Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #16  
Old January 16th, 2007, 11:00 PM
laptopaddict's Avatar
laptopaddict laptopaddict is offline
Member
 
Join Date: Apr 2006
O/S: Windows Vista 32-bit
Age: 39
Posts: 70
this is uninstall_list

A4 TECH USB PC Camera H
ACDSee Trial
ACE Mega CoDecS Pack
Active Security Monitor 2.0.0.18
Active Virus Shield
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.7
Adobe® Photoshop® Album Starter Edition 3.0
aMSN
AOL Security Toolbar
Athlon 64 Processor Driver
ATI - Yazılım Kaldır Yardımcı Programı
ATI Kontrol Paneli
AVG Anti-Spyware 7.5
BSplayer
Conexant AC-Link Audio
CyberAnswers.org
EViews 5
FlashGet(JetCar)
FreeRIP v2.945
Google Earth
Google Talk (remove only)
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Windows XP (KB909394)
HP BIOS Configuration for ProtectTools 1.00 D4
HP Credential Manager for ProtectTools
HP Help and Support
HP Integrated Module with Bluetooth wireless technology
HP Notebook Accessories Product Tour
HP ProtectTools Security Manager 2.00 A4
HP Wireless Assistant 2.00 B1
HP_User_Guides_0003
InterVideo DVD Check
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
K-Lite Codec Pack 2.72 Full
Last.fm 1.1.0.0
Lexmark Supplies Monitor
Lexmark Z25-Z35
McAfee Personal Firewall Plus
McAfee SecurityCenter
Messenger Plus! Live & Sponsor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 1.1 Turkish Language Pack
Microsoft ActiveSync
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Mozilla Firefox (1.5.0.9)
MSXML 4.0 SP2 (KB927978)
My Global Search Bar
Network Play System (Patching)
Nokia Connectivity Cable Driver
Nokia PC Suite
PC Connectivity Solution
Picasa 2
Quick Launch Buttons 5.20 F2
QuickTime
RealPlayer
Skype 3.0
Skype Plugin Manager
SoftV.90 Data Fax Modem with SmartCP
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Sozluk v1.5
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
The Sims Hot Date
TurboNote+
USB Cable DCU-11
Winamp (remove only)
Windows Driver Package - MSN (usbccgp) USB (04/19/2006 1.1.0.2)
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Player (KB911564) için Güvenlik Güncelleştirmesi
Windows Media Player 10
Windows Media Player 10 (KB917734) için Güvenlik Güncelleştirmesi
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 6.4 (KB925398) için Güvenlik Güncelleştirmesi
Windows XP (KB923689) için Güvenlik Güncelleştirmesi
Windows XP Düzeltme - KB873333
Windows XP Düzeltme - KB873339
Windows XP Düzeltme - KB883667
Windows XP Düzeltme - KB884575
Windows XP Düzeltme - KB885250
Windows XP Düzeltme - KB885464
Windows XP Düzeltme - KB885835
Windows XP Düzeltme - KB885836
Windows XP Düzeltme - KB885855
Windows XP Düzeltme - KB885884
Windows XP Düzeltme - KB886185
Windows XP Düzeltme - KB887472
Windows XP Düzeltme - KB887742
Windows XP Düzeltme - KB888113
Windows XP Düzeltme - KB888239
Windows XP Düzeltme - KB888302
Windows XP Düzeltme - KB888402
Windows XP Düzeltme - KB889673
Windows XP Düzeltme - KB890859
Windows XP Düzeltme - KB891781
Windows XP Düzeltme - KB892559
Windows XP için Düzeltme (KB896256)
Windows XP için Güncelleştirme (KB894391)
Windows XP için Güncelleştirme (KB898461)
Windows XP için Güncelleştirme (KB900485)
Windows XP için Güncelleştirme (KB908531)
Windows XP için Güncelleştirme (KB910437)
Windows XP için Güncelleştirme (KB911280)
Windows XP için Güncelleştirme (KB916595)
Windows XP için Güncelleştirme (KB920872)
Windows XP için Güncelleştirme (KB922582)
Windows XP için Güvenlik Güncelleştirmesi (KB883939)
Windows XP için Güvenlik Güncelleştirmesi (KB890046)
Windows XP için Güvenlik Güncelleştirmesi (KB893066)
Windows XP için Güvenlik Güncelleştirmesi (KB893756)
Windows XP için Güvenlik Güncelleştirmesi (KB896358)
Windows XP için Güvenlik Güncelleştirmesi (KB896422)
Windows XP için Güvenlik Güncelleştirmesi (KB896423)
Windows XP için Güvenlik Güncelleştirmesi (KB896424)
Windows XP için Güvenlik Güncelleştirmesi (KB896428)
Windows XP için Güvenlik Güncelleştirmesi (KB899587)
Windows XP için Güvenlik Güncelleştirmesi (KB899591)
Windows XP için Güvenlik Güncelleştirmesi (KB900725)
Windows XP için Güvenlik Güncelleştirmesi (KB901017)
Windows XP için Güvenlik Güncelleştirmesi (KB901214)
Windows XP için Güvenlik Güncelleştirmesi (KB902400)
Windows XP için Güvenlik Güncelleştirmesi (KB904706)
Windows XP için Güvenlik Güncelleştirmesi (KB905414)
Windows XP için Güvenlik Güncelleştirmesi (KB905749)
Windows XP için Güvenlik Güncelleştirmesi (KB908519)
Windows XP için Güvenlik Güncelleştirmesi (KB911562)
Windows XP için Güvenlik Güncelleştirmesi (KB911567)
Windows XP için Güvenlik Güncelleştirmesi (KB911927)
Windows XP için Güvenlik Güncelleştirmesi (KB912919)
Windows XP için Güvenlik Güncelleştirmesi (KB913433)
Windows XP için Güvenlik Güncelleştirmesi (KB913580)
Windows XP için Güvenlik Güncelleştirmesi (KB914388)
Windows XP için Güvenlik Güncelleştirmesi (KB914389)
Windows XP için Güvenlik Güncelleştirmesi (KB916281)
Windows XP için Güvenlik Güncelleştirmesi (KB917159)
Windows XP için Güvenlik Güncelleştirmesi (KB917344)
Windows XP için Güvenlik Güncelleştirmesi (KB917422)
Windows XP için Güvenlik Güncelleştirmesi (KB917953)
Windows XP için Güvenlik Güncelleştirmesi (KB918439)
Windows XP için Güvenlik Güncelleştirmesi (KB918899)
Windows XP için Güvenlik Güncelleştirmesi (KB919007)
Windows XP için Güvenlik Güncelleştirmesi (KB920213)
Windows XP için Güvenlik Güncelleştirmesi (KB920214)
Windows XP için Güvenlik Güncelleştirmesi (KB920670)
Windows XP için Güvenlik Güncelleştirmesi (KB920683)
Windows XP için Güvenlik Güncelleştirmesi (KB920685)
Windows XP için Güvenlik Güncelleştirmesi (KB921398)
Windows XP için Güvenlik Güncelleştirmesi (KB921883)
Windows XP için Güvenlik Güncelleştirmesi (KB922616)
Windows XP için Güvenlik Güncelleştirmesi (KB922760)
Windows XP için Güvenlik Güncelleştirmesi (KB922819)
Windows XP için Güvenlik Güncelleştirmesi (KB923191)
Windows XP için Güvenlik Güncelleştirmesi (KB923414)
Windows XP için Güvenlik Güncelleştirmesi (KB923694)
Windows XP için Güvenlik Güncelleştirmesi (KB923980)
Windows XP için Güvenlik Güncelleştirmesi (KB924191)
Windows XP için Güvenlik Güncelleştirmesi (KB924270)
Windows XP için Güvenlik Güncelleştirmesi (KB924496)
Windows XP için Güvenlik Güncelleştirmesi (KB925454)
Windows XP için Güvenlik Güncelleştirmesi (KB925486)
Windows XP için Güvenlik Güncelleştirmesi (KB926255)
Windows XP için Güvenlik Güncelleştirmesi (KB929969)
WinRAR arşiv yöneticisi
Reply With Quote
  #17  
Old January 16th, 2007, 11:02 PM
laptopaddict's Avatar
laptopaddict laptopaddict is offline
Member
 
Join Date: Apr 2006
O/S: Windows Vista 32-bit
Age: 39
Posts: 70
Silent runners log

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"googletalk" = ""C:\Program Files\Google\Google Talk\googletalk.exe" /autostart" ["Google"]
"updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1" ["Adobe Systems Incorporated"]
"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"PTHOSTTR" = "C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start" ["Hewlett-Packard Development Company, L.P."]
"UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"DLA" = "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" ["Sonic Solutions"]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"hpWirelessAssistant" = "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" ["Hewlett-Packard Development Company, L.P."]
"eabconfg.cpl" = "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start" ["Hewlett-Packard "]
"CognizanceTS" = "rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule " [MS]
"Cpqset" = "C:\Program Files\HPQ\Default Settings\cpqset.exe" [null data]
"WatchDog" = "C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" ["InterVideo Inc."]
"BigDog303" = "C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)" ["Vimicro"]
"MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]
"MCUpdateExe" = "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"ASM" = ""C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN" ["AOL LLC"]
"aol" = ""C:\Program Files\AOL\Active Virus Shield\avp.exe"" ["AOL"]
"(Default)" = "(empty string)" [file not found]
"PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup" ["Nokia"]
"Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6}\(Default) = "XBTP06568"
-> {HKLM...CLSID} = "XBTP06568 Class"
\InProcServer32\(Default) = "C:\Program Files\AOL Security Toolbar\tbu31\AOL_security_toolbar.dll" [null data]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = "*_" (unwritable string)
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "IeCatch2 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{DF21F1DB-80C6-11D3-9483-B03D0EC10000}\(Default) = "HP Credential Manager for ProtectTools"
-> {HKLM...CLSID} = "HP Credential Manager for ProtectTools"
\InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll" ["Infineon Technologies AG"]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Görüntü Paneli CPL Uzantısı"
-> {HKLM...CLSID} = "Görüntü Paneli CPL Uzantısı"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{666C7831-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (Context Menu)"
-> {HKLM...CLSID} = "Document Manager (Shell Context Menu)"
\InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]
"{666C7832-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (File Properties)"
-> {HKLM...CLSID} = "Document Manager (Shell File Properties)"
\InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]
"{666C7835-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (Drive Properties)"
-> {HKLM...CLSID} = "Document Manager (Shell Drive Properties)"
\InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {HKLM...CLSID} = "My Bluetooth Places"
\InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Paylaşım Klasörlerim"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook Dosya Simge Uzantısı"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
-> {HKLM...CLSID} = "Mobile Device"
\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\Wcesview.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]
<<!>> OneCard\DLLName = "C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll" ["Cognizance Corporation"]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandler s\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
Document Manager\(Default) = "{666C7831-A9B6-4AB4-94ED-DC238C81E925}"
-> {HKLM...CLSID} = "Document Manager (Shell Context Menu)"
\InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\AOL\Active Virus Shield\shellex.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
Document Manager\(Default) = "{666C7831-A9B6-4AB4-94ED-DC238C81E925}"
-> {HKLM...CLSID} = "Document Manager (Shell Context Menu)"
\InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\AOL\Active Virus Shield\shellex.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\

"NoFolderOptions" = (REG_DWORD) hex:0x00000000
{Removes the Folder Options menu item from the Tools menu}

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\

"NoCDBurning" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"DisableCMD" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\

"NoBrowserOptions" = (REG_DWORD) hex:0x00000000
{Tools menu: Disable Internet Options... menu option}

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Loca l Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Sema\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Startup items in "Sema" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Bluetooth" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]
Reply With Quote
  #18  
Old January 16th, 2007, 11:03 PM
laptopaddict's Avatar
laptopaddict laptopaddict is offline
Member
 
Join Date: Apr 2006
O/S: Windows Vista 32-bit
Age: 39
Posts: 70
Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{3BB63FD4-3C00-44D7-94A9-5DE211900DEF}"
-> {HKLM...CLSID} = "AOL Security Toolbar"
\InProcServer32\(Default) = "C:\Program Files\AOL Security Toolbar\tbu31\AOL_security_toolbar.dll" [null data]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"
-> {HKLM...CLSID} = "FlashGet Bar"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{3BB63FD4-3C00-44D7-94A9-5DE211900DEF}" = (no title provided)
-> {HKLM...CLSID} = "AOL Security Toolbar"
\InProcServer32\(Default) = "C:\Program Files\AOL Security Toolbar\tbu31\AOL_security_toolbar.dll" [null data]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "A&raştır"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Create Mobile Favorite..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Araştır"

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.hp.com
[Strings]: SAFESITE_VALUE="örneğin search.msn.com"

Missing lines (compared with English-language version):
[Strings]: 2 lines


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Active Virus Shield, AVP, ""C:\Program Files\AOL\Active Virus Shield\avp.exe" -r" ["AOL"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."]
HP WMI Interface, hpqwmi, "C:\Program Files\HPQ\Shared\hpqwmi.exe" ["Hewlett-Packard Development Company, L.P."]
hpqwmiex, hpqwmiex, "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" ["Hewlett-Packard Development Company, L.P."]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Local Communication Channel, ASChannel, "C:\WINDOWS\System32\svchost.exe -k Cognizance" {"C:\Program Files\HPQ\IAM\Bin\ASChnl.dll" ["Cognizance Corporation"]}
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.ex e" ["McAfee Corporation"]
McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" ["McAfee, Inc"]
McAfee WSC Integration, McDetect.exe, "c:\program files\mcafee.com\agent\mcdetect.exe" ["McAfee, Inc"]
Messenger Paylaşım USN Günlük Okuyucu hizmeti, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]}
ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monito rs\
Bluetooth Printer Port\Driver = "bthcrp.dll" ["Broadcom Corporation."]
HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"]
HP Mobile Printing Monitor\Driver = "HPMPMW.DLL" ["Hewlett-Packard"]
Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 51 seconds, including 4 seconds for message boxes)
Reply With Quote
  #19  
Old January 16th, 2007, 11:07 PM
laptopaddict's Avatar
laptopaddict laptopaddict is offline
Member
 
Join Date: Apr 2006
O/S: Windows Vista 32-bit
Age: 39
Posts: 70
also, C:/Program Files/sozluk this is an online dictionary program,, anyway i deleted this from program files.

other file, C:/Program Files/Zero G Registry is a xml file and inside it this writes;

<?xml version="1.0" encoding="UTF-8" ?>
- <registry install_date="2006-11-14 22:38:44" version="1.1" last_modified="2007-01-11 21:29:16">
<products />
<components />
</registry>
Reply With Quote
  #20  
Old January 17th, 2007, 04:05 AM
Morfeasss Morfeasss is offline
CTH Subscriber
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: Greece
Posts: 5,140
Hello laptopaddict,

You didn't have to remove that file. You can go to the recycle bin and restore it.

You have Messenger Plus! Live & Sponsor installed in your system. You might want to read this and reconsider keeping that program. The proper way to remove it if you choose to, is via Add or Remove Programs.

Still beeing able to view Hidden Files and Folders navigate to the following file and delete it:

C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
~~~~~~~~~~~~

Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
@=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
@=""
Open Notepad and copy and paste the above text (inside the box) into the text file. Now go to File > Save As and call it fixer.reg. Where it says "Files of Type", select All Files and click on Save. Exit Notepad, double-click on the file and OK the prompt asking if you wish to merge the file with your registry.

Now please reboot.

Run Silent Runners again and post back that log please. How is your computer running now? Did you choose to remove Messenger Plus! ?
Reply With Quote
  #21  
Old January 18th, 2007, 05:29 PM
laptopaddict's Avatar
laptopaddict laptopaddict is offline
Member
 
Join Date: Apr 2006
O/S: Windows Vista 32-bit
Age: 39
Posts: 70
Hello Morfeass,
This is the silent runners log. I removed the Messenger Live! plus and then reinstalled it, now there seems to be no problem. Mozilla opens normally and no pop-ups at all,, thanks for the help..

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"googletalk" = ""C:\Program Files\Google\Google Talk\googletalk.exe" /autostart" ["Google"]
"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"PTHOSTTR" = "C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start" ["Hewlett-Packard Development Company, L.P."]
"UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"DLA" = "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" ["Sonic Solutions"]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"hpWirelessAssistant" = "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" ["Hewlett-Packard Development Company, L.P."]
"eabconfg.cpl" = "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start" ["Hewlett-Packard "]
"CognizanceTS" = "rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule " [MS]
"Cpqset" = "C:\Program Files\HPQ\Default Settings\cpqset.exe" [null data]
"WatchDog" = "C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" ["InterVideo Inc."]
"BigDog303" = "C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)" ["Vimicro"]
"MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]
"MCUpdateExe" = "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"ASM" = ""C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN" ["AOL LLC"]
"aol" = ""C:\Program Files\AOL\Active Virus Shield\avp.exe"" ["AOL"]
"PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup" ["Nokia"]
"Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."]
"(Default)" = "(empty string)" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6}\(Default) = "XBTP06568"
-> {HKLM...CLSID} = "XBTP06568 Class"
\InProcServer32\(Default) = "C:\Program Files\AOL Security Toolbar\tbu31\AOL_security_toolbar.dll" [null data]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = "*f" (unwritable string)
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "IeCatch2 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{DF21F1DB-80C6-11D3-9483-B03D0EC10000}\(Default) = "HP Credential Manager for ProtectTools"
-> {HKLM...CLSID} = "HP Credential Manager for ProtectTools"
\InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll" ["Infineon Technologies AG"]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Görüntü Paneli CPL Uzantısı"
-> {HKLM...CLSID} = "Görüntü Paneli CPL Uzantısı"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{666C7831-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (Context Menu)"
-> {HKLM...CLSID} = "Document Manager (Shell Context Menu)"
\InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]
"{666C7832-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (File Properties)"
-> {HKLM...CLSID} = "Document Manager (Shell File Properties)"
\InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]
"{666C7835-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (Drive Properties)"
-> {HKLM...CLSID} = "Document Manager (Shell Drive Properties)"
\InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {HKLM...CLSID} = "My Bluetooth Places"
\InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Paylaşım Klasörlerim"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook Dosya Simge Uzantısı"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
-> {HKLM...CLSID} = "Mobile Device"
\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\Wcesview.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]
<<!>> OneCard\DLLName = "C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll" ["Cognizance Corporation"]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandler s\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
Document Manager\(Default) = "{666C7831-A9B6-4AB4-94ED-DC238C81E925}"
-> {HKLM...CLSID} = "Document Manager (Shell Context Menu)"
\InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\AOL\Active Virus Shield\shellex.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
Document Manager\(Default) = "{666C7831-A9B6-4AB4-94ED-DC238C81E925}"
-> {HKLM...CLSID} = "Document Manager (Shell Context Menu)"
\InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\AOL\Active Virus Shield\shellex.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\

"NoFolderOptions" = (REG_DWORD) hex:0x00000000
{Removes the Folder Options menu item from the Tools menu}

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\

"NoCDBurning" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"DisableCMD" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\

"NoBrowserOptions" = (REG_DWORD) hex:0x00000000
{Tools menu: Disable Internet Options... menu option}

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Loca l Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Sema\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Startup items in "Sema" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Bluetooth" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{3BB63FD4-3C00-44D7-94A9-5DE211900DEF}"
