Win32/TrojanDownloader.Agent problem

**Heavy Metal** · 21.12.2009 17:52

Hello all!

This is my first visit here. Hope it'll be the last!

For some time I get this pop-up from WinXP. Especially when I connect a USB memory.

The current problems that I noticed in my WinXP are:

- Internet Explorer cannot open a new window or pop-up window. It tries to but it just can't.
- When I insert a music CD, I can't see that little window which asks me what application I want to open the CD with. The same goes for USB sticks. Windows doesn't open a new window when I connect them.
- Lately, I cannot open my USB memory sticks when I double click them. This really disturbs me because currently I'm dealing with my thesis work and I really need the information in my USB stick. Instead I get an "open with" window as seen below. But I can open the files other way. i.e. If it's a .doc fiile, I open MS Word and from Files>Open and I can see the files in my memory stick.

This is my screenshot when I try to open my memory stick via double clicking (The usual "open-with" window):

When I made a NOD32 search, it gave me the following report:
C:\WINDOWS\system32\actxprxy.dll - probably a variant of Win32/TrojanDownloader.Agent trojan - unable to clean

...and also this: (But I don't have such a file!)
C:\Program Files\eMule\Incoming\Finale Viewer Allegro Notepad PrintMusic SongWriter Human 2007C By Malvinas Argentinas.iso » ISO » keygen.exe - probably a variant of Win32/Agent trojan

Anyway, I installed HijackThis and it gave me this log:

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:05, on 21.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\SONY\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adobe\Acrobat 5.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Adobe\Web\AOM.exe
C:\Program Files\MathType\MathType.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\mspaint.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.195.246.83:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, explorer.exe
O1 - Hosts: 72.55.188.183 richarddawkins.net
O1 - Hosts: 72.55.188.183 www.richarddawkins.net
O1 - Hosts: 74.125.79.100 sites.google.com
O1 - Hosts: 208.109.181.194 makat.org
O1 - Hosts: 208.109.181.194 www.makat.org
O1 - Hosts: 208.117.236.69 youtube.com
O1 - Hosts: 208.117.236.69 www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [Barsaka] explorer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mirc] C:\WINDOWS\WINCRA\mirc.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\SONY\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{37D17006-8E1A-4418-AF41-AD76C2FA64C7}: NameServer = 195.175.39.40,195.175.39.39
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 13967 bytes

Any help would be appriciated. Thanks in advance.

**Jintan** · 22.12.2009 01:17

Welcome to HijackThis.de Heavy Metal,

The log shows a worm infection that includes changes made to net accesses there. Let's get more details and then start some repairs.

Do you recognize all those "youtube.com" entires in your Hosts file (they shows in HijackThis as "01 - Hosts")? Also is this a proxy server setting you yourself chose:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.195.246.83:8080

--------------

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

**Heavy Metal** · 29.12.2009 09:50

Hi Jintan,

Thanks for the detailed answer. Sorry, I couldn't reply for a few days because of my thesis work.

Zitat von Jintan

Do you recognize all those "youtube.com" entires in your Hosts file (they shows in HijackThis as "01 - Hosts")? Also is this a proxy server setting you yourself chose:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.195.246.83:8080

Yes, it's a proxy server to connect to Youtube. Youtube is currently down in Turkey and people try different ways to connect to it.

...and these are the RSIT files you want:

Code:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Deniz Can at 2009-12-28 23:28:54
Microsoft Windows XP Professional Service Pack 2
System drive C: has 11 GB (16%) free of 67 GB
Total RAM: 511 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29:19, on 28.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Deniz Can\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Deniz Can.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.195.246.83:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, explorer.exe
O1 - Hosts: 72.55.188.183 richarddawkins.net
O1 - Hosts: 72.55.188.183 www.richarddawkins.net
O1 - Hosts: 74.125.79.100 sites.google.com
O1 - Hosts: 208.109.181.194 makat.org
O1 - Hosts: 208.109.181.194 www.makat.org
O1 - Hosts: 208.117.236.69 youtube.com
O1 - Hosts: 208.117.236.69 www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [Barsaka] explorer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mirc] C:\WINDOWS\WINCRA\mirc.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\SONY\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{37D17006-8E1A-4418-AF41-AD76C2FA64C7}: NameServer = 195.175.39.40,195.175.39.39
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 13441 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1188319073.job
C:\WINDOWS\tasks\LifeChatTask.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97421D0D-E07F-40DF-8F07-99597B9585AD}]
ThunderHlpObj Class

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"CTSysVol"=C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"BDSwitchAgent"=C:\progra~1\softwin\bitdef~1\bdswitch.exe []
""= []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-12-20 278528]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"FineReader7NewsReaderPro"=C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe [2003-09-12 278528]
"Barsaka"=C:\WINDOWS\explorer.exe [2007-06-13 1033216]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-04-22 155648]
"mirc"=C:\WINDOWS\WINCRA\mirc.exe []
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup []
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-08-09 81920]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-01-31 185872]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"amva"=C:\WINDOWS\system32\amvo.exe []
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-04-08 1953792]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2006-01-18 19477544]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2006-11-26 984064]

C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

C:\Documents and Settings\Deniz Can\Start Menu\Programlar\Başlangıç
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\SONY\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1ECE2FCB-C1BB-4706-920C-F4C1076FD155}"=C:\WINDOWS\system32\kT2NuqZeGma.dll []
"{7A93621D-BFFE-4EB1-AAE1-CD487F429840}"=C:\WINDOWS\system32\PkVyCX5kHnftC7BXjt.dll []
"{028A997C-4262-4107-BD46-2ABBC6143E8C}"=C:\WINDOWS\system32\efc0c52cc1.dll []
"{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C}"=C:\WINDOWS\system32\56BC86C7.dll []
"{E88AE11C-26DF-4F4D-8726-C043F513990E}"=C:\WINDOWS\system32\yp77Tt3UCG74J.dll []
"{4E5CFE74-700B-4A8B-B0BF-A6B47D896C18}"=C:\WINDOWS\system32\GrTZqH5SnRhAt.dll []
"{76B9BA7A-81D0-4979-8598-8471F2AB5186}"=C:\WINDOWS\system32\76B9BA7A.dll []
"{737858A9-9AEA-4838-9B49-54DA731F7F37}"=C:\WINDOWS\system32\BMsg6pdMD4ht.dll []
"{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}"=C:\WINDOWS\system32\08223B03.dll []
"{CD95107F-52A5-42A4-9914-18949993E798}"=C:\WINDOWS\fonts\tY5UFS434YYd.fon []
"{0D267113-499A-4EEF-998D-C45731C1B313}"=C:\WINDOWS\system32\VnTU2WAqUcZA6.dll []
"{A0C86020-5935-4B87-B20E-0B656D450264}"=C:\WINDOWS\system32\A0C86020.dll []
"{CCCA2FB9-2D5D-4481-8BFE-1CDDC458A3F4}"=C:\WINDOWS\system32\CCCA2FB9.dll []
"{704C3595-DB85-40F6-A601-8D6F346907BD}"=C:\WINDOWS\system32\704C3595.dll []
"{E4814792-EFA3-4C20-93D0-8B130A59F9A8}"=C:\WINDOWS\system32\E4814792.dll []
"{C722AD57-35DA-4460-8353-328372F32AB2}"=C:\WINDOWS\system32\ufQCU5.dll []
"{171565E3-F0BB-4FF0-9A42-C9406C79DB78}"=C:\WINDOWS\system32\wF87W8XjgDW5Es6tuA.dll []
"{EF6EF2D9-CDC7-481D-B17C-DA8DBA33BB01}"=C:\WINDOWS\system32\kW5xUYZjcSnWs.dll []
"{6B74576A-BB20-47B3-AE0A-046B062897D0}"=C:\WINDOWS\system32\ACg9ycsarj8y.dll []
"{36AC68E6-0C26-4D39-B98E-54B49DAB6BAA}"=C:\WINDOWS\system32\dhDhwS7fFW.dll []
"{76CBCF38-0583-44C7-A1AE-D463DFE625EC}"=C:\WINDOWS\system32\skcfujQ5EDN.dll []
"{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}"=C:\WINDOWS\system32\A1A6BC2E.dll []
"{19250D1E-B733-4F49-BC56-44EFCF3BF650}"=C:\WINDOWS\system32\m37tEtTX7Ye5c.dll []
"{93DA1E7D-7C46-4F90-8674-EC90511FCA72}"=C:\WINDOWS\system32\CDuAUVkGy9.dll []
"{FBFAD3A6-0B1E-4122-9C2B-92A4623875EC}"=C:\WINDOWS\system32\v6yj3gxacYQU.dll []
"{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}"=C:\WINDOWS\system32\122B901E.dll []
"{2EF0D734-21FD-4225-A1A2-BCD296182AAF}"=C:\WINDOWS\system32\2EF0D734.dll []
"{A35BF249-2B40-4E4A-97B5-86DC8B358887}"=C:\WINDOWS\system32\j8EG7scz8.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe"="C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed"
"C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe"="C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Documents and Settings\Deniz Can\Desktop\utorrent.exe"="C:\Documents and Settings\Deniz Can\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Alias\Maya8.0\bin\maya.exe"="C:\Program Files\Alias\Maya8.0\bin\maya.exe:*:Disabled:Maya"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\WINDOWS\Wincra\mirc.exe"="C:\WINDOWS\Wincra\mirc.exe:*:Disabled:mIRC"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Papyrus\NASCAR Racing 2002 Season\NR2002.exe"="C:\Papyrus\NASCAR Racing 2002 Season\NR2002.exe:*:Disabled:NASCAR Racing 2002 Season"
"C:\Program Files\Chessmaster 8000\Chessmaster.exe"="C:\Program Files\Chessmaster 8000\Chessmaster.exe:*:Disabled:Chessmaster 8000"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\Setup.now.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c56024ec-e3a8-11dd-95f0-0000e84b3687}]
shell\AutoRun\command - jedna/stvar.exe
shell\explore\command - jedna/stvar.exe
shell\open\command - jedna/stvar.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9f37baa-3d48-11dd-94d9-0000e84b3687}]
shell\AutoRun\command - jedna/stvar.exe
shell\explore\command - jedna/stvar.exe
shell\open\command - jedna/stvar.exe


