Need help removing "Security Tool" wont let me OP MBAM

View previous topic View next topic Go down

Need help removing "Security Tool" wont let me OP MBAM

Post by coastalhorizons on Sun 08 Aug 2010, 4:07 am

Im on windows Vista.. It wont let me open Malware Bytes Ani Malware.. and its stop alot of other programs from opening.

thanks!

coastalhorizons

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-08-08
Operating System : Vista

View user profile

Back to top Go down

Re: Need help removing "Security Tool" wont let me OP MBAM

Post by Belahzur on Sun 08 Aug 2010, 4:32 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Need help removing "Security Tool" wont let me OP MBAM

Post by coastalhorizons on Sun 08 Aug 2010, 5:14 am

The Virus isn't letting me run that either.. says its infected in what not then it closes the window

coastalhorizons

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-08-08
Operating System : Vista

View user profile

Back to top Go down

Re: Need help removing "Security Tool" wont let me OP MBAM

Post by Belahzur on Sun 08 Aug 2010, 5:47 am

Hello.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try OTL now.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Need help removing "Security Tool" wont let me OP MBAM

Post by coastalhorizons on Sun 08 Aug 2010, 6:41 am

I still cannot run OTL.. I download Rkill on a different coputer.. put it on flash drive.. then opened Rkill on computer with virus and a black window pops up then goes away.. then i try to open OTL and same thing.. OTL is infected blah blah.. i leave the window up that says its infected and try to open OTL again and nothing happens.. i repeated this many times and got the same results

coastalhorizons

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-08-08
Operating System : Vista

View user profile

Back to top Go down

Re: Need help removing "Security Tool" wont let me OP MBAM

Post by Belahzur on Mon 09 Aug 2010, 6:21 am

Hello.

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

Try OTL in Safe Mode now.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Need help removing "Security Tool" wont let me OP MBAM

Post by coastalhorizons on Mon 09 Aug 2010, 7:11 am

OTL logfile created on: 8/8/2010 3:49:58 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Libby\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 87.20 Gb Free Space | 64.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.65 Gb Total Space | 8.43 Gb Free Space | 57.55% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIBBY-PC
Current User Name: Libby
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/07 14:12:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Libby\Desktop\OTL.exe
PRC - [2009/04/02 17:15:34 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/08/07 14:12:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Libby\Desktop\OTL.exe
MOD - [2008/01/20 22:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/20 22:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/05 18:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2008/12/15 00:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/15 00:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/07/04 19:17:48 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/05/07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/25 02:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/09 17:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/12/11 13:33:42 | 000,358,224 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/12/05 11:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/11/26 11:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/11/07 10:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/07/24 13:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2008/12/22 06:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/17 05:22:02 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/12/15 00:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/12/09 01:25:14 | 002,473,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/09/04 01:29:08 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/09/03 04:44:22 | 000,269,216 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2008/09/03 04:44:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2008/09/02 05:19:22 | 000,069,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/09/01 06:19:40 | 000,304,128 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/09/01 06:15:54 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/06/17 12:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/02 13:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/22 07:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/11/22 07:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/11/22 07:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/11/22 07:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/13 07:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/05/12 19:06:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/15 13:21:06 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Ksivadoq] C:\Users\Libby\AppData\Local\ubotixivumeged.DLL (Sonic Solutions)
O4 - HKCU..\Run: [Qninilexexexiv] C:\Users\Libby\AppData\Local\Mort32.DLL (Dritek System Inc.)
O4 - HKCU..\Run: [tofybdyl] C:\Users\Libby\AppData\Local\bkwpufmps\ntfncsbtssd.exe File not found
O4 - HKCU..\RunOnce: [0310409943] C:\Users\Libby\AppData\Local\0310409943.exe ()
O4 - Startup: C:\Users\Libby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Libby\Pictures\assassinscreedbackground.jpg
O24 - Desktop BackupWallPaper: C:\Users\Libby\Pictures\assassinscreedbackground.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{28869ee1-5184-11df-b217-0023ae291a48}\Shell - "" = AutoRun
O33 - MountPoints2\{28869ee1-5184-11df-b217-0023ae291a48}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/07 14:12:33 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Libby\Desktop\OTL.exe
[2010/08/07 01:46:12 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Libby\Desktop\mbam-setup-1.46.exe
[2010/08/07 01:37:04 | 000,000,000 | ---D | C] -- C:\Users\Libby\AppData\Local\{446F255D-FE36-43FE-9A65-72B8B45E0FB2}
[2010/08/07 00:11:45 | 000,000,000 | ---D | C] -- C:\Users\Libby\Desktop\fz3-12811543035590
[2010/08/07 00:08:48 | 000,000,000 | ---D | C] -- C:\Users\Libby\AppData\Roaming\FileZilla
[2010/08/07 00:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2010/08/06 22:10:56 | 000,000,000 | ---D | C] -- C:\Users\Libby\Documents\My Received Files
[2010/08/06 00:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2010/08/06 00:21:45 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010/08/06 00:21:45 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010/08/06 00:21:44 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010/08/06 00:21:43 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010/08/06 00:21:40 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010/08/06 00:21:38 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010/08/06 00:21:35 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010/08/06 00:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\Privates
[2010/08/06 00:17:47 | 100,129,178 | ---- | C] (Zombie Cow Studios ) -- C:\Users\Libby\Desktop\privatesdownload.exe
[2010/08/05 22:37:21 | 000,000,000 | ---D | C] -- C:\Users\Libby\AppData\Local\bkwpufmps
[2010/08/04 20:11:51 | 000,000,000 | ---D | C] -- C:\Users\Libby\Documents\New Folder
[2010/08/04 14:13:35 | 000,000,000 | ---D | C] -- C:\Users\Libby\Desktop\reach pix links
[2010/08/04 13:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Picture It! 10
[2010/08/04 12:59:18 | 000,000,000 | ---D | C] -- C:\Users\Libby\AppData\Roaming\ImgBurn
[2010/08/04 12:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010/08/04 12:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2010/08/04 12:45:05 | 000,000,000 | ---D | C] -- C:\Users\Libby\AppData\Roaming\Roxio
[2010/08/04 12:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Jasc Software Inc
[2010/08/03 00:09:03 | 000,000,000 | ---D | C] -- C:\Users\Libby\Desktop\MY IDS
[2010/08/03 00:03:56 | 000,000,000 | ---D | C] -- C:\Users\Libby\Desktop\Gamesaves! MINE OG
[2010/08/03 00:03:10 | 000,000,000 | ---D | C] -- C:\Users\Libby\AppData\Local\GameTuts
[2010/08/03 00:03:09 | 000,000,000 | ---D | C] -- C:\Users\Libby\AppData\Roaming\GameTuts
[2010/08/02 23:48:19 | 000,000,000 | ---D | C] -- C:\Users\Libby\Desktop\unmodded profile
[2010/08/02 23:12:05 | 000,000,000 | ---D | C] -- C:\Users\Libby\Desktop\E000004CD8AACB36
[2010/07/29 21:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\BitPim
[2010/07/29 21:13:05 | 011,782,374 | ---- | C] (Joe Pham ) -- C:\Users\Libby\Desktop\bitpim-1.0.7-setup.exe
[2010/07/29 20:54:07 | 000,022,912 | ---- | C] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbmodem.sys
[2010/07/29 20:54:07 | 000,021,248 | ---- | C] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbdiag.sys
[2010/07/29 20:54:07 | 000,012,672 | ---- | C] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbbus.sys
[2010/07/29 20:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2010/07/29 20:47:31 | 000,000,000 | ---D | C] -- C:\Users\Libby\Documents\bitpim
[2010/07/26 11:22:05 | 000,140,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.ocx
[2010/07/26 11:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 Cutter
[2010/07/17 21:09:43 | 000,000,000 | ---D | C] -- C:\Users\Libby\AppData\Roaming\WinRAR
[2010/07/17 21:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/07/15 14:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\Alex Feinman
[2010/07/09 20:55:49 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/07/09 20:55:49 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2010/07/09 20:55:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2010/07/09 20:55:48 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/07/09 20:55:43 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/07/09 20:55:42 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010/07/09 20:55:42 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/08 15:48:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/08 15:45:10 | 000,016,095 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/08/08 15:45:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/08 15:45:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/08 15:45:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/08 15:45:08 | 001,835,008 | -HS- | M] () -- C:\Users\Libby\NTUSER.DAT
[2010/08/08 15:45:08 | 000,524,288 | -HS- | M] () -- C:\Users\Libby\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/08 15:45:08 | 000,065,536 | -HS- | M] () -- C:\Users\Libby\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/08 15:45:05 | 002,133,049 | -H-- | M] () -- C:\Users\Libby\AppData\Local\IconCache.db
[2010/08/08 15:44:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BD03F5A9-8C31-403E-AB0A-D1688EBC4C92}.job
[2010/08/08 15:32:46 | 000,000,000 | ---- | M] () -- C:\Users\Libby\AppData\Local\Kriveyud.bin
[2010/08/07 15:32:01 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/07 15:32:01 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/07 15:32:01 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/07 15:08:41 | 000,363,520 | ---- | M] () -- C:\Users\Libby\Desktop\rkill.com
[2010/08/07 14:57:14 | 000,000,120 | ---- | M] () -- C:\Users\Libby\AppData\Local\Bbutogujagedeyox.dat
[2010/08/07 14:43:07 | 000,037,315 | ---- | M] () -- C:\Users\Libby\Desktop\Linux-Loader.zip
[2010/08/07 14:12:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Libby\Desktop\OTL.exe
[2010/08/07 02:11:36 | 000,001,619 | ---- | M] () -- C:\Users\Libby\Desktop\Backup.lnk
[2010/08/07 01:46:21 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Libby\Desktop\mbam-setup-1.46.exe
[2010/08/07 01:44:46 | 063,179,999 | ---- | M] () -- C:\Users\Libby\Desktop\Blackened_v1044.rar
[2010/08/07 01:35:35 | 001,043,456 | ---- | M] () -- C:\Users\Libby\AppData\Local\0310409943.exe
[2010/08/07 00:56:05 | 020,513,676 | ---- | M] () -- C:\Users\Libby\Desktop\Default.xzp
[2010/08/07 00:04:45 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010/08/06 00:17:52 | 100,129,178 | ---- | M] (Zombie Cow Studios ) -- C:\Users\Libby\Desktop\privatesdownload.exe
[2010/08/04 15:09:44 | 000,350,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/04 14:38:36 | 000,856,368 | ---- | M] () -- C:\Users\Libby\Documents\Dsc_0244.jpg
[2010/08/04 13:27:02 | 000,093,696 | ---- | M] () -- C:\Users\Libby\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/04 12:52:23 | 000,001,676 | ---- | M] () -- C:\Users\Libby\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2010/08/04 12:52:23 | 000,001,652 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/08/03 17:02:39 | 000,077,824 | ---- | M] () -- C:\Users\Libby\Desktop\savedata.bin
[2010/08/03 17:01:01 | 001,515,520 | ---- | M] () -- C:\Users\Libby\Desktop\savegame_aw1
[2010/08/03 16:42:52 | 180,870,609 | ---- | M] () -- C:\Users\Libby\Desktop\Alan Wake Developer Commentary.rar
[2010/08/03 16:36:02 | 000,017,272 | ---- | M] () -- C:\Users\Libby\Desktop\Resident Evil 5 1k.rar
[2010/08/03 00:18:39 | 002,232,320 | ---- | M] () -- C:\Users\Libby\Desktop\NFS SHIFT
[2010/08/03 00:13:24 | 011,866,112 | ---- | M] () -- C:\Users\Libby\Desktop\WOLF.SAV
[2010/08/02 23:58:50 | 009,845,270 | ---- | M] () -- C:\Users\Libby\Desktop\Modio.zip
[2010/08/02 23:33:22 | 000,013,515 | ---- | M] () -- C:\Users\Libby\Desktop\Xtaf_Release_Gui_004.rar
[2010/08/02 22:58:35 | 003,368,122 | ---- | M] () -- C:\Users\Libby\Desktop\Le Fluffie App.zip
[2010/08/02 22:44:47 | 000,746,911 | ---- | M] () -- C:\Users\Libby\Desktop\savegame_aw1.rar
[2010/08/02 22:28:53 | 000,308,489 | ---- | M] () -- C:\Users\Libby\Desktop\Alan Wake - all diffuculties & nightmare manuscripts.rar
[2010/08/02 22:21:15 | 000,007,512 | ---- | M] () -- C:\Users\Libby\Desktop\LIMBO_110_savegame.rar
[2010/08/02 22:19:03 | 000,690,718 | ---- | M] () -- C:\Users\Libby\Desktop\Wolfenstein.rar
[2010/08/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/07/31 22:33:42 | 021,685,839 | ---- | M] () -- C:\Users\Libby\Desktop\JDownloader.zip
[2010/07/29 21:13:07 | 011,782,374 | ---- | M] (Joe Pham ) -- C:\Users\Libby\Desktop\bitpim-1.0.7-setup.exe
[2010/07/27 10:07:53 | 000,006,080 | ---- | M] () -- C:\Users\Libby\AppData\Local\d3d9caps.dat
[2010/07/26 11:22:07 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\MP3 Cutter.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/07 15:08:20 | 000,363,520 | ---- | C] () -- C:\Users\Libby\Desktop\rkill.com
[2010/08/07 14:43:07 | 000,037,315 | ---- | C] () -- C:\Users\Libby\Desktop\Linux-Loader.zip
[2010/08/07 02:11:36 | 000,001,619 | ---- | C] () -- C:\Users\Libby\Desktop\Backup.lnk
[2010/08/07 01:44:46 | 063,179,999 | ---- | C] () -- C:\Users\Libby\Desktop\Blackened_v1044.rar
[2010/08/07 01:37:05 | 000,000,120 | ---- | C] () -- C:\Users\Libby\AppData\Local\Bbutogujagedeyox.dat
[2010/08/07 01:37:05 | 000,000,000 | ---- | C] () -- C:\Users\Libby\AppData\Local\Kriveyud.bin
[2010/08/07 01:35:35 | 001,043,456 | ---- | C] () -- C:\Users\Libby\AppData\Local\0310409943.exe
[2010/08/07 00:56:05 | 020,513,676 | ---- | C] () -- C:\Users\Libby\Desktop\Default.xzp
[2010/08/07 00:04:45 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010/08/04 12:52:23 | 000,001,676 | ---- | C] () -- C:\Users\Libby\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2010/08/04 12:52:23 | 000,001,652 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/08/03 17:01:49 | 000,077,824 | ---- | C] () -- C:\Users\Libby\Desktop\savedata.bin
[2010/08/03 16:59:47 | 001,515,520 | ---- | C] () -- C:\Users\Libby\Desktop\savegame_aw1
[2010/08/03 16:42:51 | 180,870,609 | ---- | C] () -- C:\Users\Libby\Desktop\Alan Wake Developer Commentary.rar
[2010/08/03 16:35:50 | 000,017,272 | ---- | C] () -- C:\Users\Libby\Desktop\Resident Evil 5 1k.rar
[2010/08/03 00:17:45 | 002,232,320 | ---- | C] () -- C:\Users\Libby\Desktop\NFS SHIFT
[2010/08/03 00:15:28 | 000,440,481 | ---- | C] () -- C:\Users\Libby\Desktop\midnight club la.rar
[2010/08/03 00:15:24 | 000,109,720 | ---- | C] () -- C:\Users\Libby\Desktop\NFS PRO.rar
[2010/08/03 00:15:20 | 000,564,498 | ---- | C] () -- C:\Users\Libby\Desktop\resident evil 5 save. everything unlock (no modio).rar
[2010/08/03 00:15:15 | 001,024,566 | ---- | C] () -- C:\Users\Libby\Desktop\NFS Shift 1k.rar
[2010/08/03 00:12:22 | 011,866,112 | ---- | C] () -- C:\Users\Libby\Desktop\WOLF.SAV
[2010/08/02 23:58:50 | 009,845,270 | ---- | C] () -- C:\Users\Libby\Desktop\Modio.zip
[2010/08/02 23:33:22 | 000,013,515 | ---- | C] () -- C:\Users\Libby\Desktop\Xtaf_Release_Gui_004.rar
[2010/08/02 22:58:22 | 003,368,122 | ---- | C] () -- C:\Users\Libby\Desktop\Le Fluffie App.zip
[2010/08/02 22:44:47 | 000,746,911 | ---- | C] () -- C:\Users\Libby\Desktop\savegame_aw1.rar
[2010/08/02 22:28:49 | 000,308,489 | ---- | C] () -- C:\Users\Libby\Desktop\Alan Wake - all diffuculties & nightmare manuscripts.rar
[2010/08/02 22:21:15 | 000,007,512 | ---- | C] () -- C:\Users\Libby\Desktop\LIMBO_110_savegame.rar
[2010/08/02 22:18:58 | 000,690,718 | ---- | C] () -- C:\Users\Libby\Desktop\Wolfenstein.rar
[2010/07/31 22:33:40 | 021,685,839 | ---- | C] () -- C:\Users\Libby\Desktop\JDownloader.zip
[2010/07/26 11:22:07 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\MP3 Cutter.lnk
[2009/04/02 17:22:25 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2009/04/02 14:46:20 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/04/02 14:46:19 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:F8B88761
< End of report >





coastalhorizons

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-08-08
Operating System : Vista

View user profile

Back to top Go down

Re: Need help removing "Security Tool" wont let me OP MBAM

Post by coastalhorizons on Mon 09 Aug 2010, 7:12 am

OTL Extras logfile created on: 8/8/2010 3:49:58 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Libby\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 87.20 Gb Free Space | 64.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.65 Gb Total Space | 8.43 Gb Free Space | 57.55% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIBBY-PC
Current User Name: Libby
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{40E34269-0435-45C4-910B-DD9EE3AF7D59}" = lport=2869 | protocol=6 | dir=in | app=system |
"{70145ECE-46C1-4252-83B4-FF825A37E2D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EF84DA-7D22-44F6-8447-7141F7C8A3DD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3228B74D-1994-45EF-915E-D930C37B6090}" = protocol=17 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{3C7732CD-09F7-4B4F-AE96-16BBCF333941}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4DFD7D67-05E9-4F72-8B9B-B158F8240AFF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{4FA475D1-6308-4EE1-BEE5-760D82A86062}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{62EC2D1D-1F31-4959-A3AC-A08921BE014F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{632AFB2B-0C68-4F61-BF50-0B11723E976D}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{68A134A4-E15A-4B84-94C8-8B6162AE0B73}" = protocol=6 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{94C90165-2B46-4BAE-B797-AA7092363B6A}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{9A3750A7-1655-417B-806D-E2EAFDFA294B}" = protocol=6 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{A2AAD85E-28EC-4090-BD91-C7A1DEA1E5E5}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{AA924BCA-20C7-409E-A70D-71B50F32BB49}" = protocol=17 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{B97DD4FB-CCEA-4D3B-BA13-E87CE50582AF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C0598D8C-C179-4871-A27F-EE03F9BB3284}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{C8B12626-ADCA-45C9-9CFF-72956DB06743}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CC244C25-EAB8-4F77-BA90-30B47E078DCE}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{D92F00A5-7630-4EAD-B134-88A0038BADFF}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{E05174DC-D644-416B-89A3-E66EB0EA36FA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E7319276-E9BD-495E-9653-85A2DAF4847A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Photo Premium 10
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = IntelŪ Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 ESD
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA009" = Integrated Webcam Driver (1.00.02.0825)
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"FileZilla Client" = FileZilla Client 3.3.3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP3 Cutter_is1" = MP3 Cutter 1.8
"MSC" = McAfee SecurityCenter
"Picasa 3" = Picasa 3
"PictureItPrem_v10" = Microsoft Photo Premium 10
"Privates_is1" = Privates
"VistaVisualMaster" = Vista Visual Master
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TwistedBrush Pro Studio" = TwistedBrush Pro Studio

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/5/2010 5:17:33 PM | Computer Name = Libby-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 768679

Error - 8/5/2010 5:17:34 PM | Computer Name = Libby-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/5/2010 5:17:34 PM | Computer Name = Libby-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 769755

Error - 8/5/2010 5:17:34 PM | Computer Name = Libby-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 769755

Error - 8/5/2010 9:27:48 PM | Computer Name = Libby-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/5/2010 9:27:48 PM | Computer Name = Libby-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1681348

Error - 8/5/2010 9:27:48 PM | Computer Name = Libby-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1681348

Error - 8/5/2010 9:27:49 PM | Computer Name = Libby-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/5/2010 9:27:49 PM | Computer Name = Libby-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1682456

Error - 8/5/2010 9:27:49 PM | Computer Name = Libby-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1682456

[ Broadcom Wireless LAN Events ]
Error - 8/7/2010 1:25:41 PM | Computer Name = Libby-PC | Source = WLAN-Tray | ID = 0
Description = 13:25:41, Sat, Aug 07, 10 Error - Unable to gain access to user store


[ System Events ]
Error - 5/16/2010 8:53:17 PM | Computer Name = Libby-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/17/2010 10:30:36 PM | Computer Name = Libby-PC | Source = HTTP | ID = 15016
Description =

Error - 5/17/2010 10:31:25 PM | Computer Name = Libby-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/17/2010 10:31:25 PM | Computer Name = Libby-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/19/2010 4:35:16 PM | Computer Name = Libby-PC | Source = HTTP | ID = 15016
Description =

Error - 5/19/2010 4:35:59 PM | Computer Name = Libby-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/19/2010 4:35:59 PM | Computer Name = Libby-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/21/2010 9:33:23 PM | Computer Name = Libby-PC | Source = HTTP | ID = 15016
Description =

Error - 5/21/2010 9:34:14 PM | Computer Name = Libby-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/21/2010 9:34:14 PM | Computer Name = Libby-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

coastalhorizons

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-08-08
Operating System : Vista

View user profile

Back to top Go down

Re: Need help removing "Security Tool" wont let me OP MBAM

Post by Belahzur on Mon 09 Aug 2010, 8:37 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKCU..\Run: [Ksivadoq] C:\Users\Libby\AppData\Local\ubotixivumeged.DLL (Sonic Solutions)
    O4 - HKCU..\Run: [Qninilexexexiv] C:\Users\Libby\AppData\Local\Mort32.DLL (Dritek System Inc.)
    O4 - HKCU..\Run: [tofybdyl] C:\Users\Libby\AppData\Local\bkwpufmps\ntfncsbtssd.exe File not found
    O4 - HKCU..\RunOnce: [0310409943] C:\Users\Libby\AppData\Local\0310409943.exe ()
    [2010/08/07 14:57:14 | 000,000,120 | ---- | M] () -- C:\Users\Libby\AppData\Local\Bbutogujagedeyox.dat
    [2010/08/07 01:37:05 | 000,000,000 | ---- | C] () -- C:\Users\Libby\AppData\Local\Kriveyud.bin
    [2010/08/07 01:35:35 | 001,043,456 | ---- | C] () -- C:\Users\Libby\AppData\Local\0310409943.exe


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Need help removing "Security Tool" wont let me OP MBAM

Post by coastalhorizons on Mon 09 Aug 2010, 9:37 am

==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ksivadoq deleted successfully.
C:\Users\Libby\AppData\Local\ubotixivumeged.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Qninilexexexiv deleted successfully.
C:\Users\Libby\AppData\Local\Mort32.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tofybdyl deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\0310409943 deleted successfully.
C:\Users\Libby\AppData\Local\0310409943.exe moved successfully.
C:\Users\Libby\AppData\Local\Bbutogujagedeyox.dat moved successfully.
C:\Users\Libby\AppData\Local\Kriveyud.bin moved successfully.
File C:\Users\Libby\AppData\Local\0310409943.exe not found.

OTL by OldTimer - Version 3.2.9.1 log created on 08082010_183639

coastalhorizons

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-08-08
Operating System : Vista

View user profile

Back to top Go down

Re: Need help removing "Security Tool" wont let me OP MBAM

Post by Belahzur on Tue 10 Aug 2010, 10:52 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Need help removing "Security Tool" wont let me OP MBAM

Post by Sponsored content Today at 9:38 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum