Username "G-Stress" - 09/21/2008 20:44:42 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdtcc.exe"
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{01B65D11-9A17-423B-AB08-88F5A82BB019}
"nameserver"="85.255.115.75,85.255.112.109" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{EFA09CA7-E9E1-402D-B4D6-A4D182E8198C}
"nameserver"="85.255.115.75,85.255.112.109" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{01B65D11-9A17-423B-AB08-88F5A82BB019}
"DhcpNameServer"="85.255.115.75,85.255.112.109" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{EFA09CA7-E9E1-402D-B4D6-A4D182E8198C}
"DhcpNameServer"="85.255.115.75,85.255.112.109" <Value cleared.
Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\TEMP\kdtcc.ren 53248 06/13/2007
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinVNC"="\"C:\\Program Files\\TightVNC\\WinVNC.exe\" -servicehelper"
"vptray"="C:\\Program Files\\NavNT\\vptray.exe"
"bpk"="C:\\Program Files\\BPK\\bpk.exe"
"C:\\WINDOWS\\system32\\kdtcc.exe"="C:\\WINDOWS\\system32\\kdtcc.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:42 PM, on 9/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\r_server.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\BPK\bpk.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\G-Stress\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.se1.attbb.net:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SS SS Plugin - {1D1B2879-99FF-11E3-8D96-D7ACAC95952A} - C:\Program Files\BPK\bpkwb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [bpk] C:\Program Files\BPK\bpk.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdtcc.exe] C:\WINDOWS\system32\kdtcc.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1208658727781
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xtech.n64
O17 - HKLM\Software\..\Telephony: DomainName = xtech.n64
O17 - HKLM\System\CCS\Services\Tcpip\..\{01B65D11-9A17-423B-AB08-88F5A82BB019}: NameServer = 85.255.115.75,85.255.112.109
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFA09CA7-E9E1-402D-B4D6-A4D182E8198C}: NameServer = 85.255.115.75,85.255.112.109
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xtech.n64
O17 - HKLM\System\CS1\Services\Tcpip\..\{01B65D11-9A17-423B-AB08-88F5A82BB019}: NameServer = 85.255.115.75,85.255.112.109
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = xtech.n64
O17 - HKLM\System\CS2\Services\Tcpip\..\{01B65D11-9A17-423B-AB08-88F5A82BB019}: NameServer = 85.255.115.75,85.255.112.109
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
O23 - Service: SSL-Explorer - Unknown owner - C:\Program Files\sslexplorer\install\platforms\windows\wrapper.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe
--
End of file - 6506 bytes