======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2009-12-28 23:28:54 ----D---- C:\rsit
2009-12-25 19:07:43 ----D---- C:\Program Files\DOSBox-0.73
2009-12-25 18:43:14 ----D---- C:\TIECD
2009-12-22 22:29:53 ----D---- C:\Program Files\Industry Giant 2
2009-12-21 18:01:22 ----D---- C:\Program Files\Trend Micro
2009-12-17 11:14:08 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-12-17 11:13:58 ----D---- C:\Documents and Settings\Deniz Can\Application Data\Winamp
2009-12-11 21:30:37 ----D---- C:\Program Files\Winamp
2009-12-10 13:21:01 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-10 13:20:01 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-10 13:17:33 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-10 13:17:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-10 13:16:52 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-10 13:16:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-03 21:53:02 ----A---- C:\WINDOWS\ISL001.INI
2009-12-03 21:50:28 ----D---- C:\Program Files\Common Files\Borland Shared

======List of files/folders modified in the last 1 months======

2009-12-28 23:28:59 ----D---- C:\WINDOWS\Prefetch
2009-12-28 23:26:04 ----D---- C:\WINDOWS\Temp
2009-12-28 23:05:24 ----D---- C:\Program Files\eMule
2009-12-28 22:59:06 ----D---- C:\Program Files\Mozilla Firefox
2009-12-28 08:22:57 ----D---- C:\Documents and Settings\Deniz Can\Application Data\Skype
2009-12-27 23:50:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-25 19:07:43 ----RD---- C:\Program Files
2009-12-25 18:39:33 ----SHD---- C:\WINDOWS\Installer
2009-12-25 18:39:33 ----SHD---- C:\Config.Msi
2009-12-25 17:20:15 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-25 03:32:24 ----D---- C:\WINDOWS
2009-12-24 17:41:13 ----D---- C:\Documents and Settings\Deniz Can\Application Data\Adobe
2009-12-20 13:00:42 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-12-19 07:32:31 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-19 07:31:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-19 07:31:34 ----HD---- C:\WINDOWS\inf
2009-12-19 07:31:33 ----D---- C:\WINDOWS\system32
2009-12-18 10:24:00 ----D---- C:\temp
2009-12-17 17:03:23 ----D---- C:\Program Files\Windows Media Player
2009-12-17 11:27:40 ----D---- C:\WINDOWS\security
2009-12-17 11:21:38 ----D---- C:\WINDOWS\RegisteredPackages
2009-12-17 11:21:37 ----D---- C:\WINDOWS\Debug
2009-12-17 11:21:27 ----D---- C:\WINDOWS\system32\drivers
2009-12-11 21:59:59 ----D---- C:\Program Files\PokerStars.NET
2009-12-11 21:59:48 ----D---- C:\ebyn
2009-12-11 17:53:09 ----A---- C:\WINDOWS\avisplitter.ini
2009-12-11 12:39:11 ----D---- C:\Program Files\Mozilla Thunderbird
2009-12-10 18:38:05 ----A---- C:\WINDOWS\SBWIN.INI
2009-12-10 17:28:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-10 13:20:14 ----A---- C:\WINDOWS\imsins.BAK
2009-12-10 13:17:48 ----D---- C:\Program Files\Internet Explorer
2009-12-10 13:17:06 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-03 21:50:28 ----D---- C:\Program Files\Common Files
2009-11-29 10:35:27 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2007-08-28 82380]
R1 AmdK7;AMD K7 İşlemci Sürücüsü; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-03 41216]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2003-06-18 36826]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 nltdi;nltdi; \??\C:\WINDOWS\system32\drivers\nltdi.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-10-23 278984]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2003-06-18 38997]
R2 DS1410D;DS1410D; \??\C:\WINDOWS\system32\drivers\ds1410d.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-10-23 25416]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-21 73728]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Bağdaştırıcısı; C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-04 36224]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-04 840960]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-08-11 14604]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standart Hub Sürücüsü; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Yığın Depolama Sürücüsü; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys []
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2003-06-18 138485]
S2 FILESpy;FILESpy; \??\C:\Program Files\Softwin\BitDefender9\filespy.sys []
S2 nvmini;NVIDIA Compatible Windows Miniport Driver; C:\WINDOWS\system32\DRIVERS\nvmini.sys []
S2 REGSpy;REGSpy; \??\C:\Program Files\Softwin\BitDefender9\regspy.sys []
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender9\bdfdll.sys []
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2003-06-18 61568]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2003-06-18 8058]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2003-06-18 63002]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Microsoft HID Sınıf Sürücüsü; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 ICDUSB2;Sony IC Recorder (P); C:\WINDOWS\System32\Drivers\ICDUSB2.sys [2002-11-28 39048]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032]
S3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 usbaudio;USB Ses Sürücüsü (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Genel Üst Sürücüsü; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB YAZICI Sınıfı; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Tarayıcı Sürücüsü; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 Rdpidirvw;Rdpidirvw; C:\WINDOWS\system32\drivers\rawwan.sys [2001-11-22 34432]
S4 WS2IFSL;Windows Socket 2.0 IFS Olmayan Hizmet Sağlayıcısı Destek Ortamı; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-11-22 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R01000000 papycpu2;papycpu2; C:\WINDOWS\system32\drivers\papycpu2.sys [2002-01-20 1984]
R01000000 papyjoy;papyjoy; C:\WINDOWS\system32\drivers\papyjoy.sys [2002-01-20 1856]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2003-06-18 294972]
R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Pro\nlsvc.exe [2006-06-16 446464]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-09-01 66872]
R2 ScsiAccess;ScsiAccess; C:\WINDOWS\system32\ScsiAccess.EXE [2003-02-04 181312]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-17 68096]
S3 aspnet_state;ASP.NET Durum Hizmeti; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 ICDSPTSV;Sony SPTI Service for DVE; C:\WINDOWS\system32\IcdSptSv.exe [2003-04-01 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]
S4 NetTcpPortSharing;Net.Tcp Bağlantı Noktası Paylaştırma Hizmeti; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Code:

