Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware bytes says it was corrupted

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware bytes says it was corrupted

Unread postby matt111 » August 16th, 2012, 3:26 pm

Hello,

Computer running slow and pop-up came up saying malware-bytes was corrupted. I uninstalled it before coming to this forum. Also, my hard-drive is continuously running like crazy.

Thank you!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Matthew at 21:11:17 on 2012-08-16
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3964.2252 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dleacoms.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.veritaspub.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: crossmark.com\connect
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7E1E8EFF-3834-48AF-842F-69DA113EE89D} : DhcpNameServer = 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\c88rblr4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.veritaspub.com
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={3F9DE62A-40FE-478E-B2E9-BBA2E34AB7B5}&mid=a9726ebc8c1b47d1a09ed156a4b1af03-ead4f0e9783f4dc5fa35736d7c2ef9c935b8974a&lang=en&ds=AVG&pr=fr&d=2012-08-16 11:42:23&v=12.2.0.5&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-16 44808]
R2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 CAXHWBS3;CAXHWBS3;C:\Windows\system32\DRIVERS\CAXHWBS3.sys --> C:\Windows\system32\DRIVERS\CAXHWBS3.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe [2010-12-2 33448]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-26 250056]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-3-31 93184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-17 02:42:05 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-08-17 02:42:05 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-08-17 02:41:27 41224 ----a-w- C:\Windows\avastSS.scr
2012-08-16 18:57:01 -------- d-----w- C:\ProgramData\AVAST Software
2012-08-16 18:57:01 -------- d-----w- C:\Program Files\AVAST Software
2012-08-16 17:53:53 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-16 17:53:53 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-14 08:20:28 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D044494B-F146-4DE8-B0A4-B5B792A9B41B}\mpengine.dll
2012-08-07 00:00:36 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-06 20:52:21 -------- d-----w- C:\CloneDVDTemp
2012-08-06 20:49:11 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2012-08-06 20:41:31 -------- d-----w- C:\Program Files (x86)\SlySoft
2012-08-06 19:37:01 -------- d-----w- C:\Users\Matthew\AppData\Local\Nero_AG
2012-08-06 19:36:17 -------- d-----w- C:\Users\Matthew\AppData\Local\Nero
2012-08-06 19:32:38 -------- d-----w- C:\ProgramData\Nero
2012-08-06 19:31:07 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2012-08-06 19:29:59 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2012-08-06 19:28:44 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2012-08-06 19:27:36 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-08-06 19:26:22 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2012-08-06 19:25:03 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2012-08-06 19:23:12 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
2012-08-06 19:21:44 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2012-08-06 19:19:56 3497832 ----a-w- C:\Windows\SysWow64\d3dx9_34.dll
2012-08-06 19:18:05 -------- d-----w- C:\Users\Matthew\AppData\Roaming\MSNInstaller
2012-08-06 19:07:17 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
2012-08-06 19:07:17 125440 ----a-w- C:\Windows\System32\msiexec.exe
2012-08-06 19:07:16 503296 ----a-w- C:\Windows\System32\msihnd.dll
2012-08-06 19:07:16 332800 ----a-w- C:\Windows\SysWow64\msihnd.dll
2012-08-06 19:07:16 2560 ----a-w- C:\Windows\SysWow64\msimsg.dll
2012-08-06 19:07:16 2560 ----a-w- C:\Windows\System32\msimsg.dll
2012-08-06 19:07:15 3107840 ----a-w- C:\Windows\System32\msi.dll
2012-08-06 19:07:15 2241536 ----a-w- C:\Windows\SysWow64\msi.dll
2012-08-06 06:14:15 -------- d-----w- C:\Users\Matthew\AppData\Roaming\Ashampoo
2012-08-06 06:14:01 -------- d-----w- C:\Users\Matthew\AppData\Local\ashampoo
2012-08-06 06:14:00 -------- d-----w- C:\ProgramData\ashampoo
.
==================== Find3M ====================
.
2012-08-16 06:15:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 06:15:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-17 01:48:19 921600 ----a-w- C:\ProgramData\SPL2703.tmp
2012-05-31 19:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 21:11:58.39 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/19/2008 5:20:58 AM
System Uptime: 8/16/2012 8:59:30 PM (1 hours ago)
.
Motherboard: FOXCONN | | Napa
Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz | Socket 775 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 323 GiB total, 233.738 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.265 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1739: 8/16/2012 1:11:14 PM - Windows Vista™ Service Pack 2
RP1740: 8/16/2012 1:24:21 PM - Installed Microsoft Fix it 50202
RP1741: 8/16/2012 1:37:02 PM - Windows Update
RP1742: 8/16/2012 6:57:36 PM - Removed Visual Studio 2008 x64 Redistributables
RP1743: 8/16/2012 7:06:43 PM - Windows Modules Installer
RP1744: 8/16/2012 7:08:44 PM - avast! Free Antivirus Setup
RP1745: 8/16/2012 7:31:32 PM - Windows Update
RP1746: 8/16/2012 7:32:38 PM - Windows Modules Installer
RP1747: 8/16/2012 7:40:39 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Community Help
Adobe Content Viewer
Adobe Default Language CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe InDesign CS5.5
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Reader X (10.1.3)
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Software Update
Astronomer's Control Panel
avast! Free Antivirus
AVS Update Manager 1.0
AVS Video Editor 4 4.2.1.166
AVS Video Recorder 2.4 (Service Version)
AVS4YOU Software Navigator 1.3
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
ContentManager
CyberLink DVD Suite Deluxe
DIGOpt
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Photosmart Essential 2.5
HP Recovery Manager RSS
HP Update
HPAsset component for HP Active Support Library
HPPhotoSmartPhotobookWebPack1
Java Auto Updater
Java(TM) 6 Update 26
LabelPrint
LightScribe System Software
LightScribeTemplateLabeler
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft Works 6-9 Converter
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN
muvee autoProducer 6.1
NETGEAR Live Parental Controls Management Utility 2.0b44
PDF Settings
PDF Settings CS5
PSSWCORE
Python 2.5.2
QuickConnect
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoToolkit01
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
Visual C++ 8.0 MFC (x86) WinSXS MSM
Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
8/16/2012 12:53:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/16/2012 1:22:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8000ffff: Windows Vista Service Pack 2 for x64-based Systems (KB948465).
8/16/2012 1:17:53 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 982480-71_neutral_PACKAGE from package KB982480(Update) into Staged(Staged) state
8/16/2012 1:17:53 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 982480-69_neutral_PACKAGE from package KB982480(Update) into Staged(Staged) state
8/16/2012 1:17:53 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 982480-68_neutral_PACKAGE from package KB982480(Update) into Staged(Staged) state
8/16/2012 1:17:53 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 982480-67_neutral_GDR from package KB982480(Update) into Staged(Staged) state
8/16/2012 1:17:53 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 982480-65_neutral_GDR from package KB982480(Update) into Staged(Staged) state
8/16/2012 1:17:53 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 982480-63_neutral_GDR from package KB982480(Update) into Staged(Staged) state
8/16/2012 1:17:53 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 982480-61_neutral_GDR from package KB982480(Update) into Staged(Staged) state
8/16/2012 1:17:53 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 981793-694_neutral_GDR from package KB981793(Update) into Staged(Staged) state
8/16/2012 1:17:53 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 981793-607_neutral_GDR from package KB981793(Update) into Staged(Staged) state
8/16/2012 1:17:53 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 979899-38_neutral_PACKAGE from package KB979899(Update) into Absent(Absent) state
8/16/2012 1:17:53 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 979306-694_neutral_GDR from package KB979306(Update) into Staged(Staged) state
8/16/2012 1:17:53 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 979306-607_neutral_GDR from package KB979306(Update) into Staged(Staged) state
8/16/2012 1:17:52 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2117917 (Update) into Staged(Staged) state
8/16/2012 1:17:52 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2117917 (Update) into Installed(Installed) state
8/16/2012 1:17:52 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2079403 (Security Update) into Installed(Installed) state
8/15/2012 10:20:01 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/14/2012 8:49:08 PM, Error: Service Control Manager [7024] - The KtmRm for Distributed Transaction Coordinator service terminated with service-specific error 2147942438 (0x80070026).
8/14/2012 8:46:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService service to connect.
8/14/2012 8:46:57 PM, Error: Service Control Manager [7000] - The dleaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/13/2012 7:43:29 PM, Error: Microsoft-Windows-PrintSpooler [6161] -
.
==== End Of File ===========================
matt111
Regular Member
 
Posts: 24
Joined: June 17th, 2011, 12:08 am
Advertisement
Register to Remove

Re: Malware bytes says it was corrupted

Unread postby maxi » August 17th, 2012, 10:50 am

Hi and welcome to Malware Removal Forum.
My name is maxi, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Step 1
Create a System Restore Point
  • Right-click on the Computer icon and select Properties.
  • In the left pane under Tasks ... click on System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  • Select the System Protection tab ...then choose Create.
  • In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  • Click OK ...then close the System Restore dialog.
Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.
If you have successfully created a System Restore Point...we can proceed.

Step 2
Please download OTL by Old Timer and save it to your Desktop.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


Step 3
Please download aswMBR and save it to your Desktop.
  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.

Step 4
Mbam-Clean
Please download This file and save it to your desktop.
Right-Click on the file and select "Run as Administrator" to run it.
When it completes it will ask you to restart your computer- Please restart.

Download a fresh copy of Malwarebytes from here, Install it, update it and run a "Quick Scan" and post the results here in your next reply.

In your next reply please include:
Both logs created by OTL.
The aswmbr logfile.
The Malwarebytes log.
Any problems you had with my instructions.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Malware bytes says it was corrupted

Unread postby matt111 » August 17th, 2012, 4:44 pm

Maxi,

Thank you for your help.

I have pasted the logs below, however the Extras.txt did no show up after running quick scan on OTL. I ran it twice, Extras.txt was not minimized or anything.


OTL logfile created on: 8/17/2012 12:30:19 PM - Run 4
OTL by OldTimer - Version 3.2.57.0 Folder = c:\Users\Matthew\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 56.09% Memory free
7.92 Gb Paging File | 6.32 Gb Available in Paging File | 79.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 323.20 Gb Total Space | 232.97 Gb Free Space | 72.08% Space Free | Partition Type: NTFS
Drive D: | 12.15 Gb Total Space | 1.17 Gb Free Space | 9.60% Space Free | Partition Type: NTFS

Computer Name: ALTOCIRRUS-PC | User Name: Matthew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - c:\Users\Matthew\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (dlea_device) -- C:\Windows\SysNative\dleacoms.exe ()
SRV:64bit: - (dleaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (dlea_device) -- C:\Windows\SysWOW64\dleacoms.exe ( )
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (dleaCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys ()
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys ()
DRV:64bit: - (AswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys ()
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (CAXHWBS3) -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys ()
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys ()
DRV:64bit: - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys ()
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys ()
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {585C70D0-9BB4-41A1-BE3A-26C1227ACB08}
IE:64bit: - HKLM\..\SearchScopes\{585C70D0-9BB4-41A1-BE3A-26C1227ACB08}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE:64bit: - HKLM\..\SearchScopes\{EDC9745E-B9B2-4926-8BC4-AAC130C925E2}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{585C70D0-9BB4-41A1-BE3A-26C1227ACB08}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKLM\..\SearchScopes\{EDC9745E-B9B2-4926-8BC4-AAC130C925E2}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.veritaspub.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{585C70D0-9BB4-41A1-BE3A-26C1227ACB08}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20120101,6900,0,6,0
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={3F9DE62A-40FE-478E-B2E9-BBA2E34AB7B5}&mid=a9726ebc8c1b47d1a09ed156a4b1af03-ead4f0e9783f4dc5fa35736d7c2ef9c935b8974a&lang=en&ds=AVG&pr=fr&d=2012-08-16 11:42:23&v=12.2.0.5&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.veritaspub.com"
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid={3F9DE62A-40FE-478E-B2E9-BBA2E34AB7B5}&mid=a9726ebc8c1b47d1a09ed156a4b1af03-ead4f0e9783f4dc5fa35736d7c2ef9c935b8974a&lang=en&ds=AVG&pr=fr&d=2012-08-16 11:42:23&v=12.2.0.5&sap=ku&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/16 19:41:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/05 12:49:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/05 12:49:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Matthew\AppData\Roaming\IDM\idmmzcc5

[2011/08/27 16:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Extensions
[2010/08/09 18:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Extensions\wizard@opendns.com
[2012/08/16 11:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\c88rblr4.default\extensions
[2012/08/05 23:14:09 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\c88rblr4.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2012/08/05 23:14:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\c88rblr4.default\extensions\engine@conduit.com
[2011/12/31 14:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/16 19:41:39 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/07/24 19:41:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/06/30 13:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\mozilla firefox\components\coFFPlgn.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/07/01 21:03:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/16 11:42:03 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/01 17:37:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/06/16 17:26:25 | 000,001,949 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/01 17:37:23 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/16 11:03:54 | 000,444,042 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15254 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: crossmark.com ([connect] https in Trusted sites)
O15 - HKCU\..Trusted Domains: crossmark.com ([vp] https in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E1E8EFF-3834-48AF-842F-69DA113EE89D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9b15e8d9-fb97-11dd-a29c-001fe25546f0}\Shell - "" = AutoRun
O33 - MountPoints2\{9b15e8d9-fb97-11dd-a29c-001fe25546f0}\Shell\AutoRun\command - "" = K:\StarterOfficeGuardian.exe
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/16 19:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/16 19:41:27 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/16 19:41:24 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/16 14:01:38 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\New Folder
[2012/08/16 11:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/16 11:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/16 10:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/08/16 10:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/08/15 22:29:44 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\VOICE list
[2012/08/15 17:49:24 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\The Highest Level Of Enlightenment Bonus
[2012/08/15 17:35:42 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\_Power vs. Force Disc 7
[2012/08/15 17:31:58 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Valid Teachers And Teaching Disc 3
[2012/08/15 17:31:30 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Valid Teachers And Teachings Disc 4
[2012/08/15 17:30:08 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Valid Teachers And Teaching Disc 1-2
[2012/08/15 17:28:59 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Spirituality Disc 4
[2012/08/15 17:28:47 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Spirituality Disc 3
[2012/08/15 17:27:29 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Spirituality Disc 2
[2012/08/15 17:27:27 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Spirituality Disc 1
[2012/08/15 17:25:21 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\ACIM 3
[2012/08/15 17:25:08 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\ACIM 2
[2012/08/15 17:24:50 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\ACIM
[2012/08/15 17:22:59 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Discovery bonus
[2012/08/15 17:21:56 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Power Vs Force Disc 1
[2012/08/15 17:20:05 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\The Elegance of Pachelbel
[2012/08/15 17:19:24 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\On Wings of Songs
[2012/08/15 17:15:07 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\TBLC
[2012/08/15 16:55:03 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\In the World But Not of It (bonus)
[2012/08/15 16:54:20 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\In The World But Not Of It (Disc 6)
[2012/08/15 16:53:59 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\In the World But Not of It (Disc 5)
[2012/08/15 16:53:45 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\In The World But Not Of It (Disc 4)
[2012/08/15 16:53:27 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\In The World But Not Of It (Disc 3)
[2012/08/15 16:52:44 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\In The World But Not Of It (Disc 1)
[2012/08/15 16:51:12 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\In the World But Not of It (Disc 2)
[2012/08/15 16:48:24 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\The Highest Level Of Enlightenment (Disc 2-6
[2012/08/15 16:46:10 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\The Highest Level Of Enlightenment (Disc
[2012/08/15 16:42:11 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Discovery
[2012/08/15 16:38:27 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Transcending Barriers
[2012/08/15 16:33:42 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Truth Vs. Falsehood (Disc 7)
[2012/08/15 16:33:16 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Truth Vs. Falsehood (Disc 6)
[2012/08/15 16:32:49 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Truth Vs. Falsehood (Disc 5)
[2012/08/15 16:31:56 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Truth Vs. Falsehood (Disc 4)
[2012/08/15 16:31:30 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Truth Vs. Falsehood (Disc 3)
[2012/08/15 16:30:31 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Truth Vs. Falsehood (Disc 2)
[2012/08/15 16:29:28 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Truth Vs. Falsehood (Disc 1)
[2012/08/06 17:00:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/06 13:52:21 | 000,000,000 | ---D | C] -- C:\CloneDVDTemp
[2012/08/06 13:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2012/08/06 13:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2012/08/06 13:41:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
[2012/08/06 12:37:01 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\Nero_AG
[2012/08/06 12:36:33 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\Nero
[2012/08/06 12:36:17 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\Nero
[2012/08/06 12:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012/08/06 12:18:05 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\MSNInstaller
[2012/08/05 23:14:15 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\Ashampoo
[2012/08/05 23:14:01 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\ashampoo
[2012/08/05 23:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[6 C:\Users\Matthew\Desktop\*.tmp files -> C:\Users\Matthew\Desktop\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/17 12:28:34 | 000,709,582 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/17 12:28:34 | 000,608,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/17 12:28:34 | 000,105,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/17 12:21:16 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 12:21:15 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 12:21:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/16 21:15:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/16 19:42:12 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/16 19:42:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/16 19:25:36 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/16 14:00:11 | 146,066,766 | ---- | M] () -- C:\Users\Matthew\Desktop\COMPONENTS.reg
[2012/08/16 12:03:41 | 000,028,918 | ---- | M] () -- C:\Users\Matthew\Desktop\cc_20120816_120335.reg
[2012/08/16 11:03:54 | 000,444,042 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/14 17:23:26 | 000,002,579 | ---- | M] () -- C:\Users\Matthew\Desktop\Microsoft Word.lnk
[2012/08/13 19:08:07 | 000,027,520 | ---- | M] () -- C:\Users\Matthew\AppData\Local\dt.dat
[2012/08/08 14:49:53 | 000,850,525 | ---- | M] () -- C:\Users\Matthew\Desktop\stucert-csudh-id5-0612-MatthewNannen.pdf
[2012/08/07 15:45:48 | 000,126,746 | ---- | M] () -- C:\Users\Matthew\Desktop\cc_20120807_154449.reg
[2012/08/07 10:02:59 | 000,119,641 | ---- | M] () -- C:\Users\Matthew\Desktop\DSC00210.JPG
[2012/08/07 10:02:00 | 000,134,277 | ---- | M] () -- C:\Users\Matthew\Desktop\DSC00208.JPG
[2012/08/07 10:02:00 | 000,130,484 | ---- | M] () -- C:\Users\Matthew\Desktop\DSC00212.JPG
[2012/08/07 10:02:00 | 000,129,899 | ---- | M] () -- C:\Users\Matthew\Desktop\DSC00209.JPG
[2012/08/07 10:02:00 | 000,125,244 | ---- | M] () -- C:\Users\Matthew\Desktop\DSC00211.JPG
[2012/08/06 17:31:07 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012/08/06 17:23:38 | 000,024,576 | ---- | M] () -- C:\Users\Matthew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/05 22:57:32 | 000,394,896 | ---- | M] () -- C:\Users\Matthew\Desktop\Workbook-Time-of-your-Life.pdf
[2012/07/29 19:09:08 | 000,000,123 | ---- | M] () -- C:\Users\Matthew\Desktop\Microsoft Fix it.url
[2012/07/29 18:52:56 | 005,178,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[6 C:\Users\Matthew\Desktop\*.tmp files -> C:\Users\Matthew\Desktop\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/16 19:42:12 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/16 19:42:11 | 000,355,856 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/16 19:42:11 | 000,025,232 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/16 19:42:09 | 000,059,728 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/16 19:42:09 | 000,044,272 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/08/16 19:42:05 | 000,958,400 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/16 19:42:05 | 000,071,064 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/16 19:25:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/16 14:00:00 | 146,066,766 | ---- | C] () -- C:\Users\Matthew\Desktop\COMPONENTS.reg
[2012/08/16 12:03:38 | 000,028,918 | ---- | C] () -- C:\Users\Matthew\Desktop\cc_20120816_120335.reg
[2012/08/16 11:58:30 | 000,285,328 | ---- | C] () -- C:\Windows\SysNative\aswBoot.exe
[2012/08/16 11:58:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/08/15 17:59:01 | 046,608,717 | ---- | C] () -- C:\Users\Matthew\Desktop\UltimateEdge-Session-Disc2.mp3
[2012/08/15 17:58:56 | 025,988,283 | ---- | C] () -- C:\Users\Matthew\Desktop\UltimateEdge-Session-Disc1.mp3
[2012/08/13 19:08:07 | 000,027,520 | ---- | C] () -- C:\Users\Matthew\AppData\Local\dt.dat
[2012/08/08 14:49:53 | 000,850,525 | ---- | C] () -- C:\Users\Matthew\Desktop\stucert-csudh-id5-0612-MatthewNannen.pdf
[2012/08/07 15:45:24 | 000,126,746 | ---- | C] () -- C:\Users\Matthew\Desktop\cc_20120807_154449.reg
[2012/08/07 10:02:00 | 000,134,277 | ---- | C] () -- C:\Users\Matthew\Desktop\DSC00208.JPG
[2012/08/07 10:02:00 | 000,130,484 | ---- | C] () -- C:\Users\Matthew\Desktop\DSC00212.JPG
[2012/08/07 10:02:00 | 000,129,899 | ---- | C] () -- C:\Users\Matthew\Desktop\DSC00209.JPG
[2012/08/07 10:02:00 | 000,125,244 | ---- | C] () -- C:\Users\Matthew\Desktop\DSC00211.JPG
[2012/08/07 10:02:00 | 000,119,641 | ---- | C] () -- C:\Users\Matthew\Desktop\DSC00210.JPG
[2012/08/06 13:44:45 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/08/06 12:07:17 | 000,125,440 | ---- | C] () -- C:\Windows\SysNative\msiexec.exe
[2012/08/06 12:07:16 | 000,503,296 | ---- | C] () -- C:\Windows\SysNative\msihnd.dll
[2012/08/06 12:07:16 | 000,002,560 | ---- | C] () -- C:\Windows\SysNative\msimsg.dll
[2012/08/06 12:07:15 | 003,107,840 | ---- | C] () -- C:\Windows\SysNative\msi.dll
[2012/08/05 22:57:32 | 000,394,896 | ---- | C] () -- C:\Users\Matthew\Desktop\Workbook-Time-of-your-Life.pdf
[2012/07/29 19:09:08 | 000,000,123 | ---- | C] () -- C:\Users\Matthew\Desktop\Microsoft Fix it.url
[2012/07/22 20:25:03 | 004,714,934 | ---- | C] () -- C:\Users\Matthew\Desktop\DSC00320.JPG
[2012/07/22 20:09:22 | 005,537,597 | ---- | C] () -- C:\Users\Matthew\Desktop\DSC00324.JPG
[2012/07/02 14:02:06 | 000,131,952 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/29 19:54:43 | 000,001,468 | -HS- | C] () -- C:\Users\Matthew\AppData\Local\bqh70wo72tt1twwqttqt207053l6aeu716i30ciksj3
[2011/12/29 19:54:43 | 000,001,468 | -HS- | C] () -- C:\ProgramData\bqh70wo72tt1twwqttqt207053l6aeu716i30ciksj3
[2011/08/29 01:08:15 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/06/18 17:08:24 | 000,000,126 | ---- | C] () -- C:\Windows\wininit.ini
[2011/06/16 17:17:36 | 000,001,460 | ---- | C] () -- C:\Users\Matthew\AppData\Local\d3d9caps64.dat
[2010/12/02 19:38:59 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\DLEAinst.dll
[2010/12/02 19:38:59 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleacomx.dll
[2010/12/02 19:38:58 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dleainpa.dll
[2010/12/02 19:38:58 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaiesc.dll
[2010/12/02 19:38:58 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dleainsr.dll
[2010/12/02 19:38:58 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dleajswr.dll
[2010/12/02 19:38:57 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dleapmui.dll
[2010/12/02 19:38:57 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dleainsb.dll
[2010/12/02 19:38:57 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleacur.dll
[2010/12/02 19:38:56 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dleains.dll
[2010/12/02 19:38:56 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleacu.dll
[2010/12/02 19:38:56 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleacub.dll
[2010/12/02 19:38:55 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaserv.dll
[2010/12/02 19:38:55 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\dleausb1.dll
[2010/12/02 19:38:54 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\dlealmpm.dll
[2010/12/02 19:38:54 | 000,319,488 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaih.exe
[2010/12/02 19:38:53 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dleahbn3.dll
[2010/12/02 19:38:53 | 000,593,920 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacoms.exe
[2010/12/02 19:38:51 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomc.dll
[2010/12/02 19:38:51 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomm.dll
[2010/12/02 19:38:50 | 000,368,640 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacfg.exe
[2010/12/02 19:38:49 | 000,086,180 | ---- | C] () -- C:\Windows\SysWow64\DLEAcfg.dll
[2010/12/02 19:28:34 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\DLEAsm.dll
[2010/12/02 19:28:34 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\DLEAsmr.dll
[2010/02/13 21:55:59 | 000,000,680 | ---- | C] () -- C:\Users\Matthew\AppData\Local\d3d9caps.dat
[2009/04/23 12:21:27 | 000,009,626 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\wklnhst.dat
[2009/02/27 13:37:44 | 000,024,576 | ---- | C] () -- C:\Users\Matthew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/08/05 23:14:15 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Ashampoo
[2012/07/04 15:51:48 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\AVG
[2012/07/02 14:01:55 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/15 22:41:20 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\CheeseSoft
[2012/07/02 12:36:49 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\com.adobe.dmp.contentviewer
[2012/01/01 17:01:40 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\com.w3i.FlipToast
[2012/01/15 19:14:23 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\DMCache
[2009/03/01 18:50:21 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\DriverCure
[2011/07/06 16:16:02 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\f-secure
[2012/01/08 17:59:27 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\GlarySoft
[2012/04/30 15:42:48 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\ICAClient
[2012/08/07 14:48:28 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\IDM
[2012/04/28 14:47:03 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\ImTOO
[2010/02/14 02:33:44 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\INAC
[2012/01/08 12:46:31 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\IObit
[2012/08/06 12:18:07 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\MSNInstaller
[2011/07/06 14:07:07 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\muvee Technologies
[2010/08/09 18:34:43 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\NETGEAR Live Parental Controls
[2009/02/27 13:23:48 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\OfficeGuardian
[2011/12/27 23:10:19 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\SharePod
[2012/07/02 13:09:03 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/10/11 13:54:08 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\StreamTorrent
[2009/04/23 12:21:31 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Template
[2010/08/06 15:24:46 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Unity
[2010/12/16 21:30:50 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\V310-V510 Series
[2009/10/14 20:09:09 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\WinBatch
[2011/07/05 22:14:59 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\WinPatrol
[2012/08/16 21:25:47 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-17 13:01:19
-----------------------------
13:01:19.641 OS Version: Windows x64 6.0.6001 Service Pack 1
13:01:19.641 Number of processors: 2 586 0xF0D
13:01:19.641 ComputerName: ALTOCIRRUS-PC UserName: Matthew
13:01:20.764 Initialize success
13:01:20.935 AVAST engine defs: 12081700
13:01:24.586 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
13:01:24.633 Disk 0 Vendor: ST3360320AS 3.CHQ Size: 343399MB BusType: 3
13:01:24.664 Disk 0 MBR read successfully
13:01:24.664 Disk 0 MBR scan
13:01:24.679 Disk 0 unknown MBR code
13:01:24.679 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 330956 MB offset 63
13:01:24.711 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12440 MB offset 677799360
13:01:24.773 Disk 0 scanning C:\Windows\system32\drivers
13:01:43.839 Service scanning
13:02:21.030 Modules scanning
13:02:21.030 Disk 0 trace - called modules:
13:02:21.076 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys
13:02:21.076 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ad9790]
13:02:21.607 3 CLASSPNP.SYS[fffffa6000fcdb3a] -> nt!IofCallDriver -> [0xfffffa8004876520]
13:02:21.607 5 acpi.sys[fffffa60008feff6] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8004875940]
13:02:24.181 AVAST engine scan C:\Windows
13:02:49.975 AVAST engine scan C:\Windows\system32
13:06:28.804 AVAST engine scan C:\Windows\system32\drivers
13:07:31.501 AVAST engine scan C:\Users\Matthew
13:16:43.792 AVAST engine scan C:\ProgramData
13:21:14.376 Scan finished successfully
13:23:20.798 Disk 0 MBR has been saved successfully to "C:\Users\Matthew\Desktop\MBR.dat"
13:23:20.814 The log file has been saved successfully to "C:\Users\Matthew\Desktop\aswMBR.txt"


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.17.07

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Matthew :: ALTOCIRRUS-PC [administrator]

8/17/2012 1:30:45 PM
mbam-log-2012-08-17 (13-30-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235195
Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I understand your instructions, thanks so much.

matt111
matt111
Regular Member
 
Posts: 24
Joined: June 17th, 2011, 12:08 am

Re: Malware bytes says it was corrupted

Unread postby maxi » August 18th, 2012, 4:07 am

Hi matt111 :)

Your Java is out of date, Please follow the instructions below to remove the old version and to install the latest version.
Step 1
Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Java Auto Updater
Java(TM) 6 Update 26


You can get the latest version of Java from here, Save the file to your Desktop, Right-Click on the file and select "Run as Administrator" to run it and follow the instructions.

Step 2
Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 3
Please download MGA Diagnostic Tool and save it to your Desktop.

  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

In your next reply please include:
The log from MGADiag.exe
The log from CKScanner.exe
Any problems you had with my instructions.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Malware bytes says it was corrupted

Unread postby matt111 » August 18th, 2012, 3:38 pm

Maxi,

I installed the java and have the ckfile. Although, when I click CONTINUE on the MGA Diagnostic tool, about thirty seconds later it goes to Validation info: screen(on the same WINDOWS tab in MGA). I click copy nothing happens. I tried it several times.


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-27HYQ-XTKW2-WQD8Q
Windows Product Key Hash: U8YEZzymoD4DMyaMb32rPrNIS90=
Windows Product ID: 89583-OEM-7332157-00061
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6001.2.00010300.1.0.003
ID: {FB1A080C-ACA5-43FB-B558-721B10028451}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000009
Build lab: 6001.vistasp1_gdr.101014-0432
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office XP Professional with FrontPage - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{FB1A080C-ACA5-43FB-B558-721B10028451}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-WQD8Q</PKey><PID>89583-OEM-7332157-00061</PID><PIDType>2</PIDType><SID>S-1-5-21-3389329001-2147706668-1598446199</SID><SYSTEM><Manufacturer>HP-Pavilion</Manufacturer><Model>FK545AA-ABA a6647c</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>5.17</Version><SMBIOSVersion major="2" minor="5"/><Date>20080729000000.000000+000</Date></BIOS><HWID>C2303507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>US Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90280409-6000-11D3-8CFE-0050048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office XP Professional with FrontPage</Name><Ver>10</Ver><Val>39476F84C4B4004</Val><Hash>4iCnywwNW1w4s9ukTIwGMGxyGic=</Hash><Pid>54185-640-0000025-17286</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="10" Result="114"/><App Id="16" Version="10" Result="114"/><App Id="17" Version="10" Result="114"/><App Id="18" Version="10" Result="114"/><App Id="1A" Version="10" Result="114"/><App Id="1B" Version="10" Result="114"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89583-00146-321-500061-02-1033-6001.0000-2762008
Installation ID: 020891362944981341788040292964981294751945337830061550
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: WQD8Q
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: NgAAAAEABAABAAEAAQACAAAAAgABAAEA6GEs+NJbNtUC4uzFxnSyVHJs8vQwio1iCn2sViqF

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-CPC
FACP HPQOEM SLIC-CPC
HPET HPQOEM SLIC-CPC
MCFG HPQOEM SLIC-CPC
SLIC HPQOEM SLIC-CPC
SSDT HPQOEM SLIC-CPC

Thank you,

matt111
matt111
Regular Member
 
Posts: 24
Joined: June 17th, 2011, 12:08 am

Re: Malware bytes says it was corrupted

Unread postby maxi » August 18th, 2012, 4:23 pm

Hi matt111 :)

I'm not sure I'm with you. You say that you dont have the MGA log but you have posted it, And you say you have a CK log but you didn't post that. Could you post the CKscanner log please ?

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Malware bytes says it was corrupted

Unread postby matt111 » August 18th, 2012, 7:58 pm

Maxi,

Sorry, I have no idea how that happened. CKS below:




CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.TVBCHM
----- EOF -----



Thanks again,

matt111
matt111
Regular Member
 
Posts: 24
Joined: June 17th, 2011, 12:08 am

Re: Malware bytes says it was corrupted

Unread postby maxi » August 19th, 2012, 11:40 am

Matt,

Your logs show that your copy of Microsoft Office to be an Illegal copy. As per the forum rules this topic will now be closed.
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Malware bytes says it was corrupted

Unread postby deltalima » August 19th, 2012, 11:49 am

Unlicensed software

There are clear signs in the logs that you have software installed for which you do not have a valid license.

Our forum policy Here says we will not help people who use cracked or pirated software.

This topic will now be closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware