw"="C:\Program Files\DriveCleaner Free\UDC6cw.exe" []
"dnse"="C:\Program Files\Common Files\DriveCleaner Free\dnse.exe" []
"dcsm"="C:\Program Files\Common Files\DriveCleaner Free\dcsm.exe" []
"{01-19-91-1E-ZN}"="C:\windows\system32\nndsregk.exe" [05/17/2007 09:52 PM]
"{ZN}"="C:\WINDOWS\system32\nndsregk.exe" [05/17/2007 09:52 PM]
"98b019b1"="C:\WINDOWS\system32\bqciwrgx.dll" []
"BM9b832a2d"="C:\WINDOWS\system32\aejnwgao.dll" []
"{9e879e42-bc8e-890b-0b3c-960fa76c8c2b}"="C:\WINDOWS\system32\zrvtjoypnqbw.dll" []
"C:\WINDOWS\system32\kdddz.exe"="C:\WINDOWS\system32\kdddz.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Wij"="C:\Documents and Settings\jlaxaman\My Documents\??sembly\w?crtupd.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [8/17/2006 7:37:10 AM]
D-Link AirPlus Xtreme G Configuration Utility.lnk - C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe [6/21/2008 12:37:03 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/9/2006 8:13:38 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 1:15:54 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9C28EAFB-FF50-4F42-8D39-A006129CC907}"= C:\WINDOWS\system32\khfETmnn.dll [ ]
"{36953122-9F7C-4461-AF35-E23242461FD7}"= C:\WINDOWS\system32\urqNETmn.dll [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ovFGmn"= {98B0191F-321A-B3B5-2FD0-D96E95EE0F61} - C:\WINDOWS\system32\kfdh.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcBqolj]
efcBqolj.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfETmnn]
khfETmnn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 05/28/2008 12:32 PM 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhh]
C:\WINDOWS\system32\pmkhh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqNETmn]
urqNETmn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=flyidfuj.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awttsQgh
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{948c1d54-01a2-11dc-a239-0015c54b8ed3}]
AutoRun\command- E:\podcastready.exe
-- End of Deckard's System Scanner: finished at 2008-08-17 13:14:11 ------------
ill also try and post the old extra.txt notepad.
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Genuine Intel® CPU T2400 @ 1.83GHz
CPU 1: Genuine Intel® CPU T2400 @ 1.83GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1014.11 MiB / 569.31 MiB
Pagefile Memory (total/avail): 2441.76 MiB / 2119.97 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.49 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 55.83 GiB total, 29.99 GiB free.
\\.\PHYSICALDRIVE0 - Hitachi HTS721060G9SA00 - 55.89 GiB - 2 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 55.83 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
AV: Symantec AntiVirus Corporate Edition v9.0.5.1000 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\jlaxaman\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JLAXAMANA-LT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\jlaxaman
LOGONSERVER=\\SOLOMON
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\jlaxaman\LOCALS~1\Temp
TMP=C:\DOCUME~1\jlaxaman\LOCALS~1\Temp
USERDOMAIN=RUDOLPH_LAN
USERNAME=jlaxaman
USERPROFILE=C:\Documents and Settings\jlaxaman
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
jlaxaman
(admin)neptune
(admin)rmontoya
(new local, admin, net ready)archie
(admin)admin
(new local, admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AT&T Global Network Client --> C:\Program Files\AT&T Global Network Client\NetUN.exe
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Broadcom Advanced Control Suite --> MsiExec.exe /X{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
D-Link AirPlus Xtreme G Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52A5F706-2FCC-4C14-9E9A-345C2DCB25E9}\Setup.exe" -l0x9
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Enhancement Browser Tools Gooochi --> C:\WINDOWS\system32\duofmsrxys.exe
Eqt32 3.16 --> \UNWISE.EXE C:\PROGRA~1\
FileMaker Pro 8.5 --> MsiExec.exe /I{DC4C464D-416A-4F42-B212-8B744C1BB4AE}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
iBaan Windows --> MsiExec.exe /I{150662E1-E17E-4EDF-897D-7B3CD3FA90E1}
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
LogMeIn --> MsiExec.exe /I{FCD06104-04F6-45AA-886B-0FB75C7EED3D}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Office 2000 SR-1 Standard --> MsiExec.exe /I{00020409-78E1-11D2-B60F-006097C998E7}
Microsoft Virtual PC 2004 --> MsiExec.exe /X{CCCAFDDE-ECEC-4AE4-BD97-047076BBD4A9}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Symantec AntiVirus --> MsiExec.exe /I{2CFECCAA-8CB0-459B-9636-40430DBC8951}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WebEx --> C:\PROGRA~1\WebEx\atcliun.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type27425 / Error
Event Submitted/Written: 08/17/2008 00:40:03 PM
Event ID/Source: 56 / LiveUpdate
Event Description:
6002: LiveUpdate failed because the LiveUpdate package could not be uncompressed.
Make sure your disk is not full and run LiveUpdate again.
Event Record #/Type27422 / Error
Event Submitted/Written: 08/17/2008 00:39:24 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: The data is invalid.
Event Record #/Type27421 / Error
Event Submitted/Written: 08/17/2008 00:23:53 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
Event Record #/Type27414 / Error
Event Submitted/Written: 08/17/2008 00:22:53 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Event Record #/Type27408 / Error
Event Submitted/Written: 08/17/2008 00:02:26 PM / 08/17/2008 00:02:27 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Trojan.Blusod in File: C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\baka[1].ext by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type75283 / Warning
Event Submitted/Written: 08/17/2008 00:38:56 PM
Event ID/Source: 11165 / DnsApi
Event Description:
The system failed to register host (A) resource records (RRs) for
network adapter
with settings:
Adapter Name : {5BC98849-3FD5-4874-ABAA-722FDAEC0F67}
Host Name : JLaxamana-LT
Primary Domain Suffix : RTEC.NET
DNS server list :
192.168.0.1
Sent update to server : <?>
IP Address(es) :
192.168.0.5
The reason the system could not register these RRs was because the
DNS server contacted refused the update request. The reasons for this
might be (a) you are not allowed to update the specified DNS domain name,
or (b) because the DNS server authoritative for this name does not support
the DNS dynamic update protocol.
To register the DNS host (A) resource records using the specific DNS
domain name and IP addresses for this adapter, contact your DNS server
or network systems administrator.
Event Record #/Type75282 / Error
Event Submitted/Written: 08/17/2008 00:38:28 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.
Event Record #/Type75281 / Warning
Event Submitted/Written: 08/17/2008 00:38:28 PM
Event ID/Source: 14 / W32Time
Event Description:
The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 30 minutes.
Event Record #/Type75280 / Error
Event Submitted/Written: 08/17/2008 00:27:55 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460
Event Record #/Type75278 / Error
Event Submitted/Written: 08/17/2008 00:23:26 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
-- End of Deckard's System Scanner: finished at 2008-08-17 12:41:10 ------------