-> {HKLM...CLSID} = "AOL Security Toolbar"
\InProcServer32\(Default) = "C:\Program Files\AOL Security Toolbar\tbu31\AOL_security_toolbar.dll" [null data]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"
-> {HKLM...CLSID} = "FlashGet Bar"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{3BB63FD4-3C00-44D7-94A9-5DE211900DEF}" = (no title provided)
-> {HKLM...CLSID} = "AOL Security Toolbar"
\InProcServer32\(Default) = "C:\Program Files\AOL Security Toolbar\tbu31\AOL_security_toolbar.dll" [null data]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "A&raştır"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Create Mobile Favorite..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Araştır"

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Reply With Quote
  #22  
Old January 18th, 2007, 05:29 PM
laptopaddict's Avatar
laptopaddict laptopaddict is offline
Member
 
Join Date: Apr 2006
O/S: Windows Vista 32-bit
Age: 39
Posts: 70
Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.hp.com
[Strings]: SAFESITE_VALUE="örneğin search.msn.com"

Missing lines (compared with English-language version):
[Strings]: 2 lines


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Active Virus Shield, AVP, ""C:\Program Files\AOL\Active Virus Shield\avp.exe" -r" ["AOL"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."]
HP WMI Interface, hpqwmi, "C:\Program Files\HPQ\Shared\hpqwmi.exe" ["Hewlett-Packard Development Company, L.P."]
hpqwmiex, hpqwmiex, "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" ["Hewlett-Packard Development Company, L.P."]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Local Communication Channel, ASChannel, "C:\WINDOWS\System32\svchost.exe -k Cognizance" {"C:\Program Files\HPQ\IAM\Bin\ASChnl.dll" ["Cognizance Corporation"]}
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.ex e" ["McAfee Corporation"]
McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" ["McAfee, Inc"]
McAfee WSC Integration, McDetect.exe, "c:\program files\mcafee.com\agent\mcdetect.exe" ["McAfee, Inc"]
Messenger Paylaşım USN Günlük Okuyucu hizmeti, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]}
ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monito rs\
Bluetooth Printer Port\Driver = "bthcrp.dll" ["Broadcom Corporation."]
HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"]
HP Mobile Printing Monitor\Driver = "HPMPMW.DLL" ["Hewlett-Packard"]
Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 48 seconds, including 3 seconds for message boxes)
Reply With Quote
  #23  
Old January 18th, 2007, 09:50 PM
Morfeasss Morfeasss is offline
CTH Subscriber
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: Greece
Posts: 5,140
Hello laptopaddict, you are welcome

I was referring to the sozluk folder that you can restore. I mistakenly referred to it as a file.

Messenger Plus! is an undesirable program to have, it comes bundled with it's sponsor which gives you pop ups.

Would you please post back a new HijackThis log?
Reply With Quote
  #24  
Old January 19th, 2007, 12:40 AM
laptopaddict's Avatar
laptopaddict laptopaddict is offline
Member
 
Join Date: Apr 2006
O/S: Windows Vista 32-bit
Age: 39
Posts: 70
hi again

Don't worry about the sozluk folder, i wasn't using it at all

Of course i can post the HJT log ,, here it is .. Thanxx Morfeass

By the way i must ask you about my phone,, are you pretty sure about it, i mean, does my phone really have viruses or something? can't i do something by myself other than taking it to a nokia shop?

Logfile of HijackThis v1.99.1
Scan saved at 01:24:27, on 19.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\VM303_STI.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbu31\AOL_security_toolbar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu31\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Tümünü FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kharmian.spaces.msn.com//Phot...d/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{26EACE68-1E48-432A-8FC1-E71B13351D20}: NameServer = 144.122.199.20,144.122.199.90
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Reply With Quote
  #25  
Old January 19th, 2007, 02:23 AM
Morfeasss Morfeasss is offline
CTH Subscriber
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: Greece
Posts: 5,140
Hi,

The sponsor doesn't appear in HijackThis. It is still best if you uninstall Messenger Plus! It is your choice though.

I had a conversation with others and agreed that the profile matches to that mobile phone infection. These types of infection are relatively very new so it is best to be cautious, otherwise you might have financial losses with the MMS services and if you connect your phone via Bluetooth with another mobile, or computer then you can infect that one too.

Still being able to view hidden files and folders, navigate to the following folder and see if there are any random named files with .sis extension. Don't make any changes, just post back what you found.

C:\Documents and Settings\Sema\Belgelerim\Bluetooth Exchange Folder
~~~~~~~~~~~~~

Run ATF-Cleaner again and Disable your antivirus program and go here for an online AV scan (requires IE to run).

Scan "Local Disks" and when finished save the scan log and then post the log here please.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
explorer opens by itself emilio68 Malware Removal 1 October 14th, 2008 01:12 AM
explorer opens by itself gardooney Malware Removal 53 May 11th, 2007 03:19 AM
why my gmail is not opens in mozilla even after enabling cookies? ramraja22 Internet / Browsers 2 April 20th, 2007 08:28 PM
mozilla opens up with explorer pop ups laptopaddict Internet / Browsers 2 January 13th, 2007 11:41 PM
Internet Explorer opens by itself truckchick4 Windows XP 6 March 18th, 2006 11:34 PM


All times are GMT +1. The time now is 01:21 PM.