verachion
11-30-2005, 11:19 AM
Here is HJT LOG from my colleagues computer can youlet me know if its ok ? the reason being he is apparently experiencing some problems with his clock and date settings, they keep changing by one day without him knowing, for example it showed the right time and date this morning however by the afternoon he pointed out that it had changed to 01/12/05 ?
Logfile of HijackThis v1.99.1
Scan saved at 4:17:15 AM, on 11/30/05
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE
c:\winnt\rcmdsvc.exe
C:\WINNT\system32\RpcSs.exe
C:\WINNT\System32\NMSSvc.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\SysTray.Exe
C:\WINNT\System32\atiptaxx.exe
C:\WINNT\System32\loadwc.exe
C:\WINNT\System32\autoupdatev2.exe
C:\WINNT\System32\ddhelp.exe
C:\DHL\EasyShip\BIN\DHLSPS32.exe
C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\TEMP\Rar$EX00.903\HijackThis.exe
C:\TEMP\Rar$EX00.698\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.us.dhl.com:8080
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKCU\..\Run: [autoupdatev2] C:\WINNT\System32\autoupdatev2.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .mov: C:\PROGRA~1\net.old\Communicator\Program\PLUGINS\N PQTW32.DLL
O13 - WWW. Prefix: http://
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lhr-co.gb.dhl.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lhr-co.gb.dhl.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 10.93.50.11 10.93.32.11
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lhr-co.gb.dhl.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 10.93.50.11 10.93.32.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 10.93.50.11 10.93.32.11
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: NMS Service (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Remote Command Service - Unknown owner - c:\winnt\rcmdsvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 4:17:15 AM, on 11/30/05
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE
c:\winnt\rcmdsvc.exe
C:\WINNT\system32\RpcSs.exe
C:\WINNT\System32\NMSSvc.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\SysTray.Exe
C:\WINNT\System32\atiptaxx.exe
C:\WINNT\System32\loadwc.exe
C:\WINNT\System32\autoupdatev2.exe
C:\WINNT\System32\ddhelp.exe
C:\DHL\EasyShip\BIN\DHLSPS32.exe
C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\TEMP\Rar$EX00.903\HijackThis.exe
C:\TEMP\Rar$EX00.698\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.us.dhl.com:8080
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKCU\..\Run: [autoupdatev2] C:\WINNT\System32\autoupdatev2.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .mov: C:\PROGRA~1\net.old\Communicator\Program\PLUGINS\N PQTW32.DLL
O13 - WWW. Prefix: http://
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lhr-co.gb.dhl.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lhr-co.gb.dhl.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 10.93.50.11 10.93.32.11
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lhr-co.gb.dhl.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 10.93.50.11 10.93.32.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 10.93.50.11 10.93.32.11
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: NMS Service (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Remote Command Service - Unknown owner - c:\winnt\rcmdsvc.exe