Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

rundll32.exe has an unusually high cpu usage

Started by pleoscalete , May 16 2011 12:08 AM

  • This topic is locked This topic is locked

#1
pleoscalete
Posted 16 May 2011 - 12:08 AM

pleoscalete

    Member

  • Member
  • PipPip
  • 10 posts
Hello! Google-ing it out I've discovered this forum and since I'm hopeless when it comes to virus, malware and such, I'd like to ask for some assistance. The problem is as follows: whenever I run a game executable (tried it with other executables but there seems to be no problem with those) the process rundll32.exe starts and hoards up to 50% cpu slowing down the machine a bit. I couldn't say precisely when the problem started because the computer still runs rather decent so I didn't notice it at first.

I keep my windows updated and I also updated and tried in depth scans with windows security essentials, trustport total protection and advanced system care's malware scan but they found nothing. I'm not sure if it's required but I figured it might be relevant so I'll post two scans, the first bofore I start any game and the other one with a game started.

Here is the otl.txt scan i did without any game started and consequently without the rundll32.exe process running:


OTL logfile created on: 5/16/2011 8:11:15 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\ionut\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 52.18 Gb Total Space | 27.13 Gb Free Space | 51.98% Space Free | Partition Type: NTFS
Drive D: | 149.04 Gb Total Space | 28.52 Gb Free Space | 19.13% Space Free | Partition Type: NTFS
Drive E: | 93.13 Gb Total Space | 27.71 Gb Free Space | 29.75% Space Free | Partition Type: NTFS

Computer Name: DUSMANU | User Name: ionut | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/16 07:58:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\ionut\Downloads\OTL.exe
PRC - [2011/05/15 00:52:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/09 09:05:38 | 000,404,040 | ---- | M] (TrustPort, a.s.) -- C:\Program Files (x86)\Common Files\TrustPort\bin\tpmgma.exe
PRC - [2011/05/09 09:02:00 | 000,266,512 | ---- | M] (TrustPort, a.s.) -- C:\Program Files (x86)\TrustPort\DataShredder\bin\wipesrv.exe
PRC - [2011/05/09 09:01:58 | 000,721,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\TrustPort\bin\tptray.exe
PRC - [2011/05/09 09:01:50 | 000,217,360 | ---- | M] () -- C:\Program Files (x86)\TrustPort\DiskProtection\bin\tdwatch.exe
PRC - [2011/05/09 09:01:42 | 000,487,696 | ---- | M] (TrustPort, a.s.) -- C:\Program Files (x86)\TrustPort\Antivirus\bin\gozer.exe
PRC - [2011/05/09 09:01:34 | 000,291,088 | ---- | M] (TrustPort, a.s.) -- C:\Program Files (x86)\TrustPort\Antivirus\bin\avss.exe
PRC - [2011/05/09 09:01:30 | 000,774,416 | ---- | M] (TrustPort, a.s.) -- C:\Program Files (x86)\TrustPort\Antivirus\bin\avcom.exe
PRC - [2011/05/09 09:01:26 | 000,495,888 | ---- | M] (TrustPort, a.s.) -- C:\Program Files (x86)\TrustPort\Antivirus\bin\avas.exe
PRC - [2011/04/22 15:08:52 | 003,366,800 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASC.exe
PRC - [2011/04/22 15:08:52 | 000,801,680 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/04/22 15:08:52 | 000,402,832 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/04/22 15:08:52 | 000,352,656 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/10 17:29:14 | 001,646,936 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/02/24 15:46:24 | 000,427,864 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
PRC - [2011/02/14 17:17:52 | 000,261,456 | ---- | M] () -- C:\Program Files (x86)\Join Air\AssistantServices.exe
PRC - [2011/02/14 17:17:52 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\Join Air\UIExec.exe
PRC - [2010/12/19 08:51:47 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe


========== Modules (SafeList) ==========

MOD - [2011/05/16 07:58:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\ionut\Downloads\OTL.exe
MOD - [2010/08/21 08:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 15:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 15:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/05/09 09:05:38 | 000,404,040 | ---- | M] (TrustPort, a.s.) [Auto | Running] -- C:\Program Files (x86)\Common Files\TrustPort\bin\tpmgma.exe -- (tpmgma_service)
SRV - [2011/05/09 09:02:00 | 000,266,512 | ---- | M] (TrustPort, a.s.) [Auto | Running] -- C:\Program Files (x86)\TrustPort\DataShredder\bin\wipesrv.exe -- (wipesrv)
SRV - [2011/05/09 09:01:42 | 000,487,696 | ---- | M] (TrustPort, a.s.) [On_Demand | Running] -- C:\Program Files (x86)\TrustPort\Antivirus\bin\gozer.exe -- (gozer)
SRV - [2011/05/09 09:01:34 | 000,291,088 | ---- | M] (TrustPort, a.s.) [On_Demand | Running] -- C:\Program Files (x86)\TrustPort\Antivirus\bin\avss.exe -- (avss_service)
SRV - [2011/05/09 09:01:26 | 000,495,888 | ---- | M] (TrustPort, a.s.) [On_Demand | Running] -- C:\Program Files (x86)\TrustPort\Antivirus\bin\avas.exe -- (avas_service)
SRV - [2011/04/22 15:08:52 | 000,352,656 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/02/14 17:17:52 | 000,261,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/09 09:06:54 | 000,041,088 | ---- | M] (TrustPort, a.s.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tpsec.sys -- (tpsec)
DRV:64bit: - [2011/05/09 09:05:10 | 000,050,960 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tdifw.sys -- (tdifw)
DRV:64bit: - [2011/05/09 09:05:06 | 000,050,448 | ---- | M] (TrustPort, a.s.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avasdmft.sys -- (avasdmft) TrustPort Antivirus On-Access Scanner (W2K/XP)
DRV:64bit: - [2011/02/23 16:50:14 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/10/24 22:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/27 20:11:22 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/09/27 20:11:22 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/09/19 18:54:59 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/14 14:42:56 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/02/03 16:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/10/10 05:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/09/27 09:53:54 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/09/27 09:53:54 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/09/27 09:53:54 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/09/27 09:53:54 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/09/15 20:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/09/02 18:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/14 04:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 04:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 00:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 00:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 00:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 23:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 23:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2011/05/09 09:05:12 | 000,033,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TrustPort\PersonalFirewall\bin\tppfhook.sys -- (TPPFHOOK)
DRV - [2011/05/09 09:05:10 | 000,020,752 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\TrustPort\PersonalFirewall\bin\tdimapper.sys -- (tdimapper)
DRV - [2011/05/09 09:05:08 | 000,061,200 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\TrustPort\DiskProtection\bin\encdsk.sys -- (EncDisk)
DRV - [2011/05/09 09:05:08 | 000,020,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\TrustPort\bin\dsio.sys -- (dsio)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ro
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 AB 7D AA 2A FD CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.2
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/15 00:52:16 | 000,000,000 | ---D | M]

[2010/09/07 09:18:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ionut\AppData\Roaming\Mozilla\Extensions
[2011/05/15 00:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ionut\AppData\Roaming\Mozilla\Firefox\Profiles\6xj97pzz.default\extensions
[2011/04/22 09:28:49 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\ionut\AppData\Roaming\Mozilla\Firefox\Profiles\6xj97pzz.default\extensions\[email protected]
[2011/05/13 17:39:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\IONUT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6XJ97PZZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\IONUT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6XJ97PZZ.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\USERS\IONUT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6XJ97PZZ.DEFAULT\EXTENSIONS\[email protected]
[2011/05/15 00:52:13 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 11:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 11:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 11:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 11:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 11:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - Reg Error: Value error. File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AntivirusCommunicatorAgent] C:\Program Files (x86)\TrustPort\Antivirus\bin\avcom.exe (TrustPort, a.s.)
O4 - HKLM..\Run: [TrustPortDiskProtectionWatchDog] C:\Program Files (x86)\TrustPort\DiskProtection\bin\TDWatch.exe ()
O4 - HKLM..\Run: [TrustPortTray] C:\Program Files (x86)\Common Files\TrustPort\Bin\tptray.exe ()
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe ()
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.76.253.115 82.76.253.125
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/13 16:10:30 | 000,000,007 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{17a77801-7c58-11e0-9c17-001d72c31e96}\Shell - "" = AutoRun
O33 - MountPoints2\{17a77801-7c58-11e0-9c17-001d72c31e96}\Shell\AutoRun\command - "" = J:\Windows\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SmartDefragBootTime.exe) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/13 17:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/05/13 12:52:48 | 000,135,168 | ---- | C] (ZTE Corporation) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys
[2011/05/13 12:52:48 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys
[2011/05/13 12:52:48 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys
[2011/05/13 12:52:47 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys
[2011/05/13 12:52:47 | 000,011,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys
[2011/05/13 12:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Join Air
[2011/05/13 12:52:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SupportAppCB
[2011/05/13 12:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Join Air
[2011/05/11 09:56:49 | 000,050,448 | ---- | C] (TrustPort, a.s.) -- C:\Windows\SysNative\drivers\avasdmft.sys
[2011/05/11 09:56:38 | 000,041,088 | ---- | C] (TrustPort, a.s.) -- C:\Windows\SysNative\drivers\tpsec.sys
[2011/05/06 09:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/05/04 21:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster
[2011/05/02 18:51:56 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/05/02 18:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrustPort Total Protection
[2011/05/02 18:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrustPort
[2011/05/02 18:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TrustPort
[2011/05/02 13:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/04/30 17:08:34 | 000,000,000 | ---D | C] -- C:\Users\ionut\AppData\Local\Oblivion
[2011/04/19 12:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2011/04/17 14:32:01 | 000,000,000 | ---D | C] -- C:\Users\ionut\AppData\Roaming\PC Suite
[2011/04/17 14:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2011/04/17 14:32:01 | 000,000,000 | ---D | C] -- C:\Users\ionut\AppData\Roaming\Nokia
[2011/04/17 14:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
[2011/04/17 14:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PCSuite
[2011/04/17 14:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2011/04/17 14:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/04/17 14:30:35 | 000,057,856 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsX64.dll
[2011/04/17 14:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2011/04/17 14:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/16 06:59:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/15 00:52:25 | 000,002,052 | ---- | M] () -- C:\Users\ionut\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/14 15:34:15 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/14 15:34:15 | 000,626,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/14 15:34:15 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/14 07:02:38 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/14 07:02:38 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/14 06:54:57 | 2359,971,840 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/13 12:52:45 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\Join Air.lnk
[2011/05/12 10:31:32 | 000,396,431 | ---- | M] () -- C:\Users\ionut\Desktop\Untitled.png
[2011/05/09 09:06:54 | 000,041,088 | ---- | M] (TrustPort, a.s.) -- C:\Windows\SysNative\drivers\tpsec.sys
[2011/05/09 09:05:10 | 000,050,960 | ---- | M] () -- C:\Windows\SysNative\drivers\tdifw.sys
[2011/05/09 09:05:06 | 000,050,448 | ---- | M] (TrustPort, a.s.) -- C:\Windows\SysNative\drivers\avasdmft.sys
[2011/05/06 22:19:17 | 000,000,218 | ---- | M] () -- C:\Users\ionut\.recently-used.xbel
[2011/05/06 11:44:37 | 000,293,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/17 14:34:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/13 12:52:45 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\Join Air.lnk
[2011/05/12 10:31:31 | 000,396,431 | ---- | C] () -- C:\Users\ionut\Desktop\Untitled.png
[2011/05/11 09:56:49 | 000,050,960 | ---- | C] () -- C:\Windows\SysNative\drivers\tdifw.sys
[2011/05/06 22:19:17 | 000,000,218 | ---- | C] () -- C:\Users\ionut\.recently-used.xbel
[2011/04/19 12:03:05 | 000,032,136 | ---- | C] () -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2011/04/19 12:03:05 | 000,018,232 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2011/04/17 14:34:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2011/01/27 15:19:55 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/14 21:01:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/26 18:55:40 | 000,000,600 | ---- | C] () -- C:\Windows\Rtcw.INI
[2010/09/27 20:23:48 | 000,007,606 | ---- | C] () -- C:\Users\ionut\AppData\Local\Resmon.ResmonCfg
[2010/09/09 17:13:23 | 000,001,010 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009/09/02 18:52:46 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/14 08:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 05:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 03:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 00:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/03 18:14:52 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/06/03 18:14:52 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/06/03 18:14:52 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

< End of report >
__________________________________________________________________________________________________
__________________________________________________________________________________________________

And here's a scan with a game started and the rundll32.exe at 50% cpu:



OTL logfile created on: 5/16/2011 8:53:56 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\ionut\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 52.18 Gb Total Space | 27.12 Gb Free Space | 51.98% Space Free | Partition Type: NTFS
Drive D: | 149.04 Gb Total Space | 28.52 Gb Free Space | 19.13% Space Free | Partition Type: NTFS
Drive E: | 93.13 Gb Total Space | 27.71 Gb Free Space | 29.75% Space Free | Partition Type: NTFS

Computer Name: DUSMANU | User Name: ionut | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/16 07:58:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\ionut\Downloads\OTL.exe
PRC - [2011/05/15 00:52:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/09 09:05:38 | 000,404,040 | ---- | M] (TrustPort, a.s.) -- C:\Program Files (x86)\Common Files\TrustPort\bin\tpmgma.exe
PRC - [2011/05/09 09:02:00 | 000,266,512 | ---- | M] (TrustPort, a.s.) -- C:\Program Files (x86)\TrustPort\DataShredder\bin\wipesrv.exe
PRC - [2011/05/09 09:01:58 | 000,721,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\TrustPort\bin\tptray.exe
PRC - [2011/05/09 09:01:50 | 000,217,360 | ---- | M] () -- C:\Program Files (x86)\TrustPort\DiskProtection\bin\tdwatch.exe
PRC - [2011/05/09 09:01:42 | 000,487,696 | ---- | M] (TrustPort, a.s.) -- C:\Program Files (x86)\TrustPort\Antivirus\bin\gozer.exe
PRC - [2011/05/09 09:01:34 | 000,291,088 | ---- | M] (TrustPort, a.s.) -- C:\Program Files (x86)\TrustPort\Antivirus\bin\avss.exe
PRC - [2011/05/09 09:01:30 | 000,774,416 | ---- | M] (TrustPort, a.s.) -- C:\Program Files (x86)\TrustPort\Antivirus\bin\avcom.exe
PRC - [2011/05/09 09:01:26 | 000,495,888 | ---- | M] (TrustPort, a.s.) -- C:\Program Files (x86)\TrustPort\Antivirus\bin\avas.exe
PRC - [2011/04/22 15:08:52 | 003,366,800 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASC.exe
PRC - [2011/04/22 15:08:52 | 000,801,680 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/04/22 15:08:52 | 000,402,832 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/04/22 15:08:52 | 000,352,656 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/10 17:29:14 | 001,646,936 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/02/24 15:46:24 | 000,427,864 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
PRC - [2011/02/14 17:17:52 | 000,261,456 | ---- | M] () -- C:\Program Files (x86)\Join Air\AssistantServices.exe
PRC - [2011/02/14 17:17:52 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\Join Air\UIExec.exe
PRC - [2010/12/19 08:51:47 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/02/26 23:41:08 | 000,471,040 | ---- | M] (Blizzard Entertainment) -- d:\games\Warcraft3\war3.exe
PRC - [2008/08/23 22:29:18 | 000,274,432 | ---- | M] (Blizzard Entertainment) -- D:\games\Warcraft3\Frozen Throne.exe


========== Modules (SafeList) ==========

MOD - [2011/05/16 07:58:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\ionut\Downloads\OTL.exe
MOD - [2010/08/21 08:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 15:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 15:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/05/09 09:05:38 | 000,404,040 | ---- | M] (TrustPort, a.s.) [Auto | Running] -- C:\Program Files (x86)\Common Files\TrustPort\bin\tpmgma.exe -- (tpmgma_service)
SRV - [2011/05/09 09:02:00 | 000,266,512 | ---- | M] (TrustPort, a.s.) [Auto | Running] -- C:\Program Files (x86)\TrustPort\DataShredder\bin\wipesrv.exe -- (wipesrv)
SRV - [2011/05/09 09:01:42 | 000,487,696 | ---- | M] (TrustPort, a.s.) [On_Demand | Running] -- C:\Program Files (x86)\TrustPort\Antivirus\bin\gozer.exe -- (gozer)
SRV - [2011/05/09 09:01:34 | 000,291,088 | ---- | M] (TrustPort, a.s.) [On_Demand | Running] -- C:\Program Files (x86)\TrustPort\Antivirus\bin\avss.exe -- (avss_service)
SRV - [2011/05/09 09:01:26 | 000,495,888 | ---- | M] (TrustPort, a.s.) [On_Demand | Running] -- C:\Program Files (x86)\TrustPort\Antivirus\bin\avas.exe -- (avas_service)
SRV - [2011/04/22 15:08:52 | 000,352,656 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/02/14 17:17:52 | 000,261,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/09 09:06:54 | 000,041,088 | ---- | M] (TrustPort, a.s.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tpsec.sys -- (tpsec)
DRV:64bit: - [2011/05/09 09:05:10 | 000,050,960 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tdifw.sys -- (tdifw)
DRV:64bit: - [2011/05/09 09:05:06 | 000,050,448 | ---- | M] (TrustPort, a.s.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avasdmft.sys -- (avasdmft) TrustPort Antivirus On-Access Scanner (W2K/XP)
DRV:64bit: - [2011/02/23 16:50:14 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/10/24 22:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/27 20:11:22 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/09/27 20:11:22 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/09/19 18:54:59 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/14 14:42:56 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/02/03 16:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/10/10 05:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/09/27 09:53:54 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/09/27 09:53:54 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/09/27 09:53:54 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/09/27 09:53:54 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/09/15 20:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/09/02 18:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/14 04:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 04:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 00:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 00:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 00:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 23:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 23:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2011/05/09 09:05:12 | 000,033,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TrustPort\PersonalFirewall\bin\tppfhook.sys -- (TPPFHOOK)
DRV - [2011/05/09 09:05:10 | 000,020,752 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\TrustPort\PersonalFirewall\bin\tdimapper.sys -- (tdimapper)
DRV - [2011/05/09 09:05:08 | 000,061,200 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\TrustPort\DiskProtection\bin\encdsk.sys -- (EncDisk)
DRV - [2011/05/09 09:05:08 | 000,020,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\TrustPort\bin\dsio.sys -- (dsio)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ro
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 AB 7D AA 2A FD CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.2
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/15 00:52:16 | 000,000,000 | ---D | M]

