odd avast and tdsskiller scans and slow computer - Page 3

needyguy · #31 March 22nd, 2012, 03:38 AM

OTL logfile created on: 3/21/2012 8:25:07 PM - Run 5
OTL by OldTimer - Version 3.2.37.0 Folder = C:\Users\max\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.31% Memory free
4.23 Gb Paging File | 3.31 Gb Available in Paging File | 78.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 372.61 Gb Total Space | 319.25 Gb Free Space | 85.68% Space Free | Partition Type: NTFS

Computer Name: MAX-PC | User Name: max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/14 16:48:31 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\max\Desktop\aOTL.exe
PRC - [2012/03/06 16:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/13 23:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/13 23:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/10/13 23:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/04/25 14:52:37 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\waol.exe
PRC - [2011/04/25 14:52:36 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\shellmon.exe
PRC - [2010/03/08 00:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1314889341\ee\aolsoftware.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/01/18 15:46:56 | 004,349,952 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/01/15 17:14:54 | 000,147,456 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/01/15 17:13:50 | 001,208,320 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe

========== Modules (No Company Name) ==========

MOD - [2011/04/25 14:52:37 | 000,048,640 | ---- | M] () -- C:\Program Files\AOL Desktop 9.6\zlib.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/13 23:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/13 23:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\thecat28965t\catchme.sys -- (catchme)
DRV - [2012/03/06 16:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 16:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 16:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 16:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 16:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 16:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/23 14:26:07 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/05/21 07:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/03 03:49:11 | 000,890,016 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV - [2010/09/01 01:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/02/02 08:56:14 | 000,165,248 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerTun.sys -- (AVMNgTunM780)
DRV - [2009/02/02 08:56:12 | 000,366,976 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerCap.sys -- (AVMNgCapM780)
DRV - [2009/02/02 08:56:10 | 000,057,216 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerBas.sys -- (AVMNgBasM780)
DRV - [2008/01/18 21:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/29 15:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/02 00:41:48 | 000,503,296 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2005/11/17 02:42:48 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {BED36C76-BD26-40C8-A0FC-B34FA053923F}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BED36C76-BD26-40C8-A0FC-B34FA053923F}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-352308663-582380511-1965928383-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-352308663-582380511-1965928383-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-352308663-582380511-1965928383-1002\..\SearchScopes,DefaultScope = {51E04289-D78F-4CBF-9507-A779B5604B15}
IE - HKU\S-1-5-21-352308663-582380511-1965928383-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-352308663-582380511-1965928383-1002\..\SearchScopes\{51E04289-D78F-4CBF-9507-A779B5604B15}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKU\S-1-5-21-352308663-582380511-1965928383-1002\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install _date=20110901&iesrc={referrer:source}
IE - HKU\S-1-5-21-352308663-582380511-1965928383-1002\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEnco ding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoog leNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dl l
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf3 2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.17_0\
CHR - Extension: avast! WebRep = C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnp ncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\

O1 HOSTS File: ([2012/03/19 13:06:35 | 000,440,678 | R--- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15173 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1314889341\ee\AOLSoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-352308663-582380511-1965928383-1002..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O4 - HKU\S-1-5-21-352308663-582380511-1965928383-1002..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-352308663-582380511-1965928383-1002..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-352308663-582380511-1965928383-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-352308663-582380511-1965928383-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-352308663-582380511-1965928383-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoThumbnailCache = 1
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-352308663-582380511-1965928383-1002\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{2FE5EDC9-08BC-4664-AA09-2558F440CA37}: DhcpNameServer = 172.30.7.31 172.30.7.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{45DC4B85-E54C-4BE3-B81B-680583B46947}: DhcpNameServer = 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{EADBBA34-3259-454D-9EBD-96FA2278E776}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{FD369870-18FE-4270-AD09-B9EEFA081EBE}: DhcpNameServer = 192.168.1.1 184.16.33.54
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O30 - LSA: Security Packages - (11-1965928383-1002) - File not found
O30 - LSA: Security Packages - (㺔⽐&) - File not found
O30 - LSA: Security Packages - (佦) - File not found
O30 - LSA: Security Packages - () - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/18 10:07:43 | 000,000,000 | ---D | C] -- C:\Users\max\AppData\Roaming\vlc
[2012/03/18 10:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/03/17 09:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/16 19:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/03/16 19:06:21 | 000,337,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/03/16 19:06:21 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/03/16 19:06:16 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/03/16 19:06:16 | 000,035,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/03/16 19:06:15 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/03/16 19:06:15 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/03/16 19:05:52 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/03/16 19:05:52 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/16 11:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2012/03/14 16:48:30 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\max\Desktop\aOTL.exe
[2012/03/14 16:41:04 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\max\Desktop\aswMBR.exe
[2012/03/14 13:56:49 | 000,000,000 | ---D | C] -- C:\Users\max\AppData\Local\Ahead
[2012/03/14 13:34:21 | 000,000,000 | ---D | C] -- C:\Users\max\AppData\Local\AOL
[2012/03/13 19:38:21 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/13 19:37:56 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/13 19:37:54 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/13 19:37:51 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/13 19:37:48 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/13 19:37:46 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/13 19:35:33 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/03/08 11:29:21 | 000,187,464 | ---- | C] (Webroot) -- C:\Users\max\Desktop\antizeroaccess.exe
[2012/02/23 17:42:02 | 000,000,000 | --SD | C] -- C:\thecat28965t
[2012/02/23 14:26:53 | 000,000,000 | --SD | C] -- C:\thecat25745t
[2012/02/23 14:18:57 | 000,000,000 | --SD | C] -- C:\thecat20948t
[2012/02/23 12:16:40 | 000,000,000 | --SD | C] -- C:\thecat
[2012/02/23 10:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/23 10:39:02 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/23 10:39:01 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/23 10:38:59 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/02/23 10:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/02/22 00:31:12 | 000,000,000 | --SD | C] -- C:\ComboFix

========== Files - Modified Within 30 Days ==========

[2012/03/21 20:24:25 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/21 20:03:09 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/21 20:03:09 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/21 19:58:21 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/21 19:58:19 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 19:58:19 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 19:58:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/21 19:58:10 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/21 19:55:36 | 000,000,357 | ---- | M] () -- C:\Users\max\Desktop\fixer.reg
[2012/03/21 19:36:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/21 15:20:51 | 000,230,400 | ---- | M] () -- C:\Users\max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/19 13:06:35 | 000,440,678 | R--- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2012/03/19 13:06:02 | 000,440,678 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120319-130635.backup
[2012/03/19 09:23:08 | 000,002,587 | ---- | M] () -- C:\Users\max\Desktop\Microsoft Office Word 2007.lnk
[2012/03/18 10:07:27 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/03/17 09:06:35 | 000,001,039 | ---- | M] () -- C:\Users\max\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/17 09:06:35 | 000,001,015 | ---- | M] () -- C:\Users\max\Desktop\Spybot - Search & Destroy.lnk
[2012/03/16 19:06:22 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/16 19:06:15 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/03/16 16:56:36 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/16 16:37:45 | 000,002,479 | ---- | M] () -- C:\Users\max\Desktop\HiJackThis.lnk
[2012/03/16 11:06:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120319-130602.backup
[2012/03/14 16:48:31 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\max\Desktop\aOTL.exe
[2012/03/14 16:41:22 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\max\Desktop\aswMBR.exe
[2012/03/14 16:40:36 | 000,302,592 | ---- | M] () -- C:\Users\max\Desktop\gmer.exe
[2012/03/14 13:50:57 | 000,001,356 | ---- | M] () -- C:\Users\max\AppData\Local\d3d9caps.dat
[2012/03/14 03:19:58 | 000,295,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/12 16:55:14 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/08 11:29:30 | 000,187,464 | ---- | M] (Webroot) -- C:\Users\max\Desktop\antizeroaccess.exe
[2012/03/06 16:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/06 16:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/03/06 16:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/03/06 16:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/03/06 16:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/03/06 16:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/03/06 16:01:48 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/03/06 16:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/23 14:26:07 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/02/23 10:37:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/23 10:37:03 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/23 10:37:00 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/02/23 10:36:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/02/23 10:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2012/03/21 19:55:36 | 000,000,357 | ---- | C] () -- C:\Users\max\Desktop\fixer.reg
[2012/03/18 10:07:27 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/03/17 09:06:35 | 000,001,039 | ---- | C] () -- C:\Users\max\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/17 09:06:35 | 000,001,015 | ---- | C] () -- C:\Users\max\Desktop\Spybot - Search & Destroy.lnk
[2012/03/16 19:06:22 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/14 16:40:29 | 000,302,592 | ---- | C] () -- C:\Users\max\Desktop\gmer.exe
[2012/03/14 13:55:29 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/23 14:26:07 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/02/21 22:53:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/25 10:25:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/25 10:25:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/25 10:25:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/25 10:25:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/21 17:40:37 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/11/02 10:10:54 | 000,001,356 | ---- | C] () -- C:\Users\max\AppData\Local\d3d9caps.dat
[2011/09/08 12:03:45 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2011/08/31 11:57:20 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2011/07/09 04:52:32 | 003,815,424 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2011/06/24 04:48:28 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/06/24 04:47:42 | 000,259,584 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2011/06/24 04:47:16 | 000,096,768 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2011/06/24 04:47:14 | 000,145,920 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2011/06/24 04:47:12 | 000,158,208 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2011/06/24 04:47:10 | 001,524,224 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2011/06/24 04:47:10 | 000,211,456 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2011/06/24 04:47:10 | 000,113,664 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2011/06/24 04:47:06 | 000,327,680 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2011/06/24 04:47:04 | 000,136,704 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2011/06/08 10:19:18 | 000,165,405 | ---- | C] () -- C:\Windows\hpoins21.dat
[2011/06/08 10:19:18 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2011/04/29 16:07:27 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2011/04/23 00:59:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.b in
[2011/04/22 10:19:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/04/22 10:19:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/04/20 11:08:47 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/20 10:40:12 | 000,230,400 | ---- | C] () -- C:\Users\max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/03 04:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011/03/03 04:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011/03/03 04:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011/03/03 04:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011/03/03 04:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011/03/03 04:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011/03/03 04:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011/03/03 04:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011/03/03 04:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011/03/03 04:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2011/03/03 04:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011/03/03 04:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011/03/03 04:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011/02/22 12:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/22 12:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/08/18 12:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\System32\Registration.ini

< End of report >

**Jintan** · #32 March 22nd, 2012, 11:25 PM

No, that didn't seem to take. If you didn't reboot after making those changes, please do so now, and post a new OTL scan log.

If you did reboot, let's check what all is there.

Code:

@ECHO OFF
if exist winkey.txt del winkey.txt 
REG QUERY "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" > winkey.txt 
notepad winkey.txt

Open Notepad (Start Search, type notepad and press Enter).

Copy/paste the above text (inside the Code box) into the open Notepad text box, then save this to your desktop as "cfgcheck.bat"

Be sure to include the "" quotes in the name. Then click on cfgcheck.bat. When the scan completes a textbox will open - copy/paste those contents back here please.

needyguy · #33 March 23rd, 2012, 12:10 AM

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa
auditbaseobjects REG_DWORD 0x0
auditbasedirectories REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
fullprivilegeauditing REG_BINARY 00
Bounds REG_BINARY 0030000000200000
LimitBlankPasswordUse REG_DWORD 0x1
LmCompatibilityLevel REG_DWORD 0x3
NoLmHash REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg
Authentication Packages REG_MULTI_SZ msv1_0
LsaPid REG_DWORD 0x290
SecureBoot REG_DWORD 0x1
ProductType REG_DWORD 0x3
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
forceguest REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1
enabledcom REG_SZ y

it completed in about 2 seconds....here it is:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\Audit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\Credssp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\Data
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\GBG
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\JD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\Kerberos
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\MSV1_0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\Skew1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\SSO
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\SspiCache

**Jintan** · #34 March 23rd, 2012, 10:51 PM

Looks correct in that view, and all values accounted for (legit, non-malicious). See if you can check on those. Just be sure you make no changes in the Registry Editor right now. Should you accidentally click the wrong thing (and you won't - just FYI), you should get an option to choose to Cancel whatever was changed.

Go to Start Search, type regedit in the Start Search box. Regedit will appear at the top of the Menu. Rightclick on it and choose "Run as administrator".

In the Registry Editor, navigate to the following key (use the "+" symbols in the left panel to expand the tree entries) and click to select it:

HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Control\Lsa

Then in the right hand column, under Values, locate and right click on the following, then click Modify:

Security Packages

In that new view, you should see just this, with no added spaces or other characters showing:

kerberos
msv1_0
schannel
wdigest
tspkg

That "kerberos" should be at the very top of that text box, with no space above - just note and post back on anything different than the above please.

When you are done, just Red X close the Registry Editor.

needyguy · #35 March 24th, 2012, 12:19 AM

it looks just as you listed it.

**Jintan** · #36 March 24th, 2012, 11:57 PM

Mighty strange. Sure don't want to leave something important like that without knowing why.

Click here to download Bobbi Flekman's Regsearch.zip to your desktop. Then unzip that, and click on the regsearch.exe to run the tool. In the display panel, copy and paste the following into the upper box:

1965928383

Then click Okay. Once the scan completes a textbox will open - copy/paste those contents back here please (the RegSearch.txt log can also be found in the same location as the regsearch.exe file you clicked).

needyguy · #37 March 25th, 2012, 06:36 PM

jintan....this is a very long list and, it appears there are quite a few (what seems like) porn sites? on this list. i am unable to paste it into this window...it just freezes the computer when i try....i have two teenage boys who spend a lot of time on the computer and i'm wondering now if it's not inappropriate time. they always wipe their history, so i have not been able to detect their habits before.....i would like three things from you on this...

1. is there another way i can send it to you
2. can you confirm i am actually looking at evidence of porn visits when i can get it to you
3. is there any way to clean this from my machine....

**Jintan** · #38 March 25th, 2012, 09:32 PM

Why not just email it to me. Just zip a copy of it, and send it to jintan@malwarecrypt.com as an attachment. Please place "Submitted Files -needyguy/cth/reg" as the email Subject.

Hold off on your other questions until I get a chance to check the log please.

needyguy · #39 March 27th, 2012, 09:40 PM

did you get the email ok?

**Jintan** · #40 March 28th, 2012, 12:45 AM

Ah, missed it. I'll check it now.

**Jintan** · #41 March 28th, 2012, 12:55 AM

Yipe - nearly 15 Mb's.

Didn't catch that that search term is actually just part of your user's setting - called an SID. Take the better part of a year to weed through all that.

Create a new cfgcheck.bat using the following, then post that log please.

Code:

@ECHO OFF
if exist winkey.txt del winkey.txt 
regedit /e winkey.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"
notepad winkey.txt