Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Win32:Turla-G [Trj], High Severity and can't be removed. [Solved]

Started by Khaletri , Mar 08 2014 03:01 PM

This topic is locked

#1
Khaletri

Posted 08 March 2014 - 03:01 PM

Member

Member
13 posts

Hello,

Yesterday I scanned my computer with Avast! (free version) and it found a threat in C:\System Volume Information\catalog.wci\00000002.ps2. The name of the threat is Win32:Turla-G [Trj], and the severity is labeled as "high". When trying to fix it automatically or delete it with Avast!, it says it will postpone the action until the next reboot. Rebooting did not work for this, and a second scan shows that Turla-G [Trj] is still here. For trying to move it to the virus chest or trying to repair, it says, "Error: The process cannot access the file because it is being used by another process (32)."

This computer is running Windows XP SP3. I made sure Avast! was up-to-date on its updates and version status. I made sure Malwarebytes Anti-Malware (free version) was updated, too. However, I did not scan with Malwarebytes after finding out that Avast! couldn't do anything with Turla-G [Trj] on its own. Researching a bit on the web led me to results of similar cases of infection in the same parts of the computer files, but the name of the threats were different; they were not named as "Win32:Turla-G [Trj]". The other cases I found had the threats named as, "win32:Crypt-LUQ [trj]", and "Win 32:agent-old (trj)". I have followed the steps on the "Malware and Spyware Cleaning Guide (Please read BEFORE starting a new topic)" thread and have already downloaded and used OTL. The OTL (header in blue) and the Extras (header in red) scan logs are below.

OTL logfile created on: 3/8/2014 11:11:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Su.WD-160GB\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.09% Memory free
3.85 Gb Paging File | 3.13 Gb Available in Paging File | 81.33% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 4.20 Gb Free Space | 2.82% Space Free | Partition Type: NTFS

Computer Name: WD-160GB | User Name: Su | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/08 10:29:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Su.WD-160GB\Desktop\OTL.exe
PRC - [2014/03/03 10:58:32 | 000,613,888 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Su.WD-160GB\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2014/02/15 10:47:27 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/01/24 07:41:50 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/24 07:41:50 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/06/29 11:50:18 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/30 17:47:52 | 001,949,696 | ---- | M] (Airlink101) -- C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WlanMon.exe
PRC - [2007/05/21 12:46:52 | 000,126,976 | ---- | M] (Panasonic Communications Co.,Ltd.) -- C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
PRC - [2007/05/06 01:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007/05/06 01:10:44 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2006/11/02 14:54:28 | 000,303,104 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe
PRC - [2004/08/03 04:33:14 | 000,036,864 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE
PRC - [2004/02/24 15:15:58 | 000,069,632 | ---- | M] (Panasonic) -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe

========== Modules (No Company Name) ==========

MOD - [2014/03/08 01:17:01 | 002,186,752 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14030800\algo.dll
MOD - [2014/03/07 10:45:13 | 002,186,752 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14030701\algo.dll
MOD - [2014/02/20 23:13:44 | 016,265,096 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll
MOD - [2014/02/15 10:47:22 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/10/16 14:24:33 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2007/12/11 15:36:00 | 000,245,760 | ---- | M] () -- C:\WINDOWS\system32\WlanApp.dll

========== Services (SafeList) ==========

SRV - [2014/02/20 23:13:45 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 10:47:23 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/01/24 07:41:50 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/07/01 09:04:06 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013/06/29 11:50:18 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/15 02:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/05/06 01:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2007/01/19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2004/08/03 04:33:14 | 000,036,864 | ---- | M] (Panasonic Communications Co., Ltd.) [Auto | Running] -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE -- (Panasonic Local Printer Service)
SRV - [2004/02/24 15:15:58 | 000,069,632 | ---- | M] (Panasonic) [Auto | Running] -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe -- (Panasonic Trap Monitor Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva388.sys -- (XDva388)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014/02/05 08:32:51 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmonflt.sys -- (aswMonFlt)
DRV - [2014/01/24 07:41:58 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/01/24 07:41:58 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/01/24 07:41:58 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/01/24 07:41:57 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/12/18 08:18:47 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/10/16 14:24:34 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2012/01/15 16:47:45 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/06/06 11:48:18 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2009/06/22 03:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/05/08 06:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2007/11/16 11:56:26 | 000,550,272 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/05/12 16:39:32 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2007/03/05 20:38:50 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/06 08:43:26 | 000,090,880 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/10/18 00:31:38 | 000,105,472 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2001/12/19 10:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom)
DRV - [2001/08/23 05:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 36 DB 7E 0E F6 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://wiki.mabinogiworld.com"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Su.WD-160GB\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/02 15:58:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/01/24 07:41:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/15 10:46:20 | 000,000,000 | ---D | M]

[2013/08/28 11:20:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Su.WD-160GB\Application Data\Mozilla\Extensions
[2013/09/27 08:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Su.WD-160GB\Application Data\Mozilla\Firefox\Profiles\jtmhzvog.default\extensions
[2013/09/09 12:39:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Su.WD-160GB\Application Data\Mozilla\Firefox\Profiles\jtmhzvog.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/08/27 12:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Su.WD-160GB\Application Data\Mozilla\Firefox\Profiles\tfrrl6oh.default\extensions
[2013/09/03 18:09:30 | 000,002,629 | ---- | M] () -- C:\Documents and Settings\Su.WD-160GB\Application Data\Mozilla\Firefox\Profiles\jtmhzvog.default\searchplugins\mabinogi-world-wiki-en.xml
[2014/02/15 10:46:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 10:47:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/08 10:45:10 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Su.WD-160GB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Su.WD-160GB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Su.WD-160GB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Su.WD-160GB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Gmail = C:\Documents and Settings\Su.WD-160GB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/07/11 10:10:06 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files\Astroburn Toolbar\ABToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Airlink101 Airlink101 WLAN Monitor] C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WlanMon.exe (Airlink101)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe (Panasonic Communications Co.,Ltd.)
O4 - HKLM..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe (Panasonic Communications Co., Ltd.)
O4 - HKLM..\Run: [Panasonic PCFAX for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\KmPcFax.exe (Panasonic Communications Co., Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\sttray.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Su.WD-160GB\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://avatar.mabino....2011.08.10.cab (MabinogiWebAvatarRenderer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C1ECCE5-9C4F-4CF6-9A1F-901F0EDCB109}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F252FEC9-6B50-4E50-AFEA-FB232AE827FC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Su.WD-160GB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Su.WD-160GB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/15 11:27:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/08 10:29:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Su.WD-160GB\Desktop\OTL.exe
[2014/03/03 17:28:58 | 000,028,672 | ---- | C] (Panasonic Communications Co., Ltd.) -- C:\WINDOWS\System32\pcmfsfxlmon.dll
[2014/03/03 17:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2014/03/03 17:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. Applications
[2014/03/03 17:27:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panasonic
[2014/03/03 17:27:14 | 000,061,440 | ---- | C] (Panasonic Communications Co., Ltd.) -- C:\WINDOWS\System32\PCCMFLPD.EXE
[2014/03/03 17:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Su.WD-160GB\Application Data\InstallShield
[2014/03/03 10:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Su.WD-160GB\Start Menu\Programs\SanDisk
[2014/03/03 10:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Su.WD-160GB\Application Data\SanDisk
[2014/03/03 09:56:42 | 000,000,000 | ---D | C] -- C:\Emily's MP3 Player Music
[2014/02/15 10:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/08 11:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/08 11:06:47 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/08 10:29:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Su.WD-160GB\Desktop\OTL.exe
[2014/03/08 10:16:33 | 000,356,160 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/08 10:16:33 | 000,055,652 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/08 10:12:59 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-562591055-839522115-1003.job
[2014/03/08 10:12:58 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/03/08 10:12:58 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1645522239-562591055-839522115-1003.job
[2014/03/08 10:12:58 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1645522239-562591055-839522115-1003.job
[2014/03/08 10:12:55 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{F252FEC9-6B50-4E50-AFEA-FB232AE827FC}
[2014/03/08 10:12:48 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{F252FEC9-6B50-4E50-AFEA-FB232AE827FC}
[2014/03/08 10:12:41 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2014/03/08 10:12:31 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/08 10:12:29 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-562591055-839522115-1005.job
[2014/03/08 10:12:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/08 01:03:05 | 000,000,284 | -H-- | M] () -- C:\Documents and Settings\Su.WD-160GB\Desktop\ Mabinogi .lnk
[2014/03/07 20:05:19 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6DAB6923-A034-4751-B787-BA52BA975787}.job
[2014/03/05 12:27:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/04 01:11:52 | 000,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/03/03 17:29:14 | 000,000,256 | ---- | M] () -- C:\WINDOWS\PanaFLB881.ini
[2014/03/03 17:28:38 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iris.ini
[2014/03/03 17:21:08 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Su.WD-160GB\Desktop\Microsoft Office Word 2007.lnk
[2014/03/03 16:24:40 | 000,003,533 | ---- | M] () -- C:\Documents and Settings\Su.WD-160GB\My Documents\SanDisk Sansa Clip MP3 player customer support e-mail.rtf
[2014/03/03 11:47:42 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Su.WD-160GB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/03/03 11:42:21 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-562591055-839522115-1003.job
[2014/03/03 11:04:41 | 000,028,468 | ---- | M] () -- C:\SNDK.reg
[2014/03/03 10:39:23 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2014/03/01 02:37:43 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2014/02/25 15:13:49 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/02/22 11:38:11 | 000,001,583 | ---- | M] () -- C:\VL Phantom customer support contact info.rtf
[2014/02/15 20:43:42 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Su.WD-160GB\My Documents\refurbished 04.bmp
[2014/02/15 20:39:23 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Su.WD-160GB\My Documents\refurbished 03.bmp
[2014/02/15 20:38:39 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Su.WD-160GB\My Documents\refurbished 02.bmp
[2014/02/15 20:22:31 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Su.WD-160GB\My Documents\refurbished 01.bmp
[2014/02/13 12:38:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/03 17:28:38 | 000,000,256 | ---- | C] () -- C:\WINDOWS\PanaFLB881.ini
[2014/03/03 17:28:34 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2014/03/03 16:24:40 | 000,003,533 | ---- | C] () -- C:\Documents and Settings\Su.WD-160GB\My Documents\SanDisk Sansa Clip MP3 player customer support e-mail.rtf
[2014/03/03 11:47:42 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Su.WD-160GB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/03/03 11:04:41 | 000,028,468 | ---- | C] () -- C:\SNDK.reg
[2014/02/22 11:36:09 | 000,001,583 | ---- | C] () -- C:\VL Phantom customer support contact info.rtf
[2014/02/15 20:43:41 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Su.WD-160GB\My Documents\refurbished 04.bmp
[2014/02/15 20:39:23 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Su.WD-160GB\My Documents\refurbished 03.bmp
[2014/02/15 20:38:39 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Su.WD-160GB\My Documents\refurbished 02.bmp
[2014/02/15 20:22:31 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Su.WD-160GB\My Documents\refurbished 01.bmp
[2013/10/10 21:56:20 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2013/03/02 09:02:44 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/02 09:02:44 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2012/05/13 15:06:47 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Su.WD-160GB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/03 22:47:21 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2012/05/03 22:47:21 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2012/05/03 22:46:47 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2012/05/03 22:46:47 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2012/05/03 22:46:45 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2012/05/03 22:46:35 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2012/05/02 13:04:05 | 268,435,456 | -HS- | C] () -- C:\WINDOWS\System32\temppf(7).sys
[2012/05/02 13:04:05 | 268,435,456 | -HS- | C] () -- C:\WINDOWS\System32\temppf(6).sys
[2012/05/02 13:04:05 | 268,435,456 | -HS- | C] () -- C:\WINDOWS\System32\temppf(5).sys
[2012/05/02 13:04:05 | 268,435,456 | -HS- | C] () -- C:\WINDOWS\System32\temppf(3).sys
[2012/05/02 13:04:05 | 268,435,456 | -HS- | C] () -- C:\WINDOWS\System32\temppf(2).sys
[2012/01/03 03:55:19 | 000,568,310 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1645522239-562591055-839522115-1003-0.dat
[2012/01/03 03:55:15 | 000,294,582 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/05/16 17:43:43 | 000,009,320 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\y8n81hlmsq3valw66t1vo6x80smc1

========== ZeroAccess Check ==========

[2011/08/17 22:22:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 08:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/06/06 11:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astroburn Lite
[2013/10/16 14:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/10/08 22:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/05/14 08:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freemake
[2011/05/15 05:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Inbit
[2011/05/17 14:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2013/09/18 22:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2014/03/03 17:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2013/09/18 13:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/05/18 10:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013/10/16 14:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Su.WD-160GB\Application Data\AVAST Software
[2014/02/05 09:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Su.WD-160GB\Application Data\Azureus
[2013/10/08 22:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Su.WD-160GB\Application Data\DAEMON Tools Lite
[2013/07/13 22:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Su.WD-160GB\Application Data\DownLite
[2012/06/25 01:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Su.WD-160GB\Application Data\ImgBurn
[2012/08/09 20:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Su.WD-160GB\Application Data\MusE
[2013/06/29 11:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Su.WD-160GB\Application Data\Oracle
[2014/03/03 17:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Su.WD-160GB\Application Data\Panasonic
[2014/03/03 10:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Su.WD-160GB\Application Data\SanDisk
[2013/08/13 12:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Su.WD-160GB\Application Data\ShanghaiAlice

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2014/01/02 21:14:34 | 000,039,206 | ---- | M] ()(C:\Documents and Settings\Su.WD-160GB\My Documents\1) CalJOBS - Job Seeker Services ? 10 Steps to a New Job.rtf) -- C:\Documents and Settings\Su.WD-160GB\My Documents\1) CalJOBS - Job Seeker Services — 10 Steps to a New Job.rtf
[2014/01/02 21:14:34 | 000,039,206 | ---- | C] ()(C:\Documents and Settings\Su.WD-160GB\My Documents\1) CalJOBS - Job Seeker Services ? 10 Steps to a New Job.rtf) -- C:\Documents and Settings\Su.WD-160GB\My Documents\1) CalJOBS - Job Seeker Services — 10 Steps to a New Job.rtf

< End of report >

OTL Extras logfile created on: 3/8/2014 11:11:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Su.WD-160GB\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.09% Memory free
3.85 Gb Paging File | 3.13 Gb Available in Paging File | 81.33% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 4.20 Gb Free Space | 2.82% Space Free | Partition Type: NTFS

Computer Name: WD-160GB | User Name: Su | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"59136:TCP" = 59136:TCP:*:Enabled:Pando Media Booster
"59136:UDP" = 59136:UDP:*:Enabled:Pando Media Booster
"57508:TCP" = 57508:TCP:*:Enabled:Pando Media Booster
"57508:UDP" = 57508:UDP:*:Enabled:Pando Media Booster
"57651:TCP" = 57651:TCP:*:Enabled:Pando Media Booster
"57651:UDP" = 57651:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"59136:TCP" = 59136:TCP:*:Enabled:Pando Media Booster
"59136:UDP" = 59136:UDP:*:Enabled:Pando Media Booster
"57508:TCP" = 57508:TCP:*:Enabled:Pando Media Booster
"57508:UDP" = 57508:UDP:*:Enabled:Pando Media Booster
"57651:TCP" = 57651:TCP:*:Enabled:Pando Media Booster
"57651:UDP" = 57651:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Vindictus\en-US\NMService.exe" = C:\Nexon\Vindictus\en-US\NMService.exe:*:Enabled:Nexon Messenger Core
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Documents and Settings\Su\Desktop\cnet2_Nero_BurnLite-10_0_10500_exe.exe" = C:\Documents and Settings\Su\Desktop\cnet2_Nero_BurnLite-10_0_10500_exe.exe:*:Enabled:CNET Download.com Installer
"C:\Documents and Settings\Su\Local Settings\Temp\ICReinstall\cnet2_Nero_BurnLite-10_0_10500_exe.exe" = C:\Documents and Settings\Su\Local Settings\Temp\ICReinstall\cnet2_Nero_BurnLite-10_0_10500_exe.exe:*:Enabled:CNET Download.com Installer
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Azureus Software, Inc)
"C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe" = C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe:*:Enabled:Panasonic Trap Monitor Service -- (Panasonic)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47759129-8649-47D1-9EA5-4BB84D86DB97}" = Airlink101 WLAN Monitor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5061C9FB-BA2D-4498-92B6-5459A0E2F6E3}" = Panasonic V1.13.00E Device Monitor
"{53DE4FAD-F853-44F3-AC39-AD2940E5DD53}" = Panasonic Multi-Function Station software
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{875F2DAB-3B03-11D5-AB3E-000102B0F79A}" = Readiris Pro 7.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}" = Python 2.7.3
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Akamai" = Akamai NetSession Interface Service
"Any Video Converter_is1" = Any Video Converter 3.2.5
"Astroburn Lite" = Astroburn Lite
"Astroburn Toolbar" = Astroburn Toolbar
"AudibleManager" = AudibleManager
"avast" = avast! Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"FullShot 9" = FullShot 9 (Remove Only)
"GoldWave v4.26" = GoldWave v4.26
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Image Rescue 4_is1" = Image Rescue 4
"ImgBurn" = ImgBurn
"InstallShield_{47759129-8649-47D1-9EA5-4BB84D86DB97}" = Airlink101 WLAN Monitor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PROPLUS" = Microsoft Office Professional Plus 2007
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 2.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"wxPython2.8-ansi-py25_is1" = wxPython 2.8.0.1 (ansi) for Python 2.5
"xy-VSFilter_is1" = xy-VSFilter 3.0.0.211
"東方輝針城_is1" = 東方輝針城 ver 1.00a

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/8/2014 2:17:54 PM | Computer Name = WD-160GB | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb2836940,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 3/8/2014 2:18:07 PM | Computer Name = WD-160GB | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2836941,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 3/8/2014 2:18:15 PM | Computer Name = WD-160GB | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb2736416,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 3/8/2014 2:18:31 PM | Computer Name = WD-160GB | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb2840629,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 3/8/2014 2:18:37 PM | Computer Name = WD-160GB | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2604092,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 3/8/2014 2:18:53 PM | Computer Name = WD-160GB | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2863239,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 3/8/2014 2:19:01 PM | Computer Name = WD-160GB | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb2604111,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 3/8/2014 2:19:11 PM | Computer Name = WD-160GB | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb2756918,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 3/8/2014 2:19:22 PM | Computer Name = WD-160GB | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2742596,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 3/8/2014 2:19:32 PM | Computer Name = WD-160GB | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

[ System Events ]
Error - 1/11/2014 1:34:13 PM | Computer Name = WD-160GB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on
Windows Server 2003 and Windows XP x86 (KB2604092).

Error - 1/11/2014 1:34:13 PM | Computer Name = WD-160GB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server
2003, Vista, Windows 7, Server 2008 x86 (KB2742595).

Error - 1/11/2014 1:34:20 PM | Computer Name = WD-160GB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server
2003, Vista, Windows 7, Server 2008 x86 (KB2729449).

Error - 1/11/2014 1:34:27 PM | Computer Name = WD-160GB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on
Windows Server 2003 and Windows XP x86 (KB2863239).

Error - 1/11/2014 1:34:34 PM | Computer Name = WD-160GB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 SP1 on
Windows XP, Server 2003, Vista, Server 2008 x86 (KB2604111).

Error - 1/11/2014 1:34:34 PM | Computer Name = WD-160GB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server
2003, Vista, Windows 7, Server 2008 x86 (KB2737019).

Error - 1/11/2014 1:34:43 PM | Computer Name = WD-160GB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 3.0 SP2 on
Windows Server 2003 and Windows XP x86 (KB2756918).

Error - 1/11/2014 1:34:43 PM | Computer Name = WD-160GB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server
2003, Vista, Windows 7, Server 2008 x86 (KB2736428).

Error - 1/11/2014 1:34:54 PM | Computer Name = WD-160GB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on
Windows Server 2003 and Windows XP x86 (KB2742596).

Error - 1/11/2014 1:34:54 PM | Computer Name = WD-160GB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server
2003, Vista, Windows 7, Server 2008 x86 (KB2835393).

< End of report >

Thank you and I will be awaiting replies.

#2
Essexboy

Posted 08 March 2014 - 03:49 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there C:\System Volume Information is where your system restore files are kept, removing individual files from that area will break that system restore point

The easiest way to clear that is to empty your restore points

To do that we can run OTL, are you experiencing any problems at all, as the logs look good

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following


:Commands
[CLEARALLRESTOREPOINTS] 
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#3
Khaletri

Posted 08 March 2014 - 05:37 PM

Member

Topic Starter
Member
13 posts

OK. Here is the log produced after following your listed steps.

OTL logfile created on: 3/8/2014 3:29:26 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Su's Programs\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.23% Memory free
3.85 Gb Paging File | 3.20 Gb Available in Paging File | 83.14% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 17.61 Gb Free Space | 11.82% Space Free | Partition Type: NTFS

Computer Name: WD-160GB | User Name: Su | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/08 10:29:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Su's Programs\OTL\OTL.exe
PRC - [2014/03/03 10:58:32 | 000,613,888 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Su.WD-160GB\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2014/02/15 10:47:27 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/01/24 07:41:50 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/24 07:41:50 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/06/29 11:50:18 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/30 17:47:52 | 001,949,696 | ---- | M] (Airlink101) -- C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WlanMon.exe
PRC - [2007/05/21 12:46:52 | 000,126,976 | ---- | M] (Panasonic Communications Co.,Ltd.) -- C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
PRC - [2007/05/06 01:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007/05/06 01:10:44 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2006/11/02 14:54:28 | 000,303,104 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe
PRC - [2004/08/03 04:33:14 | 000,036,864 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE
PRC - [2004/02/24 15:15:58 | 000,069,632 | ---- | M] (Panasonic) -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe

========== Modules (No Company Name) ==========

MOD - [2014/03/08 01:17:01 | 002,186,752 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14030800\algo.dll
MOD - [2014/02/20 23:13:44 | 016,265,096 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll
MOD - [2014/02/15 10:47:22 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/10/16 14:24:33 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/01/01 22:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/12/11 15:36:00 | 000,245,760 | ---- | M] () -- C:\WINDOWS\system32\WlanApp.dll

========== Services (SafeList) ==========

SRV - [2014/02/20 23:13:45 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 10:47:23 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/01/24 07:41:50 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/07/01 09:04:06 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013/06/29 11:50:18 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/15 02:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/05/06 01:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2007/01/19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2004/08/03 04:33:14 | 000,036,864 | ---- | M] (Panasonic Communications Co., Ltd.) [Auto | Running] -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE -- (Panasonic Local Printer Service)
SRV - [2004/02/24 15:15:58 | 000,069,632 | ---- | M] (Panasonic) [Auto | Running] -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe -- (Panasonic Trap Monitor Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva388.sys -- (XDva388)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014/02/05 08:32:51 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmonflt.sys -- (aswMonFlt)
DRV - [2014/01/24 07:41:58 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/01/24 07:41:58 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/01/24 07:41:58 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/01/24 07:41:57 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/12/18 08:18:47 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/10/16 14:24:34 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2012/01/15 16:47:45 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/06/06 11:48:18 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2009/06/22 03:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/05/08 06:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2007/11/16 11:56:26 | 000,550,272 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/05/12 16:39:32 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2007/03/05 20:38:50 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/06 08:43:26 | 000,090,880 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/10/18 00:31:38 | 000,105,472 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2001/12/19 10:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom)
DRV - [2001/08/23 05:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 36 DB 7E 0E F6 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://wiki.mabinogiworld.com"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Su.WD-160GB\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/02 15:58:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/01/24 07:41:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/15 10:46:20 | 000,000,000 | ---D | M]

[2013/08/28 11:20:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Su.WD-160GB\Application Data\Mozilla\Extensions
[2013/09/27 08:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Su.WD-160GB\Application Data\Mozilla\Firefox\Profiles\jtmhzvog.default\extensions
[2013/09/09 12:39:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Su.WD-160GB\Application Data\Mozilla\Firefox\Profiles\jtmhzvog.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/08/27 12:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Su.WD-160GB\Application Data\Mozilla\Firefox\Profiles\tfrrl6oh.default\extensions
[2013/09/03 18:09:30 | 000,002,629 | ---- | M] () -- C:\Documents and Settings\Su.WD-160GB\Application Data\Mozilla\Firefox\Profiles\jtmhzvog.default\searchplugins\mabinogi-world-wiki-en.xml
[2014/02/15 10:46:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 10:47:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/08 10:45:10 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Su.WD-160GB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Su.WD-160GB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Su.WD-160GB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Su.WD-160GB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Gmail = C:\Documents and Settings\Su.WD-160GB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/03/08 14:40:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files\Astroburn Toolbar\ABToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Airlink101 Airlink101 WLAN Monitor] C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WlanMon.exe (Airlink101)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe (Panasonic Communications Co.,Ltd.)
O4 - HKLM..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe (Panasonic Communications Co., Ltd.)
O4 - HKLM..\Run: [Panasonic PCFAX for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\KmPcFax.exe (Panasonic Communications Co., Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\sttray.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Su.WD-160GB\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://avatar.mabino....2011.08.10.cab (MabinogiWebAvatarRenderer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C1ECCE5-9C4F-4CF6-9A1F-901F0EDCB109}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F252FEC9-6B50-4E50-AFEA-FB232AE827FC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Su.WD-160GB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Su.WD-160GB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/15 11:27:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/08 14:37:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/03 17:28:58 | 000,028,672 | ---- | C] (Panasonic Communications Co., Ltd.) -- C:\WINDOWS\System32\pcmfsfxlmon.dll
[2014/03/03 17:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2014/03/03 17:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. Applications
[2014/03/03 17:27:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panasonic
[2014/03/03 17:27:14 | 000,061,440 | ---- | C] (Panasonic Communications Co., Ltd.) -- C:\WINDOWS\System32\PCCMFLPD.EXE
[2014/03/03 17:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Su.WD-160GB\Application Data\InstallShield
[2014/03/03 10:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Su.WD-160GB\Start Menu\Programs\SanDisk
[2014/03/03 10:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Su.WD-160GB\Application Data\SanDisk
[2014/03/03 09:56:42 | 000,000,000 | ---D | C] -- C:\Emily's MP3 Player Music
[2014/02/15 10:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2014/03/08 15:19:06 | 000,356,160 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/08 15:19:06 | 000,055,652 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/08 15:16:06 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{F252FEC9-6B50-4E50-AFEA-FB232AE827FC}
[2014/03/08 15:15:59 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{F252FEC9-6B50-4E50-AFEA-FB232AE827FC}
[2014/03/08 15:15:52 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2014/03/08 15:15:19 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1645522239-562591055-839522115-1003.job
[2014/03/08 15:15:18 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1645522239-562591055-839522115-1003.job
[2014/03/08 15:15:17 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/03/08 15:15:04 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-562591055-839522115-1003.job
[2014/03/08 15:15:02 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/08 15:15:01 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-562591055-839522115-1005.job
[2014/03/08 15:14:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/08 14:40:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/03/08 14:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/08 14:06:03 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/08 01:03:05 | 000,000,284 | -H-- | M] () -- C:\Documents and Settings\Su.WD-160GB\Desktop\ Mabinogi .lnk
[2014/03/07 20:05:19 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6DAB6923-A034-4751-B787-BA52BA975787}.job
[2014/03/05 12:27:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/04 01:11:52 | 000,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/03/03 17:29:14 | 000,000,256 | ---- | M] () -- C:\WINDOWS\PanaFLB881.ini
[2014/03/03 17:28:38 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iris.ini
[2014/03/03 17:21:08 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Su.WD-160GB\Desktop\Microsoft Office Word 2007.lnk
[2014/03/03 16:24:40 | 000,003,533 | ---- | M] () -- C:\Documents and Settings\Su.WD-160GB\My Documents\SanDisk Sansa Clip MP3 player customer support e-mail.rtf
[2014/03/03 11:47:42 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Su.WD-160GB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/03/03 11:42:21 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-562591055-839522115-1003.job
[2014/03/03 11:04:41 | 000,028,468 | ---- | M] () -- C:\SNDK.reg
[2014/03/03 10:39:23 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2014/03/01 02:37:43 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2014/02/25 15:13:49 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/02/22 11:38:11 | 000,001,583 | ---- | M] () -- C:\VL Phantom customer support contact info.rtf
[2014/02/15 20:43:42 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Su.WD-160GB\My Documents\refurbished 04.bmp
[2014/02/15 20:39:23 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Su.WD-160GB\My Documents\refurbished 03.bmp
[2014/02/15 20:38:39 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Su.WD-160GB\My Documents\refurbished 02.bmp
[2014/02/15 20:22:31 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Su.WD-160GB\My Documents\refurbished 01.bmp
[2014/02/13 12:38:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2014/03/03 17:28:38 | 000,000,256 | ---- | C] () -- C:\WINDOWS\PanaFLB881.ini
[2014/03/03 17:28:34 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2014/03/03 16:24:40 | 000,003,533 | ---- | C] () -- C:\Documents and Settings\Su.WD-160GB\My Documents\SanDisk Sansa Clip MP3 player customer support e-mail.rtf
[2014/03/03 11:47:42 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Su.WD-160GB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/03/03 11:04:41 | 000,028,468 | ---- | C] () -- C:\SNDK.reg
[2014/02/22 11:36:09 | 000,001,583 | ---- | C] () -- C:\VL Phantom customer support contact info.rtf
[2014/02/15 20:43:41 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Su.WD-160GB\My Documents\refurbished 04.bmp
[2014/02/15 20:39:23 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Su.WD-160GB\My Documents\refurbished 03.bmp
[2014/02/15 20:38:39 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Su.WD-160GB\My Documents\refurbished 02.bmp
[2014/02/15 20:22:31 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Su.WD-160GB\My Documents\refurbished 01.bmp
[2013/10/10 21:56:20 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2013/03/02 09:02:44 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/02 09:02:44 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2012/05/13 15:06:47 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Su.WD-160GB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/03 22:47:21 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2012/05/03 22:47:21 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2012/05/03 22:46:47 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2012/05/03 22:46:47 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2012/05/03 22:46:45 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2012/05/03 22:46:35 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2012/05/02 13:04:05 | 268,435,456 | -HS- | C] () -- C:\WINDOWS\System32\temppf(7).sys
[2012/05/02 13:04:05 | 268,435,456 | -HS- | C] () -- C:\WINDOWS\System32\temppf(6).sys
[2012/05/02 13:04:05 | 268,435,456 | -HS- | C] () -- C:\WINDOWS\System32\temppf(5).sys
[2012/05/02 13:04:05 | 268,435,456 | -HS- | C] () -- C:\WINDOWS\System32\temppf(3).sys
[2012/05/02 13:04:05 | 268,435,456 | -HS- | C] () -- C:\WINDOWS\System32\temppf(2).sys
[2012/01/03 03:55:19 | 000,568,310 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1645522239-562591055-839522115-1003-0.dat
[2012/01/03 03:55:15 | 000,294,582 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/05/16 17:43:43 | 000,009,320 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\y8n81hlmsq3valw66t1vo6x80smc1

========== ZeroAccess Check ==========

[2011/08/17 22:22:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 08:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/06/06 11:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astroburn Lite
[2013/10/16 14:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/10/08 22:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/05/14 08:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freemake
[2011/05/15 05:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Inbit
[2011/05/17 14:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2013/09/18 22:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2014/03/03 17:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2013/09/18 13:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/05/18 10:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013/10/16 14:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Su.WD-160GB\Application Data\AVAST Software
[2014/02/05 09:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Su.WD-160GB\Application Data\Azureus
[2013/10/08 22:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Su.WD-160GB\Application Data\DAEMON Tools Lite
[2013/07/13 22:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Su.WD-160GB\Application Data\DownLite
[2012/06/25 01:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Su.WD-160GB\Application Data\ImgBurn
[2012/08/09 20:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Su.WD-160GB\Application Data\MusE
[2013/06/29 11:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Su.WD-160GB\Application Data\Oracle
[2014/03/03 17:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Su.WD-160GB\Application Data\Panasonic
[2014/03/03 10:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Su.WD-160GB\Application Data\SanDisk
[2013/08/13 12:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Su.WD-160GB\Application Data\ShanghaiAlice

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2014/01/02 21:14:34 | 000,039,206 | ---- | M] ()(C:\Documents and Settings\Su.WD-160GB\My Documents\1) CalJOBS - Job Seeker Services ? 10 Steps to a New Job.rtf) -- C:\Documents and Settings\Su.WD-160GB\My Documents\1) CalJOBS - Job Seeker Services — 10 Steps to a New Job.rtf
[2014/01/02 21:14:34 | 000,039,206 | ---- | C] ()(C:\Documents and Settings\Su.WD-160GB\My Documents\1) CalJOBS - Job Seeker Services ? 10 Steps to a New Job.rtf) -- C:\Documents and Settings\Su.WD-160GB\My Documents\1) CalJOBS - Job Seeker Services — 10 Steps to a New Job.rtf

< End of report >

#4
Essexboy

Posted 09 March 2014 - 05:26 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you run a further Avast scan to see if the miscreant has gone

#5
Khaletri

Posted 09 March 2014 - 05:39 PM

Member

Topic Starter
Member
13 posts

I ran Avast! another time and that miscreant is still here. I'll be checking back to see your next reply.

#6
Essexboy

Posted 10 March 2014 - 09:12 AM

GeekU Moderator

Retired Staff
69,964 posts

OK lets stop it totally and then turn it back on

Steps to turn off System Restore
1.Click Start, right-click My Computer, and then click Properties.
2.In the System Properties dialog box, click the System Restore tab.
3.Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4.Click OK.
5.When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.

Do you want to turn off System Restore?
After a few moments, the System Properties dialog box closes.

REBOOT

Steps to turn on System Restore
1.Click Start, right-click My Computer, and then click Properties.
2.In the System Properties dialog box, click the System Restore tab.
3.Click to clear the Turn off System Restore check box. Or, click the Turn off System Restore on all drives check box.
4.Click OK.

After a few moments, the System Properties dialog box closes.

#7
Khaletri

Posted 10 March 2014 - 10:00 AM

Member

Topic Starter
Member
13 posts

OK. I will do that. Should I run another Avast! scan again afterwards?

#8
Essexboy

Posted 10 March 2014 - 10:05 AM

GeekU Moderator

Retired Staff
69,964 posts

Yes please, I am assuming you are running a full scan as opposed to a quick scan

#9
Khaletri

Posted 10 March 2014 - 10:17 AM

Member

Topic Starter
Member
13 posts

Yes, I will be running a full scan and will post about the results when it's finished.

#10
Khaletri

Posted 10 March 2014 - 12:50 PM

Member

Topic Starter
Member
13 posts

OK, the scan is done and Turla-G is still here...

#11
Essexboy

Posted 10 March 2014 - 01:30 PM

GeekU Moderator

Retired Staff
69,964 posts

And this only appears on a full scan in system volume information. It has the feeling of a false positive, we can check deeper if you wish

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Attach the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

#12
Khaletri

Posted 10 March 2014 - 01:39 PM

Member

Topic Starter
Member
13 posts

OK. I actually already have Malwarebytes Anti-malware and will run it right now.

#13
Essexboy

Posted 10 March 2014 - 02:07 PM

GeekU Moderator

Retired Staff
69,964 posts

You will need to run the full scan for it to check the system volume area

#14
Khaletri

Posted 10 March 2014 - 04:17 PM

Member

Topic Starter
Member
13 posts

Yes, I ran a full scan and it did seem to also think that my system is clean.

The scan log is below.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.10.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Su :: WD-160GB [administrator]

3/10/2014 12:41:04 PM
mbam-log-2014-03-10 (12-41-04).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 434426
Time elapsed: 1 hour(s), 59 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15
Essexboy

Posted 11 March 2014 - 08:00 AM

GeekU Moderator

Retired Staff
69,964 posts

OK my general assessment is that this is a false positive, a file is being changed slightly when it gets placed in system restore and that is what Avast is alerting on. How is the computer behaving