[2010/09/07 09:18:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ionut\AppData\Roaming\Mozilla\Extensions
[2011/05/15 00:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ionut\AppData\Roaming\Mozilla\Firefox\Profiles\6xj97pzz.default\extensions
[2011/04/22 09:28:49 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\ionut\AppData\Roaming\Mozilla\Firefox\Profiles\6xj97pzz.default\extensions\[email protected]
[2011/05/13 17:39:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\IONUT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6XJ97PZZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\IONUT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6XJ97PZZ.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\USERS\IONUT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6XJ97PZZ.DEFAULT\EXTENSIONS\[email protected]
[2011/05/15 00:52:13 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 11:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 11:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 11:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 11:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 11:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - Reg Error: Value error. File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AntivirusCommunicatorAgent] C:\Program Files (x86)\TrustPort\Antivirus\bin\avcom.exe (TrustPort, a.s.)
O4 - HKLM..\Run: [TrustPortDiskProtectionWatchDog] C:\Program Files (x86)\TrustPort\DiskProtection\bin\TDWatch.exe ()
O4 - HKLM..\Run: [TrustPortTray] C:\Program Files (x86)\Common Files\TrustPort\Bin\tptray.exe ()
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe ()
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.76.253.115 82.76.253.125
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/13 16:10:30 | 000,000,007 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{17a77801-7c58-11e0-9c17-001d72c31e96}\Shell - "" = AutoRun
O33 - MountPoints2\{17a77801-7c58-11e0-9c17-001d72c31e96}\Shell\AutoRun\command - "" = J:\Windows\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SmartDefragBootTime.exe) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/13 17:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/05/13 12:52:48 | 000,135,168 | ---- | C] (ZTE Corporation) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys
[2011/05/13 12:52:48 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys
[2011/05/13 12:52:48 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys
[2011/05/13 12:52:47 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys
[2011/05/13 12:52:47 | 000,011,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys
[2011/05/13 12:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Join Air
[2011/05/13 12:52:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SupportAppCB
[2011/05/13 12:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Join Air
[2011/05/11 09:56:49 | 000,050,448 | ---- | C] (TrustPort, a.s.) -- C:\Windows\SysNative\drivers\avasdmft.sys
[2011/05/11 09:56:38 | 000,041,088 | ---- | C] (TrustPort, a.s.) -- C:\Windows\SysNative\drivers\tpsec.sys
[2011/05/06 09:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/05/04 21:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster
[2011/05/02 18:51:56 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/05/02 18:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrustPort Total Protection
[2011/05/02 18:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrustPort
[2011/05/02 18:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TrustPort
[2011/05/02 13:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/04/30 17:08:34 | 000,000,000 | ---D | C] -- C:\Users\ionut\AppData\Local\Oblivion
[2011/04/19 12:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2011/04/17 14:32:01 | 000,000,000 | ---D | C] -- C:\Users\ionut\AppData\Roaming\PC Suite
[2011/04/17 14:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2011/04/17 14:32:01 | 000,000,000 | ---D | C] -- C:\Users\ionut\AppData\Roaming\Nokia
[2011/04/17 14:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
[2011/04/17 14:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PCSuite
[2011/04/17 14:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2011/04/17 14:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/04/17 14:30:35 | 000,057,856 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsX64.dll
[2011/04/17 14:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2011/04/17 14:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/16 06:59:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/15 00:52:25 | 000,002,052 | ---- | M] () -- C:\Users\ionut\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/14 15:34:15 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/14 15:34:15 | 000,626,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/14 15:34:15 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/14 07:02:38 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/14 07:02:38 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/14 06:54:57 | 2359,971,840 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/13 12:52:45 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\Join Air.lnk
[2011/05/12 10:31:32 | 000,396,431 | ---- | M] () -- C:\Users\ionut\Desktop\Untitled.png
[2011/05/09 09:06:54 | 000,041,088 | ---- | M] (TrustPort, a.s.) -- C:\Windows\SysNative\drivers\tpsec.sys
[2011/05/09 09:05:10 | 000,050,960 | ---- | M] () -- C:\Windows\SysNative\drivers\tdifw.sys
[2011/05/09 09:05:06 | 000,050,448 | ---- | M] (TrustPort, a.s.) -- C:\Windows\SysNative\drivers\avasdmft.sys
[2011/05/06 22:19:17 | 000,000,218 | ---- | M] () -- C:\Users\ionut\.recently-used.xbel
[2011/05/06 11:44:37 | 000,293,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/17 14:34:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/13 12:52:45 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\Join Air.lnk
[2011/05/12 10:31:31 | 000,396,431 | ---- | C] () -- C:\Users\ionut\Desktop\Untitled.png
[2011/05/11 09:56:49 | 000,050,960 | ---- | C] () -- C:\Windows\SysNative\drivers\tdifw.sys
[2011/05/06 22:19:17 | 000,000,218 | ---- | C] () -- C:\Users\ionut\.recently-used.xbel
[2011/04/19 12:03:05 | 000,032,136 | ---- | C] () -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2011/04/19 12:03:05 | 000,018,232 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2011/04/17 14:34:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2011/01/27 15:19:55 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/14 21:01:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/26 18:55:40 | 000,000,600 | ---- | C] () -- C:\Windows\Rtcw.INI
[2010/09/27 20:23:48 | 000,007,606 | ---- | C] () -- C:\Users\ionut\AppData\Local\Resmon.ResmonCfg
[2010/09/09 17:13:23 | 000,001,010 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009/09/02 18:52:46 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/14 08:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 05:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 03:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 00:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/03 18:14:52 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/06/03 18:14:52 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/06/03 18:14:52 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

< End of report >


I will gladly provide any other information or scans required.
Thanks and cheers, Ionut.

Edited by pleoscalete, 22 May 2011 - 07:07 AM.

  • 0

Advertisements

#2
SpySentinel
Posted 21 May 2011 - 11:58 AM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi pleoscalete,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your malware problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.


I notice you are using one or more products from IOBit.
IOBit has been accused by Malwarebytes of illegally using their intellectual property without permission.
Please see this for additional information on these allegations: http://www.malwareby...howtopic=29681.
Additionally, it may be the reason for your CPU issues, so I recommend you remove Advanced SystemCare 4.



Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - Reg Error: Value error. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O33 - MountPoints2\{17a77801-7c58-11e0-9c17-001d72c31e96}\Shell - "" = AutoRun
O33 - MountPoints2\{17a77801-7c58-11e0-9c17-001d72c31e96}\Shell\AutoRun\command - "" = J:\Windows\AutoRun.exe

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

  • 0

#3
pleoscalete
Posted 22 May 2011 - 07:10 AM

pleoscalete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello SpySentinel and thanks, both for the welcome and for your time!
I did what you recommended, first uninstalled ASC4 and than ran OTL with that custom fix. It asked me to reboot and after that it took a little longer than usual to initialize windows and OTL reported in a file named 05222011_154015 with the text i'll be posting just below. I tested to see if rundll32.exe would still behave the same and apparently that hasn't changed. It still starts along with certain executables(and, as far as I could tell, with high resolution movies as well) and still uses up 50% cpu for no aparent reason.

Here's the OTL report i mentioned earlier:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17a77801-7c58-11e0-9c17-001d72c31e96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17a77801-7c58-11e0-9c17-001d72c31e96}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17a77801-7c58-11e0-9c17-001d72c31e96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17a77801-7c58-11e0-9c17-001d72c31e96}\ not found.
File J:\Windows\AutoRun.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ionut
->Temp folder emptied: 11897630 bytes
->Temporary Internet Files folder emptied: 2770041 bytes
->Java cache emptied: 4769594 bytes
->FireFox cache emptied: 74402621 bytes
->Google Chrome cache emptied: 259479719 bytes
->Opera cache emptied: 12323665 bytes
->Flash cache emptied: 4346 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1969718 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 351.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: ionut
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.22.3 log created on 05222011_154015

Files\Folders moved on Reboot...
C:\Users\ionut\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Edited by pleoscalete, 22 May 2011 - 07:11 AM.

  • 0

#4
SpySentinel
Posted 23 May 2011 - 02:45 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi pleoscalete,

You're welcome :)




Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked , and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.





Run ESET Online Scan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
You can refer to this animation by neomage if needed.
  • 0

#5
pleoscalete
Posted 24 May 2011 - 08:56 AM

pleoscalete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Is it possible that this isn't a malware issue? Cause both scans indicate that my pc is crystal clear(as dis my previous atempt at discovering the source of the infection).
Here is the MBAM log and a picture of the ESET scan result:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6659

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/24/2011 8:04:54 AM
mbam-log-2011-05-24 (08-04-54).txt

Scan type: Quick scan
Objects scanned: 154419
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Posted Image
  • 0

#6
SpySentinel
Posted 24 May 2011 - 08:59 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Yes, it is possible it is not malware related, but we will try to rule that out.



Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.





  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#7
pleoscalete
Posted 24 May 2011 - 11:59 PM

pleoscalete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
This is gonna be a long one :)

Here's GMER log:

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-25 08:43:33
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\001fe2f99313 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\001fe2f99313@5c57c8e02ebc 0x73 0xD6 0x12 0xE5 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x74 0x4D 0x62 0x83 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAD 0x49 0x75 0x80 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4E 0x4A 0x3C 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2f99313
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2f99313@a04e045ea2c3 0x3C 0x2B 0xAF 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2f99313@5c57c8e02ebc 0x7C 0x31 0x30 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x42 0x33 0x11 0xBD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAD 0x49 0x75 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD0 0xCE 0xF5 0xE1 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\001fe2f99313 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\001fe2f99313@a04e045ea2c3 0x3C 0x2B 0xAF 0xF7 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\001fe2f99313@5c57c8e02ebc 0x7C 0x31 0x30 0x1D ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x42 0x33 0x11 0xBD ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAD 0x49 0x75 0x80 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD0 0xCE 0xF5 0xE1 ...

---- EOF - GMER 1.0.15 ----

Here's log.txt:

Logfile of random's system information tool 1.08 (written by random/random)
Run by ionut at 2011-05-25 08:44:55
Microsoft Windows 7 Ultimate
System drive C: has 22 GB (41%) free of 53 GB
Total RAM: 3001 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:45:26 AM, on 5/25/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TrustPort\Antivirus\bin\avcom.exe
C:\Program Files (x86)\TrustPort\DiskProtection\bin\tdwatch.exe
C:\Program Files (x86)\Common Files\TrustPort\bin\tptray.exe
C:\Program Files (x86)\Join Air\UIExec.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\useful downloads\security stuff\RSIT.exe
C:\Program Files (x86)\trend micro\ionut.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AntivirusCommunicatorAgent] "C:\Program Files (x86)\TrustPort\Antivirus\bin\avcom.exe"
O4 - HKLM\..\Run: [TrustPortDiskProtectionWatchDog] "C:\Program Files (x86)\TrustPort\DiskProtection\bin\TDWatch.exe"
O4 - HKLM\..\Run: [TrustPortTray] "C:\Program Files (x86)\Common Files\TrustPort\Bin\tptray.exe"
O4 - HKLM\..\Run: [UIExec] "C:\Program Files (x86)\Join Air\UIExec.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\ionut\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: TrustPort Antivirus On-Access Scanner Agent (avas_service) - TrustPort, a.s. - C:\Program Files (x86)\TrustPort\Antivirus\bin\avas.exe
O23 - Service: TrustPort Antivirus Service Scanner Provider (avss_service) - TrustPort, a.s. - C:\Program Files (x86)\TrustPort\Antivirus\bin\avss.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrustPort Personal GTW (gozer) - TrustPort, a.s. - C:\Program Files (x86)\TrustPort\Antivirus\bin\gozer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TrustPort Core Service (tpmgma_service) - TrustPort, a.s. - C:\Program Files (x86)\Common Files\TrustPort\bin\tpmgma.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files (x86)\Join Air\AssistantServices.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: TrustPort DataShredder Wipe Service (wipesrv) - TrustPort, a.s. - C:\Program Files (x86)\TrustPort\DataShredder\bin\wipesrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5612 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1522839162-703538639-1775849111-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1522839162-703538639-1775849111-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AntivirusCommunicatorAgent"=C:\Program Files (x86)\TrustPort\Antivirus\bin\avcom.exe [2011-05-09 774416]
"TrustPortDiskProtectionWatchDog"=C:\Program Files (x86)\TrustPort\DiskProtection\bin\TDWatch.exe [2011-05-09 217360]
"TrustPortTray"=C:\Program Files (x86)\Common Files\TrustPort\Bin\tptray.exe [2011-05-09 721168]
"UIExec"=C:\Program Files (x86)\Join Air\UIExec.exe [2011-02-14 139088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\ionut\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-17 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avas_service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avss_service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\gozer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpavdrw_service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpmgma_service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-05-25 08:44:55 ----D---- C:\rsit
2011-05-25 08:44:55 ----D---- C:\Program Files (x86)\trend micro
2011-05-24 08:57:18 ----A---- C:\Windows\SysWOW64\poqexec.exe
2011-05-24 08:38:13 ----A---- C:\Windows\SysWOW64\wcncsvc.dll
2011-05-24 08:33:42 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-05-24 08:32:44 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2011-05-24 08:32:44 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2011-05-24 08:16:11 ----D---- C:\Program Files (x86)\ESET
2011-05-22 15:40:15 ----D---- C:\_OTL
2011-05-16 10:12:16 ----D---- C:\Users\ionut\AppData\Roaming\Malwarebytes
2011-05-16 10:12:11 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
2011-05-16 10:12:10 ----D---- C:\ProgramData\Malwarebytes
2011-05-16 10:12:06 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-16 10:08:36 ----AD---- C:\ProgramData\TEMP
2011-05-16 10:08:23 ----A---- C:\Windows\SysWOW64\MSSTDFMT.DLL
2011-05-16 10:08:13 ----D---- C:\Program Files (x86)\SpywareBlaster
2011-05-13 17:39:10 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-05-13 12:52:39 ----D---- C:\Windows\SysWOW64\SupportAppCB
2011-05-13 12:52:32 ----D---- C:\Program Files (x86)\Join Air
2011-05-02 18:51:56 ----D---- C:\Windows\Internet Logs
2011-05-02 18:32:21 ----D---- C:\Program Files (x86)\TrustPort
2011-05-02 18:32:21 ----D---- C:\Program Files (x86)\Common Files\TrustPort
2011-05-02 13:13:08 ----D---- C:\ProgramData\CheckPoint

======List of files/folders modified in the last 1 months======

2011-05-25 08:45:26 ----D---- C:\Windows\Prefetch
2011-05-25 08:44:55 ----RD---- C:\Program Files (x86)
2011-05-25 07:07:12 ----D---- C:\Windows\Temp
2011-05-25 00:23:35 ----D---- C:\Windows\rescache
2011-05-25 00:11:05 ----SHD---- C:\System Volume Information
2011-05-24 22:39:25 ----D---- C:\Users\ionut\AppData\Roaming\Skype
2011-05-24 11:41:08 ----D---- C:\Windows
2011-05-24 11:36:21 ----D---- C:\Windows\Downloaded Program Files
2011-05-24 11:17:41 ----D---- C:\Windows\System32
2011-05-24 11:17:41 ----D---- C:\Windows\inf
2011-05-24 11:10:33 ----D---- C:\Windows\winsxs
2011-05-24 11:08:29 ----D---- C:\Windows\SysWOW64
2011-05-24 11:08:29 ----D---- C:\Program Files (x86)\Internet Explorer
2011-05-24 10:52:32 ----D---- C:\Windows\Logs
2011-05-24 10:52:29 ----D---- C:\Windows\servicing
2011-05-24 08:34:37 ----D---- C:\Windows\debug
2011-05-24 08:34:14 ----SHD---- C:\Windows\Installer
2011-05-24 08:34:14 ----SD---- C:\ProgramData\Microsoft
2011-05-24 01:03:45 ----D---- C:\Users\ionut\AppData\Roaming\uTorrent
2011-05-24 01:03:23 ----D---- C:\Users\ionut\AppData\Roaming\.purple
2011-05-23 18:55:18 ----D---- C:\Users\ionut\AppData\Roaming\vlc
2011-05-20 10:49:45 ----D---- C:\Users\ionut\AppData\Roaming\gtk-2.0
2011-05-17 12:47:59 ----D---- C:\Windows\Tasks
2011-05-16 12:33:37 ----D---- C:\Program Files (x86)\Winamp
2011-05-16 12:29:51 ----D---- C:\Users\ionut\AppData\Roaming\IObit
2011-05-16 10:12:11 ----D---- C:\Windows\SysWOW64\drivers
2011-05-16 10:12:10 ----HD---- C:\ProgramData
2011-05-13 12:58:03 ----D---- C:\Windows\ModemLogs
2011-05-13 12:52:30 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-05-06 18:18:03 ----RSD---- C:\Windows\assembly
2011-05-06 18:18:03 ----D---- C:\Windows\Microsoft.NET
2011-05-06 11:40:25 ----D---- C:\Windows\SysWOW64\migration
2011-05-06 11:40:25 ----D---- C:\Windows\SysWOW64\en-US
2011-05-06 11:40:24 ----D---- C:\Windows\AppPatch
2011-05-06 09:52:12 ----SD---- C:\Users\ionut\AppData\Roaming\Microsoft
2011-05-06 09:16:12 ----D---- C:\ProgramData\IObit
2011-05-02 18:32:21 ----D---- C:\Program Files (x86)\Common Files
2011-05-02 17:25:35 ----D---- C:\Program Files (x86)\Aspell
2011-05-02 17:24:22 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2011-05-02 17:21:13 ----D---- C:\Program Files (x86)\Nokia
2011-05-02 17:20:16 ----D---- C:\Program Files (x86)\SpeedFan
2011-05-02 17:10:53 ----D---- C:\Users\ionut\AppData\Roaming\Launchy
2011-05-02 17:10:52 ----D---- C:\Windows\registration
2011-05-02 13:14:25 ----D---- C:\Windows\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys []
R1 tdimapper;TrustPort TDI port to process mapper; \??\C:\Program Files (x86)\TrustPort\PersonalFirewall\bin\tdimapper.sys [2011-05-09 20752]
R1 VWiFiFlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 EncDisk;EncDisk; \??\C:\Program Files (x86)\TrustPort\DiskProtection\bin\EncDsk.sys [2011-05-09 61200]
R2 tdifw;TrustPort PGTW driver; C:\Windows\system32\drivers\tdifw.sys []
R2 tpsec;TrustPort Security Filter; C:\Windows\system32\drivers\tpsec.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 255552]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys []
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys []
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys []
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS []
R3 TPPFHOOK;TPPFHOOK; \??\C:\Program Files (x86)\TrustPort\PersonalFirewall\bin\TPPFHOOK.sys [2011-05-09 33552]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
S3 a75jnfnh;a75jnfnh; C:\Windows\SysWOW64\drivers\a75jnfnh.sys []
S3 avasdmft;TrustPort Antivirus On-Access Scanner (W2K/XP) MF; C:\Windows\System32\DRIVERS\avasdmft.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys []
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 dsio;TrustPort Raw IO Driver; \??\C:\Program Files (x86)\Common Files\TrustPort\bin\dsio.sys [2011-05-09 20240]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys []
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys []
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 12784]
R2 tpmgma_service;TrustPort Core Service; C:\Program Files (x86)\Common Files\TrustPort\bin\tpmgma.exe [2011-05-09 404040]
R2 UI Assistant Service;UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [2011-02-14 261456]
R2 wipesrv;TrustPort DataShredder Wipe Service; C:\Program Files (x86)\TrustPort\DataShredder\bin\wipesrv.exe [2011-05-09 266512]
R3 avss_service;TrustPort Antivirus Service Scanner Provider; C:\Program Files (x86)\TrustPort\Antivirus\bin\avss.exe [2011-05-09 291088]
R3 gozer;TrustPort Personal GTW; C:\Program Files (x86)\TrustPort\Antivirus\bin\gozer.exe [2011-05-09 487696]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 avas_service;TrustPort Antivirus On-Access Scanner Agent; C:\Program Files (x86)\TrustPort\Antivirus\bin\avas.exe [2011-05-09 495888]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

And finally, here's info.txt:

info.txt logfile of random's system information tool 1.08 2011-05-25 08:45:28

======Uninstall list======

-->MsiExec.exe /I{F38FD0E4-B991-462B-873D-F2115EADD093}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_Plugin.exe -maintain plugin
Aspell English Dictionary-0.50-2-->"C:\Program Files (x86)\Aspell\unins001.exe"
Disciples 2 Gold Gallean-->D:\games\DISCIP~1\UNWISE.EXE D:\games\DISCIP~1\INSTALL.LOG
Disciples II Rise of the Elves-->D:\games\DISCIP~2\UNWISE.EXE D:\games\DISCIP~2\INSTALL.LOG
ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Foxit Reader-->C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe
Heroes of Might and Magic V - Tribes of the East-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{66FF4C48-0083-4E60-8556-B883AB200092}\Setup.exe" -l0x9
ImgBurn-->"C:\Program Files (x86)\ImgBurn\uninstall.exe"
Java™ 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Join Air-->"C:\Program Files (x86)\InstallShield Installation Information\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}\setup.exe" -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Reader-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mozilla Firefox 4.0.1 (x86 en-GB)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
Opera 11.10-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
Pidgin-->C:\Program Files (x86)\Pidgin\pidgin-uninst.exe
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
Smart Defrag 2-->"C:\Program Files (x86)\IObit\Smart Defrag 2\unins000.exe"
SpywareBlaster 4.4-->"C:\Program Files (x86)\SpywareBlaster\unins000.exe"
TrustPort Total Protection (remove only)-->"C:\Program Files (x86)\TrustPort\unins000.exe" /LOG
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
VLC media player 1.0.3-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe

======Hosts File======

::1 localhost

======System event log======

Computer Name: dusmanu
Event Code: 1014
Message: Name resolution for the name login.yahoo.com timed out after none of the configured DNS servers responded.
Record Number: 34713
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20110106144651.951355-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: dusmanu
Event Code: 1014
Message: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Record Number: 34712
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20110106144328.515719-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: dusmanu
Event Code: 1014
Message: Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.
Record Number: 34711
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20110106144040.712121-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: dusmanu
Event Code: 1014
Message: Name resolution for the name v8.lscache8.c.youtube.com timed out after none of the configured DNS servers responded.
Record Number: 34708
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20110106140807.064379-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: dusmanu
Event Code: 1014
Message: Name resolution for the name travian.kirilloid.ru timed out after none of the configured DNS servers responded.
Record Number: 34705
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20110106125222.786461-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: dusmanu
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1522839162-703538639-1775849111-1000:
Process 412 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1522839162-703538639-1775849111-1000

Record Number: 243
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100905190538.508384-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: dusmanu
Event Code: 0
Message:
Record Number: 232
Source Name: Lavasoft Ad-Aware Service
Time Written: 20100905131359.000000-000
Event Type: Error
User:

Computer Name: dusmanu
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 173
Source Name: Microsoft-Windows-WMI
Time Written: 20100905122407.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: dusmanu
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 172
Source Name: Microsoft-Windows-WMI
Time Written: 20100905122406.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: dusmanu
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 90
Source Name: Microsoft-Windows-Search
Time Written: 20100905122210.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Changed Attributes:
SAM Account Name: -
SID History: -

Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100905120808.369257-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7

New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Attributes:
SAM Account Name: Backup Operators
SID History: -

Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100905120808.369257-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x32b2b
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100905120808.057257-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100905120805.576852-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100905120805.545652-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"tvdumpflags"=8

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.08 2011-05-25 08:45:28

======Uninstall list======

-->MsiExec.exe /I{F38FD0E4-B991-462B-873D-F2115EADD093}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_Plugin.exe -maintain plugin
Aspell English Dictionary-0.50-2-->"C:\Program Files (x86)\Aspell\unins001.exe"
Disciples 2 Gold Gallean-->D:\games\DISCIP~1\UNWISE.EXE D:\games\DISCIP~1\INSTALL.LOG
Disciples II Rise of the Elves-->D:\games\DISCIP~2\UNWISE.EXE D:\games\DISCIP~2\INSTALL.LOG
ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Foxit Reader-->C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe
Heroes of Might and Magic V - Tribes of the East-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{66FF4C48-0083-4E60-8556-B883AB200092}\Setup.exe" -l0x9
ImgBurn-->"C:\Program Files (x86)\ImgBurn\uninstall.exe"
Java™ 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Join Air-->"C:\Program Files (x86)\InstallShield Installation Information\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}\setup.exe" -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Reader-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mozilla Firefox 4.0.1 (x86 en-GB)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
Opera 11.10-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
Pidgin-->C:\Program Files (x86)\Pidgin\pidgin-uninst.exe
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
Smart Defrag 2-->"C:\Program Files (x86)\IObit\Smart Defrag 2\unins000.exe"
SpywareBlaster 4.4-->"C:\Program Files (x86)\SpywareBlaster\unins000.exe"
TrustPort Total Protection (remove only)-->"C:\Program Files (x86)\TrustPort\unins000.exe" /LOG
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
VLC media player 1.0.3-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe

======Hosts File======

::1 localhost

======System event log======

Computer Name: dusmanu
Event Code: 1014
Message: Name resolution for the name login.yahoo.com timed out after none of the configured DNS servers responded.
Record Number: 34713
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20110106144651.951355-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: dusmanu
Event Code: 1014
Message: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Record Number: 34712
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20110106144328.515719-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: dusmanu
Event Code: 1014
Message: Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.
Record Number: 34711
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20110106144040.712121-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: dusmanu
Event Code: 1014
Message: Name resolution for the name v8.lscache8.c.youtube.com timed out after none of the configured DNS servers responded.
Record Number: 34708
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20110106140807.064379-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: dusmanu
Event Code: 1014
Message: Name resolution for the name travian.kirilloid.ru timed out after none of the configured DNS servers responded.
Record Number: 34705
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20110106125222.786461-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: dusmanu
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1522839162-703538639-1775849111-1000:
Process 412 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1522839162-703538639-1775849111-1000

Record Number: 243
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100905190538.508384-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: dusmanu
Event Code: 0
Message:
Record Number: 232
Source Name: Lavasoft Ad-Aware Service
Time Written: 20100905131359.000000-000
Event Type: Error
User:

Computer Name: dusmanu
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 173
Source Name: Microsoft-Windows-WMI
Time Written: 20100905122407.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: dusmanu
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 172
Source Name: Microsoft-Windows-WMI
Time Written: 20100905122406.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: dusmanu
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 90
Source Name: Microsoft-Windows-Search
Time Written: 20100905122210.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Changed Attributes:
SAM Account Name: -
SID History: -

Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100905120808.369257-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7

New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Attributes:
SAM Account Name: Backup Operators
SID History: -

Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100905120808.369257-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x32b2b
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100905120808.057257-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100905120805.576852-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100905120805.545652-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"tvdumpflags"=8

-----------------EOF-----------------

Edited by pleoscalete, 25 May 2011 - 12:03 AM.

  • 0

#8
SpySentinel
Posted 25 May 2011 - 09:52 AM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi pleoscalete,


You are using peer-to-peer programs, specifically uTorrent.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.



Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Java™ 6 Update 23



Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 25.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u25-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u25-windows-i586.exe and select "Run as an Administrator.")

  • 0

#9
pleoscalete
Posted 25 May 2011 - 11:49 AM

pleoscalete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello SpySentinel,
If I have a 64 bit win 7 operating system, shouldn't I be downloading the x64 version of JRE?

I uninstalled the old version of JRE and also, I haven't been using uTorrent since before I came here asking for help and I will refrain from using it for as long as it takes.
  • 0

#10
SpySentinel
Posted 25 May 2011 - 12:16 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts

Hello SpySentinel,
If I have a 64 bit win 7 operating system, shouldn't I be downloading the x64 version of JRE?


Yes, please download the 64bit version.
  • 0

Advertisements

#11
pleoscalete
Posted 25 May 2011 - 01:15 PM

pleoscalete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok, new version up and running, so to speak.
what now?
  • 0

#12
SpySentinel
Posted 25 May 2011 - 03:36 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
How is your computer running?
  • 0

#13
pleoscalete
Posted 25 May 2011 - 10:44 PM

pleoscalete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Wow, I didn't notice cause I was really busy so I had no time for games but that process isn't starting anymore. Don't know what you did but thanks a lot! :)

So, was it a malware issue or was it something else? Like me neglecting to do my updates on time or something like that.. And if it's the later, as I suspect, is there any decent, free update manager that can be scheduled to keep my windows/drivers/software up to date on a regular basis? Cause doing it manually seems rather time-consuming as one would first have to know which is old, if there is a new version, where to get it.. and , well.. I don't :unsure:
  • 0

#14
SpySentinel
Posted 27 May 2011 - 09:50 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts

Wow, I didn't notice cause I was really busy so I had no time for games but that process isn't starting anymore. Don't know what you did but thanks a lot!


You're welcome :) I had you clean up some old outdated left over entries, and temp files.


So, was it a malware issue or was it something else?


The good news is, you did not have an infection.


And if it's the later, as I suspect, is there any decent, free update manager that can be scheduled to keep my windows/drivers/software up to date on a regular basis? Cause doing it manually seems rather time-consuming as one would first have to know which is old, if there is a new version, where to get it.. and , well.. I don't


You can configure windows updates to automatically download the latest updates.

To turn on Automatic Updates yourself, follow these steps:
  • Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.
  • In the left pane, click Change settings.
  • Select the option that you want.
  • Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK.



Also, there are a two tools that will help you keep your other programs that you have installed up-to-date:


Let me know if you successfully complete the tasks above.
  • 0

#15
pleoscalete
Posted 27 May 2011 - 11:37 PM

pleoscalete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Well, Windows update was turned on by default, but it was set to ask before installing anything so I would have to check and give a confirmation. Not sure why I did that.. I suppose the ideea of having random stuff installed without my knowledge and permission didn't make me quite comfortable but it's not like I know what they are even if I check so i got that one settled.

I also downloaded and installed both SCars and FileHippo Update Checker and it seems I have quite a bit of outdated software and there are also a few maintenance chores I need to take some time and get done. But i'm glad there was no malware involved.

I feel somewhat inclined to learn more about this so, if I have the time, I'm seriously considering joining the Geek University course. Thanks again!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP