Jump to content

Desktop items not working


JoshJD

Recommended Posts

Good evening,

Im having some problems with my son's computer.

The OS is Windows XP.

The computer seems to load up ok, but i cannot seem to open anything at all via the desktop.

I can go into Start / Programs etc but i still cannot open anything even via that option.

We use Avast and Zone Alarm, Avast seems to load up fine but Zone Alarm seems to be stuck on inizialization is in progress.

I cannot even seem to use Safe Mode, been pressing F8 like its going out of fashion

I cannot seem to open Google Chrome or any internet browser at all as the computer seems to just freeze.

Ive tried opening Malwarebytes which we have on the computer but to no evail.

Im writing this on my own computer.

Any suggestions as to where to start would be appreciated.

Many thanks.

----------------------------------------------------------------------------------------------------------------------------------------------

I origionally posted this is the PC Help section and was asked to post here.

I read some of the self help options and tried to open the Chameleon option but my son's computer just froze and would not open the program.

Look forward to your reply, many thanks

Link to post
Share on other sites

Hello JoshJD! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please try to uninstall ZoneAlarm and restart your computer. Let me know how are things then.

Link to post
Share on other sites

Thank you for the reply Maniac.

I literally cannot open any program on my son's computer.

I can go to Start and select Control Panel which will open, but i cannot load anything from there at all, I just get a not responding message.

The same applies if i go to my computer, I can go into Program files but again i cannot run anything.

The computer basically crashes.

I cannot seem to run any program or the internet to download something.

Link to post
Share on other sites

Okay in this case proceed further:

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

P.S.: Download it and transfer it to the infected PC. Proceed further there.

Link to post
Share on other sites

I copied OTL from my downloads section and pasted onto the memory stick.

Ive now taken this to the other computer and tried to open My Computer so i can access the memory stick but now all im getting is some torch searching.

At the moment i cannot even access the memory stick :) !

Link to post
Share on other sites

Im actually posting this from my son's computer.

OTL logfile created on: 04/11/2012 22:08:27 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = E:\

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 86.75% Memory free

3.35 Gb Paging File | 3.26 Gb Available in Paging File | 97.28% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 76.32 Gb Total Space | 26.25 Gb Free Space | 34.39% Space Free | Partition Type: NTFS

Drive E: | 966.53 Mb Total Space | 965.94 Mb Free Space | 99.94% Space Free | Partition Type: FAT32

Computer Name: OLIVER | User Name: Ollie | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/04 15:57:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe

PRC - [2012/07/11 13:32:24 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012/10/24 19:20:13 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/10/23 11:17:40 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012/07/14 13:59:32 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)

SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/07/11 13:32:24 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012/11/03 18:11:06 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2012/10/23 11:18:34 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/10/23 11:18:34 | 000,360,392 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/10/23 11:18:34 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/10/23 11:18:34 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2012/10/23 11:18:33 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/10/23 11:18:32 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2012/10/23 11:18:32 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/07/14 13:59:44 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV - [2012/07/11 13:00:46 | 000,526,640 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)

DRV - [2012/06/11 18:57:18 | 006,629,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2012/05/14 06:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)

DRV - [2012/01/09 17:59:34 | 000,485,808 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)

DRV - [2012/01/09 17:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)

DRV - [2012/01/09 17:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)

DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2007/11/27 19:06:42 | 004,630,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2006/10/17 19:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=hp&babsrc=lnkry_nt'>http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=hp&babsrc=lnkry_nt

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/07/24 19:38:44 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=hp&babsrc=lnkry

CHR - default_search_provider: Web (Enabled)

CHR - default_search_provider: search_url = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=hp&babsrc=lnkry

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\gcswf32.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: YouTube = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: AdBlock = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.46_0\

CHR - Extension: avast! WebRep = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1473_0\

CHR - Extension: Gmail = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/29 09:16:08 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343146782827 (WUWebControl Class)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BDA5ACB-3011-4D37-98E2-EA57E03FB572}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/07/24 15:38:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2012/11/04 15:44:40 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/04 21:59:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2012/11/03 18:11:05 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012/11/02 17:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ollie\Desktop\MultiMC

[2012/10/29 09:14:08 | 000,000,000 | ---D | C] -- C:\Oli Temp

[2012/10/28 22:05:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ollie\Recent

[2012/10/28 22:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/10/21 14:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ollie\Desktop\Mods

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/04 22:04:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/11/04 22:03:01 | 000,000,229 | RHS- | M] () -- C:\boot.ini

[2012/11/04 21:58:12 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012/11/04 16:31:48 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1844237615-839522115-1004UA.job

[2012/11/04 16:31:23 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1844237615-839522115-1004Core.job

[2012/11/03 18:11:06 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012/11/02 19:32:19 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/11/02 19:30:59 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor Mod Defence Alliance 2.url

[2012/11/02 19:30:59 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor.url

[2012/11/02 19:30:59 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor SDK.url

[2012/11/02 18:42:59 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2012/10/31 17:41:22 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Shortcut to .techniclauncher.lnk

[2012/10/30 09:56:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/10/29 09:16:08 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/10/28 22:21:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/10/28 22:04:51 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2012/10/28 20:53:15 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012/10/28 20:18:44 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

[2012/10/28 09:22:57 | 000,472,562 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/10/28 09:22:56 | 000,075,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/10/24 19:21:57 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Team Fortress 2.url

[2012/10/23 11:18:34 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012/10/23 11:18:34 | 000,360,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012/10/23 11:18:34 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012/10/23 11:18:34 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012/10/23 11:18:33 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012/10/23 11:18:33 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012/10/23 11:18:32 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012/10/23 11:18:32 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012/10/23 11:17:48 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012/10/23 11:17:38 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012/10/19 21:24:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/10/12 21:55:01 | 000,009,549 | ---- | M] () -- C:\Documents and Settings\Ollie\My Documents\R.A.T.9.jpg

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/02 19:30:59 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor Mod Defence Alliance 2.url

[2012/11/02 19:30:59 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor SDK.url

[2012/11/02 19:30:58 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor.url

[2012/10/31 17:41:22 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Shortcut to .techniclauncher.lnk

[2012/10/28 22:04:51 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2012/10/24 19:21:57 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Team Fortress 2.url

[2012/10/12 21:54:51 | 000,009,549 | ---- | C] () -- C:\Documents and Settings\Ollie\My Documents\R.A.T.9.jpg

[2012/09/18 20:23:07 | 000,062,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2012/07/26 22:51:22 | 000,148,903 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1614895754-1844237615-839522115-1004-0.dat

[2012/07/26 22:51:20 | 000,083,246 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2012/07/25 11:41:06 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/07/24 17:42:15 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\dt.dat

[2012/07/24 16:32:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/07/24 16:30:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2012/07/24 16:29:12 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/07/24 16:23:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2012/07/24 16:23:09 | 000,637,743 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2012/07/24 16:18:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/07/24 16:01:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

[2012/07/24 16:00:03 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2012/07/24 15:39:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2012/07/24 15:36:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012/07/24 16:21:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\System32\shdocvw.dll -- [2012/04/20 19:29:52 | 001,510,400 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2012/07/24 19:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2012/07/24 19:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint

[2012/07/24 16:25:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2012/07/24 19:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2012/10/28 22:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith

[2012/11/03 14:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\.minecraft

[2012/08/12 19:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\.Nitrous

[2012/11/01 21:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\.techniclauncher

[2012/08/22 12:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\Audacity

[2012/09/18 17:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\BANDISOFT

[2012/07/24 19:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\CheckPoint

[2012/09/18 18:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\OpenCandy

[2012/07/24 19:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\Oracle

[2012/08/18 15:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\skyz

[2012/07/26 13:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\TechSmith

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 04/11/2012 22:08:27 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = E:\

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 86.75% Memory free

3.35 Gb Paging File | 3.26 Gb Available in Paging File | 97.28% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 76.32 Gb Total Space | 26.25 Gb Free Space | 34.39% Space Free | Partition Type: NTFS

Drive E: | 966.53 Mb Total Space | 965.94 Mb Free Space | 99.94% Space Free | Partition Type: FAT32

Computer Name: OLIVER | User Name: Ollie | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer

"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Program Files\Steam\steamapps\common\Knights of the Old Republic II\swkotor2.exe" = C:\Program Files\Steam\steamapps\common\Knights of the Old Republic II\swkotor2.exe:*:Enabled:Star Wars: Knights of the Old Republic II -- (Obsidian Entertainment, Inc.)

"C:\Program Files\Steam\steamapps\common\killingfloor\System\KFEd.exe" = C:\Program Files\Steam\steamapps\common\killingfloor\System\KFEd.exe:*:Enabled:Killing Floor SDK -- ()

"C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0540D7A3-EC2A-800A-9556-CA8BE5890158}" = CCC Help French

"{09D537B4-89F1-5879-92C6-58F572DE3294}" = CCC Help Italian

"{0D0A39F8-726A-1694-B925-05F6CDDB84A4}" = CCC Help Korean

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{119F847C-7E3D-2382-9CE1-32EA384B9411}" = CCC Help Turkish

"{161A1AA3-9989-00C5-9F92-D436CB9B2323}" = Catalyst Control Center

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9

"{2C82E097-694E-44ea-A947-2750679469CF}" = The Sims™ 2

"{2F00946A-5A04-0BF8-044E-DCF9C170E50B}" = CCC Help Chinese Standard

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{42B4A23D-81A0-3FE1-3950-17500B8778AE}" = CCC Help German

"{47F29647-21AF-2155-8979-01F09BDEB840}" = CCC Help Norwegian

"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50D71DAA-99DD-0DC7-57C3-D33AA6C84D2F}" = CCC Help Chinese Traditional

"{56616E6D-BCFF-C547-CDE1-FC3F3243B62D}" = CCC Help Danish

"{66362A0A-199D-C7F9-075B-317945011832}" = CCC Help Dutch

"{6A2C5790-C3AB-4A63-A339-274A2B16E311}" = ZoneAlarm Security

"{78CCDC80-1C7A-B95F-9968-33B1897CC5C3}" = AMD Catalyst Install Manager

"{7BD022FA-F813-401F-90CA-11328E316699}" = ZoneAlarm Firewall

"{7C972873-8A9E-A6FD-B704-141E77662B2D}" = ccc-utility

"{7DB6717B-8F45-2F44-F3D2-680B319BA9AC}" = CCC Help Hungarian

"{81D5607E-35BE-8FB5-54F7-05D9F81CA8B2}" = CCC Help Swedish

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A4FC4416-1BE2-D4D3-02F3-8E7E8F999AD4}" = CCC Help Thai

"{BE6D82C4-DD50-275D-A61A-C8901390ED54}" = CCC Help Finnish

"{BEA2143E-CDEA-EAA6-0D8F-384F46309E8E}" = CCC Help Japanese

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C877FC4D-3733-8FB1-D41D-7B2A1B6C5161}" = Catalyst Control Center Localization All

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D50B0249-70A8-1310-61FD-F812F4653C7E}" = Catalyst Control Center Graphics Previews Common

"{D511901B-D264-42A0-B9E3-F0681DD5F33F}" = ZoneAlarm Antivirus

"{E0B58D68-DE7E-F1B8-6089-4BD0B7D67ECD}" = CCC Help English

"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding

"{E45230A6-0921-D383-6EF2-32326408627C}" = CCC Help Czech

"{E9DAE705-1659-E8AD-2F63-4E392BB59569}" = CCC Help Greek

"{ED9E9F59-5730-BDBD-E5C3-F6A7097A4CFF}" = Catalyst Control Center InstallProxy

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F3E08709-43B4-7FB7-D2D8-A8EACB2FA184}" = CCC Help Russian

"{F7C3F48F-CC54-61E0-2361-EB60621092EE}" = CCC Help Portuguese

"{FBB46D7B-ABA2-B8BC-8271-565C230BA5F4}" = CCC Help Spanish

"{FC08ABD7-20E4-806B-7762-1D454F8A52E2}" = CCC Help Polish

"avast" = avast! Free Antivirus

"CCleaner" = CCleaner

"Fraps" = Fraps (remove only)

"ie8" = Windows Internet Explorer 8

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"LAGARITH" = Lagarith lossless video codec (Remove Only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Revo Uninstaller" = Revo Uninstaller 1.94

"Steam App 1250" = Killing Floor

"Steam App 1260" = Killing Floor SDK

"Steam App 208580" = Star Wars: Knights of the Old Republic II

"Steam App 35420" = Killing Floor Mod: Defence Alliance 2

"Steam App 440" = Team Fortress 2

"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR 4.20 (32-bit)

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall

"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 21/10/2012 15:21:50 | Computer Name = OLIVER | Source = Application Hang | ID = 1002

Description = Hanging application chrome.exe, version 22.0.1229.94, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 21/10/2012 15:21:51 | Computer Name = OLIVER | Source = Application Hang | ID = 1002

Description = Hanging application chrome.exe, version 22.0.1229.94, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28/10/2012 07:16:58 | Computer Name = OLIVER | Source = Application Hang | ID = 1002

Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28/10/2012 07:16:59 | Computer Name = OLIVER | Source = Application Hang | ID = 1002

Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28/10/2012 08:19:20 | Computer Name = OLIVER | Source = Application Hang | ID = 1002

Description = Hanging application chrome.exe, version 22.0.1229.94, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 29/10/2012 16:25:05 | Computer Name = OLIVER | Source = Application Hang | ID = 1002

Description = Hanging application Steam.exe, version 1.0.1446.623, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 30/10/2012 09:09:52 | Computer Name = OLIVER | Source = Application Hang | ID = 1002

Description = Hanging application Steam.exe, version 1.0.1446.623, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 30/10/2012 09:10:12 | Computer Name = OLIVER | Source = Application Hang | ID = 1002

Description = Hanging application Steam.exe, version 1.0.1446.623, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 30/10/2012 09:10:13 | Computer Name = OLIVER | Source = Application Hang | ID = 1002

Description = Hanging application Steam.exe, version 1.0.1446.623, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 30/10/2012 10:08:36 | Computer Name = OLIVER | Source = Application Hang | ID = 1002

Description = Hanging application hl2.exe, version 0.0.0.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 29/08/2012 09:58:19 | Computer Name = OLIVER | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the LogMeIn Hamachi Tunneling

Engine service to connect.

Error - 29/08/2012 09:58:19 | Computer Name = OLIVER | Source = Service Control Manager | ID = 7000

Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to

the following error: %%1053

< End of report >

Link to post
Share on other sites

Ran Malwarebytes in Safe Mode and got no infections found.

Ran a Avast Free scan and got the following infections and moved them to chest.

C:\Documents and Settings\Ollie\Desktop\minecraft\bin\Testing.jar ( Severity - high ) Status - Threat: Other:Malware-gen [Trj]

C:\Documents and Settings\Ollie\My Documents\Downloads\NodusUpdate.jar ( Severity - high ) Status - Threat: Other:Malware-gen [Trj]

Link to post
Share on other sites

Please do not run any scanning without my instructions, because this makes our work here much difficult.

Run OTL

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

Just an update from my own computer.

Due to my impatience this morning i scanned with Malwarebytes and Avast and got no infections.

The computer seemed to be running fine in normal mode and i was hoping that was the problem sorted.

Ive just ran OTL as requested and rebooted but now i cannot do anything again on the computer and im trying again to get into Safe Mode.

Will hopefully post the OTL text file once i can access it.

Link to post
Share on other sites

Wohoooo, ive managed to get into Safe Mode !! :D

Here is a copy of the OTL file

OTL logfile created on: 06/11/2012 09:27:02 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Ollie\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.38% Memory free

3.35 Gb Paging File | 2.75 Gb Available in Paging File | 82.11% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 76.32 Gb Total Space | 34.01 Gb Free Space | 44.56% Space Free | Partition Type: NTFS

Drive E: | 966.53 Mb Total Space | 965.84 Mb Free Space | 99.93% Space Free | Partition Type: FAT32

Computer Name: OLIVER | User Name: Ollie | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/05 11:58:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ollie\My Documents\Downloads\OTL.exe

PRC - [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2012/07/11 13:32:24 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/10 10:06:15 | 000,460,312 | ---- | M] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll

MOD - [2012/10/10 10:06:12 | 004,005,912 | ---- | M] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll

MOD - [2012/10/10 10:04:44 | 000,156,712 | ---- | M] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avutil-51.dll

MOD - [2012/10/10 10:04:43 | 000,275,496 | ---- | M] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avformat-54.dll

MOD - [2012/10/10 10:04:42 | 002,168,360 | ---- | M] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012/10/24 19:20:13 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/10/23 11:17:40 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012/07/14 13:59:32 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)

SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/07/11 13:32:24 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012/10/23 11:18:34 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/10/23 11:18:34 | 000,360,392 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/10/23 11:18:34 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/10/23 11:18:34 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2012/10/23 11:18:33 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/10/23 11:18:32 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2012/10/23 11:18:32 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/07/14 13:59:44 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV - [2012/07/11 13:00:46 | 000,526,640 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)

DRV - [2012/06/11 18:57:18 | 006,629,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2012/05/14 06:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)

DRV - [2012/01/09 17:59:34 | 000,485,808 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)

DRV - [2012/01/09 17:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)

DRV - [2012/01/09 17:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)

DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2007/11/27 19:06:42 | 004,630,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2006/10/17 19:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/07/24 19:38:44 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=hp&babsrc=lnkry

CHR - default_search_provider: Web (Enabled)

CHR - default_search_provider: search_url = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=3a7f8480-f592-436a-b244-1e723c9ae701&affid=111585&searchtype=hp&babsrc=lnkry

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\gcswf32.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: YouTube = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: AdBlock = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.46_0\

CHR - Extension: avast! WebRep = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1473_0\

CHR - Extension: Gmail = C:\Documents and Settings\Ollie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/29 09:16:08 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1614895754-1844237615-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343146782827 (WUWebControl Class)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BDA5ACB-3011-4D37-98E2-EA57E03FB572}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ollie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/11/04 15:44:40 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/05 12:03:39 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/11/04 21:59:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2012/11/02 17:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ollie\Desktop\MultiMC

[2012/10/29 09:14:08 | 000,000,000 | ---D | C] -- C:\Oli Temp

[2012/10/28 22:05:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ollie\Recent

[2012/10/28 22:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/10/21 14:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ollie\Desktop\Mods

========== Files - Modified Within 30 Days ==========

[2012/11/06 09:24:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/11/06 09:23:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/11/06 09:21:44 | 000,000,229 | RHS- | M] () -- C:\boot.ini

[2012/11/06 09:21:04 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012/11/05 12:43:22 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2012/11/05 11:31:04 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1844237615-839522115-1004UA.job

[2012/11/04 16:31:23 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1844237615-839522115-1004Core.job

[2012/11/02 19:32:19 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/11/02 19:30:59 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor Mod Defence Alliance 2.url

[2012/11/02 19:30:59 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor.url

[2012/11/02 19:30:59 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor SDK.url

[2012/10/31 17:41:22 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Shortcut to .techniclauncher.lnk

[2012/10/30 09:56:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/10/29 09:16:08 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/10/28 22:21:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/10/28 22:04:51 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2012/10/28 20:53:15 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012/10/28 20:18:44 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

[2012/10/28 09:22:57 | 000,472,562 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/10/28 09:22:56 | 000,075,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/10/24 19:21:57 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Ollie\Desktop\Team Fortress 2.url

[2012/10/23 11:18:34 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012/10/23 11:18:34 | 000,360,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012/10/23 11:18:34 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012/10/23 11:18:34 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012/10/23 11:18:33 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012/10/23 11:18:33 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012/10/23 11:18:32 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012/10/23 11:18:32 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012/10/23 11:17:48 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012/10/23 11:17:38 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012/10/12 21:55:01 | 000,009,549 | ---- | M] () -- C:\Documents and Settings\Ollie\My Documents\R.A.T.9.jpg

========== Files Created - No Company Name ==========

[2012/11/02 19:30:59 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor Mod Defence Alliance 2.url

[2012/11/02 19:30:59 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor SDK.url

[2012/11/02 19:30:58 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Killing Floor.url

[2012/10/31 17:41:22 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Shortcut to .techniclauncher.lnk

[2012/10/28 22:04:51 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2012/10/24 19:21:57 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\Ollie\Desktop\Team Fortress 2.url

[2012/10/12 21:54:51 | 000,009,549 | ---- | C] () -- C:\Documents and Settings\Ollie\My Documents\R.A.T.9.jpg

[2012/09/18 20:23:07 | 000,062,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2012/07/26 22:51:22 | 000,148,903 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1614895754-1844237615-839522115-1004-0.dat

[2012/07/26 22:51:20 | 000,083,246 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2012/07/25 11:41:06 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/07/24 17:42:15 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Ollie\Local Settings\Application Data\dt.dat

[2012/07/24 16:32:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/07/24 16:30:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2012/07/24 16:29:12 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/07/24 16:23:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2012/07/24 16:23:09 | 000,637,743 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2012/07/24 16:18:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/07/24 16:01:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

[2012/07/24 16:00:03 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2012/07/24 15:39:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2012/07/24 15:36:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012/07/24 16:21:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\System32\shdocvw.dll -- [2012/04/20 19:29:52 | 001,510,400 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2012/07/24 19:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2012/07/24 19:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint

[2012/07/24 16:25:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2012/07/24 19:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2012/10/28 22:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith

[2012/11/03 14:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\.minecraft

[2012/08/12 19:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\.Nitrous

[2012/11/01 21:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\.techniclauncher

[2012/08/22 12:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\Audacity

[2012/09/18 17:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\BANDISOFT

[2012/07/24 19:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\CheckPoint

[2012/09/18 18:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\OpenCandy

[2012/07/24 19:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\Oracle

[2012/08/18 15:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\skyz

[2012/07/26 13:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ollie\Application Data\TechSmith

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Step 1

Please download and run the following tool:

http://download.zonealarm.com/bin/free/support/download/clean.exe

Step 2

Please download AppRemover and save it on your desktop. Start the application and click Next and then select Clean Up a Failed Uninstall. Wait until AppRemover finishes scanning the computer and determines which security applications have elements installed. For some applications, AppRemover requires that you restart your computer to finish the uninstallation. If prompted, restart your computer before exiting AppRemover.

Finally, try to boot your computer in Normal mode again.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.