Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Think im infected loads of errors

Started by samuel3 , Dec 18 2010 04:11 PM

This topic is locked

#1
samuel3

Posted 18 December 2010 - 04:11 PM

Member

Member
110 posts

I have a slow computer and it has lots of errors.

I can not do disk clean up there is an error.

'Windows cannot locate the disk clean up program. The program file may be corrupted or may have been deleted from your computer. To reinstall Disk clean up, run windows setup again.

Task Manager does not come up.
Tried all ways.

Start>right clicking my computer > properties doesnt come up.

Error when using ccleaner
'Error loading InetCpl.
The specific module could not be found.

Can not download stuff properly says these an error in firefox

File not found

Firefox can't find the file at /C:/Documents and Settings/Daddy and mummy/Local Settings/Temporary Internet Files/Content.IE5/VGCUARCZ/download.

* Check the file name for capitalisation or other typing errors.
* Check to see if the file was moved, renamed or deleted.

Can not click some stuff in Control Panel

OVerall i think its some RunDll error?

What do i do? I have no disk to reinstall windows.

Thanks.

#2
Essexboy

Posted 19 December 2010 - 09:14 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there first I will need to have a look at your system

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

#3
samuel3

Posted 20 December 2010 - 04:40 AM

Member

Topic Starter
Member
110 posts

OTL.txt

OTL logfile created on: 20/12/2010 10:41:09 - Run 5
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\Daddy and mummy\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

768.00 Mb Total Physical Memory | 422.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 17.61 Gb Free Space | 63.02% Space Free | Partition Type: NTFS
Drive D: | 46.58 Gb Total Space | 46.54 Gb Free Space | 99.90% Space Free | Partition Type: NTFS

Computer Name: HOME-B8FD902FEA | User Name: Daddy and mummy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/20 10:32:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\OTL.exe
PRC - [2010/12/11 10:16:03 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/11 10:16:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/13 11:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/08/05 23:08:05 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/31 01:15:02 | 001,654,784 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D9000v3\Belkinwcui.exe

========== Modules (SafeList) ==========

MOD - [2010/12/20 10:32:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\OTL.exe
MOD - [2007/04/15 21:23:58 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/11/13 11:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/08/05 23:08:05 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

========== Driver Services (SafeList) ==========

DRV - [2010/05/11 08:55:15 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utqynjiz.sys -- (utqynjiz)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/08 15:53:24 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/06/20 09:32:39 | 000,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2007/07/28 15:10:18 | 000,483,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/26 13:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Belkin\F5D9000v3\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/12/04 12:28:10 | 000,730,956 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1715567821-1123561945-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1715567821-1123561945-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1715567821-1123561945-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.sky.com/"
FF - prefs.js..keyword.URL: "http://search.live.c...?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 16:25:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/18 21:44:37 | 000,000,000 | ---D | M]

[2009/12/31 23:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Mozilla\Extensions
[2009/12/31 23:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Mozilla\Extensions\[email protected]
[2010/09/29 16:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Mozilla\Firefox\Profiles\6m3ucpix.default\extensions
[2009/03/14 15:56:13 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\Application Data\Mozilla\Firefox\Profiles\6m3ucpix.default\searchplugins\live-search.xml
[2010/11/05 14:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/01 16:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 16:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 16:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 16:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/11/05 14:17:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [F5D9000v3] C:\Program Files\Belkin\F5D9000v3\Belkinwcui.exe (Belkin)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-1123561945-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-1123561945-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1715567821-1123561945-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1715567821-1123561945-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Daddy and mummy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daddy and mummy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/18 13:50:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/08 22:08:28 | 000,000,000 | ---D | M] - C:\AutoRuns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/20 10:32:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\OTL.exe
[2010/12/18 23:30:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Daddy and mummy\Recent
[2010/12/18 23:21:56 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\TFC.exe
[2010/12/18 22:37:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/12/18 22:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daddy and mummy\Desktop\Pictures
[2010/12/08 22:06:16 | 000,000,000 | ---D | C] -- C:\AutoRuns

========== Files - Modified Within 30 Days ==========

[2010/12/20 10:32:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\OTL.exe
[2010/12/20 09:01:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/20 09:01:23 | 804,876,288 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/18 23:21:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\TFC.exe
[2010/12/18 22:14:55 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/12/18 22:13:20 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/12/15 18:10:25 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\spider.sav
[2010/12/14 12:36:20 | 000,106,092 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\stock-photo-funny-d-icon-holding-merry-christmas-sign-on-a-green-meadow-39514075.jpg
[2010/12/04 21:28:58 | 000,064,410 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\190647,xcitefun-cartoon-characters-6.jpeg
[2010/12/04 17:33:53 | 000,006,921 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\images.jpeg
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/12/18 23:18:30 | 804,876,288 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/14 12:36:20 | 000,106,092 | ---- | C] () -- C:\Documents and Settings\Daddy and mummy\My Documents\stock-photo-funny-d-icon-holding-merry-christmas-sign-on-a-green-meadow-39514075.jpg
[2010/12/04 21:28:55 | 000,064,410 | ---- | C] () -- C:\Documents and Settings\Daddy and mummy\My Documents\190647,xcitefun-cartoon-characters-6.jpeg
[2010/12/04 17:33:53 | 000,006,921 | ---- | C] () -- C:\Documents and Settings\Daddy and mummy\My Documents\images.jpeg
[2010/05/11 08:51:37 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utqynjiz.sys
[2009/07/25 20:55:00 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/07/25 20:55:00 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/07/21 19:08:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Export to web.INI
[2009/07/21 19:08:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PWKMAIN.INI
[2009/07/21 19:07:50 | 000,000,164 | ---- | C] () -- C:\WINDOWS\KEYPAD.INI
[2009/07/21 19:07:50 | 000,000,089 | ---- | C] () -- C:\WINDOWS\Snapshot.ini
[2009/07/21 19:07:50 | 000,000,003 | ---- | C] () -- C:\WINDOWS\PHOTOFX.INI
[2009/07/21 19:07:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-it.ini
[2009/07/21 19:07:45 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2009/07/21 19:07:44 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2009/07/21 19:07:44 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\GSTPLT32.DLL
[2009/07/03 18:04:59 | 000,000,131 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/23 19:57:26 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/08/24 19:21:21 | 000,015,048 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2008/08/18 14:33:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/08/04 14:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/08/18 15:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/08/04 14:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/12/31 23:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/10/26 19:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Auslogics
[2010/06/19 10:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Facebook
[2010/11/05 14:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\id Software
[2010/05/20 20:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Notepad++
[2010/09/26 15:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\OpenOffice.org
[2009/12/31 23:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\TomTom

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[2004/08/03 23:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004/08/03 23:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004/08/03 23:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004/08/03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004/08/03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004/08/03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >
[2010/12/20 10:45:03 | 000,081,920 | -H-- | M] () -- C:\Documents and Settings\Daddy and mummy\NTUSER.DAT.LOG
[2010/12/20 10:44:37 | 000,000,062 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\order.txt
[2010/12/20 10:32:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\OTL.exe
[2010/12/20 09:01:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/12/20 09:01:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/19 22:04:35 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\ntuser.dat
[2010/12/19 22:04:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Daddy and mummy\ntuser.ini
[2010/12/19 22:04:30 | 003,757,870 | -H-- | M] () -- C:\Documents and Settings\Daddy and mummy\Local Settings\Application Data\IconCache.db
[2010/12/18 23:21:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\TFC.exe
[2010/12/18 22:14:55 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/12/18 22:13:20 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/12/18 22:13:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/12/15 18:10:25 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\spider.sav
[2010/12/14 12:36:20 | 000,106,092 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\stock-photo-funny-d-icon-holding-merry-christmas-sign-on-a-green-meadow-39514075.jpg
[2010/12/04 21:28:58 | 000,064,410 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\190647,xcitefun-cartoon-characters-6.jpeg
[2010/12/04 17:33:53 | 000,006,921 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\images.jpeg
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/08/18 14:31:19 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Daddy and mummy\Application Data\desktop.ini
[2008/08/18 14:31:19 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

========== Files - Modified Within 30 Days ==========

[2010/12/20 10:32:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\OTL.exe
[2010/12/20 09:01:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/20 09:01:23 | 804,876,288 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/18 23:21:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\TFC.exe
[2010/12/18 22:14:55 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/12/18 22:13:20 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/12/15 18:10:25 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\spider.sav
[2010/12/14 12:36:20 | 000,106,092 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\stock-photo-funny-d-icon-holding-merry-christmas-sign-on-a-green-meadow-39514075.jpg
[2010/12/04 21:28:58 | 000,064,410 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\190647,xcitefun-cartoon-characters-6.jpeg
[2010/12/04 17:33:53 | 000,006,921 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\images.jpeg
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== LOP Check ==========

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[2004/08/03 23:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004/08/03 23:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004/08/03 23:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004/08/03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004/08/03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004/08/03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >

#4
samuel3

Posted 20 December 2010 - 04:42 AM

Member

Topic Starter
Member
110 posts

I got no Extras.Txt.

#5
Essexboy

Posted 20 December 2010 - 01:55 PM

GeekU Moderator

Retired Staff
69,964 posts

On completion of these runs can you let me know what problems remain

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - [2010/05/11 08:55:15 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utqynjiz.sys -- (utqynjiz)
[2010/05/11 08:51:37 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utqynjiz.sys

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#6
samuel3

Posted 20 December 2010 - 02:26 PM

Member

Topic Starter
Member
110 posts

Run OTL

* Under the Custom Scans/Fixes box at the bottom, paste in the following

Quote
:OTL
DRV - [2010/05/11 08:55:15 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utqynjiz.sys -- (utqynjiz)
[2010/05/11 08:51:37 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utqynjiz.sys

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

* Then click the Run Fix button at the top
* Let the program run unhindered, reboot the PC when it is done

It said proccessing complete!' But it sorta like froze so i couldn't restart i had to turn off by the power button my keyboard.

Then i did the quickscan.

Heres the log i hope the stuff i pasted in OTL worked? Im not sure as i just turned the computer off and on.

OTL logfile created on: 20/12/2010 20:27:21 - Run 6
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\Daddy and mummy\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

768.00 Mb Total Physical Memory | 419.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 17.60 Gb Free Space | 62.99% Space Free | Partition Type: NTFS
Drive D: | 46.58 Gb Total Space | 46.54 Gb Free Space | 99.90% Space Free | Partition Type: NTFS

Computer Name: HOME-B8FD902FEA | User Name: Daddy and mummy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/20 10:32:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\OTL.exe
PRC - [2010/12/11 10:16:03 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/11 10:16:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/13 11:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/08/05 23:08:05 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/31 01:15:02 | 001,654,784 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D9000v3\Belkinwcui.exe

========== Modules (SafeList) ==========

MOD - [2010/12/20 10:32:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\OTL.exe
MOD - [2007/04/15 21:23:58 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/11/13 11:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/08/05 23:08:05 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

========== Driver Services (SafeList) ==========

DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/08 15:53:24 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/06/20 09:32:39 | 000,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2007/07/28 15:10:18 | 000,483,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/26 13:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Belkin\F5D9000v3\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/12/04 12:28:10 | 000,730,956 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.sky.com/"
FF - prefs.js..keyword.URL: "http://search.live.c...?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 16:25:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/18 21:44:37 | 000,000,000 | ---D | M]

[2009/12/31 23:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Mozilla\Extensions
[2009/12/31 23:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Mozilla\Extensions\[email protected]
[2010/09/29 16:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Mozilla\Firefox\Profiles\6m3ucpix.default\extensions
[2009/03/14 15:56:13 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\Application Data\Mozilla\Firefox\Profiles\6m3ucpix.default\searchplugins\live-search.xml
[2010/11/05 14:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/01 16:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 16:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 16:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 16:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/12/20 20:22:55 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [F5D9000v3] C:\Program Files\Belkin\F5D9000v3\Belkinwcui.exe (Belkin)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Daddy and mummy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daddy and mummy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/18 13:50:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/08 22:08:28 | 000,000,000 | ---D | M] - C:\AutoRuns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/20 14:56:10 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Daddy and mummy\Desktop\RootRepeal.exe
[2010/12/20 10:32:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\OTL.exe
[2010/12/18 23:30:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Daddy and mummy\Recent
[2010/12/18 23:21:56 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\TFC.exe
[2010/12/18 22:37:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/12/18 22:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daddy and mummy\Desktop\Pictures
[2010/12/08 22:06:16 | 000,000,000 | ---D | C] -- C:\AutoRuns

========== Files - Modified Within 30 Days ==========

[2010/12/20 20:25:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/20 20:25:48 | 804,876,288 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/20 20:22:55 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/20 14:56:12 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Daddy and mummy\Desktop\RootRepeal.exe
[2010/12/20 10:32:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\OTL.exe
[2010/12/18 23:21:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\TFC.exe
[2010/12/18 22:14:55 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/12/18 22:13:20 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/12/15 18:10:25 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\spider.sav
[2010/12/14 12:36:20 | 000,106,092 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\stock-photo-funny-d-icon-holding-merry-christmas-sign-on-a-green-meadow-39514075.jpg
[2010/12/04 21:28:58 | 000,064,410 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\190647,xcitefun-cartoon-characters-6.jpeg
[2010/12/04 17:33:53 | 000,006,921 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\images.jpeg
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/12/18 23:18:30 | 804,876,288 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/14 12:36:20 | 000,106,092 | ---- | C] () -- C:\Documents and Settings\Daddy and mummy\My Documents\stock-photo-funny-d-icon-holding-merry-christmas-sign-on-a-green-meadow-39514075.jpg
[2010/12/04 21:28:55 | 000,064,410 | ---- | C] () -- C:\Documents and Settings\Daddy and mummy\My Documents\190647,xcitefun-cartoon-characters-6.jpeg
[2010/12/04 17:33:53 | 000,006,921 | ---- | C] () -- C:\Documents and Settings\Daddy and mummy\My Documents\images.jpeg
[2009/07/25 20:55:00 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/07/25 20:55:00 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/07/21 19:08:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Export to web.INI
[2009/07/21 19:08:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PWKMAIN.INI
[2009/07/21 19:07:50 | 000,000,164 | ---- | C] () -- C:\WINDOWS\KEYPAD.INI
[2009/07/21 19:07:50 | 000,000,089 | ---- | C] () -- C:\WINDOWS\Snapshot.ini
[2009/07/21 19:07:50 | 000,000,003 | ---- | C] () -- C:\WINDOWS\PHOTOFX.INI
[2009/07/21 19:07:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-it.ini
[2009/07/21 19:07:45 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2009/07/21 19:07:44 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2009/07/21 19:07:44 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\GSTPLT32.DLL
[2009/07/03 18:04:59 | 000,000,131 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/23 19:57:26 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/08/24 19:21:21 | 000,015,048 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2008/08/18 14:33:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/08/04 14:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/08/18 15:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/08/04 14:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/12/31 23:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/10/26 19:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Auslogics
[2010/06/19 10:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Facebook
[2010/11/05 14:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\id Software
[2010/05/20 20:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Notepad++
[2010/09/26 15:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\OpenOffice.org
[2009/12/31 23:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\TomTom

========== Purity Check ==========

< End of report >

#7
samuel3

Posted 20 December 2010 - 02:37 PM

Member

Topic Starter
Member
110 posts

ComboFix 10-12-20.01 - Daddy and mummy 20/12/2010 20:37:12.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.768.405 [GMT 0:00]
Running from: c:\documents and settings\Daddy and mummy\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-11-20 to 2010-12-20 )))))))))))))))))))))))))))))))
.

2010-12-18 22:37 . 2010-12-18 22:37 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-12-08 22:06 . 2010-12-08 22:08 -------- d-----w- C:\AutoRuns

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 17:42 . 2008-08-18 14:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 17:42 . 2008-08-18 14:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-26 15:19 . 2009-02-01 19:02 411368 ----a-w- c:\windows\system32\deploytk.dll
.

------- Sigcheck -------

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe

c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F5D9000v3"="c:\program files\Belkin\F5D9000v3\Belkinwcui.exe" [2007-10-31 1654784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3246:TCP"= 3246:TCP:Services
"6795:TCP"= 6795:TCP:Services
"6796:TCP"= 6796:TCP:Services
"9303:TCP"= 9303:TCP:Services
"9302:TCP"= 9302:TCP:Services

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [03/07/2009 17:18 108289]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 11:31 92008]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [04/08/2010 15:08 27064]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
.
------- Supplementary Scan -------
.
uStart Page =
FF - ProfilePath - c:\documents and settings\Daddy and mummy\Application Data\Mozilla\Firefox\Profiles\6m3ucpix.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.sky.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-20 20:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2312)
c:\windows\system32\ntshrui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
Completion time: 2010-12-20 20:42:42
ComboFix-quarantined-files.txt 2010-12-20 20:42

Pre-Run: 18,859,884,544 bytes free
Post-Run: 18,848,804,864 bytes free

- - End Of File - - 7DE098920A81247CAD1FB92129114BD9

#8
Essexboy

Posted 20 December 2010 - 02:51 PM

GeekU Moderator

Retired Staff
69,964 posts

Yep the driver disappeared

Now we need to find a few replacement files

Run OTL. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
regedit.exe
beep.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

#9
samuel3

Posted 21 December 2010 - 10:26 AM

Member

Topic Starter
Member
110 posts

OTL logfile created on: 21/12/2010 14:55:06 - Run 8
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\Daddy and mummy\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

768.00 Mb Total Physical Memory | 564.00 Mb Available Physical Memory | 73.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 17.86 Gb Free Space | 63.91% Space Free | Partition Type: NTFS
Drive D: | 46.58 Gb Total Space | 46.54 Gb Free Space | 99.90% Space Free | Partition Type: NTFS

Computer Name: HOME-B8FD902FEA | User Name: Daddy and mummy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/20 10:32:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\OTL.exe
PRC - [2009/11/13 11:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/08/05 23:08:05 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/12/20 10:32:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\OTL.exe
MOD - [2007/04/15 21:23:58 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/11/13 11:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/08/05 23:08:05 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DADDYA~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/08 15:53:24 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/06/20 09:32:39 | 000,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2007/07/28 15:10:18 | 000,483,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/26 13:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Belkin\F5D9000v3\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/12/04 12:28:10 | 000,730,956 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1715567821-1123561945-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1715567821-1123561945-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1715567821-1123561945-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.sky.com/"
FF - prefs.js..keyword.URL: "http://search.live.c...?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 16:25:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/18 21:44:37 | 000,000,000 | ---D | M]

[2009/12/31 23:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Mozilla\Extensions
[2009/12/31 23:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Mozilla\Extensions\[email protected]
[2010/09/29 16:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Mozilla\Firefox\Profiles\6m3ucpix.default\extensions
[2009/03/14 15:56:13 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\Application Data\Mozilla\Firefox\Profiles\6m3ucpix.default\searchplugins\live-search.xml
[2010/11/05 14:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/01 16:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 16:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 16:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 16:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/12/20 20:22:55 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [F5D9000v3] C:\Program Files\Belkin\F5D9000v3\Belkinwcui.exe (Belkin)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-1123561945-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-1123561945-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1715567821-1123561945-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1715567821-1123561945-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Daddy and mummy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daddy and mummy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/18 13:50:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/08 22:08:28 | 000,000,000 | ---D | M] - C:\AutoRuns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/20 20:47:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Daddy and mummy\Recent
[2010/12/20 20:43:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/20 20:42:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/12/20 20:33:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/20 14:56:10 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Daddy and mummy\Desktop\RootRepeal.exe
[2010/12/20 10:32:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\OTL.exe
[2010/12/18 23:21:56 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\TFC.exe
[2010/12/18 22:37:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/12/18 22:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daddy and mummy\Desktop\Pictures
[2010/12/08 22:06:16 | 000,000,000 | ---D | C] -- C:\AutoRuns

========== Files - Modified Within 30 Days ==========

[2010/12/21 14:05:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/21 14:05:23 | 804,876,288 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/20 20:34:08 | 003,995,496 | R--- | M] () -- C:\Documents and Settings\Daddy and mummy\Desktop\ComboFix.exe
[2010/12/20 20:22:55 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/20 14:56:12 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Daddy and mummy\Desktop\RootRepeal.exe
[2010/12/20 10:32:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\OTL.exe
[2010/12/18 23:21:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\TFC.exe
[2010/12/18 22:14:55 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/12/18 22:13:20 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/12/15 18:10:25 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\spider.sav
[2010/12/14 12:36:20 | 000,106,092 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\stock-photo-funny-d-icon-holding-merry-christmas-sign-on-a-green-meadow-39514075.jpg
[2010/12/04 21:28:58 | 000,064,410 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\190647,xcitefun-cartoon-characters-6.jpeg
[2010/12/04 17:33:53 | 000,006,921 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\images.jpeg
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/12/20 20:32:40 | 003,995,496 | R--- | C] () -- C:\Documents and Settings\Daddy and mummy\Desktop\ComboFix.exe
[2010/12/18 23:18:30 | 804,876,288 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/14 12:36:20 | 000,106,092 | ---- | C] () -- C:\Documents and Settings\Daddy and mummy\My Documents\stock-photo-funny-d-icon-holding-merry-christmas-sign-on-a-green-meadow-39514075.jpg
[2010/12/04 21:28:55 | 000,064,410 | ---- | C] () -- C:\Documents and Settings\Daddy and mummy\My Documents\190647,xcitefun-cartoon-characters-6.jpeg
[2010/12/04 17:33:53 | 000,006,921 | ---- | C] () -- C:\Documents and Settings\Daddy and mummy\My Documents\images.jpeg
[2009/07/25 20:55:00 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/07/25 20:55:00 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/07/21 19:08:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Export to web.INI
[2009/07/21 19:08:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PWKMAIN.INI
[2009/07/21 19:07:50 | 000,000,164 | ---- | C] () -- C:\WINDOWS\KEYPAD.INI
[2009/07/21 19:07:50 | 000,000,089 | ---- | C] () -- C:\WINDOWS\Snapshot.ini
[2009/07/21 19:07:50 | 000,000,003 | ---- | C] () -- C:\WINDOWS\PHOTOFX.INI
[2009/07/21 19:07:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-it.ini
[2009/07/21 19:07:45 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2009/07/21 19:07:44 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2009/07/21 19:07:44 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\GSTPLT32.DLL
[2009/07/03 18:04:59 | 000,000,131 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/23 19:57:26 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/08/24 19:21:21 | 000,015,048 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2008/08/18 14:33:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/08/04 14:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/08/18 15:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/08/04 14:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/12/31 23:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/10/26 19:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Auslogics
[2010/06/19 10:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Facebook
[2010/11/05 14:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\id Software
[2010/05/20 20:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Notepad++
[2010/09/26 15:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\OpenOffice.org
[2009/12/31 23:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\TomTom

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: REGEDIT.EXE >
[2008/04/14 00:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe
[2008/04/14 00:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\regedit.exe

< %systemroot%\*. /mp /s >

< End of report >

#10
Essexboy

Posted 21 December 2010 - 01:40 PM

GeekU Moderator

Retired Staff
69,964 posts

On completion of these runs can you let me know what problems remain

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files
ipconfig /flushdns /c
C:\WINDOWS\regedit.exe|C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\regedit.exe /replace

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

#11
samuel3

Posted 21 December 2010 - 03:28 PM

Member

Topic Starter
Member
110 posts

Still have all the problems.

:Files
ipconfig /flushdns /c
C:\WINDOWS\regedit.exe|C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\regedit.exe /replace

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

It doesn't reboot after this it, freezes, and says 'processing complete!'
I have to manually turn it off and on.

OTL logfile created on: 21/12/2010 21:29:49 - Run 9
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\Daddy and mummy\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

768.00 Mb Total Physical Memory | 492.00 Mb Available Physical Memory | 64.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 17.77 Gb Free Space | 63.59% Space Free | Partition Type: NTFS
Drive D: | 46.58 Gb Total Space | 46.54 Gb Free Space | 99.90% Space Free | Partition Type: NTFS

Computer Name: HOME-B8FD902FEA | User Name: Daddy and mummy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/20 10:32:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\OTL.exe
PRC - [2009/11/13 11:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/08/05 23:08:05 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/31 01:15:02 | 001,654,784 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D9000v3\Belkinwcui.exe

========== Modules (SafeList) ==========

MOD - [2010/12/20 10:32:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\OTL.exe
MOD - [2007/04/15 21:23:58 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/11/13 11:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/08/05 23:08:05 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DADDYA~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/08 15:53:24 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/06/20 09:32:39 | 000,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2007/07/28 15:10:18 | 000,483,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/26 13:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Belkin\F5D9000v3\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/12/04 12:28:10 | 000,730,956 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.sky.com/"
FF - prefs.js..keyword.URL: "http://search.live.c...?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 16:25:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/18 21:44:37 | 000,000,000 | ---D | M]

[2009/12/31 23:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Mozilla\Extensions
[2009/12/31 23:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Mozilla\Extensions\[email protected]
[2010/09/29 16:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Mozilla\Firefox\Profiles\6m3ucpix.default\extensions
[2009/03/14 15:56:13 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\Application Data\Mozilla\Firefox\Profiles\6m3ucpix.default\searchplugins\live-search.xml
[2010/11/05 14:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/01 16:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 16:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 16:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 16:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/12/21 21:23:13 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [F5D9000v3] C:\Program Files\Belkin\F5D9000v3\Belkinwcui.exe (Belkin)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Daddy and mummy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daddy and mummy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/18 13:50:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/08 22:08:28 | 000,000,000 | ---D | M] - C:\AutoRuns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/21 15:11:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Daddy and mummy\Recent
[2010/12/20 20:43:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/20 20:42:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/12/20 20:33:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/20 14:56:10 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Daddy and mummy\Desktop\RootRepeal.exe
[2010/12/20 10:32:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\OTL.exe
[2010/12/18 23:21:56 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\TFC.exe
[2010/12/18 22:37:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/12/18 22:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daddy and mummy\Desktop\Pictures
[2010/12/08 22:06:16 | 000,000,000 | ---D | C] -- C:\AutoRuns
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/21 21:28:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/21 21:28:39 | 804,876,288 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/21 21:26:47 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/21 21:23:13 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/20 20:34:08 | 003,995,496 | R--- | M] () -- C:\Documents and Settings\Daddy and mummy\Desktop\ComboFix.exe
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/20 14:56:12 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Daddy and mummy\Desktop\RootRepeal.exe
[2010/12/20 10:32:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\OTL.exe
[2010/12/18 23:21:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy and mummy\Desktop\TFC.exe
[2010/12/18 22:14:55 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/12/18 22:13:20 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/12/15 18:10:25 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\spider.sav
[2010/12/14 12:36:20 | 000,106,092 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\stock-photo-funny-d-icon-holding-merry-christmas-sign-on-a-green-meadow-39514075.jpg
[2010/12/04 21:28:58 | 000,064,410 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\190647,xcitefun-cartoon-characters-6.jpeg
[2010/12/04 17:33:53 | 000,006,921 | ---- | M] () -- C:\Documents and Settings\Daddy and mummy\My Documents\images.jpeg
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/21 21:26:47 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/20 20:32:40 | 003,995,496 | R--- | C] () -- C:\Documents and Settings\Daddy and mummy\Desktop\ComboFix.exe
[2010/12/18 23:18:30 | 804,876,288 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/14 12:36:20 | 000,106,092 | ---- | C] () -- C:\Documents and Settings\Daddy and mummy\My Documents\stock-photo-funny-d-icon-holding-merry-christmas-sign-on-a-green-meadow-39514075.jpg
[2010/12/04 21:28:55 | 000,064,410 | ---- | C] () -- C:\Documents and Settings\Daddy and mummy\My Documents\190647,xcitefun-cartoon-characters-6.jpeg
[2010/12/04 17:33:53 | 000,006,921 | ---- | C] () -- C:\Documents and Settings\Daddy and mummy\My Documents\images.jpeg
[2009/07/25 20:55:00 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/07/25 20:55:00 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/07/21 19:08:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Export to web.INI
[2009/07/21 19:08:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PWKMAIN.INI
[2009/07/21 19:07:50 | 000,000,164 | ---- | C] () -- C:\WINDOWS\KEYPAD.INI
[2009/07/21 19:07:50 | 000,000,089 | ---- | C] () -- C:\WINDOWS\Snapshot.ini
[2009/07/21 19:07:50 | 000,000,003 | ---- | C] () -- C:\WINDOWS\PHOTOFX.INI
[2009/07/21 19:07:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-it.ini
[2009/07/21 19:07:45 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2009/07/21 19:07:44 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2009/07/21 19:07:44 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\GSTPLT32.DLL
[2009/07/03 18:04:59 | 000,000,131 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/23 19:57:26 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/08/24 19:21:21 | 000,015,048 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2008/08/18 14:33:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/08/04 14:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/08/18 15:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/08/04 14:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/12/31 23:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/10/26 19:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Auslogics
[2010/06/19 10:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Facebook
[2010/11/05 14:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\id Software
[2010/05/20 20:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\Notepad++
[2010/09/26 15:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\OpenOffice.org
[2009/12/31 23:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy and mummy\Application Data\TomTom

========== Purity Check ==========

< End of report >

Edited by samuel3, 21 December 2010 - 03:34 PM.

#12
samuel3

Posted 21 December 2010 - 03:32 PM

Member

Topic Starter
Member
110 posts

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5367

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

21/12/2010 21:37:19
mbam-log-2010-12-21 (21-37-19).txt

Scan type: Quick scan
Objects scanned: 134248
Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13
Essexboy

Posted 21 December 2010 - 03:35 PM

GeekU Moderator

Retired Staff
69,964 posts

OK lets update your system first and then see what errors we have remaing

Download and install SP3 from windows update, then install IE8

Once done re- run OTL for me please

#14
Essexboy

Posted 21 December 2010 - 03:35 PM

GeekU Moderator

Retired Staff
69,964 posts

OK lets update your system first and then see what errors we have remaing

Download and install SP3 from windows update, then install IE8

Once done re- run OTL for me please