info.txt logfile of random's system information tool 1.06 2009-12-28 23:29:29

======Uninstall list======

            -->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->"C:\Program Files\Creative\SB Live! 24-bit\Program\Ctzapxx.EXE" /U /S 
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{510582B9-2633-11D4-99DC-0000F49094C7}\Setup.exe" UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D173DC5-4AE5-4B3F-9819-3977DD11B1D0}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9  -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 7.0 Professional Edition-->MsiExec.exe /I{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9 
Adobe Premiere Pro-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
All To MP3 Converter 2.15-->"C:\Program Files\LitexMedia\All To MP3 Converter\unins000.exe"
AMP Font Viewer-->"C:\Program Files\AMP Font Viewer\uninstall.exe"
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
aspi-->MsiExec.exe /I{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}
Autodesk DirectConnect 2.0-->MsiExec.exe /I{C76FE689-6457-47C9-BACE-AA17060A9813}
BSPlayer-->"C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
C64 prg Generator-->MsiExec.exe /I{5B6CCA50-AD7F-49D5-9FA9-99FD903FD43B}
CCHelp-->MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCS64 V3.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Computerbrains\CCS64 V3.1\Uninst.isu"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Celtx (1.0)-->C:\Program Files\Celtx\uninstall\helper.exe
Chessmaster 8000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Chessmaster 8000\CM8kUninst.isu"
Citrus Alarm Clock 1.0.5-->"C:\Program Files\Citrus Alarm Clock\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9  /remove
Easy GIF Animator 4.8-->"C:\Program Files\Easy GIF Animator\unins000.exe"
EasyPHP 1.8-->"C:\Program Files\EasyPHP1-8\unins000.exe"
EclipseCrossword-->MsiExec.exe /I{C61177FD-37C4-4C5F-BE6C-E04A8AC399B6}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
ESSAdpt-->MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP-->MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM-->MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Family Tree Maker 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A4004E8B-6A95-4FA4-AA05-731FC6510474}\Setup.exe" -l0x9 
Finale Allegro 2007-->C:\Program Files\Finale Allegro 2007\uninstallAllegro.exe
Flatcast 4.16 RC1-->C:\WINDOWS\unins000.exe
GLOBEtrotter FLEXid Drivers-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GLOBEtrotter Software Inc.\GLOBEtrotter FLEXid Drivers\Uninst.isu"
Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HicEst 3.61.3-->"C:\Program Files\HicEst\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Anılar Diski-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Fotoğraf ve Görüntü 2.0  - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Fotoğraf ve Görüntü 2.0 - All-in-One Sürücüleri-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Fotoğraf ve Görüntü 2.0 - HP psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Imperialism-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Imperialism\DeIsL1.isu"
Industry Giant 2 - Gold Edition-->MsiExec.exe /I{6910C412-A523-493C-BC22-0213CD7F4F3A}
IndyCar Racing II v1.0.0f2-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Papyrus\IndyCar Racing II\DeIsL1.isu"
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5} /l1033 
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 4.1.7 (Standard)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3c0002_1fae69\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LaserJet 1020 series-->C:\Program Files\Zenographics\{06A23708-1242-4C1E-99F7-89469088F394}\setup.exe -u "HPLJInstaller.dll=Hplj1020.inf"
Lizardtech DjVu Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x9 
Macromedia Flash Player 8-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
makat v5-->"C:\WINDOWS\system32\drivers\etc\unins000.exe"
MathType 5-->"C:\Program Files\MathType\Setup.exe" -R
MATLAB Central User Contributed Screensaver Screen Saver-->C:\WINDOWS\system32\MATLAB~1.SCR /U
MATLAB R2007b-->C:\Program Files\MATLAB\R2007b\uninstall\uninstall.exe C:\Program Files\MATLAB\R2007b\
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - TRK-->MsiExec.exe /I{2B7BC7C5-CE5F-373A-A1E7-37A5B909D933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - TRK-->MsiExec.exe /I{E1674673-0F0D-3D81-B2A0-9842A986C1D6}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Dil Paketi SP1 - trk-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - trk\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - trk-->MsiExec.exe /I{ACFD4C9A-931B-3CAB-9F72-78FDE810F394}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WSE 3.0-->MsiExec.exe /I{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}
Mount&Blade-->C:\Program Files\Mount&Blade\uninstall.exe
Mozilla Firefox (3.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
MyProduct-->C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\Uninstal.exe
MySQL Server 5.0-->MsiExec.exe /I{E8B3C954-017C-45CF-B2FA-D4AA60FE61C1}
NASCAR® Racing 2002 Season-->C:\WINDOWS\IsUninst.exe -f"C:\Papyrus\NASCAR Racing 2002 Season\Uninst.isu"
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NetLimiter 2 Pro (remove only)-->"C:\Program Files\NetLimiter 2 Pro\nl2uninst.exe"
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
PCDLNCH-->MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PokerStars.net-->"C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033 
Race - The WTCC Game-->MsiExec.exe /I{4368D6CF-3528-4D9C-A6FB-709B4B828968}
Rainlendar2 (remove only)-->"C:\Program Files\Rainlendar2\uninst.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ScummVM 0.8.2-->"C:\Program Files\ScummVM\unins000.exe"
Sentinel System Driver-->C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
SFR-->MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2-->MsiExec.exe /I{ABE068DF-8DC4-4947-ABFC-DD2B40850225}
SHOUTcast Source DSP 1.9.1 (remove only)-->C:\Program Files\Winamp\uninst-dsp.exe
Skype 2.0-->"C:\Program Files\Skype\Phone\unins000.exe"
Sony Digital Voice Editor 3-->C:\PROGRA~1\SONY\DIGITA~1\UNINST.EXE
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 /removeonly uninstall -removeonly
Sound Blaster Live! 24-bit-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{734BB64A-5A3D-4624-867D-6358B7068496}\SETUP.EXE" -l0x9 
SSH Secure Shell-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe" 
Subtitle Workshop 2.51-->"C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
TempoPerfect-->C:\Program Files\NCH Swift Sound\TempoPerfect\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Visual Fortran 6.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft Visual Studio\DF98\DFUNINST.ISU"
Web Album Generator 1.8.2-->"C:\Program Files\Web Album Generator\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Kodlayıcısı (KB954156) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Windows Media Player (KB911564) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Windows Media Player (KB952069) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Windows Media Player (KB954155) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Windows Media Player (KB968816) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Windows Media Player (KB973540) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Windows Media Player 6.4 (KB925398) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Windows Media Player 9 (KB911565) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Windows Media Player 9 (KB917734) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Windows Media Player 9 (KB936782) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP (KB923689) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Windows XP (KB941569) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Windows XP Düzeltme - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Düzeltme - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Düzeltme - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Düzeltme - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Düzeltme - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Düzeltme - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Düzeltme - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Düzeltme - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Düzeltme - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Düzeltme - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Düzeltme - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP için Düzeltme (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Windows XP için Düzeltme (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Windows XP için Düzeltme (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Windows XP için Düzeltme (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows XP için Güncelleştirme (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Windows XP için Güvenlik Güncelleştirmesi (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Windows XP için Güvenlik Güncelleştirmesi (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 activate.adobe.com
72.55.188.183 richarddawkins.net
72.55.188.183 www.richarddawkins.net
74.125.79.100 sites.google.com
208.109.181.194 makat.org
208.109.181.194 www.makat.org
208.117.236.69 youtube.com
208.117.236.69 www.youtube.com
74.125.65.118 img.youtube.com
64.15.124.143 sjc-v1.sjc.youtube.com

======Security center information======

AV: ESET NOD32 Antivirus 4.0

======System event log======

Computer Name: DC1
Event Code: 11
Message: Sürücü, \Device\Harddisk1\D üzerinde bir denetleyici hatası belirledi.

Record Number: 113293
Source Name: Disk
Time Written: 20091204145437.000000+120
Event Type: Hata
User: 

Computer Name: DC1
Event Code: 11
Message: Sürücü, \Device\Harddisk1\D üzerinde bir denetleyici hatası belirledi.

Record Number: 113292
Source Name: Disk
Time Written: 20091204145432.000000+120
Event Type: Hata
User: 

Computer Name: DC1
Event Code: 11
Message: Sürücü, \Device\Harddisk1\D üzerinde bir denetleyici hatası belirledi.

Record Number: 113291
Source Name: Disk
Time Written: 20091204145427.000000+120
Event Type: Hata
User: 

Computer Name: DC1
Event Code: 11
Message: Sürücü, \Device\Harddisk1\D üzerinde bir denetleyici hatası belirledi.

Record Number: 113290
Source Name: Disk
Time Written: 20091204145422.000000+120
Event Type: Hata
User: 

Computer Name: DC1
Event Code: 11
Message: Sürücü, \Device\Harddisk1\D üzerinde bir denetleyici hatası belirledi.

Record Number: 113289
Source Name: Disk
Time Written: 20091204145417.000000+120
Event Type: Hata
User: 

=====Application event log=====

Computer Name: DC1
Event Code: 11724
Message: Product: Le Mans 24 Hours -- Removal completed successfully.

Record Number: 3812
Source Name: MsiInstaller
Time Written: 20090201110904.000000+120
Event Type: Bilgi
User: DC1\Deniz Can

Computer Name: DC1
Event Code: 11728
Message: Product: Le Mans 24 Hours -- Configuration completed successfully.

Record Number: 3811
Source Name: MsiInstaller
Time Written: 20090201110837.000000+120
Event Type: Bilgi
User: DC1\Deniz Can

Computer Name: DC1
Event Code: 11707
Message: Product: ISScript -- Installation operation completed successfully.

Record Number: 3810
Source Name: MsiInstaller
Time Written: 20090201110822.000000+120
Event Type: Bilgi
User: DC1\Deniz Can

Computer Name: DC1
Event Code: 1800
Message: Windows Güvenlik Merkezi Hizmeti başlatıldı.

Record Number: 3809
Source Name: SecurityCenter
Time Written: 20090201110625.000000+120
Event Type: Bilgi
User: 

Computer Name: DC1
Event Code: 105
Message: The service was started.

Record Number: 3808
Source Name: WMDM PMSP Service
Time Written: 20090201110601.000000+120
Event Type: Bilgi
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\MATLAB\R2007b\bin;C:\Program Files\MATLAB\R2007b\bin\win32
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

I tried to run Gmer as well, but unfortunately every time it gave an error. I shut down antivirus and all other running applications, I even restarted the computer but all I got was this:

It says Gmer has to be shut down and they ask me if I want to send an error report.

**Jintan** · 30.12.2009 01:26

Looks like we're getting Gmer crashes across the board here today.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download ComboFix.exe from here to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it - use right click "Save Target/Link As" ). For this, rename the downloading file to iexplore.exe, then click the renamed iexplore.exe to run that scan.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

**Heavy Metal** · 31.12.2009 13:45

OK, I did just as you wrote. This is the logfile of Combo Fix:

Code:

ComboFix 09-12-30.01 - Deniz Can 31.12.2009  13:16:18.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1254.90.1055.18.511.274 [GMT 2:00]
Running from: c:\documents and settings\Deniz Can\Desktop\ComboFix.exe
 * Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\iekey.dll
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\windows\AppPatch\AcXtrnel.sdb
c:\windows\Fonts\2knxWtVjbWXmUdGG.Ttf
c:\windows\Fonts\6e6EUdxVeWUYJynN.Ttf
c:\windows\Fonts\bKkCsU7Z6YntjH4G.Ttf
c:\windows\Fonts\cD9KArZZUHxCqnyM.Ttf
c:\windows\Fonts\cFDPmh3MDPjcHMPd.Ttf
c:\windows\Fonts\CTwZYd7mY2XCUkn5.Ttf
c:\windows\Fonts\DmYqJAPsv3KjBFCN.ttf
c:\windows\Fonts\du3Q2JXbHYGxcSAe.Ttf
c:\windows\Fonts\eCgMhGRkPUcdutd0.Ttf
c:\windows\Fonts\EEUJgNKN6xmNqKr6.Ttf
c:\windows\Fonts\fKzf9wP6bhq6Bcxa.Ttf
c:\windows\Fonts\G49AhKxDmsj6uxnu.Ttf
c:\windows\Fonts\gTWpW66gR9RSmZrC.Ttf
c:\windows\Fonts\hBRNYhzGWu6vwg6G.Ttf
c:\windows\Fonts\JNwybEjgUVaxBU5d.Ttf
c:\windows\Fonts\KXBqRpa2mrNPeXKb.Ttf
c:\windows\Fonts\MhaUKGazkr3fZZKp.Ttf
c:\windows\Fonts\Nxw6N4rjSsVpMUPe.Ttf
c:\windows\Fonts\PACNkAWTwg4Cyb3e.Ttf
c:\windows\Fonts\pDuuqr4BgFn65AeW.Ttf
c:\windows\Fonts\pKxp3cBbnHVb65ZWUDgRE5.Ttf
c:\windows\Fonts\PrZWDcWgjaE3SQyr.Ttf
c:\windows\Fonts\Qq3qg7RGSp9raxWW.Ttf
c:\windows\Fonts\S8a8cnEuaydPJGg8.Ttf
c:\windows\Fonts\tukVTEVUdJmB1k.Ttf
c:\windows\Fonts\WtEZSTBurjKEKSB9.Ttf
c:\windows\Fonts\YywxhF7TSnkktrJw.Ttf
c:\windows\Fonts\zZ5kDff9es3wZ9YZ.Ttf
c:\windows\system32\Data
c:\windows\system32\ieuinit.inf
c:\windows\system32\scrrntr.dll
c:\windows\unins000.dat
c:\windows\unins000.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NVMINI
-------\Service_nvmini


(((((((((((((((((((((((((   Files Created from 2009-11-28 to 2009-12-31  )))))))))))))))))))))))))))))))
.

2009-12-28 21:28 . 2009-12-28 21:29	--------	d-----w-	C:\rsit
2009-12-25 17:09 . 2009-12-25 17:09	--------	d-----w-	c:\documents and settings\Deniz Can\Local Settings\Application Data\DOSBox
2009-12-25 17:07 . 2009-12-25 17:18	--------	d-----w-	c:\program files\DOSBox-0.73
2009-12-25 16:43 . 2009-12-31 10:03	--------	d-----w-	C:\TIECD
2009-12-22 20:29 . 2009-12-29 09:13	--------	d-----w-	c:\program files\Industry Giant 2
2009-12-21 16:01 . 2009-12-21 16:01	--------	d-----w-	c:\program files\Trend Micro
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankProtocol
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankPacManager
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankMedium
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankHandler
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankFormat
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankDevice
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankContents
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\Frank
2009-12-17 09:14 . 2009-04-28 20:20	129520	------w-	c:\windows\system32\pxafs.dll
2009-12-17 09:13 . 2009-12-17 10:15	--------	d-----w-	c:\documents and settings\Deniz Can\Application Data\Winamp
2009-12-11 19:30 . 2009-12-17 09:22	--------	d-----w-	c:\program files\Winamp
2009-12-05 08:23 . 2009-08-24 23:30	13312	----a-w-	c:\documents and settings\Deniz Can\Application Data\Mozilla\Firefox\Profiles\6bsdy355.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
2009-12-03 19:50 . 2009-12-03 19:50	--------	d-----w-	c:\program files\Common Files\Borland Shared
2009-12-03 19:49 . 2009-12-03 19:49	--------	d-----w-	c:\temp\Isletme

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 07:54 . 2006-04-15 07:52	--------	d-----w-	c:\program files\eMule
2009-12-31 07:42 . 2006-05-12 17:25	--------	d-----w-	c:\documents and settings\Deniz Can\Application Data\Skype
2009-12-11 19:59 . 2009-10-25 10:18	--------	d-----w-	c:\program files\PokerStars.NET
2009-12-11 10:39 . 2009-10-27 17:42	--------	d-----w-	c:\program files\Mozilla Thunderbird
2009-12-10 15:28 . 2001-11-22 12:00	419572	----a-w-	c:\windows\system32\perfh01F.dat
2009-12-10 15:28 . 2001-11-22 12:00	76586	----a-w-	c:\windows\system32\perfc01F.dat
2009-11-29 08:35 . 2006-04-15 06:52	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-10-29 05:46 . 2004-08-03 21:45	661504	----a-w-	c:\windows\system32\wininet.dll
2009-10-22 19:08 . 2006-04-17 14:08	99024	----a-w-	c:\documents and settings\Deniz Can\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 06:02 . 2004-08-03 21:45	75776	----a-w-	c:\windows\system32\strmfilt.dll
2009-10-21 06:02 . 2004-08-03 21:45	25088	----a-w-	c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-03 20:00	263552	----a-w-	c:\windows\system32\drivers\http.sys
2009-10-13 10:52 . 2004-08-03 21:45	267264	----a-w-	c:\windows\system32\oakley.dll
2009-10-12 13:52 . 2004-08-03 21:45	69632	----a-w-	c:\windows\system32\raschap.dll
2009-10-12 13:52 . 2004-08-03 21:45	112640	----a-w-	c:\windows\system32\rastls.dll
.

------- Sigcheck -------

[7] 2008-06-20 . B0BEFD78B3816E6A49636A8B67C4F28F . 245760 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[7] 2008-06-20 . F04F500D4217A2C940D91140AC53C717 . 245760 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . E4BFA352E2D05B079673BF1FE1FD965D . 245760 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[7] 2008-06-20 . 8FDC1A5E2813A835ECAEF186AF80C9F5 . 245760 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
[7] 2008-06-20 . 7ECF6887F65367DD5CF94C91924588CA . 245760 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . C4FDA698CAB8527C1D58D7A437587952 . 245760 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\232cad025a4de3b5651532234015bf6b\mswsock.dll
[7] 2004-08-03 . C1FB7C7331E87A0E5129FCCE0B73167F . 245760 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-08 1953792]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-01-18 19477544]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2006-11-26 984064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-12-20 278528]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-09-11 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-22 155648]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-31 185872]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-4-15 49254]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-28 113664]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-6-8 16432]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Papyrus\\NASCAR Racing 2002 Season\\NR2002.exe"=
"c:\\Program Files\\Chessmaster 8000\\Chessmaster.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.06.2006 12:57 664064]
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [15.04.2006 14:10 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [15.04.2006 14:10 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06.02.2009 13:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06.02.2009 13:24 93336]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [14.06.2006 21:44 93824]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06.02.2009 13:23 727720]
S2 FILESpy;FILESpy;\??\c:\program files\Softwin\BitDefender9\filespy.sys --> c:\program files\Softwin\BitDefender9\filespy.sys [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [03.01.2008 16:09 39048]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S4 Rdpidirvw;Rdpidirvw;c:\windows\system32\drivers\rawwan.sys [22.11.2001 14:00 34432]
.
Contents of the 'Scheduled Tasks' folder

2007-11-28 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8188319073.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 21:52]

2009-12-31 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 19:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = localhost
uInternet Settings,ProxyServer = 217.195.246.83:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
TCP: {37D17006-8E1A-4418-AF41-AD76C2FA64C7} = 195.175.39.40,195.175.39.39
FF - ProfilePath - c:\documents and settings\Deniz Can\Application Data\Mozilla\Firefox\Profiles\6bsdy355.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\Deniz Can\Application Data\Mozilla\Firefox\Profiles\6bsdy355.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv41629.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BDSwitchAgent - c:\progra~1\softwin\bitdef~1\bdswitch.exe
HKLM-Run-mirc - c:\windows\WINCRA\mirc.exe
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
ShellExecuteHooks-{1ECE2FCB-C1BB-4706-920C-F4C1076FD155} - c:\windows\system32\kT2NuqZeGma.dll
ShellExecuteHooks-{7A93621D-BFFE-4EB1-AAE1-CD487F429840} - c:\windows\system32\PkVyCX5kHnftC7BXjt.dll
ShellExecuteHooks-{CCCA2FB9-2D5D-4481-8BFE-1CDDC458A3F4} - c:\windows\system32\CCCA2FB9.dll
ShellExecuteHooks-{EF6EF2D9-CDC7-481D-B17C-DA8DBA33BB01} - c:\windows\system32\kW5xUYZjcSnWs.dll
ShellExecuteHooks-{6B74576A-BB20-47B3-AE0A-046B062897D0} - c:\windows\system32\ACg9ycsarj8y.dll
ShellExecuteHooks-{19250D1E-B733-4F49-BC56-44EFCF3BF650} - c:\windows\system32\m37tEtTX7Ye5c.dll
ShellExecuteHooks-{A35BF249-2B40-4E4A-97B5-86DC8B358887} - c:\windows\system32\j8EG7scz8.dll
AddRemove-Flatcast_is1 - c:\windows\unins000.exe
AddRemove-IL Download Manager - c:\program files\Image-Line\Downloader\uninstall.exe
AddRemove-MyProduct - c:\program files\Ubisoft\Crytek\Far Cry\Bin32\Uninstal.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 13:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe >>UNKNOWN [0x82F96688]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x82f96688
\Driver\ACPI -> ACPI.sys @ 0xf8563cb8
\Driver\atapi -> 0x82d0e748
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
 ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
 ParseProcedure -> ntoskrnl.exe @ 0x8056f07e SendCompleteHandler -> NDIS.sys @ 0xf83ebaf9
 PacketIndicateHandler -> NDIS.sys @ 0xf83f6b21
 SendHandler -> NDIS.sys @ 0xf83eb938
Warning: possible MBR rootkit infection !
user & kernel MBR OK 

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1614895754-448539723-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:d6,1c,17,c1,3a,ee,f8,7f,36,c2,37,20,cd,c0,87,30,05,36,83,9e,7c,
   3d,8c,35,8c,89,75,43,aa,2a,ca,2b,ae,1c,b8,51,88,35,df,6d,6a,15,d7,07,61,8a,\
"rkeysecu"=hex:11,4a,21,88,3e,48,d9,8c,f2,33,47,f6,d6,5d,83,4e

[HKEY_LOCAL_MACHINE\System\MountedDevices]
@Denied: (Read) (Administrators)
"\\??\\Volume{03c46290-cbfc-11da-a90f-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
   00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\
"\\??\\Volume{03c46291-cbfc-11da-a90f-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
   00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,\
"\\??\\Volume{03c46292-cbfc-11da-a90f-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
   00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,\
"\\??\\Volume{03c46294-cbfc-11da-a90f-806d6172696f}"=hex:e3,06,e3,06,00,48,e6,
   3f,10,00,00,00
"\\DosDevices\\D:"=hex:e3,06,e3,06,00,48,e6,3f,10,00,00,00
"\\DosDevices\\A:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,
   45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\
"\\DosDevices\\E:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,
   64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,44,00,54,00,2d,00,53,00,54,00,5f,\
"\\DosDevices\\F:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,
   64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,44,00,54,00,2d,00,53,00,54,00,5f,\
"\\??\\Volume{03c46296-cbfc-11da-a90f-806d6172696f}"=hex:e3,06,e3,06,00,7e,00,
   00,00,00,00,00
"\\DosDevices\\C:"=hex:e3,06,e3,06,00,7e,00,00,00,00,00,00
"\\??\\Volume{2c5fd2fc-cc79-11da-917c-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\DosDevices\\G:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,
   43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,53,00,43,00,53,\
"\\??\\Volume{2c5fd2fd-cc79-11da-917c-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\H:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
   47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{2c5fd301-cc79-11da-917c-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\I:"=hex:d9,fe,52,a5,00,00,7e,00,00,00,00,00
"\\??\\Volume{fe8a6ee8-292e-11db-9251-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{1cefad0a-72ef-11db-92b6-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{1cefad0b-72ef-11db-92b6-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\J:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
   47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{7a240d66-fd72-11db-9379-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{3e3cd785-10d1-11dc-9391-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{aca44564-18af-11dc-9393-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{b6683514-b491-11dc-9432-0000e84b3687}"=hex:46,78,4a,30,00,7e,00,
   00,00,00,00,00
"\\??\\Volume{3da0b67b-f289-11dc-9482-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{4463c76c-03f4-11dd-9493-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{61a5c57e-370a-11dd-94d1-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{f9f37baa-3d48-11dd-94d9-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{9d2560ac-831a-11dd-951b-0000e84b3687}"=hex:46,c6,6a,5b,00,7e,00,
   00,00,00,00,00
"\\??\\Volume{c56024ec-e3a8-11dd-95f0-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{08ba475c-1132-11de-9648-0000e84b3687}"=hex:d9,fe,52,a5,00,00,7e,
   00,00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2368)
c:\docume~1\DENIZC~1\LOCALS~1\TempIadHide3.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\NetLimiter 2 Pro\nlsvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\ScsiAccess.EXE
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\SONY\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\MATLAB~1.SCR
.
**************************************************************************
.
Completion time: 2009-12-31  13:50:37 - machine was rebooted
ComboFix-quarantined-files.txt  2009-12-31 11:50

Pre-Run: 14.648.020.992 bayt boş
Post-Run: 14.832.390.144 bayt boş

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F08B234357EA6D70077187B510EC672E

**Jintan** · 31.12.2009 22:45

Progress, but due to Alcohol and Daemon Tools rootkit-like settings the results of some of the ComboFix log are not clear. I will need you to uninstall Alcohol and/or Daemon Tools (if installed separately). Then go here and download Duplex Secure's SPTD installer SPTDinst-v162-x86.exe to your desktop, then click the downloaded file to start the installer. When the option appears select Uninstall, and allow the tool to uninstall SPTD from your system. Be sure to reboot after to complete the removal of the SPTD settings.

Then temp disable any security software, and run ComboFix again please, and post back that new C:\ComboFix.txt log.

**Heavy Metal** · 01.01.2010 11:32

How is this?

Code:

ComboFix 09-12-30.01 - Deniz Can 01.01.2010  12:07:15.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1254.90.1055.18.511.215 [GMT 2:00]
Running from: c:\documents and settings\Deniz Can\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((((((((((((   Files Created from 2009-12-01 to 2010-01-01  )))))))))))))))))))))))))))))))
.

2009-12-28 21:28 . 2009-12-28 21:29	--------	d-----w-	C:\rsit
2009-12-25 17:09 . 2009-12-25 17:09	--------	d-----w-	c:\documents and settings\Deniz Can\Local Settings\Application Data\DOSBox
2009-12-25 17:07 . 2009-12-25 17:18	--------	d-----w-	c:\program files\DOSBox-0.73
2009-12-25 16:43 . 2010-01-01 09:39	--------	d-----w-	C:\TIECD
2009-12-22 20:29 . 2009-12-29 09:13	--------	d-----w-	c:\program files\Industry Giant 2
2009-12-21 16:01 . 2009-12-21 16:01	--------	d-----w-	c:\program files\Trend Micro
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankProtocol
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankPacManager
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankMedium
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankHandler
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankFormat
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankDevice
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankContents
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\Frank
2009-12-17 09:14 . 2009-04-28 20:20	129520	------w-	c:\windows\system32\pxafs.dll
2009-12-17 09:13 . 2009-12-17 10:15	--------	d-----w-	c:\documents and settings\Deniz Can\Application Data\Winamp
2009-12-11 19:30 . 2009-12-17 09:22	--------	d-----w-	c:\program files\Winamp
2009-12-05 08:23 . 2009-08-24 23:30	13312	----a-w-	c:\documents and settings\Deniz Can\Application Data\Mozilla\Firefox\Profiles\6bsdy355.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
2009-12-03 19:50 . 2009-12-03 19:50	--------	d-----w-	c:\program files\Common Files\Borland Shared
2009-12-03 19:49 . 2009-12-03 19:49	--------	d-----w-	c:\temp\Isletme

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 10:04 . 2006-05-12 17:25	--------	d-----w-	c:\documents and settings\Deniz Can\Application Data\Skype
2010-01-01 10:02 . 2006-09-08 09:11	--------	d-----w-	c:\program files\EasyPHP1-8
2010-01-01 08:57 . 2006-04-15 07:52	--------	d-----w-	c:\program files\eMule
2009-12-11 19:59 . 2009-10-25 10:18	--------	d-----w-	c:\program files\PokerStars.NET
2009-12-11 10:39 . 2009-10-27 17:42	--------	d-----w-	c:\program files\Mozilla Thunderbird
2009-12-10 15:28 . 2001-11-22 12:00	419572	----a-w-	c:\windows\system32\perfh01F.dat
2009-12-10 15:28 . 2001-11-22 12:00	76586	----a-w-	c:\windows\system32\perfc01F.dat
2009-11-29 08:35 . 2006-04-15 06:52	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-10-29 05:46 . 2004-08-03 21:45	661504	------w-	c:\windows\system32\wininet.dll
2009-10-22 19:08 . 2006-04-17 14:08	99024	----a-w-	c:\documents and settings\Deniz Can\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 06:02 . 2004-08-03 21:45	75776	----a-w-	c:\windows\system32\strmfilt.dll
2009-10-21 06:02 . 2004-08-03 21:45	25088	----a-w-	c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-03 20:00	263552	----a-w-	c:\windows\system32\drivers\http.sys
2009-10-13 10:52 . 2004-08-03 21:45	267264	----a-w-	c:\windows\system32\oakley.dll
2009-10-12 13:52 . 2004-08-03 21:45	69632	----a-w-	c:\windows\system32\raschap.dll
2009-10-12 13:52 . 2004-08-03 21:45	112640	----a-w-	c:\windows\system32\rastls.dll
.

------- Sigcheck -------

[7] 2008-06-20 . B0BEFD78B3816E6A49636A8B67C4F28F . 245760 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[7] 2008-06-20 . F04F500D4217A2C940D91140AC53C717 . 245760 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . E4BFA352E2D05B079673BF1FE1FD965D . 245760 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[7] 2008-06-20 . 8FDC1A5E2813A835ECAEF186AF80C9F5 . 245760 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
[7] 2008-06-20 . 7ECF6887F65367DD5CF94C91924588CA . 245760 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . C4FDA698CAB8527C1D58D7A437587952 . 245760 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\232cad025a4de3b5651532234015bf6b\mswsock.dll
[7] 2004-08-03 . C1FB7C7331E87A0E5129FCCE0B73167F . 245760 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-08 1953792]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-01-18 19477544]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2006-11-26 984064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-12-20 278528]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-09-11 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-22 155648]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-31 185872]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\Deniz Can\Start Menu\Programlar\BaŸlang‡\
Picture Motion Browser Media Check Tool.lnk - c:\program files\SONY\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-12-5 344064]

c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-4-15 49254]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-28 113664]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-6-8 16432]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Papyrus\\NASCAR Racing 2002 Season\\NR2002.exe"=
"c:\\Program Files\\Chessmaster 8000\\Chessmaster.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06.02.2009 13:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06.02.2009 13:24 93336]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [14.06.2006 21:44 93824]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06.02.2009 13:23 727720]
S2 FILESpy;FILESpy;\??\c:\program files\Softwin\BitDefender9\filespy.sys --> c:\program files\Softwin\BitDefender9\filespy.sys [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [03.01.2008 16:09 39048]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S4 Rdpidirvw;Rdpidirvw;c:\windows\system32\drivers\rawwan.sys [22.11.2001 14:00 34432]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2007-11-28 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8188319073.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 21:52]

2010-01-01 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 19:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = localhost
uInternet Settings,ProxyServer = 217.195.246.83:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
TCP: {37D17006-8E1A-4418-AF41-AD76C2FA64C7} = 195.175.39.40,195.175.39.39
FF - ProfilePath - c:\documents and settings\Deniz Can\Application Data\Mozilla\Firefox\Profiles\6bsdy355.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\Deniz Can\Application Data\Mozilla\Firefox\Profiles\6bsdy355.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv41629.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 12:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1614895754-448539723-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:d6,1c,17,c1,3a,ee,f8,7f,36,c2,37,20,cd,c0,87,30,05,36,83,9e,7c,
   3d,8c,35,8c,89,75,43,aa,2a,ca,2b,ae,1c,b8,51,88,35,df,6d,6a,15,d7,07,61,8a,\
"rkeysecu"=hex:11,4a,21,88,3e,48,d9,8c,f2,33,47,f6,d6,5d,83,4e

[HKEY_LOCAL_MACHINE\System\MountedDevices]
@Denied: (Read) (Administrators)
"\\??\\Volume{03c46290-cbfc-11da-a90f-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
   00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\
"\\??\\Volume{03c46291-cbfc-11da-a90f-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
   00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,\
"\\??\\Volume{03c46292-cbfc-11da-a90f-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
   00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,\
"\\??\\Volume{03c46294-cbfc-11da-a90f-806d6172696f}"=hex:e3,06,e3,06,00,48,e6,
   3f,10,00,00,00
"\\DosDevices\\D:"=hex:e3,06,e3,06,00,48,e6,3f,10,00,00,00
"\\DosDevices\\A:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,
   45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\
"\\DosDevices\\E:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,
   64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,44,00,54,00,2d,00,53,00,54,00,5f,\
"\\DosDevices\\F:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,
   64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,44,00,54,00,2d,00,53,00,54,00,5f,\
"\\??\\Volume{03c46296-cbfc-11da-a90f-806d6172696f}"=hex:e3,06,e3,06,00,7e,00,
   00,00,00,00,00
"\\DosDevices\\C:"=hex:e3,06,e3,06,00,7e,00,00,00,00,00,00
"\\??\\Volume{2c5fd2fc-cc79-11da-917c-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\DosDevices\\G:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,
   43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,53,00,43,00,53,\
"\\??\\Volume{2c5fd2fd-cc79-11da-917c-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\H:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
   47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{2c5fd301-cc79-11da-917c-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\I:"=hex:d9,fe,52,a5,00,00,7e,00,00,00,00,00
"\\??\\Volume{fe8a6ee8-292e-11db-9251-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{1cefad0a-72ef-11db-92b6-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{1cefad0b-72ef-11db-92b6-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\J:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
   47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{7a240d66-fd72-11db-9379-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{3e3cd785-10d1-11dc-9391-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{aca44564-18af-11dc-9393-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{b6683514-b491-11dc-9432-0000e84b3687}"=hex:46,78,4a,30,00,7e,00,
   00,00,00,00,00
"\\??\\Volume{3da0b67b-f289-11dc-9482-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{4463c76c-03f4-11dd-9493-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{61a5c57e-370a-11dd-94d1-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{f9f37baa-3d48-11dd-94d9-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{9d2560ac-831a-11dd-951b-0000e84b3687}"=hex:46,c6,6a,5b,00,7e,00,
   00,00,00,00,00
"\\??\\Volume{c56024ec-e3a8-11dd-95f0-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
   00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{08ba475c-1132-11de-9648-0000e84b3687}"=hex:d9,fe,52,a5,00,00,7e,
   00,00,00,00,00
.
Completion time: 2010-01-01  12:27:24
ComboFix-quarantined-files.txt  2010-01-01 10:27
ComboFix2.txt  2009-12-31 11:50

Pre-Run: 14.782.480.384 bayt boş
Post-Run: 14.747.656.192 bayt boş

- - End Of File - - 8E486184D508E639ACB51C2604476AC5

Happy new year by the way!

**Jintan** · 01.01.2010 16:36

That removed the indication of boot file altering, so it was Daemon, and not malware. Is this a proxy setting you recognize?

ProxyServer = 217.195.246.83:8080

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text inside the codebox below into it:

Code:

KillAll::
Driver::
Rdpidirvw
FILESpy
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c56024ec-e3a8-11dd-95f0-0000e84b3687}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9f37baa-3d48-11dd-94d9-0000e84b3687}]
Reglock::
[HKEY_LOCAL_MACHINE\System\MountedDevices]

Save this to your desktop as CFScript.txt

You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

--------

Download Malwarebytes' Anti-Malware from Here or Here.

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------------

Post that log and the new C:\ComboFix.txt log please.

**Heavy Metal** · 01.01.2010 20:13

Here it goes:

Code:

ComboFix 09-12-30.01 - Deniz Can 01.01.2010  20:19:22.3.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1254.90.1055.18.511.284 [GMT 2:00]
Running from: c:\documents and settings\Deniz Can\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Deniz Can\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FILESPY
-------\Service_FILESpy
-------\Service_Rdpidirvw


(((((((((((((((((((((((((   Files Created from 2009-12-01 to 2010-01-01  )))))))))))))))))))))))))))))))
.

2010-01-01 17:26 . 2010-01-01 18:15	--------	d-----w-	c:\documents and settings\Deniz Can\Application Data\GSplit
2010-01-01 17:20 . 2010-01-01 17:21	--------	d-----w-	c:\documents and settings\Deniz Can\Application Data\Flsplt
2010-01-01 17:20 . 2010-01-01 17:20	--------	d-----w-	c:\documents and settings\Deniz Can\Application Data\Split_Segments
2009-12-28 21:28 . 2009-12-28 21:29	--------	d-----w-	C:\rsit
2009-12-25 17:09 . 2009-12-25 17:09	--------	d-----w-	c:\documents and settings\Deniz Can\Local Settings\Application Data\DOSBox
2009-12-25 17:07 . 2009-12-25 17:18	--------	d-----w-	c:\program files\DOSBox-0.73
2009-12-25 16:43 . 2010-01-01 16:51	--------	d-----w-	C:\TIECD
2009-12-22 20:29 . 2009-12-29 09:13	--------	d-----w-	c:\program files\Industry Giant 2
2009-12-21 16:01 . 2009-12-21 16:01	--------	d-----w-	c:\program files\Trend Micro
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankProtocol
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankPacManager
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankMedium
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankHandler
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankFormat
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankDevice
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankContents
2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\Frank
2009-12-17 09:14 . 2009-04-28 20:20	129520	------w-	c:\windows\system32\pxafs.dll
2009-12-17 09:13 . 2009-12-17 10:15	--------	d-----w-	c:\documents and settings\Deniz Can\Application Data\Winamp
2009-12-11 19:30 . 2009-12-17 09:22	--------	d-----w-	c:\program files\Winamp
2009-12-05 08:23 . 2009-08-24 23:30	13312	----a-w-	c:\documents and settings\Deniz Can\Application Data\Mozilla\Firefox\Profiles\6bsdy355.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
2009-12-03 19:50 . 2009-12-03 19:50	--------	d-----w-	c:\program files\Common Files\Borland Shared
2009-12-03 19:49 . 2009-12-03 19:49	--------	d-----w-	c:\temp\Isletme

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 10:59 . 2006-04-15 07:52	--------	d-----w-	c:\program files\eMule
2010-01-01 10:04 . 2006-05-12 17:25	--------	d-----w-	c:\documents and settings\Deniz Can\Application Data\Skype
2010-01-01 10:02 . 2006-09-08 09:11	--------	d-----w-	c:\program files\EasyPHP1-8
2009-12-11 19:59 . 2009-10-25 10:18	--------	d-----w-	c:\program files\PokerStars.NET
2009-12-11 10:39 . 2009-10-27 17:42	--------	d-----w-	c:\program files\Mozilla Thunderbird
2009-12-10 15:28 . 2001-11-22 12:00	419572	----a-w-	c:\windows\system32\perfh01F.dat
2009-12-10 15:28 . 2001-11-22 12:00	76586	----a-w-	c:\windows\system32\perfc01F.dat
2009-11-29 08:35 . 2006-04-15 06:52	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-10-29 05:46 . 2004-08-03 21:45	661504	------w-	c:\windows\system32\wininet.dll
2009-10-22 19:08 . 2006-04-17 14:08	99024	----a-w-	c:\documents and settings\Deniz Can\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 06:02 . 2004-08-03 21:45	75776	----a-w-	c:\windows\system32\strmfilt.dll
2009-10-21 06:02 . 2004-08-03 21:45	25088	----a-w-	c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-03 20:00	263552	----a-w-	c:\windows\system32\drivers\http.sys
2009-10-13 10:52 . 2004-08-03 21:45	267264	----a-w-	c:\windows\system32\oakley.dll
2009-10-12 13:52 . 2004-08-03 21:45	69632	----a-w-	c:\windows\system32\raschap.dll
2009-10-12 13:52 . 2004-08-03 21:45	112640	----a-w-	c:\windows\system32\rastls.dll
.

------- Sigcheck -------

[7] 2008-06-20 . B0BEFD78B3816E6A49636A8B67C4F28F . 245760 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[7] 2008-06-20 . F04F500D4217A2C940D91140AC53C717 . 245760 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . E4BFA352E2D05B079673BF1FE1FD965D . 245760 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[7] 2008-06-20 . 8FDC1A5E2813A835ECAEF186AF80C9F5 . 245760 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
[7] 2008-06-20 . 7ECF6887F65367DD5CF94C91924588CA . 245760 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . C4FDA698CAB8527C1D58D7A437587952 . 245760 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\232cad025a4de3b5651532234015bf6b\mswsock.dll
[7] 2004-08-03 . C1FB7C7331E87A0E5129FCCE0B73167F . 245760 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-08 1953792]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-01-18 19477544]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2006-11-26 984064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-12-20 278528]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-09-11 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-22 155648]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-31 185872]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\Deniz Can\Start Menu\Programlar\BaŸlang‡\
Picture Motion Browser Media Check Tool.lnk - c:\program files\SONY\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-12-5 344064]

c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-4-15 49254]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-28 113664]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-6-8 16432]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Papyrus\\NASCAR Racing 2002 Season\\NR2002.exe"=
"c:\\Program Files\\Chessmaster 8000\\Chessmaster.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06.02.2009 13:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06.02.2009 13:24 93336]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [14.06.2006 21:44 93824]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06.02.2009 13:23 727720]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [03.01.2008 16:09 39048]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2007-11-28 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8188319073.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 21:52]

2010-01-01 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 19:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = localhost
uInternet Settings,ProxyServer = 217.195.246.83:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
TCP: {37D17006-8E1A-4418-AF41-AD76C2FA64C7} = 195.175.39.40,195.175.39.39
FF - ProfilePath - c:\documents and settings\Deniz Can\Application Data\Mozilla\Firefox\Profiles\6bsdy355.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\Deniz Can\Application Data\Mozilla\Firefox\Profiles\6bsdy355.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv41629.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 20:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1614895754-448539723-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:d6,1c,17,c1,3a,ee,f8,7f,36,c2,37,20,cd,c0,87,30,05,36,83,9e,7c,
   3d,8c,35,8c,89,75,43,aa,2a,ca,2b,ae,1c,b8,51,88,35,df,6d,6a,15,d7,07,61,8a,\
"rkeysecu"=hex:11,4a,21,88,3e,48,d9,8c,f2,33,47,f6,d6,5d,83,4e
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1828)
c:\docume~1\DENIZC~1\LOCALS~1\TempIadHide3.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\NetLimiter 2 Pro\nlsvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\ScsiAccess.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-01-01  20:44:34 - machine was rebooted
ComboFix-quarantined-files.txt  2010-01-01 18:44
ComboFix2.txt  2010-01-01 10:27
ComboFix3.txt  2009-12-31 11:50

Pre-Run: 14.719.262.720 bayt boş
Post-Run: 14.689.116.160 bayt boş

- - End Of File - - 50D89AD21F7C8812B1897A15D45B9FD1

Code:

Malwarebytes' Anti-Malware 1.43
Database version: 3470
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

01.01.2010 21:10:55
mbam-log-2010-01-01 (21-10-55).txt

Scan type: Quick Scan
Objects scanned: 117169
Time elapsed: 9 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\wmilib.services (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bf5c81c0-416d-487c-a4ad-07cc1f8e6e71} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6c3db97b-69d4-46da-87cd-4e323bff2c3c} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{43893dfb-e095-42eb-ab67-784853fdfa58} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{88abc5c0-4fcb-11bb-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware didn't ask for reboot BTW.

**Jintan** · 01.01.2010 23:33

Steady progress. Let's do one additional scan to make sure nothing remains there.

Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.

If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.

Thema: Win32/TrojanDownloader.Agent problem

Themen-Optionen

Win32/TrojanDownloader.Agent problem

Re: Win32/TrojanDownloader.Agent problem

Re: Win32/TrojanDownloader.Agent problem

Re: Win32/TrojanDownloader.Agent problem

Re: Win32/TrojanDownloader.Agent problem

Re: Win32/TrojanDownloader.Agent problem

Re: Win32/TrojanDownloader.Agent problem

Re: Win32/TrojanDownloader.Agent problem

Re: Win32/TrojanDownloader.Agent problem

Re: Win32/TrojanDownloader.Agent problem

Aktive Benutzer

Aktive Benutzer

Ähnliche Themen

win32.zbot und win32.Agent.pz problem

win32 trojandownloader Zlob

Trojandownloader.Agent.uj

Win32.TrojanDownloader.Swizzor.br

win32. trojanDownloader .Swizzor.br :(

Forumregeln