Jump to content

Recommended Posts

This morning MBAM Pro listed quarantine failures for two instances of Trojan.backdoor.MRX. See excerpt from the MBAM log. I have not used or updated the two infected files listed in the log for many months. Don't know why this infection just occured.

MBAM Pro log excerpt:

2013/02/15 10:54:10 -0600 DYKES OWner DETECTION C:\Program Files\ImgBurn\uninstall.exe Trojan.Backdoor.MRX QUARANTINE

2013/02/15 10:56:57 -0600 DYKES OWner DETECTION c:\program files\imgburn\uninstall.exe Trojan.Backdoor.MRX QUARANTINE

2013/02/15 10:56:58 -0600 DYKES OWner ERROR Quarantine failed: SDKQuarantine failed with error code 2

2013/02/15 11:37:00 -0600 DYKES (null) MESSAGE Starting protection

2013/02/15 11:37:00 -0600 DYKES (null) MESSAGE Protection started successfully

2013/02/15 11:37:00 -0600 DYKES (null) MESSAGE Starting IP protection

2013/02/15 11:37:04 -0600 DYKES (null) MESSAGE IP Protection started successfully

2013/02/15 11:37:43 -0600 DYKES OWner DETECTION C:\Fraps\uninstall.exe Trojan.Backdoor.MRX QUARANTINE

2013/02/15 11:37:48 -0600 DYKES OWner DETECTION c:\fraps\uninstall.exe Trojan.Backdoor.MRX QUARANTINE

2013/02/15 11:37:48 -0600 DYKES OWner ERROR Quarantine failed: SDKQuarantine failed with error code 2

2013/02/15 11:38:42 -0600 DYKES OWner DETECTION c:\fraps\uninstall.exe Trojan.Backdoor.MRX QUARANTINE

2013/02/15 11:38:42 -0600 DYKES OWner ERROR Quarantine failed: SDKQuarantine failed with error code 2

DDS logs follow:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.13.2

Run by OWner at 11:52:21 on 2013-02-15

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2046.1190 [GMT -6:00]

.

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\SLsvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\crypserv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\nHancer\nHancerService.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\Windows\system32\locator.exe

C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe

C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe

C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Twonky\TwonkyServer\TwonkyServer.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

C:\Windows\System32\nvraidservice.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Windows\ehome\ehtray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Twonky\TwonkyServer\twonkytray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://att.my.yahoo.com

uProxyOverride = <local>;*.local

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [spybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\twonky~1.lnk - c:\program files\twonky\twonkyserver\twonkytray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: EnableLUA = dword:0

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://echat.bellsouth.net/sdccommon/download/tgctlcm.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab

DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab

DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.readyforcrysis.com/sysreqlab2.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://www.doylevisualmedia.com/activex/AMC.cab

DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{42F161C1-1530-4842-AA50-EC6ADC091243} : DHCPNameServer = 192.168.1.254

Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - <orphaned>

Notify: GoToAssist - c:\program files\citrix\gotoassist\896\G2AWinLogon.dll

STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - c:\windows\system32\DreamScene.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\2ympkwwi.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3284023&SearchSource=3&q={searchTerms}&CUI=UN38638266132837151

FF - prefs.js: browser.startup.homepage - hxxp://att.net/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3284023&SearchSource=2&CUI=UN38638266132837151&UM=UM_ID&q=

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll

FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\owner\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071705000014.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - ExtSQL: !HIDDEN! 2009-08-14 01:55; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-8-31 36000]

R1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;c:\windows\system32\drivers\VSPE.sys [2011-7-2 25984]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-11 83392]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-5 21504]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-28 398184]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-10-23 682344]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-10-26 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]

R2 TwonkyProxy;TwonkyProxy;c:\program files\twonky\twonkyserver\twonkyproxy.exe -start --> c:\program files\twonky\twonkyserver\twonkyproxy.exe -start [?]

R2 TwonkyServer;TwonkyServer;c:\program files\twonky\twonkyserver\twonkystarter.exe -serviceversion 0 --> c:\program files\twonky\twonkyserver\twonkystarter.exe -serviceversion 0 [?]

R2 TwonkyWebDav;TwonkyWebDav;c:\program files\twonky\twonkyserver\twonkywebdav.exe -start --> c:\program files\twonky\twonkyserver\twonkywebdav.exe -start [?]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-10-23 21104]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-8-31 86224]

S2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-8-31 110032]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c9be0d3d443554;Google Update Service (gupdate1c9be0d3d443554);c:\program files\google\update\GoogleUpdate.exe [2009-4-15 133104]

S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-7-12 12672]

S3 PIXMCV;Victor Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [2004-6-3 33792]

S3 PIXMCVA;Victor PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [2004-3-20 38144]

S3 PIXMCVV;Victor PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [2004-3-27 32768]

S3 Ser2rs;Radioshack USB to Serial Driver;c:\windows\system32\drivers\ser2rs.sys [2007-6-25 76288]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar; [x]

.

=============== Created Last 30 ================

.

2013-02-14 10:54:55 -------- d-----w- c:\program files\Conduit

2013-02-14 10:54:49 -------- d-----w- c:\users\owner\appdata\local\Conduit

2013-02-14 10:54:36 -------- d-----w- c:\users\owner\appdata\local\CRE

2013-02-14 10:49:48 813976 ----a-w- c:\program files\mozilla firefox\sqlite3.dll

2013-02-14 10:47:04 -------- d-----w- c:\users\owner\appdata\local\VisualBeeExe

2013-02-14 10:45:13 -------- d-----w- c:\program files\Free Window Registry Repair

2013-02-14 10:44:36 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2013-02-14 10:44:28 -------- d-----w- c:\programdata\VisualBee

2013-02-14 10:44:28 -------- d-----w- c:\programdata\Strongvault Online Backup

2013-02-14 10:44:19 -------- d-sh--w- C:\AI_RecycleBin

2013-02-14 10:39:39 -------- d-----w- c:\users\owner\appdata\local\Coupon Companion Plugin

2013-02-14 09:08:12 -------- d-----w- c:\programdata\TwonkyServer

2013-02-14 09:08:06 -------- d-----w- c:\users\owner\appdata\roaming\TwonkyServer

2013-02-14 08:26:59 -------- d-----w- c:\program files\Twonky

2013-02-13 17:11:41 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-13 17:11:41 2048512 ----a-w- c:\windows\system32\win32k.sys

2013-02-13 17:11:40 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-02-13 17:11:40 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-02-13 17:11:40 1314816 ----a-w- c:\windows\system32\quartz.dll

2013-02-12 05:30:18 -------- d-----w- c:\program files\Western Digital

2013-02-12 01:55:52 -------- d-----w- C:\RegBackup

2013-02-12 01:54:07 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs

2013-02-12 01:53:56 -------- d-----w- c:\program files\Tweaking.com

2013-02-10 08:26:08 650752 ----a-w- c:\windows\system32\xvidcore.dll

2013-02-10 08:26:08 4102656 ----a-w- c:\windows\system32\x264vfw.dll

2013-02-10 08:26:08 243200 ----a-w- c:\windows\system32\xvidvfw.dll

2013-02-10 08:26:08 216064 ----a-w- c:\windows\system32\lagarith.dll

2013-02-10 08:26:07 178688 ----a-w- c:\windows\system32\unrar.dll

2013-02-10 08:26:07 151552 ----a-w- c:\windows\system32\ac3acm.acm

2013-02-10 08:26:06 112640 ----a-w- c:\windows\system32\ff_vfw.dll

2013-02-10 08:26:04 -------- d-----w- c:\program files\K-Lite Codec Pack

2013-02-10 07:56:39 -------- d-----w- c:\users\owner\appdata\local\ElevatedDiagnostics

2013-02-07 06:24:18 -------- d-----w- c:\program files\Handbrake

2013-02-06 00:32:03 103832 ----a-w- c:\users\owner\GoToAssistDownloadHelper.exe

2013-02-03 19:33:56 -------- d-sh--w- C:\$RECYCLE.BIN

2013-02-03 04:25:03 -------- d-----w- c:\programdata\InstallMate

2013-02-03 04:23:53 -------- d-----w- c:\users\owner\appdata\local\Macromedia

2013-02-03 04:22:01 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-02-03 04:06:30 861088 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-02-03 04:06:17 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-02-02 04:44:38 -------- d-----w- c:\users\owner\appdata\local\temp

2013-01-20 05:54:56 -------- d-----w- c:\program files\Mozilla Firefox(18)

.

==================== Find3M ====================

.

2013-02-08 09:23:28 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-03 04:05:53 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 22:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-20 04:22:50 204288 ----a-w- c:\windows\system32\ncrypt.dll

2007-07-06 23:29:39 694668 ----a-w- c:\program files\unins000.exe

2001-09-28 22:00:28 164864 ----a-w- c:\program files\UNWISE.EXE

.

============= FINISH: 11:53:22.21 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 3/24/2007 12:58:52 AM

System Uptime: 2/15/2013 11:36:20 AM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5N-E SLI

Processor: Intel® Core2 CPU 6700 @ 2.66GHz | Socket 775 | 2666/266mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 373 GiB total, 184.545 GiB free.

D: is CDROM ()

F: is CDROM ()

H: is Removable

I: is Removable

X: is NetworkDisk (NTFS) - 930 GiB total, 908.232 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: USB\VID_062A&PID_0201&MI_01\6&2BF301B4&0&0001

Manufacturer:

Name:

PNP Device ID: USB\VID_062A&PID_0201&MI_01\6&2BF301B4&0&0001

Service:

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

AAV ColorLab 32-bit 1.0.10.0

Active Sky Advanced Upgrade From ASX

Active Sky Evolution

Active Sky X

ADDS Flight Path Tool

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.5)

Amateur Contact Log 3.0

Amateur Contact Log 3.0 (C:\Program Files\ACLog 3.0\)

AOPA's Real-Time Flight Planner 1.2.2

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ARCS II Version 1.20

ArcSoft PhotoImpression 5

ASUSUpdate

AT&T Yahoo! Messenger

ATT eChat Support Tools

AutoUpdate

Avira Free Antivirus

AXIS Media Control Embedded

Bonjour

Carenado Mooney M20J FSX

Carenado Piper Cherokee 180F

CCleaner (remove only)

Citrix Presentation Server Client - Web Only

Citrix XenApp Web Plugin

Compatibility Pack for the 2007 Office system

CoreAVC Professional Edition (remove only)

CPUID CPU-Z 1.51

CrystalDiskMark 3.0.1c

De-Kooy-Texel-FA

DivX Codec

DJ_SF_03_D1500_Software_Min

DVD Architect Studio 5.0

DVDFab 8.1.8.5 (24/05/2012) Qt

DX Atlas 2.25

DXKeeper

DXLabLauncher

E-Trac Xchange

Eagle CUDA 240 S/GPS Demo

Eastern 206 - ATC Flight

EasyPal 26/MAY/09

EPSON TWAIN 5

ESET Online Scanner

ESET Online Scanner v3

EtracEm-V1-en

Exif Pilot 4.4

EZNEC Demo v. 5.0

EZNEC v. 5.0

Flight Simulator X

Flight Simulator X Service Pack 1

Flight1 Citation Mustang

FormatFactory 2.70

Fraps (remove only)

Free Window Registry Repair

FS Water Configurator 3.15

FSX Bonus Multiplayer Racing Missions

GameShadow

Geek Squad 24 Hour Computer Support

GeoAlert-Extreme Wizard 4.1.44

GIMP 2.6.4

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist Corporate

GSpot Codec Information Appliance

H&R Block Deluxe + Efile + State 2009

H&R Block Mississippi 2009

Ham CAP 1.61

Ham Radio Deluxe

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Deskjet D1500 Printer Driver 10.0 Rel .3

iCloud

ImgBurn

IonoProbe 1.36

ISO Recorder

ITS HF Propagation 2008.01.21

ITS HF Propagation 2009.03.26

iTunes

Java 7 Update 13

Java Auto Updater

Juniper Networks, Inc. Setup Client

Juniper Networks, Inc. Setup Client Activex Control

K-Lite Mega Codec Pack 9.7.5

LightScribe 1.4.142.1

LightScribe Applications

LightScribe Diagnostic Utility

Lightscribe Extended Label Contrast Utility

link700

Malwarebytes Anti-Malware version 1.70.0.1100

Media Player Classic - Home Cinema v1.5.1.2903

MetaFrame Presentation Server Web Client for Win32

Metal Detectives University

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Flight Simulator X

Microsoft Flight Simulator X Service Pack 1

Microsoft Flight Simulator X: Acceleration

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Word Viewer 2003

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

mini Ring Core Calculator 1.2

MobileMe Control Panel

Mooney 20J High Definition Virtual Cockpit

Morse Machine

Move Media Player

Movie Studio Platinum 12.0

Mozilla Firefox 18.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT Redists

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Net Logger

nHancer

NVIDIA Control Panel 306.97

NVIDIA Drivers

NVIDIA Graphics Driver 306.97

NVIDIA Install Application

NVIDIA nTune

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.3.5

NVIDIA Update Components

OGA Notifier 2.0.0048.0

OpenOffice.org Installer 1.0

PC Probe II

Pdf995 (installed by TaxCut)

PdfEdit995 (installed by TaxCut)

PMapServer7

QuickTime

Radar Contact Version 4.3

Real Environment Xtreme

Real Environment Xtreme 2.0

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.0

RefManager 1.0

RevLoad

Safari

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Silent Hunter 5

Silent Hunter Wolves of the Pacific

SpeedFan (remove only)

Spelling Dictionaries Support For Adobe Reader 8

SpotCollector

Spybot - Search & Destroy

SpywareBlaster 4.6

System Requirements Lab

TaxCut Mississippi 2007

TaxCut Premium + State 2007

Toolbox

Treasure Valley

TrustedQSL 1.13

Twonky 7

Ubisoft Game Launcher

UI-View32

Uninstall Digital Binoculars Driver

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Veetle TV 0.9.17

Vegas Movie Studio HD Platinum 11.0

Visualizer Photo Resize

VLC media player 1.1.11

VOAProp

vShare Plugin

W6ELProp

WD Discovery Software

WinCAP Wizard 5.0.10

Windows 7 Upgrade Advisor

Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)

Windows Media Encoder 9 Series

Windows Media Player Firefox Plugin

WinPatrol

WinRAR archiver

XPax

Yahoo! BrowserPlus 2.9.8

.

==== End Of File ===========================

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.