Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Weird problems including Safe Mode bootup failure, and antivirus freez

Started by flik221 , Oct 03 2009 04:41 PM

  • Please log in to reply

#1
flik221
Posted 03 October 2009 - 04:41 PM

flik221

    New Member

  • Member
  • Pip
  • 6 posts
I have taken the steps in the removal guide and will post logs here.

root report:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/03 16:33
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x916D4000 Size: 819200 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAA156000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1328 Status: Locked to the Windows API!

==EOF==
  • 0

Advertisements

#2
flik221
Posted 03 October 2009 - 04:42 PM

flik221

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OTL:
OTL logfile created on: 10/3/2009 4:36:23 PM - Run 1
OTL by OldTimer - Version 3.0.18.2 Folder = C:\Users\Nate\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 37.09 Gb Free Space | 31.85% Space Free | Partition Type: NTFS
Drive D: | 106.68 Gb Total Space | 93.70 Gb Free Space | 87.83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NATE-PC
Current User Name: Nate
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2007/11/30 12:20:44 | 00,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/12/26 15:38:32 | 00,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/11 00:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/09/15 15:32:14 | 01,114,536 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2009/05/18 23:23:16 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/11/06 11:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2009/09/16 11:40:28 | 01,086,232 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2009/09/13 23:29:56 | 00,346,168 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2007/02/10 05:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2009/09/15 18:39:56 | 01,595,016 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2009/04/11 00:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 00:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/09/28 11:05:02 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Users\Nate\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/09/28 11:05:02 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Users\Nate\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/09/28 11:05:02 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Users\Nate\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/04/11 00:28:15 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/10/03 16:35:24 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Users\Nate\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
SRV - [2009/09/13 23:31:30 | 00,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3 [On_Demand | Stopped])
SRV - [2007/02/06 11:29:59 | 00,074,240 | R--- | M] (Cognizance Corporation) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker [Auto | Running])
SRV - [2006/06/21 04:13:59 | 00,131,584 | R--- | M] (Cognizance Corporation) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll -- (ASChannel [Auto | Running])
SRV - [2007/02/05 19:13:14 | 00,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService [Disabled | Stopped])
SRV - [2009/03/29 22:42:10 | 00,031,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/08/08 01:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv [Disabled | Stopped])
SRV - [2009/02/04 09:33:28 | 02,944,736 | ---- | M] (Bradford Networks) -- C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe -- (BNPagent [Disabled | Stopped])
SRV - [2009/03/29 22:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/20 20:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 06:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 06:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2009/04/11 00:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2007/06/01 12:00:20 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Disabled | Stopped])
SRV - [2008/08/31 10:46:12 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [Disabled | Stopped])
SRV - [2009/02/18 12:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/24 15:51:36 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2007/10/23 20:02:15 | 00,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON [Disabled | Stopped])
SRV - [2009/02/18 12:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
SRV - [2008/03/17 19:07:02 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Disabled | Stopped])
SRV - [2009/09/13 23:29:56 | 00,346,168 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/02/10 05:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [Auto | Running])
SRV - [2005/10/14 02:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2009/02/18 12:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/08/30 13:17:30 | 03,407,412 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des -- (npggsvc [Disabled | Stopped])
SRV - [2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/03/13 05:50:20 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3 [Disabled | Stopped])
SRV - [2008/10/07 09:58:53 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])
SRV - [2008/10/07 09:59:18 | 00,103,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe -- (PnkBstrB [Disabled | Stopped])
SRV - [2007/06/01 11:41:30 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Disabled | Stopped])
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Disabled | Stopped])
SRV - [2009/07/13 20:28:18 | 00,323,584 | ---- | M] (S.C. BitDefender S.R.L) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan [On_Demand | Stopped])
SRV - [2007/08/03 13:24:54 | 00,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr [Disabled | Stopped])
SRV - [2007/02/10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Disabled | Stopped])
SRV - [2009/09/15 18:39:56 | 01,595,016 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV [Auto | Running])
SRV - [2008/01/20 20:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2008/01/20 20:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/23 19:10:09 | 00,000,000 | ---D | M]

[2009/09/30 09:51:29 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\mozilla\Extensions
[2009/09/30 09:51:29 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/30 10:54:05 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\mozilla\Firefox\Profiles\apeb6cgj.default\extensions
[2009/09/30 10:54:05 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\mozilla\Firefox\Profiles\apeb6cgj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/30 09:51:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/30 09:51:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/17 03:44:22 | 00,049,664 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2009/08/24 12:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 12:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 12:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 12:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 12:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 12:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 12:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (338164 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11597 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.0\PEhelper.dll (IBM Corporation)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe (Sammsoft)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 ( File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemreq...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/03 16:18:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/01 19:54:16 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/10/03 16:18:22 | 00,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\Malwarebytes
[2009/09/30 20:46:15 | 00,000,000 | ---D | C] -- C:\Users\Nate\AppData\Roaming\Sammsoft
[2009/09/30 20:46:02 | 00,000,000 | ---D | C] -- C:\Program Files\Advanced Registry Optimizer
[2009/09/30 22:46:29 | 00,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2009/10/03 16:18:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/30 20:46:05 | 00,000,000 | ---D | C] -- C:\Program Files\MemTurbo 4
[2009/10/01 19:54:16 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/10/03 16:35:24 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Users\Nate\Desktop\OTL.exe
[2009/10/03 16:32:09 | 00,472,064 | ---- | C] ( ) -- C:\Users\Nate\Desktop\RootRepeal.exe
[2009/10/03 16:18:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/10/03 16:18:17 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/10/03 16:15:49 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nate\Desktop\mbam-setup.exe
[2009/10/03 16:14:55 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Users\Nate\Desktop\TFC.exe
[2009/10/03 15:39:27 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/10/03 15:21:50 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/10/03 15:21:50 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/10/03 15:21:50 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/10/03 15:21:50 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/10/03 15:21:37 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/03 15:19:26 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/03 13:05:36 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/10/02 12:55:41 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/10/01 20:19:21 | 00,000,000 | -HSD | C] -- C:\found.000

========== Files - Modified Within 14 Days ==========

[1 C:\Users\Nate\Documents\*.tmp files]
[2009/10/03 16:36:31 | 00,816,830 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/10/03 16:36:31 | 00,683,700 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/10/03 16:36:31 | 00,135,610 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/10/03 16:35:24 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Users\Nate\Desktop\OTL.exe
[2009/10/03 16:35:10 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1760DD21-BEA6-46DE-8969-B7A39D6071B2}.job
[2009/10/03 16:32:49 | 00,000,000 | ---- | M] () -- C:\Users\Nate\Desktop\settings.dat
[2009/10/03 16:32:36 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/10/03 16:32:09 | 00,472,064 | ---- | M] ( ) -- C:\Users\Nate\Desktop\RootRepeal.exe
[2009/10/03 16:29:35 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/03 16:29:35 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/03 16:29:33 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/03 16:29:31 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/03 16:29:28 | 32,204,30848 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/03 16:24:32 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/10/03 16:24:25 | 02,217,787 | -H-- | M] () -- C:\Users\Nate\AppData\Local\IconCache.db
[2009/10/03 16:18:21 | 00,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/03 16:15:55 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nate\Desktop\mbam-setup.exe
[2009/10/03 16:14:55 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Users\Nate\Desktop\TFC.exe
[2009/10/03 15:19:10 | 03,324,455 | R--- | M] () -- C:\Users\Nate\Desktop\ComboFix.exe
[2009/10/03 13:59:20 | 00,000,132 | ---- | M] () -- C:\Windows\System32\rezumatenoi.dat
[2009/10/03 13:54:00 | 00,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3200097402-3979270671-3123131934-1000UA.job
[2009/10/03 13:50:37 | 00,069,652 | ---- | M] () -- C:\Users\Nate\AppData\Roaming\nvModes.001
[2009/10/03 13:34:25 | 00,000,016 | ---- | M] () -- C:\Windows\System32\asdict.dat
[2009/10/03 13:34:25 | 00,000,004 | ---- | M] () -- C:\Windows\System32\aspdict-en.dat
[2009/10/03 13:34:25 | 00,000,000 | ---- | M] () -- C:\Windows\System32\ab_bl.sig
[2009/10/03 13:34:25 | 00,000,000 | ---- | M] () -- C:\pcwords2.dat
[2009/10/03 13:34:25 | 00,000,000 | ---- | M] () -- C:\pcwords.dat
[2009/10/03 13:34:25 | 00,000,000 | ---- | M] () -- C:\pcconf.ini
[2009/10/03 13:34:25 | 00,000,000 | ---- | M] () -- C:\pc_sign.slf
[2009/10/03 13:21:11 | 00,002,016 | ---- | M] () -- C:\Users\Public\Desktop\BitDefender Antivirus 2010.lnk
[2009/10/03 13:05:39 | 00,081,984 | ---- | M] () -- C:\Windows\System32\bdod.bin
[2009/10/03 12:33:27 | 00,000,020 | ---- | M] () -- C:\Users\Nate\Documents\aionmemo_bb6e cc5.dat
[2009/10/03 08:31:33 | 00,000,050 | ---- | M] () -- C:\Windows\MegaManager.INI
[2009/10/02 12:53:05 | 00,000,004 | ---- | M] () -- C:\Windows\win.cnt
[2009/10/02 11:08:11 | 00,338,164 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/10/02 10:55:07 | 00,338,164 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091002-110811.backup
[2009/10/01 20:14:07 | 00,000,177 | ---- | M] () -- C:\Windows\wininit.ini
[2009/10/01 19:54:24 | 00,001,062 | ---- | M] () -- C:\Users\Nate\Desktop\Spybot - Search & Destroy.lnk
[2009/09/30 22:46:30 | 00,000,869 | ---- | M] () -- C:\Users\Nate\Desktop\Eusing Free Registry Cleaner.lnk
[2009/09/30 20:47:15 | 00,000,248 | ---- | M] () -- C:\Windows\system.ini
[2009/09/30 20:46:06 | 00,001,847 | ---- | M] () -- C:\Users\Nate\Desktop\Check PC For Errors.lnk
[2009/09/30 19:32:04 | 00,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2009/09/30 19:09:43 | 00,000,132 | ---- | M] () -- C:\httpdwl.dat
[2009/09/30 10:57:01 | 00,164,172 | ---- | M] () -- C:\Users\Nate\Desktop\websngprof.zip
[2009/09/29 09:08:20 | 00,069,652 | ---- | M] () -- C:\Users\Nate\AppData\Roaming\nvModes.dat
[2009/09/28 15:14:23 | 00,053,225 | ---- | M] () -- C:\Users\Nate\Desktop\pyramidcostume.jpg
[2009/09/27 12:56:08 | 00,000,680 | ---- | M] () -- C:\Users\Nate\AppData\Local\d3d9caps.dat
[2009/09/27 07:09:15 | 00,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3200097402-3979270671-3123131934-1000Core.job
[2009/09/23 09:19:23 | 00,031,232 | ---- | M] () -- C:\Users\Nate\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/20 10:23:22 | 00,061,078 | ---- | M] () -- C:\Users\Nate\Desktop\crack.jpg

========== Files - No Company Name ==========
[2009/10/03 16:32:49 | 00,000,000 | ---- | C] () -- C:\Users\Nate\Desktop\settings.dat
[2009/10/03 16:24:25 | 02,217,787 | -H-- | C] () -- C:\Users\Nate\AppData\Local\IconCache.db
[2009/10/03 16:18:21 | 00,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/03 15:21:50 | 00,229,888 | ---- | C] () -- C:\Windows\PEV.exe
[2009/10/03 15:21:50 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/10/03 15:21:50 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/10/03 15:21:50 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/10/03 15:19:03 | 03,324,455 | R--- | C] () -- C:\Users\Nate\Desktop\ComboFix.exe
[2009/10/03 14:57:49 | 32,204,30848 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/03 13:59:20 | 00,000,132 | ---- | C] () -- C:\Windows\System32\rezumatenoi.dat
[2009/10/03 13:34:25 | 00,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2009/10/03 13:34:25 | 00,000,004 | ---- | C] () -- C:\Windows\System32\aspdict-en.dat
[2009/10/03 13:34:25 | 00,000,000 | ---- | C] () -- C:\Windows\System32\ab_bl.sig
[2009/10/03 13:34:25 | 00,000,000 | ---- | C] () -- C:\pcwords2.dat
[2009/10/03 13:34:25 | 00,000,000 | ---- | C] () -- C:\pcwords.dat
[2009/10/03 13:34:25 | 00,000,000 | ---- | C] () -- C:\pcconf.ini
[2009/10/03 13:34:25 | 00,000,000 | ---- | C] () -- C:\pc_sign.slf
[2009/10/03 13:21:11 | 00,002,016 | ---- | C] () -- C:\Users\Public\Desktop\BitDefender Antivirus 2010.lnk
[2009/10/03 08:31:33 | 00,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2009/10/01 20:14:07 | 00,000,177 | ---- | C] () -- C:\Windows\wininit.ini
[2009/10/01 19:54:24 | 00,001,062 | ---- | C] () -- C:\Users\Nate\Desktop\Spybot - Search & Destroy.lnk
[2009/09/30 22:46:30 | 00,000,869 | ---- | C] () -- C:\Users\Nate\Desktop\Eusing Free Registry Cleaner.lnk
[2009/09/30 20:46:06 | 00,001,847 | ---- | C] () -- C:\Users\Nate\Desktop\Check PC For Errors.lnk
[2009/09/30 19:09:43 | 00,000,132 | ---- | C] () -- C:\httpdwl.dat
[2009/09/30 10:56:52 | 00,164,172 | ---- | C] () -- C:\Users\Nate\Desktop\websngprof.zip
[2009/09/28 14:50:17 | 00,053,225 | ---- | C] () -- C:\Users\Nate\Desktop\pyramidcostume.jpg
[2009/09/27 12:56:08 | 00,000,680 | ---- | C] () -- C:\Users\Nate\AppData\Local\d3d9caps.dat
[2009/09/20 10:23:21 | 00,061,078 | ---- | C] () -- C:\Users\Nate\Desktop\crack.jpg
[2009/09/08 05:14:07 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/07 09:59:31 | 00,022,328 | ---- | C] () -- C:\Users\Nate\AppData\Roaming\PnkBstrK.sys
[2008/08/10 09:58:07 | 00,031,232 | ---- | C] () -- C:\Users\Nate\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/29 19:21:13 | 00,069,652 | ---- | C] () -- C:\Users\Nate\AppData\Roaming\nvModes.001
[2008/07/29 19:21:06 | 00,069,652 | ---- | C] () -- C:\Users\Nate\AppData\Roaming\nvModes.dat
[2008/07/29 19:20:12 | 00,000,092 | ---- | C] () -- C:\Users\Nate\AppData\Local\fusioncache.dat
[2008/07/29 15:23:24 | 00,116,928 | ---- | C] () -- C:\Users\Nate\AppData\Local\GDIPFONTCACHEV1.DAT
[2006/11/02 06:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini

========== LOP Check ==========

[2009/10/03 16:18:22 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming
[2009/08/26 10:53:29 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Absolute Poker
[2008/07/29 16:01:31 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\acccore
[2008/09/20 16:05:23 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Actual Tools
[2008/12/04 13:33:09 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\BitDefender
[2009/03/01 15:44:51 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\DriverCure
[2009/03/29 15:56:03 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\GetRightToGo
[2009/09/08 16:00:29 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\IGN_DLM
[2008/08/04 16:50:06 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Intel
[2009/03/03 14:49:55 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\JAM Software
[2006/11/02 06:37:34 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Media Center Programs
[2009/01/07 15:48:22 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Megaupload
[2009/09/30 09:51:42 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Move Networks
[2009/08/13 11:53:11 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Pokerazor
[2008/11/04 18:32:54 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\PureEdge
[2009/09/30 20:46:15 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Sammsoft
[2008/07/29 19:20:15 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Turbine
[2009/09/15 19:12:27 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\uTorrent
[2008/12/23 19:24:22 | 00,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Ventrilo
[2009/10/03 16:32:36 | 00,000,868 | ---- | M] () -- C:\Windows\Tasks\Google Software Updater.job
[2009/09/27 07:09:15 | 00,000,852 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3200097402-3979270671-3123131934-1000Core.job
[2009/10/03 13:54:00 | 00,000,904 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3200097402-3979270671-3123131934-1000UA.job
[2009/10/03 16:29:33 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/10/03 16:24:32 | 00,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/10/03 16:35:10 | 00,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1760DD21-BEA6-46DE-8969-B7A39D6071B2}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >

< %systemroot%\system32\scecli.dll >
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngaudit.dll

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8CEFE51A
< End of report >
  • 0

#3
flik221
Posted 03 October 2009 - 04:42 PM

flik221

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OTL "Extras":
OTL Extras logfile created on: 10/3/2009 4:36:23 PM - Run 1
OTL by OldTimer - Version 3.0.18.2 Folder = C:\Users\Nate\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 37.09 Gb Free Space | 31.85% Space Free | Partition Type: NTFS
Drive D: | 106.68 Gb Total Space | 93.70 Gb Free Space | 87.83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NATE-PC
Current User Name: Nate
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E6A988A-F5B7-4867-B872-19F1824CAA4F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2BBA29CB-F177-4EF0-A887-157E63C50BF3}" = rport=137 | protocol=17 | dir=out | app=system |
"{2FBCE78B-B25D-425B-ADA9-59D0D94DDD16}" = lport=445 | protocol=6 | dir=in | app=system |
"{3EF3E6F9-73DC-49D9-8773-21EF1760AA4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{60A5FD27-3F31-416C-B9DF-07E6964CE596}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A4DE7515-6F9A-4D32-8FE4-8BEC1B8B31B3}" = lport=139 | protocol=6 | dir=in | app=system |
"{B54E8C3C-6B76-4ADB-B456-04C6E3DA59A9}" = lport=137 | protocol=17 | dir=in | app=system |
"{B7655C16-FFA6-44FB-8CC5-096CE44FED78}" = lport=138 | protocol=17 | dir=in | app=system |
"{E4844254-42A4-4A7E-A616-CD4DE4ACE274}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EC334A1B-3EB6-4CA1-9D96-D1BE4DDA6E81}" = rport=445 | protocol=6 | dir=out | app=system |
"{FD9EBE2D-F0BC-4FA2-876D-E61BC7369135}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F6E60F-520F-4B97-A3F8-333EE2797F97}" = protocol=58 | dir=out | [email protected],-28546 |
"{02FA3136-61F3-4CCA-A1DE-0EDAF93C340E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{131DA046-86B0-4107-A9CE-C16AA48F1CB2}" = protocol=17 | dir=in | app=c:\program files\tournament indicatortwo\indicator.exe |
"{197786DD-405E-4048-A6E0-86F058D781BE}" = protocol=1 | dir=in | [email protected],-28543 |
"{1E662BA8-57E8-4341-AC83-4626C65D00B7}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{25511CAA-6272-490C-B8BE-18965C1BEEFD}" = protocol=6 | dir=in | app=c:\program files\tournament indicatortwo\indicator.exe |
"{2C030754-B92E-4432-A640-08E0FA7C9411}" = protocol=1 | dir=out | [email protected],-28544 |
"{2C6EB840-39A9-4E45-ABC6-995BB0FD2B4E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{35B7A623-CCBD-4398-AE7E-A88960677487}" = protocol=17 | dir=in | app=c:\program files\tournament indicatortwo\indicator.exe |
"{40E388C6-237F-4AC5-8907-41A019169D75}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{463FCF0D-13CD-417E-9F86-E0A4D93766A2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{55897D47-F935-4601-8C30-4CCBE9F28DDF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5CFFA224-4647-4672-8F40-2064F2D0CB92}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{5DA33523-0631-4259-9E1D-E5ABCB6388FE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5ED3790F-D29F-42C5-B7D3-4C4065A77B90}" = protocol=58 | dir=in | [email protected],-28545 |
"{696A0E00-A41B-40FE-BCBC-9F03AFD92FFA}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6F798DFF-F378-4BB2-8C79-DCF3AF5A21FE}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{705EEB5C-41C0-447B-810C-39B0B4EC1A53}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7663F231-2B65-4B25-8476-2BBBA3FDB575}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7EDCDCDA-1E3C-476E-9F18-E5E929C4CBD6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{844966EE-0158-457A-9544-A535712A6BE8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{873279F7-2E78-4210-86F5-B2EC4B83554C}" = dir=in | app=c:\program files\rosetta stone\rosetta stone v3\rosettastoneversion3.exe |
"{93CCD532-7091-4C62-B410-BD3F32A61E5A}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{9598BDE0-A39C-42CE-BBCB-FB99ABDF8E50}" = protocol=6 | dir=in | app=c:\program files\tournament indicatortwo\indicator.exe |
"{9B0869A1-DE93-4307-9BEE-75DF6463E3AF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9EE3C697-A877-41A1-A7F3-7FE32EB37F6E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A00668F6-F055-4ED9-BA16-58A2B4191ABF}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone v3\rosettastoneversion3.exe |
"{A12EA375-7250-4927-A530-4E1714004835}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A34EE106-E218-411E-B526-F6D20AB96FB6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{AAADA390-62B2-4338-B9C9-AF5A436C3AF9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{BAC502EF-A2CF-41B9-82E4-285D63121D4E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{C47C66AD-741F-427D-B6C3-BFFCDF068D8E}" = protocol=6 | dir=in | app=c:\program files\bradford networks\persistent agent\bndaemon.exe |
"{C66CF933-9383-48AB-93D2-14E632A7C2AC}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C6AD7033-6476-4C24-AD23-F4664AE6095B}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{D2A4D8B6-1D1B-4684-9AA9-82FC903F68E3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D33EADD3-E66E-4964-B98B-DD032E1CF4DC}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{DEE2DD44-AE3E-4C28-AB09-599E841E4181}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E57C559E-128C-4BFA-BDB9-97C19E2F601B}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{EA174EFB-2A5A-4AD0-AA16-523BB76EAF44}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F100865A-E798-4BE7-8004-B0DD676D9426}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F14C8CDE-1DF3-46E0-9264-6FF941BAA1DE}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{FA17D39F-76F7-47EB-9427-A77FB8FD6C46}" = protocol=17 | dir=in | app=c:\program files\bradford networks\persistent agent\bndaemon.exe |
"{FBF59FDA-BC56-419A-A3FC-7C5ECA4E0C84}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{2495E6A5-91CA-4DF1-BE41-D433FFDA186E}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{C96C6B82-ED3B-431D-939E-941BAFD71BDD}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{E749050D-9F9A-47FA-9FA6-E75566493E25}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{1475DACE-26D5-434D-88B0-3B558B88B7B5}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{244BDB7C-DB24-4393-BC37-FA1807375D12}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{AE4D1CAF-E992-47C3-9D8D-A1AF221CCFCA}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{0A55F129-B9B5-4836-8A2C-F3B16E850E26}" = Bradford Persistent Agent
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}" = MobileMe Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2F8BE683-EF69-4D18-9974-DB0C1832A516}" = ICM Trainer Light
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5767B5D0-0E79-4250-87A0-844021B80AB8}" = Aion
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.21
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-0411-0000-0000000FF1CE}" = Microsoft Office Access MUI (Japanese) 2007
"{90120000-0015-0804-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Simplified)) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-0411-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Japanese) 2007
"{90120000-0016-0804-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Simplified)) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0017-0411-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Japanese) 2007
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-0411-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Japanese) 2007
"{90120000-0018-0804-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-0411-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Japanese) 2007
"{90120000-0019-0804-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Simplified)) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-0411-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Japanese) 2007
"{90120000-001A-0804-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Simplified)) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-0411-0000-0000000FF1CE}" = Microsoft Office Word MUI (Japanese) 2007
"{90120000-001B-0804-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Simplified)) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0411-0000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0804-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2007
"{90120000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2007
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0411-0000-0000000FF1CE}" = Microsoft Office Proofing (Japanese) 2007
"{90120000-002C-0804-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Simplified)) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0411-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Japanese) 2007
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-0411-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Japanese) 2007
"{90120000-006E-0804-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Simplified)) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0411-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Japanese) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0411-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Japanese) 2007
"{90120000-0100-0411-0000-0000000FF1CE}" = Microsoft Office O MUI (Japanese) 2007
"{90120000-0101-0411-0000-0000000FF1CE}" = Microsoft Office X MUI (Japanese) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73B}" = IBM Lotus Forms Viewer 3.0
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BADC5319-A2A0-4BE1-A7C3-A271AE0E791D}" = BitDefender Antivirus 2010
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}" = Windows Vista Upgrade Advisor
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D4EB3763-9586-405D-B376-DE98C8C9285E}" = PokerStrategy Equilator
"{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}" = VistaFeaturePack
"{D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}" = ASUS Security Protect Manager
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"AIM_6" = AIM 6
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Business Contact Manager for Outlook 2007" = Business Contact Manager for Outlook 2007
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Download Manager" = Download Manager 2.3.7
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Google Updater" = Google Updater
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}" = VistaFeaturePack
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NVIDIA Drivers" = NVIDIA Drivers
"OMUI.ja-jp" = Microsoft Office Language Pack 2007 - Japanese/日本語
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel® PROSet/Wireless Software
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Tournament Indicator_is1" = Tournament Indicator 1.5.0
"TreeSize Free_is1" = TreeSize Free V2.2.1
"ULTIMATER" = Microsoft Office Ultimate 2007
"USB2.0 1.3M UVC WebCam" = USB2.0 1.3M UVC WebCam
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.2
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/3/2009 10:28:59 AM | Computer Name = Nate-PC | Source = VSS | ID = 8194
Description =

Error - 10/3/2009 10:30:04 AM | Computer Name = Nate-PC | Source = VSS | ID = 8194
Description =

Error - 10/3/2009 10:31:34 AM | Computer Name = Nate-PC | Source = VSS | ID = 8194
Description =

Error - 10/3/2009 10:51:13 AM | Computer Name = Nate-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/3/2009 11:02:50 AM | Computer Name = Nate-PC | Source = VSS | ID = 8194
Description =

Error - 10/3/2009 3:04:20 PM | Computer Name = Nate-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 10/3/2009 3:04:44 PM | Computer Name = Nate-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 10/3/2009 3:04:44 PM | Computer Name = Nate-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 10/3/2009 3:05:00 PM | Computer Name = Nate-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/3/2009 3:09:00 PM | Computer Name = Nate-PC | Source = WinMgmt | ID = 10
Description =

[ ASUS Security Protect Manager Events ]
Error - 5/14/2009 12:24:35 PM | Computer Name = Nate-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Nate@NATE-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 6/12/2009 5:29:55 PM | Computer Name = Nate-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Nate@NATE-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 6/12/2009 5:30:07 PM | Computer Name = Nate-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Nate@NATE-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 6/16/2009 6:39:57 PM | Computer Name = Nate-PC | Source = AuthWiz | ID = 100796070
Description = The submitted user identity was rejected. User: Nate@NATE-PC Error:
(0xC516062C) Initialization of the key negotiation process failed with the following
error: The interface is unknown. If the problem persists, please contact your system
administrator.

Error - 6/16/2009 6:40:05 PM | Computer Name = Nate-PC | Source = AuthWiz | ID = 100796070
Description = The submitted user identity was rejected. User: Nate@NATE-PC Error:
(0xC516062C) Initialization of the key negotiation process failed with the following
error: The interface is unknown. If the problem persists, please contact your system
administrator.

Error - 6/21/2009 9:59:44 AM | Computer Name = Nate-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Nate@NATE-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 8/16/2009 10:19:22 PM | Computer Name = Nate-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Nate@NATE-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 9/3/2009 10:12:17 PM | Computer Name = Nate-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Nate@NATE-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 9/21/2009 4:22:01 AM | Computer Name = Nate-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Nate@NATE-PC Credentials:
Password Error: (0xC5160440) The Virtual Card Server Engine produced an unhandled
error. Please contact your system administrator.

Error - 10/1/2009 9:56:25 PM | Computer Name = Nate-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Nate@NATE-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

[ OSession Events ]
Error - 10/16/2008 11:31:07 AM | Computer Name = Nate-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/24/2009 11:45:29 AM | Computer Name = Nate-PC | Source = bowser | ID = 8003
Description =

Error - 3/24/2009 11:50:47 AM | Computer Name = Nate-PC | Source = bowser | ID = 8003
Description =

Error - 3/24/2009 11:56:08 AM | Computer Name = Nate-PC | Source = bowser | ID = 8003
Description =

Error - 3/25/2009 12:25:27 AM | Computer Name = Nate-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:20:40 PM on 3/24/2009 was unexpected.

Error - 3/25/2009 12:25:34 AM | Computer Name = NATE-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 001F3BD0B333 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 3/25/2009 12:25:29 AM | Computer Name = Nate-PC | Source = HTTP | ID = 15016
Description =

Error - 3/25/2009 12:28:03 AM | Computer Name = Nate-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 3/31/2009 10:20:31 AM | Computer Name = Nate-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 3/31/2009 10:46:13 AM | Computer Name = Nate-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 001F3BD0B333 has been denied by the DHCP server 71.211.201.204 (The DHCP
Server sent a DHCPNACK message).

Error - 3/31/2009 12:13:09 PM | Computer Name = Nate-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.141 on
the Network Card with network address 001F3BD0B333.


< End of report >
  • 0

#4
flik221
Posted 03 October 2009 - 04:44 PM

flik221

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you very much for any help!
  • 0

#5
flik221
Posted 03 October 2009 - 04:50 PM

flik221

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
sorry here is the malwarebytes log:

Malwarebytes' Anti-Malware 1.41
Database version: 2902
Windows 6.0.6002 Service Pack 2

10/3/2009 4:49:28 PM
mbam-log-2009-10-03 (16-49-28).txt

Scan type: Quick Scan
Objects scanned: 106710
Time elapsed: 3 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Arrakis3.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdreinit.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsubwiz.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdtkexec.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiscan.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrepl.exe (Security.Hijack) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
flik221
Posted 03 October 2009 - 06:39 PM

flik221

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
what i am concerned about is my bitdefender 2010 freezes in the middle of scanning, and safe mode bootup freezes at crcdisk.sys.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP