JoshJD

Urmm , you tell me ? Im running my son's computer ok in normal mode. Hopefully that ComboFix scan shows nothing too major, do you reckon things should be ok now ? Shall i leave Zone Alarm off the computer as im wondering if its actually even needed when i already have Avast ? Im still a little perplexed as to what the original problem was. Do i now need to un-install CombiFix ? I will stop asking questions soon

ComboFix 12-11-06.03 - Ollie 07/11/2012 12:15:00.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1443 [GMT 0:00] Running from: c:\documents and settings\Ollie\My Documents\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\dllcache\wmpvis.dll c:\windows\system32\drivers\etc\hosts.ics . . ((((((((((((((((((((((((( Files Created from 2012-10-07 to 2012-11-07 ))))))))))))))))))))))))))))))) . . 2012-11-05 12:03 . 2012-11-05 12:03 -------- d-----w- C:\_OTL 2012-10-29 09:14 . 2012-10-31 12:49 -------- d-----w- C:\Oli Temp 2012-10-28 22:04 . 2012-10-28 22:04 -------- d-----w- c:\program files\CCleaner 2012-10-21 09:31 . 2012-09-24 22:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-23 11:18 . 2012-07-24 19:47 360392 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-23 11:18 . 2012-07-24 19:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-23 11:18 . 2012-07-24 19:47 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-10-23 11:18 . 2012-07-24 19:47 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-23 11:18 . 2012-07-24 19:47 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-10-23 11:18 . 2012-07-24 19:47 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-10-23 11:18 . 2012-07-24 19:47 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-23 11:18 . 2012-07-24 19:47 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-10-23 11:17 . 2012-07-24 19:47 41224 ----a-w- c:\windows\avastSS.scr 2012-10-23 11:17 . 2012-07-24 19:47 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-09-29 19:54 . 2012-08-05 09:08 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-31 09:01 . 2012-07-24 19:54 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-31 09:01 . 2012-07-24 19:54 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-28 15:14 . 2002-08-29 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14 . 2002-08-29 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14 . 2002-08-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2012-07-24 15:51 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2002-08-29 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-21 13:33 . 2002-08-29 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58 . 2002-08-29 01:04 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-23 11:17 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2012-08-04 1353080] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 98304] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-23 4297136] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\Knights of the Old Republic II\\swkotor2.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KFEd.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"= . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24/07/2012 19:47 738504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24/07/2012 19:47 360392] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/07/2012 19:47 21256] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [13/09/2012 11:55 399432] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [24/07/2012 16:23 103040] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05/08/2012 09:08 22856] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [05/08/2012 09:08 676936] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 12:28 160944] . Contents of the 'Scheduled Tasks' folder . 2012-11-07 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-24 11:17] . 2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1844237615-839522115-1004Core.job - c:\documents and settings\Ollie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-24 16:16] . 2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1844237615-839522115-1004UA.job - c:\documents and settings\Ollie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-24 16:16] . . ------- Supplementary Scan ------- . uStart Page = uSearchAssistant = TCP: DhcpNameServer = 192.168.0.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - ORPHANS REMOVED - - - - . HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe HKLM-Run-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-07 12:18 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(712) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . Completion time: 2012-11-07 12:20:06 ComboFix-quarantined-files.txt 2012-11-07 12:19 . Pre-Run: 37,170,106,368 bytes free Post-Run: 37,134,450,688 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn . - - End Of File - - 36CCCCA8027D96DE41F1812E50975816

Ive disabled Avast ( red cross in orange ball ) .. Ran Combofix and got the following warning. Combofix has detected the following real time scanner to be active Antivirus : AVG Anti-Virus Free Edition 2012. I did not realise this was running on the computer, just thought i had Avast and Zone Alarm, but ive done control/alt/delete and cannot see any sign of AVG running at all. Should i proceed ?

Seems to be working ok, although Google Chrome took an age to load, although that might have something to do with Avast updating . What do you reckon the problem was ? And does this mean i dont need Zone Alarm with Avast ?

Want me to do anything else ?

Just done as requested. Ran AppRemover and let it scan, clicked next and it says there are zero applications to uninstall. Want to to reboot in normal mode ?

Wohoooo, ive managed to get into Safe Mode !! Here is a copy of the OTL file OTL logfile created on: 06/11/2012 09:27:02 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Ollie\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.38% Memory free 3.35 Gb Paging File | 2.75 Gb Available in Paging File | 82.11% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 76.32 Gb Total Space | 34.01 Gb Free Space | 44.56% Space Free | Partition Type: NTFS Drive E: | 966.53 Mb Total Space | 965.84 Mb Free Space | 99.93% Space Free | Partition Type: FAT32 Computer Name: OLIVER | User Name: Ollie | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/05 11:58:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ollie\My Documents\Downloads\OTL.exe PRC - [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe PRC - [2012/07/11 13:32:24 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012/10/10 10:06:15 | 000,460,312 | ---- | M] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll MOD - [2012/10/10 10:06:12 | 004,005,912 | ---- | M] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll MOD - [2012/10/10 10:04:44 | 000,156,712 | ---- | M] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avutil-51.dll MOD - [2012/10/10 10:04:43 | 000,275,496 | ---- | M] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avformat-54.dll MOD - [2012/10/10 10:04:42 | 002,168,360 | ---- | M] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012/10/24 19:20:13 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/10/23 11:17:40 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/07/14 13:59:32 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/07/11 13:32:24 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012/10/23 11:18:34 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012/10/23 11:18:34 | 000,360,392 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012/10/23 11:18:34 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012/10/23 11:18:34 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012/10/23 11:18:33 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012/10/23 11:18:32 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012/10/23 11:18:32 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/07/14 13:59:44 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2012/07/11 13:00:46 | 000,526,640 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant) DRV - [2012/06/11 18:57:18 | 006,629,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2012/05/14 06:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService) DRV - [2012/01/09 17:59:34 | 000,485,808 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2012/01/09 17:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1) DRV - [2012/01/09 17:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2) DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007/11/27 19:06:42 | 004,630,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2006/10/17 19:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/07/24 19:38:44 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=hp&babsrc=lnkry CHR - default_search_provider: Web (Enabled) CHR - default_search_provider: search_url = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=hp&babsrc=lnkry CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.46_0\ CHR - Extension: avast! WebRep = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1473_0\ CHR - Extension: Gmail = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/10/29 09:16:08 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343146782827 (WUWebControl Class) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BDA5ACB-3011-4D37-98E2-EA57E03FB572}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/11/04 15:44:40 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/11/05 12:03:39 | 000,000,000 | ---D | C] -- C:\_OTL [2012/11/04 21:59:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2012/11/02 17:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ollie\Desktop\MultiMC [2012/10/29 09:14:08 | 000,000,000 | ---D | C] -- C:\Oli Temp [2012/10/28 22:05:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ollie\Recent [2012/10/28 22:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/10/21 14:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ollie\Desktop\Mods ========== Files - Modified Within 30 Days ========== [2012/11/06 09:24:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/11/06 09:23:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/11/06 09:21:44 | 000,000,229 | RHS- | M] () -- C:\boot.ini [2012/11/06 09:21:04 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012/11/05 12:43:22 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/11/05 11:31:04 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1844237615-839522115-1004UA.job [2012/11/04 16:31:23 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1844237615-839522115-1004Core.job [2012/11/02 19:32:19 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/11/02 19:30:59 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor Mod Defence Alliance 2.url [2012/11/02 19:30:59 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor.url [2012/11/02 19:30:59 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor SDK.url [2012/10/31 17:41:22 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Shortcut to .techniclauncher.lnk [2012/10/30 09:56:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/10/29 09:16:08 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/10/28 22:21:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/10/28 22:04:51 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2012/10/28 20:53:15 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012/10/28 20:18:44 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics [2012/10/28 09:22:57 | 000,472,562 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/10/28 09:22:56 | 000,075,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/10/24 19:21:57 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Team Fortress 2.url [2012/10/23 11:18:34 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012/10/23 11:18:34 | 000,360,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012/10/23 11:18:34 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012/10/23 11:18:34 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012/10/23 11:18:33 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012/10/23 11:18:33 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012/10/23 11:18:32 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012/10/23 11:18:32 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012/10/23 11:17:48 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012/10/23 11:17:38 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012/10/12 21:55:01 | 000,009,549 | ---- | M] () -- C:\Documents and Settings\Ollie\My Documents\R.A.T.9.jpg ========== Files Created - No Company Name ========== [2012/11/02 19:30:59 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor Mod Defence Alliance 2.url [2012/11/02 19:30:59 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor SDK.url [2012/11/02 19:30:58 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor.url [2012/10/31 17:41:22 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Shortcut to .techniclauncher.lnk [2012/10/28 22:04:51 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2012/10/24 19:21:57 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Team Fortress 2.url [2012/10/12 21:54:51 | 000,009,549 | ---- | C] () -- C:\Documents and Settings\Ollie\My Documents\R.A.T.9.jpg [2012/09/18 20:23:07 | 000,062,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012/07/26 22:51:22 | 000,148,903 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1614895754-1844237615-839522115-1004-0.dat [2012/07/26 22:51:20 | 000,083,246 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2012/07/25 11:41:06 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/07/24 17:42:15 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\dt.dat [2012/07/24 16:32:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/07/24 16:30:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012/07/24 16:29:12 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/07/24 16:23:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2012/07/24 16:23:09 | 000,637,743 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2012/07/24 16:18:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/07/24 16:01:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2012/07/24 16:00:03 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2012/07/24 15:39:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012/07/24 15:36:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2012/07/24 16:21:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2012/04/20 19:29:52 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/07/24 19:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2012/07/24 19:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint [2012/07/24 16:25:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2012/07/24 19:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2012/10/28 22:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith [2012/11/03 14:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\.minecraft [2012/08/12 19:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\.Nitrous [2012/11/01 21:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\.techniclauncher [2012/08/22 12:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\Audacity [2012/09/18 17:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\BANDISOFT [2012/07/24 19:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\CheckPoint [2012/09/18 18:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\OpenCandy [2012/07/24 19:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\Oracle [2012/08/18 15:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\skyz [2012/07/26 13:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\TechSmith ========== Purity Check ========== < End of report >

Ive not performed a single scan since you asked me not to. Im not sure how im supposed to perform a new OTL scan when i just cannot open and run any file. I tried all day yesterday to get into safe mode without success.

Just cannot log into Safe Mode at all, either via F8 or msconfig

Just an update from my own computer. Due to my impatience this morning i scanned with Malwarebytes and Avast and got no infections. The computer seemed to be running fine in normal mode and i was hoping that was the problem sorted. Ive just ran OTL as requested and rebooted but now i cannot do anything again on the computer and im trying again to get into Safe Mode. Will hopefully post the OTL text file once i can access it.

Ran Malwarebytes in Safe Mode and got no infections found. Ran a Avast Free scan and got the following infections and moved them to chest. C:\Documents and Settings\Ollie\Desktop\minecraft\bin\Testing.jar ( Severity - high ) Status - Threat: Other:Malware-gen [Trj] C:\Documents and Settings\Ollie\My Documents\Downloads\NodusUpdate.jar ( Severity - high ) Status - Threat: Other:Malware-gen [Trj]

Just running Malwarebytes now

OTL Extras logfile created on: 04/11/2012 22:08:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\ Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 86.75% Memory free 3.35 Gb Paging File | 3.26 Gb Available in Paging File | 97.28% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 76.32 Gb Total Space | 26.25 Gb Free Space | 34.39% Space Free | Partition Type: NTFS Drive E: | 966.53 Mb Total Space | 965.94 Mb Free Space | 99.94% Space Free | Partition Type: FAT32 Computer Name: OLIVER | User Name: Ollie | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Program Files\Steam\steamapps\common\Knights of the Old Republic II\swkotor2.exe" = C:\Program Files\Steam\steamapps\common\Knights of the Old Republic II\swkotor2.exe:*:Enabled:Star Wars: Knights of the Old Republic II -- (Obsidian Entertainment, Inc.) "C:\Program Files\Steam\steamapps\common\killingfloor\System\KFEd.exe" = C:\Program Files\Steam\steamapps\common\killingfloor\System\KFEd.exe:*:Enabled:Killing Floor SDK -- () "C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0540D7A3-EC2A-800A-9556-CA8BE5890158}" = CCC Help French "{09D537B4-89F1-5879-92C6-58F572DE3294}" = CCC Help Italian "{0D0A39F8-726A-1694-B925-05F6CDDB84A4}" = CCC Help Korean "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{119F847C-7E3D-2382-9CE1-32EA384B9411}" = CCC Help Turkish "{161A1AA3-9989-00C5-9F92-D436CB9B2323}" = Catalyst Control Center "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{2C82E097-694E-44ea-A947-2750679469CF}" = The Sims™ 2 "{2F00946A-5A04-0BF8-044E-DCF9C170E50B}" = CCC Help Chinese Standard "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{42B4A23D-81A0-3FE1-3950-17500B8778AE}" = CCC Help German "{47F29647-21AF-2155-8979-01F09BDEB840}" = CCC Help Norwegian "{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50D71DAA-99DD-0DC7-57C3-D33AA6C84D2F}" = CCC Help Chinese Traditional "{56616E6D-BCFF-C547-CDE1-FC3F3243B62D}" = CCC Help Danish "{66362A0A-199D-C7F9-075B-317945011832}" = CCC Help Dutch "{6A2C5790-C3AB-4A63-A339-274A2B16E311}" = ZoneAlarm Security "{78CCDC80-1C7A-B95F-9968-33B1897CC5C3}" = AMD Catalyst Install Manager "{7BD022FA-F813-401F-90CA-11328E316699}" = ZoneAlarm Firewall "{7C972873-8A9E-A6FD-B704-141E77662B2D}" = ccc-utility "{7DB6717B-8F45-2F44-F3D2-680B319BA9AC}" = CCC Help Hungarian "{81D5607E-35BE-8FB5-54F7-05D9F81CA8B2}" = CCC Help Swedish "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A4FC4416-1BE2-D4D3-02F3-8E7E8F999AD4}" = CCC Help Thai "{BE6D82C4-DD50-275D-A61A-C8901390ED54}" = CCC Help Finnish "{BEA2143E-CDEA-EAA6-0D8F-384F46309E8E}" = CCC Help Japanese "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C877FC4D-3733-8FB1-D41D-7B2A1B6C5161}" = Catalyst Control Center Localization All "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D50B0249-70A8-1310-61FD-F812F4653C7E}" = Catalyst Control Center Graphics Previews Common "{D511901B-D264-42A0-B9E3-F0681DD5F33F}" = ZoneAlarm Antivirus "{E0B58D68-DE7E-F1B8-6089-4BD0B7D67ECD}" = CCC Help English "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E45230A6-0921-D383-6EF2-32326408627C}" = CCC Help Czech "{E9DAE705-1659-E8AD-2F63-4E392BB59569}" = CCC Help Greek "{ED9E9F59-5730-BDBD-E5C3-F6A7097A4CFF}" = Catalyst Control Center InstallProxy "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3E08709-43B4-7FB7-D2D8-A8EACB2FA184}" = CCC Help Russian "{F7C3F48F-CC54-61E0-2361-EB60621092EE}" = CCC Help Portuguese "{FBB46D7B-ABA2-B8BC-8271-565C230BA5F4}" = CCC Help Spanish "{FC08ABD7-20E4-806B-7762-1D454F8A52E2}" = CCC Help Polish "avast" = avast! Free Antivirus "CCleaner" = CCleaner "Fraps" = Fraps (remove only) "ie8" = Windows Internet Explorer 8 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "LAGARITH" = Lagarith lossless video codec (Remove Only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Revo Uninstaller" = Revo Uninstaller 1.94 "Steam App 1250" = Killing Floor "Steam App 1260" = Killing Floor SDK "Steam App 208580" = Star Wars: Knights of the Old Republic II "Steam App 35420" = Killing Floor Mod: Defence Alliance 2 "Steam App 440" = Team Fortress 2 "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR 4.20 (32-bit) "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 21/10/2012 15:21:50 | Computer Name = OLIVER | Source = Application Hang | ID = 1002 Description = Hanging application chrome.exe, version 22.0.1229.94, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 21/10/2012 15:21:51 | Computer Name = OLIVER | Source = Application Hang | ID = 1002 Description = Hanging application chrome.exe, version 22.0.1229.94, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 28/10/2012 07:16:58 | Computer Name = OLIVER | Source = Application Hang | ID = 1002 Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 28/10/2012 07:16:59 | Computer Name = OLIVER | Source = Application Hang | ID = 1002 Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 28/10/2012 08:19:20 | Computer Name = OLIVER | Source = Application Hang | ID = 1002 Description = Hanging application chrome.exe, version 22.0.1229.94, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 29/10/2012 16:25:05 | Computer Name = OLIVER | Source = Application Hang | ID = 1002 Description = Hanging application Steam.exe, version 1.0.1446.623, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 30/10/2012 09:09:52 | Computer Name = OLIVER | Source = Application Hang | ID = 1002 Description = Hanging application Steam.exe, version 1.0.1446.623, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 30/10/2012 09:10:12 | Computer Name = OLIVER | Source = Application Hang | ID = 1002 Description = Hanging application Steam.exe, version 1.0.1446.623, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 30/10/2012 09:10:13 | Computer Name = OLIVER | Source = Application Hang | ID = 1002 Description = Hanging application Steam.exe, version 1.0.1446.623, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 30/10/2012 10:08:36 | Computer Name = OLIVER | Source = Application Hang | ID = 1002 Description = Hanging application hl2.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 29/08/2012 09:58:19 | Computer Name = OLIVER | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the LogMeIn Hamachi Tunneling Engine service to connect. Error - 29/08/2012 09:58:19 | Computer Name = OLIVER | Source = Service Control Manager | ID = 7000 Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: %%1053 < End of report >

Im actually posting this from my son's computer. OTL logfile created on: 04/11/2012 22:08:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\ Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 86.75% Memory free 3.35 Gb Paging File | 3.26 Gb Available in Paging File | 97.28% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 76.32 Gb Total Space | 26.25 Gb Free Space | 34.39% Space Free | Partition Type: NTFS Drive E: | 966.53 Mb Total Space | 965.94 Mb Free Space | 99.94% Space Free | Partition Type: FAT32 Computer Name: OLIVER | User Name: Ollie | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/04 15:57:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2012/07/11 13:32:24 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012/10/24 19:20:13 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/10/23 11:17:40 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/07/14 13:59:32 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/07/11 13:32:24 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012/11/03 18:11:06 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012/10/23 11:18:34 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012/10/23 11:18:34 | 000,360,392 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012/10/23 11:18:34 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012/10/23 11:18:34 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012/10/23 11:18:33 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012/10/23 11:18:32 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012/10/23 11:18:32 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/07/14 13:59:44 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2012/07/11 13:00:46 | 000,526,640 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant) DRV - [2012/06/11 18:57:18 | 006,629,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2012/05/14 06:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService) DRV - [2012/01/09 17:59:34 | 000,485,808 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2012/01/09 17:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1) DRV - [2012/01/09 17:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2) DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007/11/27 19:06:42 | 004,630,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2006/10/17 19:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=hp&babsrc=lnkry_nt'>http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=hp&babsrc=lnkry_nt IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/07/24 19:38:44 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=hp&babsrc=lnkry CHR - default_search_provider: Web (Enabled) CHR - default_search_provider: search_url = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=hp&babsrc=lnkry CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.46_0\ CHR - Extension: avast! WebRep = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1473_0\ CHR - Extension: Gmail = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/10/29 09:16:08 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343146782827 (WUWebControl Class) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BDA5ACB-3011-4D37-98E2-EA57E03FB572}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/07/24 15:38:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2012/11/04 15:44:40 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/11/04 21:59:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2012/11/03 18:11:05 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012/11/02 17:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ollie\Desktop\MultiMC [2012/10/29 09:14:08 | 000,000,000 | ---D | C] -- C:\Oli Temp [2012/10/28 22:05:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ollie\Recent [2012/10/28 22:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/10/21 14:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ollie\Desktop\Mods [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/04 22:04:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/11/04 22:03:01 | 000,000,229 | RHS- | M] () -- C:\boot.ini [2012/11/04 21:58:12 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012/11/04 16:31:48 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1844237615-839522115-1004UA.job [2012/11/04 16:31:23 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1844237615-839522115-1004Core.job [2012/11/03 18:11:06 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012/11/02 19:32:19 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/11/02 19:30:59 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor Mod Defence Alliance 2.url [2012/11/02 19:30:59 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor.url [2012/11/02 19:30:59 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor SDK.url [2012/11/02 18:42:59 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/10/31 17:41:22 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Shortcut to .techniclauncher.lnk [2012/10/30 09:56:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/10/29 09:16:08 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/10/28 22:21:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/10/28 22:04:51 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2012/10/28 20:53:15 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012/10/28 20:18:44 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics [2012/10/28 09:22:57 | 000,472,562 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/10/28 09:22:56 | 000,075,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/10/24 19:21:57 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Team Fortress 2.url [2012/10/23 11:18:34 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012/10/23 11:18:34 | 000,360,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012/10/23 11:18:34 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012/10/23 11:18:34 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012/10/23 11:18:33 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012/10/23 11:18:33 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012/10/23 11:18:32 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012/10/23 11:18:32 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012/10/23 11:17:48 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012/10/23 11:17:38 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012/10/19 21:24:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/10/12 21:55:01 | 000,009,549 | ---- | M] () -- C:\Documents and Settings\Ollie\My Documents\R.A.T.9.jpg [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/02 19:30:59 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor Mod Defence Alliance 2.url [2012/11/02 19:30:59 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor SDK.url [2012/11/02 19:30:58 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor.url [2012/10/31 17:41:22 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Shortcut to .techniclauncher.lnk [2012/10/28 22:04:51 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2012/10/24 19:21:57 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Team Fortress 2.url [2012/10/12 21:54:51 | 000,009,549 | ---- | C] () -- C:\Documents and Settings\Ollie\My Documents\R.A.T.9.jpg [2012/09/18 20:23:07 | 000,062,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012/07/26 22:51:22 | 000,148,903 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1614895754-1844237615-839522115-1004-0.dat [2012/07/26 22:51:20 | 000,083,246 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2012/07/25 11:41:06 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/07/24 17:42:15 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\dt.dat [2012/07/24 16:32:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/07/24 16:30:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012/07/24 16:29:12 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/07/24 16:23:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2012/07/24 16:23:09 | 000,637,743 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2012/07/24 16:18:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/07/24 16:01:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2012/07/24 16:00:03 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2012/07/24 15:39:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012/07/24 15:36:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2012/07/24 16:21:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2012/04/20 19:29:52 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/07/24 19:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2012/07/24 19:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint [2012/07/24 16:25:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2012/07/24 19:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2012/10/28 22:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith [2012/11/03 14:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\.minecraft [2012/08/12 19:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\.Nitrous [2012/11/01 21:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\.techniclauncher [2012/08/22 12:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\Audacity [2012/09/18 17:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\BANDISOFT [2012/07/24 19:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\CheckPoint [2012/09/18 18:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\OpenCandy [2012/07/24 19:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\Oracle [2012/08/18 15:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\skyz [2012/07/26 13:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\TechSmith ========== Purity Check ========== < End of report >

Managed to get into Safe Mode via msconfig / Boot.ini tab / Boot options / safeboot / network Im just running OTL quick scan