Go Back   Yahoo Booters And Yahoo Tools > Technology related > VipraSys Lab
Reload this Page hijack scan of AYAH... hehe

VipraSys Lab Have you been infected by a program found anywhere on the internet ? Did you find any program which you think is possibly infected but not sure, post it here and get a solution from our dedicated members.



Welcome to the VipraSys forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features such as download links. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, Register Now by clicking here!

Post New Thread  Reply
Page 2 of 2 < 1 2
 
LinkBack Thread Tools Display Modes
Old 07-06-2008, 09:12 PM   #11 (permalink)
+**-_huRt_-**+
 
___ayah___'s Avatar
 
Join Date: May 2008
Location: my dad's house
Posts: 249

Thanks: 121
Thanked 206 Times in 93 Posts
Reputation: 50
___ayah___ will become famous soon enough
Default Re: hijack scan of AYAH... hehe
this is the result on my scan(safe mode)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:47 PM, on 07/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Only registered users can see links. ]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Only registered users can see links. ]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Only registered users can see links. ]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Only registered users can see links. ]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [Only registered users can see links. ]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Only registered users can see links. ]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Only registered users can see links. ]
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1174609041\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1174609041\ee\services\safetyCore\ver210 _5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1174609041\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [eowei] c:\documents and settings\administrator\local settings\application data\eowei.exe eowei
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\nsinet.exe /res
O4 - Global Startup: Launchpad.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [Only registered users can see links. ]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Only registered users can see links. ]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [Only registered users can see links. ]
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - [Only registered users can see links. ]
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1174609041\ee\services\safetyCore\ver210 _5_4_1\aolavupd.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 7418 bytes
___ayah___ is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 07-06-2008, 09:48 PM   #12 (permalink)
+**-_huRt_-**+
 
___ayah___'s Avatar
 
Join Date: May 2008
Location: my dad's house
Posts: 249

Thanks: 121
Thanked 206 Times in 93 Posts
Reputation: 50
___ayah___ will become famous soon enough
Default Re: hijack scan of AYAH... hehe
is this the thing that you need

ComboFix 08-07-05.1 - Administrator 2008-07-06 16:21:35.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.399 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Local Settings\Application Data\eowei.dat
c:\documents and settings\administrator\local settings\application data\eowei.exe
c:\Documents and Settings\Administrator\Local Settings\Application Data\eowei_nav.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\eowei_navps.dat
C:\Documents and Settings\Administrator\Start Menu\crazy girls.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Spyware-Secure
C:\Documents and Settings\Administrator\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Spyware-Secure\Website.lnk
C:\Documents and Settings\All Users\Desktop\internetgamebox.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\InternetGameBox
C:\Documents and Settings\All Users\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\InternetGameBox\Privacy Policy.url
C:\Documents and Settings\All Users\Start Menu\Programs\InternetGameBox\Terms and Conditions.url
C:\Documents and Settings\All Users\Start Menu\Programs\InternetGameBox\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\InternetGameBox\Website.url
C:\Program Files\instant access
C:\Program Files\instant access\Center\Crazy Girls.upd
C:\Program Files\instant access\Center\GAMES-DESKTOP.COM.upd
C:\Program Files\instant access\Center\Icons\VIDEOZAPPING.lnk
C:\Program Files\instant access\Center\SERIALPLAYERS.upd
C:\Program Files\instant access\Center\tray1.ico
C:\Program Files\instant access\Center\VIDEOZAPPING.upd
C:\Program Files\instant access\Dialer\100266120\fp.pc-on-internet.com\50202\images\index_01.gif
C:\Program Files\instant access\Dialer\100266120\fp.pc-on-internet.com\50202\images\index_02.jpg
C:\Program Files\instant access\Dialer\100266120\fp.pc-on-internet.com\50202\images\index_03.jpg
C:\Program Files\instant access\Dialer\100266120\fp.pc-on-internet.com\50202\images\index_04.jpg
C:\Program Files\instant access\Dialer\100266120\fp.pc-on-internet.com\d64d5ca4ee82e4b61a75a4f83379e428.html
C:\Program Files\instant access\Dialer\100266120\fp.pc-on-internet.com\d64d5ca4ee82e4b61a75a4f83379e428.html _0.loginvis
C:\Program Files\instant access\Dialer\100266120\us2-external-api.dlv4.com\js\a7efb657e48df90098c7fa51e0a6ac37
C:\Program Files\instant access\Dialer\100266120\us2-www.0texkax7c6hzuidk.com\Common\e37558f07248e32c67 636b7e6a62ebff.html
C:\Program Files\instant access\Dialer\100266120\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button1.gi f
C:\Program Files\instant access\Dialer\100266120\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button2.gi f
C:\Program Files\instant access\Dialer\100266120\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button3.gi f
C:\Program Files\instant access\Dialer\100266120\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button4.gi f
C:\Program Files\instant access\Dialer\1107316562\fp.pc-on-internet.com\2fd0556044c66b949996b142a0534e1e.html
C:\Program Files\instant access\Dialer\1107316562\fp.pc-on-internet.com\2fd0556044c66b949996b142a0534e1e.html _0.loginvis
C:\Program Files\instant access\Dialer\1107316562\fp.pc-on-internet.com\50214\images\EN\index_01.jpg
C:\Program Files\instant access\Dialer\1107316562\fp.pc-on-internet.com\50214\images\index_02.jpg
C:\Program Files\instant access\Dialer\1107316562\fp.pc-on-internet.com\50214\images\index_04.jpg
C:\Program Files\instant access\Dialer\1107316562\SERIALPLAYERS.lnk
C:\Program Files\instant access\Dialer\1107316562\us2-external-api.dlv4.com\js\203aff3045aa6d1f4b4d0eeb143aa777
C:\Program Files\instant access\Dialer\1107316562\us2-www.0texkax7c6hzuidk.com\Common\ccb9ddef0426bb53e8 aea22404252aaa.html
C:\Program Files\instant access\Dialer\1107316562\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button1.gi f
C:\Program Files\instant access\Dialer\1107316562\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button2.gi f
C:\Program Files\instant access\Dialer\1107316562\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button3.gi f
C:\Program Files\instant access\Dialer\1107316562\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button4.gi f
C:\Program Files\instant access\Dialer\28682235\fp.pc-on-internet.com\3041\images\00.gif
C:\Program Files\instant access\Dialer\28682235\fp.pc-on-internet.com\3041\images\bando.jpg
C:\Program Files\instant access\Dialer\28682235\fp.pc-on-internet.com\3041\images\bando_bas.jpg
C:\Program Files\instant access\Dialer\28682235\fp.pc-on-internet.com\3041\images\bando_haut.jpg
C:\Program Files\instant access\Dialer\28682235\fp.pc-on-internet.com\3041\images\bas.gif
C:\Program Files\instant access\Dialer\28682235\fp.pc-on-internet.com\3041\images\d.gif
C:\Program Files\instant access\Dialer\28682235\fp.pc-on-internet.com\3041\images\EN\fun1.gif
C:\Program Files\instant access\Dialer\28682235\fp.pc-on-internet.com\3041\images\EN\fun2.gif
C:\Program Files\instant access\Dialer\28682235\fp.pc-on-internet.com\3041\images\EN\fun3.gif
C:\Program Files\instant access\Dialer\28682235\fp.pc-on-internet.com\3041\images\EN\fun4.gif
C:\Program Files\instant access\Dialer\28682235\fp.pc-on-internet.com\3041\images\EN\jeu1.gif
C:\Program Files\instant access\Dialer\28682235\fp.pc-on-internet.com\3041\images\EN\jeu2.gif
C:\Program Files\instant access\Dialer\28682235\fp.pc-on-internet.com\3041\images\EN\jeu3.gif
C:\Program Files\instant access\Dialer\28682235\fp.pc-on-internet.com\3041\images\EN\titre.gif
C:\Program Files\instant access\Dialer\28682235\fp.pc-on-internet.com\3041\images\g.gif
C:\Program Files\instant access\Dialer\28682235\fp.pc-on-internet.com\830e028c92beecca26d4aa8f687fe2c8.html
C:\Program Files\instant access\Dialer\28682235\fp.pc-on-internet.com\830e028c92beecca26d4aa8f687fe2c8.html _0.loginvis
C:\Program Files\instant access\Dialer\28682235\us2-external-api.dlv4.com\js\0682c20e38f60e1919791f5b5850ae35
C:\Program Files\instant access\Dialer\28682235\us2-www.0texkax7c6hzuidk.com\Common\8f625ea75a35d4e46c 3041e8f7061ceb.html
C:\Program Files\instant access\Dialer\28682235\us2-www.0texkax7c6hzuidk.com\custom\4160\4160_dialer.i co
C:\Program Files\instant access\Dialer\28682235\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button1.gi f
C:\Program Files\instant access\Dialer\28682235\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button2.gi f
C:\Program Files\instant access\Dialer\28682235\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button3.gi f
C:\Program Files\instant access\Dialer\28682235\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button4.gi f
C:\Program Files\instant access\Dialer\28682235\[Only registered users can see links. ]0063f108c4b754cc1fe7491a7324f099
C:\Program Files\instant access\Dialer\582288609\fp.pc-on-internet.com\50127\images\EN\serial-players_01.jpg
C:\Program Files\instant access\Dialer\582288609\fp.pc-on-internet.com\50127\images\EN\serial-players_02.jpg
C:\Program Files\instant access\Dialer\582288609\fp.pc-on-internet.com\50127\images\EN\serial-players_05.jpg
C:\Program Files\instant access\Dialer\582288609\fp.pc-on-internet.com\50127\images\serial-players_03.jpg
C:\Program Files\instant access\Dialer\582288609\fp.pc-on-internet.com\b52a6eb2ab36f81a1ed408fc24d86087.html
C:\Program Files\instant access\Dialer\582288609\fp.pc-on-internet.com\b52a6eb2ab36f81a1ed408fc24d86087.html _0.loginvis
C:\Program Files\instant access\Dialer\582288609\SERIALPLAYERS.lnk
C:\Program Files\instant access\Dialer\582288609\us2-external-api.dlv4.com\js\b373d0ed5a4383ba07ac63e356ff2b74
C:\Program Files\instant access\Dialer\582288609\us2-www.0texkax7c6hzuidk.com\Common\45d0d638870ff0f36d fb23ff3c4879d9.html
C:\Program Files\instant access\Dialer\582288609\us2-www.0texkax7c6hzuidk.com\custom\4341\EN\button1.gi f
C:\Program Files\instant access\Dialer\582288609\us2-www.0texkax7c6hzuidk.com\custom\4341\EN\button2.gi f
C:\Program Files\instant access\Dialer\582288609\us2-www.0texkax7c6hzuidk.com\custom\4341\EN\button3.gi f
C:\Program Files\instant access\Dialer\582288609\us2-www.0texkax7c6hzuidk.com\custom\4341\EN\button4.gi f
C:\Program Files\instant access\Dialer\73586927\fp.pc-on-internet.com\50127\images\EN\serial-players_01.jpg
C:\Program Files\instant access\Dialer\73586927\fp.pc-on-internet.com\50127\images\EN\serial-players_02.jpg
C:\Program Files\instant access\Dialer\73586927\fp.pc-on-internet.com\50127\images\EN\serial-players_05.jpg
C:\Program Files\instant access\Dialer\73586927\fp.pc-on-internet.com\50127\images\serial-players_03.jpg
C:\Program Files\instant access\Dialer\73586927\fp.pc-on-internet.com\b52a6eb2ab36f81a1ed408fc24d86087.html
C:\Program Files\instant access\Dialer\73586927\fp.pc-on-internet.com\b52a6eb2ab36f81a1ed408fc24d86087.html _0.loginvis
C:\Program Files\instant access\Dialer\73586927\us2-external-api.dlv4.com\js\b373d0ed5a4383ba07ac63e356ff2b74
C:\Program Files\instant access\Dialer\73586927\us2-www.0texkax7c6hzuidk.com\Common\45d0d638870ff0f36d fb23ff3c4879d9.html
C:\Program Files\instant access\Dialer\73586927\us2-www.0texkax7c6hzuidk.com\custom\4341\4341_dialer.i co
C:\Program Files\instant access\Dialer\73586927\us2-www.0texkax7c6hzuidk.com\custom\4341\EN\button1.gi f
C:\Program Files\instant access\Dialer\73586927\us2-www.0texkax7c6hzuidk.com\custom\4341\EN\button2.gi f
C:\Program Files\instant access\Dialer\73586927\us2-www.0texkax7c6hzuidk.com\custom\4341\EN\button3.gi f
C:\Program Files\instant access\Dialer\73586927\us2-www.0texkax7c6hzuidk.com\custom\4341\EN\button4.gi f
C:\Program Files\instant access\Dialer\73586927\[Only registered users can see links. ]
C:\Program Files\instant access\Dialer\788371765\fp.pc-on-internet.com\143061a8b4c688401ec0700c7509a8e1.html
C:\Program Files\instant access\Dialer\788371765\fp.pc-on-internet.com\143061a8b4c688401ec0700c7509a8e1.html _0.loginvis
C:\Program Files\instant access\Dialer\788371765\fp.pc-on-internet.com\50325\images\05.jpg
C:\Program Files\instant access\Dialer\788371765\fp.pc-on-internet.com\50325\images\09.jpg
C:\Program Files\instant access\Dialer\788371765\fp.pc-on-internet.com\50325\images\EN\breathless.png
C:\Program Files\instant access\Dialer\788371765\fp.pc-on-internet.com\50325\images\EN\discover.png
C:\Program Files\instant access\Dialer\788371765\fp.pc-on-internet.com\50325\images\licencebackgr.png
C:\Program Files\instant access\Dialer\788371765\fp.pc-on-internet.com\50325\images\openframe.png
C:\Program Files\instant access\Dialer\788371765\fp.pc-on-internet.com\50325\images\woman.png
C:\Program Files\instant access\Dialer\788371765\fp.pc-on-internet.com\50325\imatges.js
C:\Program Files\instant access\Dialer\788371765\us2-external-api.dlv4.com\js\723fc5d901e2b8c7526a86caa59e97fe
C:\Program Files\instant access\Dialer\788371765\us2-www.0texkax7c6hzuidk.com\Common\dcb584d36da6338933 e118873054198f.html
C:\Program Files\instant access\Dialer\788371765\us2-www.0texkax7c6hzuidk.com\custom\4291\EN\button1.gi f
C:\Program Files\instant access\Dialer\788371765\us2-www.0texkax7c6hzuidk.com\custom\4291\EN\button2.gi f
C:\Program Files\instant access\Dialer\788371765\us2-www.0texkax7c6hzuidk.com\custom\4291\EN\button3.gi f
C:\Program Files\instant access\Dialer\788371765\us2-www.0texkax7c6hzuidk.com\custom\4291\EN\button4.gi f
C:\Program Files\instant access\Dialer\906105941\fp.pc-on-internet.com\50282\images\EN\index_01.gif
C:\Program Files\instant access\Dialer\906105941\fp.pc-on-internet.com\50282\images\EN\index_02.gif
C:\Program Files\instant access\Dialer\906105941\fp.pc-on-internet.com\50282\images\index_03.jpg
C:\Program Files\instant access\Dialer\906105941\fp.pc-on-internet.com\f68778351853d8470094d2c5dae86b33.html
C:\Program Files\instant access\Dialer\906105941\fp.pc-on-internet.com\f68778351853d8470094d2c5dae86b33.html _0.loginvis
C:\Program Files\instant access\Dialer\906105941\us2-external-api.dlv4.com\js\98a2f1ef91990b4c117f22d1f772ddd0
C:\Program Files\instant access\Dialer\906105941\us2-www.0texkax7c6hzuidk.com\Common\929b40656e3731e0ce acaddc7b76f294.html
C:\Program Files\instant access\Dialer\906105941\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button1.gi f
C:\Program Files\instant access\Dialer\906105941\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button2.gi f
C:\Program Files\instant access\Dialer\906105941\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button3.gi f
C:\Program Files\instant access\Dialer\906105941\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button4.gi f
C:\Program Files\instant access\Dialer\929880455\fp.pc-on-internet.com\50127\images\EN\serial-players_01.jpg
C:\Program Files\instant access\Dialer\929880455\fp.pc-on-internet.com\50127\images\EN\serial-players_02.jpg
C:\Program Files\instant access\Dialer\929880455\fp.pc-on-internet.com\50127\images\EN\serial-players_05.jpg
C:\Program Files\instant access\Dialer\929880455\fp.pc-on-internet.com\50127\images\serial-players_03.jpg
C:\Program Files\instant access\Dialer\929880455\fp.pc-on-internet.com\b52a6eb2ab36f81a1ed408fc24d86087.html
C:\Program Files\instant access\Dialer\929880455\fp.pc-on-internet.com\b52a6eb2ab36f81a1ed408fc24d86087.html _0.loginvis
C:\Program Files\instant access\Dialer\929880455\us2-external-api.dlv4.com\js\b373d0ed5a4383ba07ac63e356ff2b74
C:\Program Files\instant access\Dialer\929880455\us2-www.0texkax7c6hzuidk.com\Common\45d0d638870ff0f36d fb23ff3c4879d9.html
C:\Program Files\instant access\Dialer\929880455\us2-www.0texkax7c6hzuidk.com\custom\4341\EN\button1.gi f
C:\Program Files\instant access\Dialer\929880455\us2-www.0texkax7c6hzuidk.com\custom\4341\EN\button2.gi f
C:\Program Files\instant access\Dialer\929880455\us2-www.0texkax7c6hzuidk.com\custom\4341\EN\button3.gi f
C:\Program Files\instant access\Dialer\929880455\us2-www.0texkax7c6hzuidk.com\custom\4341\EN\button4.gi f
C:\Program Files\internetgamebox
C:\Program Files\internetgamebox\InternetGameBox.exe
C:\Program Files\internetgamebox\language
C:\Program Files\internetgamebox\ressources\AttenteOff.html
C:\Program Files\internetgamebox\ressources\AttenteOn.html
C:\Program Files\internetgamebox\ressources\configv2_en.xml
C:\Program Files\internetgamebox\ressources\configv2_es.xml
C:\Program Files\internetgamebox\ressources\configv2_fr.xml
C:\Program Files\internetgamebox\ressources\favoris\defaultv2 .swf
C:\Program Files\internetgamebox\skins\skinv2.skn
C:\Program Files\internetgamebox\uninst.exe
C:\WINDOWS\system32\nsinet.exe
C:\WINDOWS\system32\nvs2.inf
.
((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.
2008-07-06 00:59 . 2008-07-06 15:20 <DIR> d-------- C:\SDFix
2008-07-06 00:48 . 2008-07-06 00:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 20:42 . 2008-07-05 20:43 <DIR> d-------- C:\WINDOWS\.cache
2008-07-02 16:20 . 2008-07-02 16:28 614,230,562 --a------ C:\wl_setup_2.0.3.exe.sl
2008-07-01 16:48 . 2008-07-05 20:11 23 --a------ C:\Documents and Settings\Administrator\jagex_runescape_preferences .dat
2008-06-25 14:06 . 2008-06-25 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-25 14:03 . 2008-06-25 14:03 <DIR> d-------- C:\Program Files\CCleaner
2008-06-25 13:21 . 2008-07-06 16:10 <DIR> d-------- C:\Program Files\Spyware-Secure
2008-06-24 20:51 . 2008-06-24 21:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TeamViewer
2008-06-22 21:32 . 2008-06-22 21:32 <DIR> d-------- C:\Program Files\Sun
2008-06-22 21:32 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-22 20:27 . 2008-06-25 13:31 <DIR> d-------- C:\Program Files\Frets on Fire
2008-06-22 13:59 . 2008-06-22 13:59 <DIR> d-------- C:\WINDOWS\Freecorder Toolbar
2008-06-22 13:59 . 2008-06-22 13:59 <DIR> d-------- C:\Program Files\Freecorder Toolbar
2008-06-22 13:59 . 2008-06-22 13:59 <DIR> d-------- C:\Program Files\Freecorder
2008-06-22 13:59 . 2008-06-22 13:59 <DIR> d-------- C:\Program Files\Conduit
2008-06-21 13:54 . 2008-06-22 11:48 <DIR> d-------- C:\vcs5BGEffects
2008-06-21 13:50 . 2008-07-02 15:50 <DIR> d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2008-06-20 07:45 . 2008-06-24 20:45 120 --a------ C:\WINDOWS\YAHELITE_IGNORE.INI
2008-06-19 09:41 . 2006-09-04 19:16 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-06-19 09:41 . 2006-09-04 19:16 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-06-19 08:27 . 2008-06-22 14:49 <DIR> d-------- C:\Program Files\Cheat Engine
2008-06-18 23:35 . 2008-06-18 23:35 <DIR> d-------- C:\Program Files\Half Life 2
2008-06-18 09:41 . 2008-06-23 10:06 <DIR> d-------- C:\Program Files\CamStudio
2008-06-11 00:06 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-23 01:32 --------- d-----w C:\Program Files\Java
2008-06-22 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-22 13:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-06-20 12:03 --------- d-----w C:\Program Files\Yahoo!
2008-05-28 01:04 --------- d-----w C:\Program Files\Disney
2008-05-27 03:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\GetRightToGo
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-27 16:05 10,920 ----a-w C:\aolconnfix.exe
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2008-06-15 20:50 1571864 --a------ C:\Program Files\Freecorder\tbFree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-06-15 20:50 1571864]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-06-15 20:50 1571864]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59 224248]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-01-13 15:07 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-01-13 14:53 114688]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-02-06 22:13 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-06 22:13 77824]
"HostManager"="C:\Program Files\Common Files\AOL\1174609041\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"AOLSPScheduler"="C:\Program Files\Common Files\AOL\1174609041\ee\services\safetyCore\ver210 _5_4_1\AOLSP Scheduler.exe" [2007-01-25 17:34 8784]
"sscRun"="C:\Program Files\Common Files\AOL\1174609041\ee\SSCRun.exe" [2007-01-25 17:34 153168]
"OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [2006-07-28 12:43 116272]
"EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [2006-07-28 12:43 460336]
"MPFExe"="C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" [2006-03-07 16:05 992808]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59 224248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Launchpad.lnk - C:\Program Files\IC Media Corp.\ICM532\Launchpad.exe [2007-05-22 22:23:54 49152]
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
S3 DCamUSBUVT;ICM532A;C:\WINDOWS\system32\Drivers\usb uvt.sys [2002-07-10 21:13]
S3 P1120VID;Creative WebCam NX Ultra;C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2003-09-19 02:34]
*Newly Created Service* - CATCHME
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Only registered users can see links. ]
Rootkit scan 2008-07-06 16:25:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-07-06 16:29:54
ComboFix-quarantined-files.txt 2008-07-06 20:29:51
Pre-Run: 11,095,183,360 bytes free
Post-Run: 11,121,442,816 bytes free
261 --- E O F --- 2008-07-05 18:41:08
___ayah___ is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 07-06-2008, 10:25 PM   #13 (permalink)
+**-_huRt_-**+
 
___ayah___'s Avatar
 
Join Date: May 2008
Location: my dad's house
Posts: 249

Thanks: 121
Thanked 206 Times in 93 Posts
Reputation: 50
___ayah___ will become famous soon enough
Default Re: hijack scan of AYAH... hehe
here is the result of the new one


ComboFix 08-07-05.1 - Administrator 2008-07-06 17:13:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.162 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.
2008-07-06 00:59 . 2008-07-06 15:20 <DIR> d-------- C:\SDFix
2008-07-06 00:48 . 2008-07-06 00:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 20:42 . 2008-07-05 20:43 <DIR> d-------- C:\WINDOWS\.cache
2008-07-02 16:20 . 2008-07-02 16:28 614,230,562 --a------ C:\wl_setup_2.0.3.exe.sl
2008-07-01 16:48 . 2008-07-05 20:11 23 --a------ C:\Documents and Settings\Administrator\jagex_runescape_preferences .dat
2008-06-25 14:06 . 2008-06-25 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-25 14:03 . 2008-06-25 14:03 <DIR> d-------- C:\Program Files\CCleaner
2008-06-25 13:21 . 2008-07-06 17:12 <DIR> d-------- C:\Program Files\Spyware-Secure
2008-06-24 20:51 . 2008-06-24 21:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TeamViewer
2008-06-22 21:32 . 2008-06-22 21:32 <DIR> d-------- C:\Program Files\Sun
2008-06-22 21:32 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-22 20:27 . 2008-06-25 13:31 <DIR> d-------- C:\Program Files\Frets on Fire
2008-06-22 13:59 . 2008-06-22 13:59 <DIR> d-------- C:\WINDOWS\Freecorder Toolbar
2008-06-22 13:59 . 2008-06-22 13:59 <DIR> d-------- C:\Program Files\Freecorder Toolbar
2008-06-22 13:59 . 2008-06-22 13:59 <DIR> d-------- C:\Program Files\Freecorder
2008-06-22 13:59 . 2008-06-22 13:59 <DIR> d-------- C:\Program Files\Conduit
2008-06-21 13:54 . 2008-06-22 11:48 <DIR> d-------- C:\vcs5BGEffects
2008-06-21 13:50 . 2008-07-02 15:50 <DIR> d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2008-06-20 07:45 . 2008-06-24 20:45 120 --a------ C:\WINDOWS\YAHELITE_IGNORE.INI
2008-06-19 09:41 . 2006-09-04 19:16 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-06-19 09:41 . 2006-09-04 19:16 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-06-19 08:27 . 2008-06-22 14:49 <DIR> d-------- C:\Program Files\Cheat Engine
2008-06-18 23:35 . 2008-06-18 23:35 <DIR> d-------- C:\Program Files\Half Life 2
2008-06-18 09:41 . 2008-06-23 10:06 <DIR> d-------- C:\Program Files\CamStudio
2008-06-11 00:06 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-23 01:32 --------- d-----w C:\Program Files\Java
2008-06-22 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-22 13:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-06-20 12:03 --------- d-----w C:\Program Files\Yahoo!
2008-05-28 01:04 --------- d-----w C:\Program Files\Disney
2008-05-27 03:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\GetRightToGo
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-27 16:05 10,920 ----a-w C:\aolconnfix.exe
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((( snapshot@2008-07-06_16.29.43.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-06 20:17:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-06 20:45:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2008-06-15 20:50 1571864 --a------ C:\Program Files\Freecorder\tbFree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-06-15 20:50 1571864]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-06-15 20:50 1571864]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59 224248]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-01-13 15:07 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-01-13 14:53 114688]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-02-06 22:13 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-06 22:13 77824]
"HostManager"="C:\Program Files\Common Files\AOL\1174609041\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"AOLSPScheduler"="C:\Program Files\Common Files\AOL\1174609041\ee\services\safetyCore\ver210 _5_4_1\AOLSP Scheduler.exe" [2007-01-25 17:34 8784]
"sscRun"="C:\Program Files\Common Files\AOL\1174609041\ee\SSCRun.exe" [2007-01-25 17:34 153168]
"OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [2006-07-28 12:43 116272]
"EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [2006-07-28 12:43 460336]
"MPFExe"="C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" [2006-03-07 16:05 992808]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59 224248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Launchpad.lnk - C:\Program Files\IC Media Corp.\ICM532\Launchpad.exe [2007-05-22 22:23:54 49152]
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
R3 DCamUSBUVT;ICM532A;C:\WINDOWS\system32\Drivers\usb uvt.sys [2002-07-10 21:13]
S3 P1120VID;Creative WebCam NX Ultra;C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2003-09-19 02:34]
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Only registered users can see links. ]
Rootkit scan 2008-07-06 17:16:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-07-06 17:22:23
ComboFix-quarantined-files.txt 2008-07-06 21:22:16
ComboFix2.txt 2008-07-06 20:29:55
Pre-Run: 11,122,962,432 bytes free
Post-Run: 11,116,978,176 bytes free
114 --- E O F --- 2008-07-05 18:41:08
___ayah___ is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 07-06-2008, 10:31 PM   #14 (permalink)
+**-_huRt_-**+
 
___ayah___'s Avatar
 
Join Date: May 2008
Location: my dad's house
Posts: 249

Thanks: 121
Thanked 206 Times in 93 Posts
Reputation: 50
___ayah___ will become famous soon enough
Default Re: hijack scan of AYAH... hehe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:55 PM, on 07/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1174609041\ee\services\safetyCore\ver210 _5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\IC Media Corp\ICM532\Launchpad.exe
C:\Program Files\Common Files\AOL\1174609041\ee\aolsoftware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1174609041\ee\services\safetyCore\ver210 _5_4_1\aolavupd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\1174609041\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1174609041\ee\SSCEvtHdlr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Only registered users can see links. ]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Only registered users can see links. ]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Only registered users can see links. ]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [Only registered users can see links. ]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Only registered users can see links. ]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Only registered users can see links. ]
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1174609041\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1174609041\ee\services\safetyCore\ver210 _5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1174609041\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Launchpad.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [Only registered users can see links. ]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Only registered users can see links. ]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [Only registered users can see links. ]
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - [Only registered users can see links. ]
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1174609041\ee\services\safetyCore\ver210 _5_4_1\aolavupd.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 7970 bytes
___ayah___ is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 07-06-2008, 10:46 PM   #15 (permalink)
~~Special-Ones~~
 
~~ViT~~'s Avatar
 
Join Date: Feb 2007
Location: In the middle of nothing... in the middle of everything ...
Posts: 14,758

Thanks: 560
Thanked 31,027 Times in 6,647 Posts
Reputation: 109103
~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute
Default Re: hijack scan of AYAH... hehe
u need delete this keys in hijackthis

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL

O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - [Only registered users can see links. ]


after u delet this keys rebote the pc and delete this folder

C:\Program Files\AskPBar\

id dont let u delete in safe mode

and post a new hijackthis
~~ViT~~ is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
The Following User Says Thank You to ~~ViT~~ For This Useful Post:
___ayah___ (07-06-2008)
Old 07-06-2008, 11:00 PM   #16 (permalink)
+**-_huRt_-**+
 
___ayah___'s Avatar
 
Join Date: May 2008
Location: my dad's house
Posts: 249

Thanks: 121
Thanked 206 Times in 93 Posts
Reputation: 50
___ayah___ will become famous soon enough
Default Re: hijack scan of AYAH... hehe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:56 PM, on 07/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1174609041\ee\services\safetyCore\ver210 _5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\IC Media Corp\ICM532\Launchpad.exe
C:\Program Files\Common Files\AOL\1174609041\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1174609041\ee\services\safetyCore\ver210 _5_4_1\aolavupd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\1174609041\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1174609041\ee\SSCEvtHdlr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Administrator\My Documents\VipraMudHook\VipraLauncher.exe
C:\Documents and Settings\Administrator\My Documents\pinoy_room_conquer\Pinoy Room Conquer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Only registered users can see links. ]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Only registered users can see links. ]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Only registered users can see links. ]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [Only registered users can see links. ]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Only registered users can see links. ]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Only registered users can see links. ]
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1174609041\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1174609041\ee\services\safetyCore\ver210 _5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1174609041\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Launchpad.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [Only registered users can see links. ]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Only registered users can see links. ]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [Only registered users can see links. ]
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1174609041\ee\services\safetyCore\ver210 _5_4_1\aolavupd.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 7239 bytes
___ayah___ is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 07-06-2008, 11:04 PM   #17 (permalink)
~~Special-Ones~~
 
~~ViT~~'s Avatar
 
Join Date: Feb 2007
Location: In the middle of nothing... in the middle of everything ...
Posts: 14,758

Thanks: 560
Thanked 31,027 Times in 6,647 Posts
Reputation: 109103
~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute~~ViT~~ has a reputation beyond repute
Default Re: hijack scan of AYAH... hehe
ok done now u just need delete that folder i have post

and when u have 2+ hrs make a scan online here and post the result

[Only registered users can see links. ]
~~ViT~~ is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
The Following 2 Users Say Thank You to ~~ViT~~ For This Useful Post:
Jidder (07-06-2008), ___ayah___ (07-06-2008)
Post New Thread  Reply
Page 2 of 2 < 1 2

« Check me on new pc :yrock: | Bro Vit Hijack This »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies