"internet Explorer Has Stopped Working"

rubixcube22 · Mar 24, 2011

Ive had this problem for a few years now, but never found out how to fix this, so an answer would be really appreciated. A few years ago, i tried downloading a program called "Fire Letters", but immediatly after i downloaded it, my browser closed. i tried opening it but as soon as it opens it says "Internet explorer has stopped working" and im forced to close it. I bought i think the 40 dollar version of norton antivirus, but when i tried scanning, the files scanned would stay at 0, even if it was left running for days. sometimes, after i close internet explorer, a message comes up and says something about data execution prevention not letting me use internet explorer. I'm also sure i have a connection because i can still play online games. If anyone has any advice, it would be great.

BeeCeeBee · Mar 24, 2011

Have you tried installing all available upgrades? What version of Internet Explorer are you using.

This has been happening for years? I don't suppose you can find a restore point that predates this Fire Letters download?

KenB · Mar 25, 2011

"Internet explorer has stopped working"
Click to expand...

i can still play online games.
Click to expand...

Presumably you are using a different browser to access the online games?

If you are using IE7 or IE8 try deleting it - the system will revert to IE6.
(If you have had the problem for a few years you probably have IE6 or 7 )
Does this work for you?

starbuck · Feb 4, 2014

i tried downloading a program called "Fire Letters", but immediatly after i downloaded it, my browser closed.
Click to expand...

I see this program is available on a lot of 'Warez' sites.
Did you try downloading it from one of these?
Did it install?
If so, have you removed it?

If you did download from a warez site, you probably downloaded a lot of malware as well.
This could well be the reason for IE and Norton not working properly.

We need to rule out any malware first:

Step 1
Please download Malwarebytes Anti-Malware and save it to your desktop.

Make sure you are connected to the Internet.

Double-click on Download_mbam-setup.exe to install the application.

When the installation begins, follow the prompts and do not make any changes to default settings.

When installation has finished, make sure you leave both of these checked:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Full Scan" option is selected.

Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

Make sure that everything is checked, and click Remove Selected.

When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Step 2

Download OTL to your desktop.
right click on the link and select 'Save Link/Target As'.

if you have problems, try this download link:
OTL

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

When the window appears, underneath Output at the top change it to Minimal Output.

Check the boxes beside LOP Check and Purity Check

.

.
.

Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
CREATERESTOREPOINT

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

.
.

Click the Run Scan button.

Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

In your next reply, please submit:
MBAM scan report
both reports from OTL

Please answer the questions.

These answers and reports will tell us a lot more.

Thanks.

rubixcube22 · Mar 25, 2011

BeeCeeBee said: ↑

Have you tried installing all available upgrades? What version of Internet Explorer are you using.

This has been happening for years? I don't suppose you can find a restore point that predates this Fire Letters download?
Click to expand...

i tried finding a restore point but none of the points work. It also wont let me download any updates, not sure about the version.

rubixcube22 · Mar 25, 2011

starbuck said: ↑

[*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself.
Click to expand...

i clicked finish but MBAM never opened. i tried opening it multiple times off the desktop but could never open. everytime i try and open it, it says a program needs your permission to continue, i click continue, but then nothing happens. i tried running as administrator but an error message comes up and says MBAM has stopped working.

starbuck · Feb 4, 2014

Hi rubixcube22

Ok this sounds like malware blocking things.
I'll move this thread to the Malware Removal forum to be on the safe side, we'll continue there.
The link will remain the same.

Forget the previous instructions and remove MBAM.

Then follow these instructions:

Step 1

Please reboot your computer in Safe Mode with Networking by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
You will need to use the 'keyboard arrow keys' to navigate on this menu.
* Select the option, to run Windows in Safe Mode with Networking, then press "Enter".
* Then choose your usual account.

Step 2

Start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options
Click on the Connections tab
Click on the Lan Settings button
Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen
Then press the OK button to close the Internet Options screen.

Internet Explorer should now work.
Or you can use Firefox to complete the next few steps.

Step 3
Please download RKill.com to your desktop from the following link.:
Rkill download link
Download page will open in a new tab or browser window.
When at the download page, click on the Download Now button to download RKill.com and save it on your desktop.
Once it is downloaded, double-click on the rkill.com icon.
If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the malware when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself .

If the malware is persistant, you may have to run RKill a number of times.
When it has finished, the black window will automatically close and you can continue with the next step.

If you continue having problems running rkill.com, you can download iExplore or eXplorer.exe from the rkill download page. Both of these files are renamed copies of rkill.com, which you can try instead. Please note that the download page will open in a new browser window or tab.

Note
Please do not reboot your system until you have completed the following step, or the Malware will restart itself:

Step 4
Please download Malwarebytes Anti-Malware and save it to your desktop.

Make sure you are connected to the Internet.

Double-click on Download_mbam-setup.exe to install the application.

When the installation begins, follow the prompts and do not make any changes to default settings.

When installation has finished, make sure you leave both of these checked:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Full Scan" option is selected.

Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

Make sure that everything is checked, and click Remove Selected.

When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Step 5

Download OTL to your desktop.
right click on the link and select 'Save Link/Target As'.

if you have problems, try this download link:
OTL

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

When the window appears, underneath Output at the top change it to Minimal Output.

Check the boxes beside LOP Check and Purity Check

.

.
.

Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
CREATERESTOREPOINT

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

.
.

Click the Run Scan button.

Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

In your next reply, please submit:
MBAM report
and both reports from OTL

Thanks.

rubixcube22 · Mar 25, 2011

starbuck said: ↑

Step 3
Please download RKill.com to your desktop from the following link.:
Rkill download link
Download page will open in a new tab or browser window.
When at the download page, click on the Download Now button to download RKill.com and save it on your desktop.
Once it is downloaded, double-click on the rkill.com icon.
If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the malware when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself .

If the malware is persistant, you may have to run RKill a number of times.
When it has finished, the black window will automatically close and you can continue with the next step.

If you continue having problems running rkill.com, you can download iExplore or eXplorer.exe from the rkill download page. Both of these files are renamed copies of rkill.com, which you can try instead. Please note that the download page will open in a new browser window or tab.
Click to expand...

Ive had some trouble when running rkill. first off, it wouldnt work on safe mode so i changed back. what ive been doing is downloading the files on my laptop (the computer im currently using) and then transferring them to the infected computer with a flash drive. so i would run rkill and it would say stuff like terminting malware proccesses or something, then it would close and a notepad message would come up saying stuff like where its located, when it was run, and what the operating sysem is. then it would say "processes terminated by rkill or while it was running" and that rkill was completed. im not sure if this is a real message or like your said, a fake one by the malware. i left the message up and ran rkill again but the same error message comes up each time. i ran it about 10 times and all that was happening was error messages were stacking. please say whether these are real or fake messages,
thanks

starbuck · Mar 25, 2011

Those messages from RKill are ok.
Once the processes have been terminated..... try updating MBAM.

if it still won't update download and run the OTL program.

rubixcube22 · Mar 25, 2011

OTL logfile created on: 3/25/2011 7:15:41 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Donnie\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576.17 Gb Total Space | 264.44 Gb Free Space | 45.90% Space Free | Partition Type: NTFS
Drive D: | 19.99 Gb Total Space | 13.03 Gb Free Space | 65.16% Space Free | Partition Type: FAT32
Drive I: | 7.45 Gb Total Space | 6.76 Gb Free Space | 90.79% Space Free | Partition Type: FAT32

Computer Name: DONNIE-PC | User Name: Donnie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Donnie\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Gamevance\gamevance32.exe ()
PRC - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe (BullGuard Software)
PRC - C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe (BullGuard Software)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe (Google)
PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Works\WksWP.exe (Microsoft® Corporation)
PRC - C:\Program Files\Microsoft Works\wkgdcach.exe (Microsoft® Corporation)
PRC - C:\Program Files\Microsoft Works\WkDStore.exe (Microsoft® Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Donnie\Desktop\OTL.scr (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Norton AntiVirus) -- C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (ASKUpgrade) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (BsMailProxy) -- C:\Program Files\BullGuard Software\BullGuard\BsMailProxy.dll (BullGuard Ltd.)
SRV - (BsFileScan) -- C:\Program Files\BullGuard Software\BullGuard\BsFileScan.dll (BullGuard Ltd.)
SRV - (BGLiveSvc) -- C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe (BullGuard Software)
SRV - (BgMainSvc) -- C:\Program Files\BullGuard Software\BullGuard\BsMain.dll (BullGuard, Ltd.)
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100702.001\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100704.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100704.002\NAVENG.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\Drivers\NAV\1008000.029\ccHPx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NAV\1008000.029\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\NAV\1008000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NAV\1008000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (BdFileSpy) -- C:\Windows\System32\drivers\BdFileSpy.sys (BullGuard Ltd.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (ahcix86s) -- C:\Windows\system32\DRIVERS\ahcix86s.sys (AMD Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (amdide) -- C:\Windows\system32\DRIVERS\amdide.sys (Advanced Micro Devices)
DRV - (Reconn) -- C:\Program Files\BullGuard Software\BullGuard\Reconn.sys (BullGuard Ltd.)
DRV - (RT2500) -- C:\Windows\System32\drivers\RT2500.sys (Ralink Technology Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://starter.metacafe.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[2010/05/13 00:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Donnie\AppData\Roaming\Mozilla\Extensions
[2009/05/07 23:30:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Donnie\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/05/12 00:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Donnie\AppData\Roaming\Mozilla\Firefox\extensions
[2009/05/12 00:03:27 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Donnie\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (PremiereAdvertisingPlatform) - {547395D9-934A-CED6-B851-F238C86079E5} - File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Software\BullGuard\bullguard.exe (BullGuard Software)
O4 - HKLM..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NBKeyScan] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [BullGuard] C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe (BullGuard Software)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: webkinz.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.75.198 68.87.64.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.152,85.255.112.158
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Donnie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Donnie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/03/25 19:07:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/25 19:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/25 19:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/25 19:07:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/25 15:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/25 15:28:21 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Donnie\Desktop\OTL.scr
[2011/03/25 15:28:19 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Donnie\Desktop\mbam-setup-1.50.1.1100.exe
[2011/03/12 00:36:12 | 000,000,000 | ---D | C] -- C:\Users\Donnie\Documents\Super Screen Recorder
[2011/03/12 00:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Zeallsoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/25 19:17:58 | 003,520,880 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/25 19:17:58 | 001,110,272 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/25 19:15:22 | 000,000,296 | ---- | M] () -- C:\Users\Donnie\AppData\Roaming\wklnhst.dat
[2011/03/25 19:07:04 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/25 19:00:03 | 000,000,264 | -H-- | M] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2011/03/25 18:41:18 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/03/25 18:39:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/25 18:38:40 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/25 18:38:40 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/25 18:38:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/25 18:38:28 | 2950,881,280 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/25 18:36:45 | 000,001,356 | ---- | M] () -- C:\Users\Donnie\AppData\Local\d3d9caps.dat
[2011/03/25 18:18:22 | 001,006,778 | ---- | M] () -- C:\Users\Donnie\Desktop\rkill.com
[2011/03/25 18:04:19 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Donnie.job
[2011/03/25 17:30:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/25 15:27:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Donnie\Desktop\OTL.scr
[2011/03/25 15:25:58 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Donnie\Desktop\mbam-setup-1.50.1.1100.exe
[2011/03/24 02:37:43 | 223,460,539 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/07 00:07:50 | 000,064,000 | ---- | M] () -- C:\Users\Donnie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/25 19:07:04 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/25 18:38:28 | 2950,881,280 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/25 18:19:28 | 001,006,778 | ---- | C] () -- C:\Users\Donnie\Desktop\rkill.com
[2010/12/28 04:18:59 | 000,000,296 | ---- | C] () -- C:\Users\Donnie\AppData\Roaming\wklnhst.dat
[2010/12/12 22:47:27 | 000,001,940 | ---- | C] () -- C:\Users\Donnie\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/01/15 17:53:38 | 000,000,552 | ---- | C] () -- C:\Users\Donnie\AppData\Local\d3d8caps.dat
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/06/30 08:10:12 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/05/16 12:48:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/01/28 21:43:01 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat
[2008/12/02 18:00:44 | 000,064,000 | ---- | C] () -- C:\Users\Donnie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/25 20:46:03 | 000,001,356 | ---- | C] () -- C:\Users\Donnie\AppData\Local\d3d9caps.dat
[2008/07/09 15:15:55 | 000,000,052 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2008/07/09 14:13:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/07/02 17:54:16 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/07/02 17:54:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/02 23:35:17 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/06/02 23:02:01 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/04/28 17:09:09 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/05 20:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007/08/21 17:51:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2007/08/21 15:36:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,330,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 003,507,734 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 001,105,692 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/04/22 01:09:00 | 000,001,287 | ---- | C] () -- C:\Windows\System32\WLAN.INI

========== LOP Check ==========

[2011/02/22 20:55:03 | 000,000,000 | ---D | M] -- C:\Users\Donnie\AppData\Roaming\.minecraft
[2009/02/08 01:11:41 | 000,000,000 | ---D | M] -- C:\Users\Donnie\AppData\Roaming\acccore
[2009/05/06 18:03:27 | 000,000,000 | ---D | M] -- C:\Users\Donnie\AppData\Roaming\Acoustica
[2009/06/29 14:47:55 | 000,000,000 | ---D | M] -- C:\Users\Donnie\AppData\Roaming\BullGuard
[2010/08/28 22:26:25 | 000,000,000 | ---D | M] -- C:\Users\Donnie\AppData\Roaming\LimeWire
[2010/12/28 04:19:01 | 000,000,000 | ---D | M] -- C:\Users\Donnie\AppData\Roaming\Template
[2009/02/14 20:41:07 | 000,000,000 | ---D | M] -- C:\Users\Donnie\AppData\Roaming\Ulead Systems
[2009/05/15 21:10:43 | 000,000,000 | ---D | M] -- C:\Users\Donnie\AppData\Roaming\uTorrent
[2011/03/25 18:04:45 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/11/06 23:38:20 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D2E5A9C4-933A-4435-ACD9-A7BA4C9A4F37}.job
[2011/03/25 19:00:03 | 000,000,264 | -H-- | M] () -- C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\WTF.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\warts.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\wart prank.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\VTS_01_1 (9).VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\VTS_01_1 (8).VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\VTS_01_1 (7).VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\VTS_01_1 (6).VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\VTS_01_1 (5).VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\VTS_01_1 (4).VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\VTS_01_1 (3).VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\VTS_01_1 (20).VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\VTS_01_1 (2).VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\VTS_01_1 (19).VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\VTS_01_1 (18).VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\VTS_01_1 (17).VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\VTS_01_1 (16).VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\VTS_01_1 (15).VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\VTS_01_1 (14).VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\VTS_01_1 (13).VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\VTS_01_1 (12).VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\VTS_01_1 (11).VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\VTS_01_1 (10).VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\scream.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\rrrr.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\rick roll 8.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\rick roll 7.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\rick roll 6.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\Rick ROll 5.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\Rick roll 4.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\rick roll 3.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\rick roll 2.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\RICK ROLL 1.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\RecordScratch.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\QUAGMIREfunnny.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\Quagmirefunnnnnnny.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\QUAGMIRE3.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\QUAGMIRE2.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\QUAGMIRE.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\peter prank call.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\peter call.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\orchtun1.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\opening.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\OPENING R.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\Michael Jackson prank.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\KrtCrsh2.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\hji.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\herbert4.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\herbert3.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\herbert.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\herbert 2.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\HEAD CRASH.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\FUnnny.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\DEVO WATCH US WORK IT.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\clip0017.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\clip0016.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\clip0015.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\clip0014.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\clip0013.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\clip0012.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\clip0010.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\clip0009.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\clip0008.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\clip0006.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\clip0005.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\Burger king.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\bleep.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\Beatles - Can't Buy Me Love.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\bass drum.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Documents\barbie Girl Prank.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Desktop\wee.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Desktop\waves.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Desktop\VTS_01_1.wmv.VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Desktop\static.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Desktop\red dead.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Desktop\fight6ingf.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Desktop\dee.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Donnie\Desktop\001.AVI:TOC.WMV
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
OTL Extras logfile created on: 3/25/2011 7:15:41 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Donnie\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576.17 Gb Total Space | 264.44 Gb Free Space | 45.90% Space Free | Partition Type: NTFS
Drive D: | 19.99 Gb Total Space | 13.03 Gb Free Space | 65.16% Space Free | Partition Type: FAT32
Drive I: | 7.45 Gb Total Space | 6.76 Gb Free Space | 90.79% Space Free | Partition Type: FAT32

Computer Name: DONNIE-PC | User Name: Donnie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{333F3B27-C3AD-4E39-A871-16BC4656035F}" = lport=138 | protocol=17 | dir=in | app=system |
"{4D78B3E4-22AF-447E-B62D-77F6B898991B}" = rport=138 | protocol=17 | dir=out | app=system |
"{7049588B-60ED-4755-B90C-2822D73A288A}" = lport=137 | protocol=17 | dir=in | app=system |
"{73E43063-ECB9-4FBC-A995-85B57BEA03CB}" = rport=445 | protocol=6 | dir=out | app=system |
"{A44978AB-6C20-4D9C-B44C-19312BA4CFAD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A83364CA-2FF0-4BF1-996B-E66979143858}" = rport=137 | protocol=17 | dir=out | app=system |
"{C20FA2A5-2DEE-4B48-B256-A7A69B58718F}" = lport=139 | protocol=6 | dir=in | app=system |
"{CAECFFF6-2F2A-4B8B-B891-C64D50712CE9}" = lport=445 | protocol=6 | dir=in | app=system |
"{CDC2C19E-701C-4EE4-8CA1-C0E8FF731550}" = rport=139 | protocol=6 | dir=out | app=system |
"{DC9C78A1-5ED0-4116-8414-384843A30AFE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A36D628-7E3E-4508-B0D0-90F99C71EAC7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2228E77A-34A1-440A-ABB6-B36E9E68992D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{78130EFD-0C10-4B97-B9B4-F11622BD4271}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{994B970D-AA59-45AD-8E93-FE4330400695}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{55D932DC-F061-40A1-998D-8368F332B9CF}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{9CBD0415-38E4-4892-947C-D4A4FB795C0B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{0133D5B5-5BEF-416E-8A57-FE15F0DB1C6B}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{91AEAB97-C244-4C16-B384-2E69C1EB471F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{135281A7-41FE-6F26-39F5-7293F8483A86}" = Catalyst Control Center InstallProxy
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{254DEDB1-5217-61E2-EF3C-C9828787F131}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 23
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{2F1DF23C-87AF-0585-D1CF-7C08821227F1}" = CCC Help English
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{34AB2CEB-2221-DD43-85ED-5E3DEB16FAA9}" = Catalyst Control Center Core Implementation
"{35A9D14E-95B4-95C4-54E4-15F1F96309E3}" = Catalyst Control Center Graphics Full Existing
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
"{40738138-34A4-7712-6DA7-14E6C57DC7C0}" = ccc-utility
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{58B94766-15FC-4981-C513-4AF079EA649A}" = ccc-core-static
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{60EE17A0-83DB-FF42-9802-945DD31442A1}" = Catalyst Control Center HydraVision Full
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{800044FB-83FE-4AC9-4653-07C36EA99FE7}" = Catalyst Control Center Graphics Full New
"{862F113B-F914-4FCF-C254-C145B8815138}" = ATI Catalyst Install Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FE501EC-B1FC-A431-D175-56AAADE0D10E}" = Catalyst Control Center Graphics Light
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A793EFFB-57E0-7B33-7A7F-E75D8F17F11A}" = Skins
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7006876-AAE7-1D93-5BAE-980020148184}" = Catalyst Control Center Graphics Previews Vista
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 3.1" = Acoustica Mixcraft 3.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"Ask Toolbar_is1" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"BullGuard" = BullGuard 7.0 for Vista
"EADM" = EA Download Manager
"Gamevance" = Gamevance
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"LimeWire" = LimeWire 5.1.2
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NAV" = Norton AntiVirus
"NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)
"Phun_is1" = Algodoo Phun edition v5.28
"PlayMP3" = PlayMP3z
"PremiereAdvertisingPlatform" = PremiereAdvertisingPlatform
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/27/2011 3:02:32 AM | Computer Name = Donnie-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/27/2011 3:02:32 AM | Computer Name = Donnie-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/27/2011 3:02:32 AM | Computer Name = Donnie-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/27/2011 3:02:32 AM | Computer Name = Donnie-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/27/2011 3:02:32 AM | Computer Name = Donnie-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/27/2011 3:02:32 AM | Computer Name = Donnie-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/27/2011 3:02:32 AM | Computer Name = Donnie-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/27/2011 3:02:32 AM | Computer Name = Donnie-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/27/2011 3:02:32 AM | Computer Name = Donnie-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/27/2011 3:02:32 AM | Computer Name = Donnie-PC | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 5/21/2009 1:47:48 AM | Computer Name = Donnie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/21/2009 1:31:44 AM | Computer Name = Donnie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/14/2009 1:27:06 PM | Computer Name = Donnie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 3/25/2011 6:32:50 PM | Computer Name = Donnie-PC | Source = DCOM | ID = 10005
Description =

Error - 3/25/2011 6:32:52 PM | Computer Name = Donnie-PC | Source = DCOM | ID = 10005
Description =

Error - 3/25/2011 6:32:57 PM | Computer Name = Donnie-PC | Source = DCOM | ID = 10005
Description =

Error - 3/25/2011 6:33:08 PM | Computer Name = Donnie-PC | Source = DCOM | ID = 10005
Description =

Error - 3/25/2011 6:38:39 PM | Computer Name = Donnie-PC | Source = HTTP | ID = 15016
Description =

Error - 3/25/2011 6:39:53 PM | Computer Name = Donnie-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 3/25/2011 6:39:53 PM | Computer Name = Donnie-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/25/2011 6:39:53 PM | Computer Name = Donnie-PC | Source = Service Control Manager | ID = 7038
Description =

Error - 3/25/2011 6:39:53 PM | Computer Name = Donnie-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/25/2011 6:39:53 PM | Computer Name = Donnie-PC | Source = Service Control Manager | ID = 7001
Description =

< End of report >

starbuck · Feb 4, 2014

Hi rubixcube22

Did MBAM run?
if so:

Start Malwarebytes AntiMalware.
Click on the logs tab.
The logs are date stamped ... double click on the log that showed any infection items.

.

It'll open in notepad.

Please copy/paste the report in your next reply.

rubixcube22 · Mar 26, 2011

starbuck said: ↑

Did MBAM run?
Click to expand...

No its not starting up. its still giving me the "A program needs your permission to continue" message, i click continue but nothing opens...

starbuck · Mar 26, 2011

It might be the UAC blocking it.

Click Start >> Control Panel >> User Accounts
Then select your user account.
Click on Turn User Account Control on or off
Untick to use the UAC and click ok.
Then restart the system for the changes to take effect.

Then try running MBAM again.
Still right click the icon and select Run as Administrator though.

rubixcube22 · Mar 26, 2011

starbuck said: ↑

It might be the UAC blocking it.

Click Start >> Control Panel >> User Accounts
Then select your user account.
Click on Turn User Account Control on or off
Untick to use the UAC and click ok.
Then restart the system for the changes to take effect.

Then try running MBAM again.
Still right click the icon and select Run as Administrator though.
Click to expand...

Now, all that happens when i try to run it is a message comes up and says MBAM has stopped working.

starbuck · Feb 4, 2014

Hi rubixcube22

Ok, let's go with what we have for now.

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

Step 1

sometimes, after i close internet explorer, a message comes up and says something about data execution prevention not letting me use internet explorer.
Click to expand...

Read this and see if it helps:
http://www.online-tech-tips.com/windows-xp/disable-turn-off-dep-windows/

Step 2
Please uninstall these 2 items from your add/remove:

BullGuard
J2SE Runtime Environment 5.0 Update 12

Then reboot the system.

Step 3
Double click on OTL to run it.
Copy the lines in bold below. (make sure that :Otl is on the first line )

tl
O2 - BHO: (PremiereAdvertisingPlatform) - {547395D9-934A-CED6-B851-F238C86079E5} - File not found
O4 - HKLM..\Run: [NBKeyScan] File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]
[EMPTYFLASH]

Return to OTL,

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

.

Click the red Run Fix button.

OTL will reboot your system once the fix has completed.

After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles

In your next reply, please submit:
Otl fix report

Thanks.

rubixcube22 · Mar 26, 2011

All processes killed
Error: Unable to interpret <tl
O2 - BHO: (PremiereAdvertisingPlatform) - {547395D9-934A-CED6-B851-F238C86079E5} - File not found
O4 - HKLM..\Run: [NBKeyScan] File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]
[EMPTYFLASH]
> in the current context!

OTL by OldTimer - Version 3.2.22.3 log created on 03262011_201358

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

starbuck · Mar 27, 2011

Hi rubixcube22

Error: Unable to interpret <tl
Click to expand...

This is odd.

Download Dr.Web CureIt to the desktop:

Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.

This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.

Once the short scan has finished, select Complete scan.

Click the green arrow at the right, and the scan will start.

Click Yes to all if it asks if you want to cure/move the file.

When the scan has finished, in the menu, click File and choose Save report list

Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.

Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Thanks

rubixcube22 · Mar 28, 2011

if i try and exit, a message comes up that says "the list of detected threats contains objects to which no actions were applied. It is recommended to neutralize them before closing the application." Should i just ignore it and reboot or delete the infected files or something???

starbuck · Mar 28, 2011

Hi rubixcube22

Did you click on the 'Cure' button?

There's a small tutorial here that may help:
http://computerhelpforums.net/tutorials/t-143-drweb-cureit/

rubixcube22 · Mar 28, 2011

gamevance32.exe;c:\program files\gamevance;Adware.Siggen.8026;Incurable.Deleted.;
gamevancelib32.dll;c:\program files\gamevance;Adware.Siggen.8749;Incurable.Deleted.;
gvtl.dll;c:\program files\gamevance;Adware.Siggen.10754;Incurable.Deleted.;
gamevance32.exe;c:\program files\gamevance;Adware.Siggen.8026;Invalid path to file ;
gamevancelib32.dll;c:\program files\gamevance;Adware.Siggen.8749;Invalid path to file ;
gvtl.dll;c:\program files\gamevance;Adware.Siggen.10754;Invalid path to file ;
AP3E79F969.dll\data001;C:\Documents and Settings\Donnie\DoctorWeb\Quarantine\AP3E79F969.dll;Adware.Bho.3135;;
AP3E79F969.dll;C:\Documents and Settings\Donnie\DoctorWeb\Quarantine;Container contains infected objects;Moved.;
AP8CBF3978.tmp\data001;C:\Documents and Settings\Donnie\DoctorWeb\Quarantine\AP8CBF3978.tmp;Trojan.Siggen.2478;;
AP8CBF3978.tmp;C:\Documents and Settings\Donnie\DoctorWeb\Quarantine;Container contains infected objects;Moved.;
APC92DEDEB.tmp\data001;C:\Documents and Settings\Donnie\DoctorWeb\Quarantine\APC92DEDEB.tmp;BackDoor.Tdss.119;;
APC92DEDEB.tmp;C:\Documents and Settings\Donnie\DoctorWeb\Quarantine;Container contains infected objects;Moved.;
gamevance32.exe;C:\Program Files\Gamevance;Adware.Siggen.8026;Invalid path to file ;
gamevancelib32.dll;C:\Program Files\Gamevance;Adware.Siggen.8749;Invalid path to file ;
gvtl.dll;C:\Program Files\Gamevance;Adware.Siggen.10754;Invalid path to file ;
gvun.exe;C:\Program Files\Gamevance;Adware.Siggen.10348;Incurable.Deleted.;

Log in or Sign up

"internet Explorer Has Stopped Working"

rubixcube22 Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

KenB Registered Members

starbuck Rest In Peace Pete Administrator

rubixcube22 Registered Members

rubixcube22 Registered Members

starbuck Rest In Peace Pete Administrator

rubixcube22 Registered Members

starbuck Rest In Peace Pete Administrator

rubixcube22 Registered Members

starbuck Rest In Peace Pete Administrator

rubixcube22 Registered Members

starbuck Rest In Peace Pete Administrator

rubixcube22 Registered Members

starbuck Rest In Peace Pete Administrator

rubixcube22 Registered Members

starbuck Rest In Peace Pete Administrator

rubixcube22 Registered Members

starbuck Rest In Peace Pete Administrator

rubixcube22 Registered Members

Share This Page

Log in or Sign up

"internet Explorer Has Stopped Working"

rubixcube22 Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

KenB Registered Members

starbuck Rest In Peace Pete Administrator

rubixcube22 Registered Members

rubixcube22 Registered Members

starbuck Rest In Peace Pete Administrator

rubixcube22 Registered Members

starbuck Rest In Peace Pete Administrator

rubixcube22 Registered Members

starbuck Rest In Peace Pete Administrator

rubixcube22 Registered Members

starbuck Rest In Peace Pete Administrator

rubixcube22 Registered Members

starbuck Rest In Peace Pete Administrator

rubixcube22 Registered Members

starbuck Rest In Peace Pete Administrator

rubixcube22 Registered Members

starbuck Rest In Peace Pete Administrator

rubixcube22 Registered Members

Share This Page

Useful Searches