JoshJD

November 7, 2012

Urmm , you tell me ?

Im running my son's computer ok in normal mode.

Hopefully that ComboFix scan shows nothing too major, do you reckon things should be ok now ?

Shall i leave Zone Alarm off the computer as im wondering if its actually even needed when i already have Avast ?

Im still a little perplexed as to what the original problem was.

Do i now need to un-install CombiFix ?

I will stop asking questions soon :blush:

November 7, 2012

ComboFix 12-11-06.03 - Ollie 07/11/2012 12:15:00.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1443 [GMT 0:00]

Running from: c:\documents and settings\Ollie\My Documents\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\dllcache\wmpvis.dll

c:\windows\system32\drivers\etc\hosts.ics

.

((((((((((((((((((((((((( Files Created from 2012-10-07 to 2012-11-07 )))))))))))))))))))))))))))))))

.

2012-11-05 12:03 . 2012-11-05 12:03 -------- d-----w- C:\_OTL

2012-10-29 09:14 . 2012-10-31 12:49 -------- d-----w- C:\Oli Temp

2012-10-28 22:04 . 2012-10-28 22:04 -------- d-----w- c:\program files\CCleaner

2012-10-21 09:31 . 2012-09-24 22:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-23 11:18 . 2012-07-24 19:47 360392 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-23 11:18 . 2012-07-24 19:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-23 11:18 . 2012-07-24 19:47 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-10-23 11:18 . 2012-07-24 19:47 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-23 11:18 . 2012-07-24 19:47 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-10-23 11:18 . 2012-07-24 19:47 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-10-23 11:18 . 2012-07-24 19:47 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-23 11:18 . 2012-07-24 19:47 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-10-23 11:17 . 2012-07-24 19:47 41224 ----a-w- c:\windows\avastSS.scr

2012-10-23 11:17 . 2012-07-24 19:47 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-09-29 19:54 . 2012-08-05 09:08 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-31 09:01 . 2012-07-24 19:54 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-31 09:01 . 2012-07-24 19:54 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-28 15:14 . 2002-08-29 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14 . 2002-08-29 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14 . 2002-08-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2012-07-24 15:51 385024 ------w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2002-08-29 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-21 13:33 . 2002-08-29 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58 . 2002-08-29 01:04 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-23 11:17 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\Steam\Steam.exe" [2012-08-04 1353080]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 98304]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-23 4297136]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\Knights of the Old Republic II\\swkotor2.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KFEd.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24/07/2012 19:47 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24/07/2012 19:47 360392]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/07/2012 19:47 21256]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [13/09/2012 11:55 399432]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [24/07/2012 16:23 103040]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05/08/2012 09:08 22856]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [05/08/2012 09:08 676936]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 12:28 160944]

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-07 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-24 11:17]

.

2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1844237615-839522115-1004Core.job

- c:\documents and settings\Ollie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-24 16:16]

.

2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1844237615-839522115-1004UA.job

- c:\documents and settings\Ollie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-24 16:16]

.

------- Supplementary Scan -------

.

uStart Page =

uSearchAssistant =

TCP: DhcpNameServer = 192.168.0.1

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe

HKLM-Run-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-07 12:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(712)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

Completion time: 2012-11-07 12:20:06

ComboFix-quarantined-files.txt 2012-11-07 12:19

.

Pre-Run: 37,170,106,368 bytes free

Post-Run: 37,134,450,688 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - 36CCCCA8027D96DE41F1812E50975816

November 7, 2012

Ive disabled Avast ( red cross in orange ball ) ..

Ran Combofix and got the following warning.

Combofix has detected the following real time scanner to be active

Antivirus : AVG Anti-Virus Free Edition 2012.

I did not realise this was running on the computer, just thought i had Avast and Zone Alarm, but ive done control/alt/delete and cannot see any sign of AVG running at all.

Should i proceed ?

November 6, 2012

Seems to be working ok, although Google Chrome took an age to load, although that might have something to do with Avast updating .

What do you reckon the problem was ?

And does this mean i dont need Zone Alarm with Avast ?

November 6, 2012

Yes, please.

Want me to do anything else ?

November 6, 2012

Just done as requested.

Ran AppRemover and let it scan, clicked next and it says there are zero applications to uninstall.

Want to to reboot in normal mode ?

November 6, 2012

Wohoooo, ive managed to get into Safe Mode !!

Here is a copy of the OTL file

OTL logfile created on: 06/11/2012 09:27:02 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Ollie\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.38% Memory free

3.35 Gb Paging File | 2.75 Gb Available in Paging File | 82.11% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 76.32 Gb Total Space | 34.01 Gb Free Space | 44.56% Space Free | Partition Type: NTFS

Drive E: | 966.53 Mb Total Space | 965.84 Mb Free Space | 99.93% Space Free | Partition Type: FAT32

Computer Name: OLIVER | User Name: Ollie | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/05 11:58:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ollie\My Documents\Downloads\OTL.exe

PRC - [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2012/07/11 13:32:24 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/10 10:06:15 | 000,460,312 | ---- | M] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll

MOD - [2012/10/10 10:06:12 | 004,005,912 | ---- | M] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll

MOD - [2012/10/10 10:04:44 | 000,156,712 | ---- | M] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avutil-51.dll

MOD - [2012/10/10 10:04:43 | 000,275,496 | ---- | M] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avformat-54.dll

MOD - [2012/10/10 10:04:42 | 002,168,360 | ---- | M] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012/10/24 19:20:13 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/10/23 11:17:40 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012/07/14 13:59:32 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)

SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/07/11 13:32:24 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012/10/23 11:18:34 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/10/23 11:18:34 | 000,360,392 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/10/23 11:18:34 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/10/23 11:18:34 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2012/10/23 11:18:33 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/10/23 11:18:32 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2012/10/23 11:18:32 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/07/14 13:59:44 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV - [2012/07/11 13:00:46 | 000,526,640 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)

DRV - [2012/06/11 18:57:18 | 006,629,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2012/05/14 06:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)

DRV - [2012/01/09 17:59:34 | 000,485,808 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)

DRV - [2012/01/09 17:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)

DRV - [2012/01/09 17:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)

DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2007/11/27 19:06:42 | 004,630,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2006/10/17 19:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/07/24 19:38:44 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=hp&babsrc=lnkry

CHR - default_search_provider: Web (Enabled)

CHR - default_search_provider: search_url = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=hp&babsrc=lnkry

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\gcswf32.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: YouTube = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: AdBlock = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.46_0\

CHR - Extension: avast! WebRep = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1473_0\

CHR - Extension: Gmail = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/29 09:16:08 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343146782827 (WUWebControl Class)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BDA5ACB-3011-4D37-98E2-EA57E03FB572}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/11/04 15:44:40 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/05 12:03:39 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/11/04 21:59:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2012/11/02 17:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ollie\Desktop\MultiMC

[2012/10/29 09:14:08 | 000,000,000 | ---D | C] -- C:\Oli Temp

[2012/10/28 22:05:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ollie\Recent

[2012/10/28 22:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/10/21 14:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ollie\Desktop\Mods

========== Files - Modified Within 30 Days ==========

[2012/11/06 09:24:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/11/06 09:23:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/11/06 09:21:44 | 000,000,229 | RHS- | M] () -- C:\boot.ini

[2012/11/06 09:21:04 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012/11/05 12:43:22 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2012/11/05 11:31:04 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1844237615-839522115-1004UA.job

[2012/11/04 16:31:23 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1844237615-839522115-1004Core.job

[2012/11/02 19:32:19 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/11/02 19:30:59 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor Mod Defence Alliance 2.url

[2012/11/02 19:30:59 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor.url

[2012/11/02 19:30:59 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor SDK.url

[2012/10/31 17:41:22 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Shortcut to .techniclauncher.lnk

[2012/10/30 09:56:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/10/29 09:16:08 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/10/28 22:21:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/10/28 22:04:51 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2012/10/28 20:53:15 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012/10/28 20:18:44 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

[2012/10/28 09:22:57 | 000,472,562 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/10/28 09:22:56 | 000,075,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/10/24 19:21:57 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Team Fortress 2.url

[2012/10/23 11:18:34 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012/10/23 11:18:34 | 000,360,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012/10/23 11:18:34 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012/10/23 11:18:34 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012/10/23 11:18:33 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012/10/23 11:18:33 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012/10/23 11:18:32 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012/10/23 11:18:32 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012/10/23 11:17:48 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012/10/23 11:17:38 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012/10/12 21:55:01 | 000,009,549 | ---- | M] () -- C:\Documents and Settings\Ollie\My Documents\R.A.T.9.jpg

========== Files Created - No Company Name ==========

[2012/11/02 19:30:59 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor Mod Defence Alliance 2.url

[2012/11/02 19:30:59 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor SDK.url

[2012/11/02 19:30:58 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor.url

[2012/10/31 17:41:22 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Shortcut to .techniclauncher.lnk

[2012/10/28 22:04:51 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2012/10/24 19:21:57 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Team Fortress 2.url

[2012/10/12 21:54:51 | 000,009,549 | ---- | C] () -- C:\Documents and Settings\Ollie\My Documents\R.A.T.9.jpg

[2012/09/18 20:23:07 | 000,062,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2012/07/26 22:51:22 | 000,148,903 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1614895754-1844237615-839522115-1004-0.dat

[2012/07/26 22:51:20 | 000,083,246 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2012/07/25 11:41:06 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/07/24 17:42:15 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\dt.dat

[2012/07/24 16:32:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/07/24 16:30:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2012/07/24 16:29:12 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/07/24 16:23:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2012/07/24 16:23:09 | 000,637,743 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2012/07/24 16:18:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/07/24 16:01:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

[2012/07/24 16:00:03 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2012/07/24 15:39:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2012/07/24 15:36:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012/07/24 16:21:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\System32\shdocvw.dll -- [2012/04/20 19:29:52 | 001,510,400 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2012/07/24 19:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2012/07/24 19:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint

[2012/07/24 16:25:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2012/07/24 19:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2012/10/28 22:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith

[2012/11/03 14:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\.minecraft

[2012/08/12 19:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\.Nitrous

[2012/11/01 21:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\.techniclauncher

[2012/08/22 12:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\Audacity

[2012/09/18 17:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\BANDISOFT

[2012/07/24 19:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\CheckPoint

[2012/09/18 18:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\OpenCandy

[2012/07/24 19:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\Oracle

[2012/08/18 15:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\skyz

[2012/07/26 13:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\TechSmith

========== Purity Check ==========

< End of report >

November 6, 2012

Ive not performed a single scan since you asked me not to.

Im not sure how im supposed to perform a new OTL scan when i just cannot open and run any file.

I tried all day yesterday to get into safe mode without success.

November 5, 2012

Just cannot log into Safe Mode at all, either via F8 or msconfig

November 5, 2012

Just an update from my own computer.

Due to my impatience this morning i scanned with Malwarebytes and Avast and got no infections.

The computer seemed to be running fine in normal mode and i was hoping that was the problem sorted.

Ive just ran OTL as requested and rebooted but now i cannot do anything again on the computer and im trying again to get into Safe Mode.

Will hopefully post the OTL text file once i can access it.

November 4, 2012

Ran Malwarebytes in Safe Mode and got no infections found.

Ran a Avast Free scan and got the following infections and moved them to chest.

C:\Documents and Settings\Ollie\Desktop\minecraft\bin\Testing.jar ( Severity - high ) Status - Threat: Other:Malware-gen [Trj]

C:\Documents and Settings\Ollie\My Documents\Downloads\NodusUpdate.jar ( Severity - high ) Status - Threat: Other:Malware-gen [Trj]

November 4, 2012

Just running Malwarebytes now

November 4, 2012

OTL Extras logfile created on: 04/11/2012 22:08:27 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = E:\

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 86.75% Memory free

3.35 Gb Paging File | 3.26 Gb Available in Paging File | 97.28% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 76.32 Gb Total Space | 26.25 Gb Free Space | 34.39% Space Free | Partition Type: NTFS

Drive E: | 966.53 Mb Total Space | 965.94 Mb Free Space | 99.94% Space Free | Partition Type: FAT32

Computer Name: OLIVER | User Name: Ollie | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer

"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Program Files\Steam\steamapps\common\Knights of the Old Republic II\swkotor2.exe" = C:\Program Files\Steam\steamapps\common\Knights of the Old Republic II\swkotor2.exe:*:Enabled:Star Wars: Knights of the Old Republic II -- (Obsidian Entertainment, Inc.)

"C:\Program Files\Steam\steamapps\common\killingfloor\System\KFEd.exe" = C:\Program Files\Steam\steamapps\common\killingfloor\System\KFEd.exe:*:Enabled:Killing Floor SDK -- ()

"C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0540D7A3-EC2A-800A-9556-CA8BE5890158}" = CCC Help French

"{09D537B4-89F1-5879-92C6-58F572DE3294}" = CCC Help Italian

"{0D0A39F8-726A-1694-B925-05F6CDDB84A4}" = CCC Help Korean

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{119F847C-7E3D-2382-9CE1-32EA384B9411}" = CCC Help Turkish

"{161A1AA3-9989-00C5-9F92-D436CB9B2323}" = Catalyst Control Center

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9

"{2C82E097-694E-44ea-A947-2750679469CF}" = The Sims™ 2

"{2F00946A-5A04-0BF8-044E-DCF9C170E50B}" = CCC Help Chinese Standard

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{42B4A23D-81A0-3FE1-3950-17500B8778AE}" = CCC Help German

"{47F29647-21AF-2155-8979-01F09BDEB840}" = CCC Help Norwegian

"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50D71DAA-99DD-0DC7-57C3-D33AA6C84D2F}" = CCC Help Chinese Traditional

"{56616E6D-BCFF-C547-CDE1-FC3F3243B62D}" = CCC Help Danish

"{66362A0A-199D-C7F9-075B-317945011832}" = CCC Help Dutch

"{6A2C5790-C3AB-4A63-A339-274A2B16E311}" = ZoneAlarm Security

"{78CCDC80-1C7A-B95F-9968-33B1897CC5C3}" = AMD Catalyst Install Manager

"{7BD022FA-F813-401F-90CA-11328E316699}" = ZoneAlarm Firewall

"{7C972873-8A9E-A6FD-B704-141E77662B2D}" = ccc-utility

"{7DB6717B-8F45-2F44-F3D2-680B319BA9AC}" = CCC Help Hungarian

"{81D5607E-35BE-8FB5-54F7-05D9F81CA8B2}" = CCC Help Swedish

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A4FC4416-1BE2-D4D3-02F3-8E7E8F999AD4}" = CCC Help Thai

"{BE6D82C4-DD50-275D-A61A-C8901390ED54}" = CCC Help Finnish

"{BEA2143E-CDEA-EAA6-0D8F-384F46309E8E}" = CCC Help Japanese

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C877FC4D-3733-8FB1-D41D-7B2A1B6C5161}" = Catalyst Control Center Localization All

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D50B0249-70A8-1310-61FD-F812F4653C7E}" = Catalyst Control Center Graphics Previews Common

"{D511901B-D264-42A0-B9E3-F0681DD5F33F}" = ZoneAlarm Antivirus

"{E0B58D68-DE7E-F1B8-6089-4BD0B7D67ECD}" = CCC Help English

"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding

"{E45230A6-0921-D383-6EF2-32326408627C}" = CCC Help Czech

"{E9DAE705-1659-E8AD-2F63-4E392BB59569}" = CCC Help Greek

"{ED9E9F59-5730-BDBD-E5C3-F6A7097A4CFF}" = Catalyst Control Center InstallProxy

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F3E08709-43B4-7FB7-D2D8-A8EACB2FA184}" = CCC Help Russian

"{F7C3F48F-CC54-61E0-2361-EB60621092EE}" = CCC Help Portuguese

"{FBB46D7B-ABA2-B8BC-8271-565C230BA5F4}" = CCC Help Spanish

"{FC08ABD7-20E4-806B-7762-1D454F8A52E2}" = CCC Help Polish

"avast" = avast! Free Antivirus

"CCleaner" = CCleaner

"Fraps" = Fraps (remove only)

"ie8" = Windows Internet Explorer 8

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"LAGARITH" = Lagarith lossless video codec (Remove Only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Revo Uninstaller" = Revo Uninstaller 1.94

"Steam App 1250" = Killing Floor

"Steam App 1260" = Killing Floor SDK

"Steam App 208580" = Star Wars: Knights of the Old Republic II

"Steam App 35420" = Killing Floor Mod: Defence Alliance 2

"Steam App 440" = Team Fortress 2

"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR 4.20 (32-bit)

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall

"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 21/10/2012 15:21:50 | Computer Name = OLIVER | Source = Application Hang | ID = 1002

Description = Hanging application chrome.exe, version 22.0.1229.94, hang module