Solved iexplore.exe *32 all of a sudden causing huge memory issues upon boot

Hi all. Running Vista Ult 64 SP1, IE-7.

Until this morning all was fine, until I noticed that my RAM usage keeps climbing and climbing upon boot. I opened TM, and there is an instance of iexplore.exe *32 running, and that is waht is causing this huge memory climb. It also is affecting my CPU usage, which gets up to about 91%. Once I end task the service, all is fine. If I open IE, I see the iexplore.exe *32 appear in the TM, but it's fine - no mem climb. It's only upon boot that this happens.

I have done a virus scan - nothing.
I have checked msconfig - nothing there.
I have checked services.msc to see if there is something wierd set to startup - couldn't see anything.
I checked the registry: HKEY_CURRENT_USER\Software\Microsoft \Windows\CurrentVersion\Run - nothing there either.
I have done a system restore to a month ago, didn't help.

I am running a classic theme, and superfetch is turned off.

I am out of ideas as to where to look next.

I searched the internet a bit, and found some answers like, "d/l this .exe and run it!"....I am a little leary of doing that.

Anyone with any ideas?

Thanks in advance.
 

My Computer

Hello riffwraith and welcome to the forums :party:

Let's see where this thing is running from, then we can decide whether it's legit or not :) I would like you to download a script, SilentRunners.vbs, and run it. If you want to check the legitimacy of this script, just google "silentrunners malware removal forum" and you'll get hundreds of pages of malware removal experts using it.

Go to this page: Silent Runners - Adware? Disinfect, don't reformat!
Download the script.
Right click > Run as administrator

It should open a log upon completion of all of the possible startup locations on your computer, could you please copy and paste the results into your next post for us?

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Hey tom, thanks much for your time.

There was no "Run As Admin" option, but ran the script anyway. here is the body of the .txt:

"Silent Runners.vbs", revision 64, Silent Runners - Adware? Disinfect, don't reformat!
Operating System: Microsoft® Windows Vista™ Ultimate (64-bit)
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
MicroUpdate = C:\Users\Jeff\Documents\MSDCSC\msdcsc.exe [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
ccApp = "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [Symantec Corporation]
ccRegVfy = "C:\Program Files (x86)\Common Files\Symantec Shared\ccRegVfy.exe" [Symantec Corporation]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = Spybot-S&D IE Protection
\InProcServer32\(Default) = C:\PROGRA~2\SPYBOT~1\SDHelper.dll [Safer Networking Limited]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = NAV Helper
-> {HKLM…Wow…CLSID} = CNavExtBho Class
\InProcServer32\(Default) = C:\Program Files (x86)\Norton AntiVirus\NavShExt.dll [Symantec Corporation]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class
-> {HKLM…CLSID} = DesktopContext Class
\InProcServer32\(Default) = C:\Windows\system32\nvcpl.dll [NVIDIA Corporation]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} = Play on my TV helper
-> {HKLM…CLSID} = NVIDIA CPL Extension
\InProcServer32\(Default) = C:\Windows\system32\nvcpl.dll [NVIDIA Corporation]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{640167b4-59b0-47a6-b335-a6b3c0695aea} = Portable Media Devices
-> {HKLM…Wow…CLSID} = Portable Media Devices
\InProcServer32\(Default) = C:\Windows\system32\audiodev.dll [file not found]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension
-> {HKLM…Wow…CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal]
{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
-> {HKLM…Wow…CLSID} = 7-Zip Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> Userinit = C:\Windows\system32\userinit.exe,C:\Users\Jeff\Documents\MSDCSC\msdcsc.exe [MS], [MS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
MagicISO\(Default) = {DB85C504-C730-49DD-BEC1-7B39C6103B7A}
-> {HKLM…CLSID} = MShellExtMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\MagicISO\misosh64.dll [MagicISO, Inc.]
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
MagicISO\(Default) = {DB85C504-C730-49DD-BEC1-7B39C6103B7A}
-> {HKLM…CLSID} = MShellExtMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\MagicISO\misosh64.dll [MagicISO, Inc.]
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\
FileZilla3CopyHook\(Default) = {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}
-> {HKLM…CLSID} = FileZilla 3 Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [null data]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
NvCplDesktopContext\(Default) = {A70C977A-BF00-412C-90B7-034C51DA2439}
-> {HKLM…CLSID} = DesktopContext Class
\InProcServer32\(Default) = C:\Windows\system32\nvcpl.dll [NVIDIA Corporation]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
MagicISO\(Default) = {DB85C504-C730-49DD-BEC1-7B39C6103B7A}
-> {HKLM…CLSID} = MShellExtMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\MagicISO\misosh64.dll [MagicISO, Inc.]
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [null data]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
TaskbarNoNotification = (REG_DWORD) dword:0x00000001
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
EnableLUA = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
Wallpaper = C:\Windows\system32\config\systemprofile\Pictures\hong_kong_night_skyline21.jpg
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Jeff\Pictures\hong_kong_night_skyline21.jpg

Startup items in "Jeff" & "All Users" startup folders:
------------------------------------------------------
C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Vienna Ensemble Pro -> shortcut to: C:\Program Files\Vienna Ensemble Pro\Vienna Ensemble Pro x64.exe -server [Vienna Symphonic Library GmbH]

Windows Sidebar Gadgets:
------------------------
C:\Users\Jeff\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
%PROGRAMFILES%\windows sidebar\gadgets\Clock.gadget
%PROGRAMFILES%\windows sidebar\gadgets\SlideShow.Gadget
%PROGRAMFILES%\windows sidebar\gadgets\RSSFeeds.Gadget

Non-disabled Scheduled Tasks:
-----------------------------
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask-Roam -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
OptinNotification -> launches: %SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0 [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -i [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
Microsoft-Windows-DiskDiagnosticDataCollector -> (HIDDEN!) launches: %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) -gc [MS]
OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery [MS]
UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM…CLSID} = HotStart User Agent
\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]
TMM -> launches: {35EF4182-F900-4632-B072-8639E4478A61}
-> {HKLM…CLSID} = Transient Multi-Monitor Manager
\InProcServer32\(Default) = C:\Windows\System32\TMM.dll [MS]
-> {HKLM…Wow…CLSID} = Transient Multi-Monitor Manager
\InProcServer32\(Default) = C:\Windows\System32\TMM.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM…CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
-> {HKLM…Wow…CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection
NAPStatus UI -> launches: {f09878a1-4652-4292-aa63-8c7d4fd7648f}
-> {HKLM…CLSID} = Nap ITask Handler Implementation
\InProcServer32\(Default) = C:\Windows\System32\QAgent.dll [MS]
-> {HKLM…Wow…CLSID} = Nap ITask Handler Implementation
\InProcServer32\(Default) = C:\Windows\System32\QAgent.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System
ConvertLogEntries -> (HIDDEN!) launches: %windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RACAgent -> (HIDDEN!) launches: %windir%\system32\RacAgent.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Shell
CrawlStartPages -> launches: {51653423-e62d-4ff7-894a-dabb2b8e21e2}
-> {HKLM…CLSID} = CrawlStartPages Task Handler
\InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS]
-> {HKLM…Wow…CLSID} = CrawlStartPages Task Handler
\InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
-> {HKLM…CLSID} = GadgetsManager Class
\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 -> launches: rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM…CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM…Wow…CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM…CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
-> {HKLM…Wow…CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Wired
GatherWiredInfo -> launches: %windir%\system32\gatherWiredInfo.vbs [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Wireless
GatherWirelessInfo -> launches: %windir%\system32\gatherWirelessInfo.vbs [null data]
C:\Windows\System32\Tasks\Microsoft\Windows Defender
MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges [MS]

Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000006\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10

Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
{F2CF5485-4E02-4F68-819C-B92DE9277049}
-> {HKLM…CLSID} = &Links
\InProcServer32\(Default) = C:\Windows\system32\ieframe.dll [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus
-> {HKLM…Wow…CLSID} = Norton AntiVirus
\InProcServer32\(Default) = C:\Program Files (x86)\Norton AntiVirus\NavShExt.dll [Symantec Corporation]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
MenuText = Spybot - Search & Destroy Configuration
CLSIDExtension = {53707962-6F74-2D53-2644-206D7942484F}
-> {HKLM…Wow…CLSID} = Spybot-S&D IE Protection
\InProcServer32\(Default) = C:\PROGRA~2\SPYBOT~1\SDHelper.dll [Safer Networking Limited]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Certificate Propagation, CertPropSvc, C:\Windows\system32\svchost.exe -k netsvcs {C:\Windows\System32\certprop.dll [MS]}
Computer Browser, Browser, C:\Windows\System32\svchost.exe -k netsvcs {C:\Windows\System32\browser.dll [MS]}
HP Network Devices Support, HPSLPSVC, C:\Windows\system32\svchost.exe -k HPService {C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [Hewlett-Packard Co.]}
Human Interface Device Access, hidserv, C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted {C:\Windows\system32\hidserv.dll [MS]}
Net Driver HPZ12, Net Driver HPZ12, C:\Windows\System32\svchost.exe -k HPZ12 {C:\Windows\system32\HPZinw12.dll [Hewlett-Packard]}
Pml Driver HPZ12, Pml Driver HPZ12, C:\Windows\System32\svchost.exe -k HPZ12 {C:\Windows\system32\HPZipm12.dll [Hewlett-Packard]}
SymWMI Service, SymWSC, "C:\Program Files (x86)\Common Files\Symantec Shared\Security Center\SymWSC.exe" [Symantec Corporation]
Terminal Services Configuration, SessionEnv, C:\Windows\System32\svchost.exe -k netsvcs {C:\Windows\system32\sessenv.dll [MS]}
Terminal Services UserMode Port Redirector, UmRdpService, C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted {C:\Windows\System32\umrdp.dll [MS]}
Windows Driver Foundation - User-mode Driver Framework, wudfsvc, C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted {C:\Windows\System32\WUDFSvc.dll [MS]}
Windows Image Acquisition (WIA), stisvc, C:\Windows\system32\svchost.exe -k imgsvc {C:\Windows\System32\wiaservc.dll [MS]}

Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
<<!>> SYMTDI, Service

Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
hpf3l101.dll\Driver = hpf3l101.dll [Hewlett-Packard Company]

---------- (launch time: 2012-04-26 19:44:37)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 46 seconds, including 18 seconds for message boxes)
 

My Computer

Hey tom, thanks much for your time.

There was no "Run As Admin" option, but ran the script anyway. here is the body of the .txt:

You're most welcome :) Hopefully we'll be able to sort this out for you.

That log looks good to me, no unusual loading points for iexplorer.exe. Let's have a further look into the file though. I would like you to do a few things for me:

SFC Scan

  1. Open the start menu
  2. In the search box, type cmd
  3. Right click on cmd and select Run as administrator
  4. In command prompt, type:

    sfc /scannow

  5. Let it run and let me know if it finds any Integrity Violations


System Look

Please download SystemLook from one of the links below and save it to your Desktop.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :filefind
    iexplorer.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



It would be helpful to know the location of the file that runs on startup. Can you do the following for me please:

1. Reboot your computer so you are experiencing the iexplorer.exe problem.
2. Open task manager (can be done through a shortcut key: Ctrl + Shift + Escape) and right click on the offending line.
3. Now select Open file location - if it is available.
4. Copy and paste the folder path from the window that will open :)

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Thanks again for the time.

Did a sfc/scannow, and it says it found a corrupt file, but was unable to repair it. I can post the CBS.log, but it's friggin' long! The file it cannot repair, according to that log, is mobsync.exe. Here is a sampling of what it says:

2012-04-28 14:39:12, Info CSI 000000c9 [SR] Cannot repair member file [l:22{11}]"mobsync.exe" of Microsoft-Windows-mobsyncexe, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked

A r-click on the process in TM reveals that the location of the exe is here:

C:\Program Files (x86)\Internet Explorer

Ran SYSTEMLOOK, and here are the results:

SystemLook 30.07.11 by jpshortstuff
Log created at 15:08 on 28/04/2012 by Jeff
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========
Searching for "iexplorer.exe"
No files found.

-= EOF =-


Cheers.
 

My Computer

Since the problem just started this morning, I suggest that you try to do a system restore.
 

My Computer

System One

  • Operating System
    Vista Home Premium 64 bit SP2
    Manufacturer/Model
    Cyberpower
    CPU
    Intel Quad CPU Q6700 2.67 GHZ
    Motherboard
    NVIDIA 780i
    Memory
    4 GB
    Graphics Card(s)
    MSI GTX 560 TI Twin Frozr
    Sound Card
    Sound Blaster SB Audigy
    Monitor(s) Displays
    Viewsonic VG2436
    Screen Resolution
    1920x1080p
    Hard Drives
    Samsung HD 105SI
    WDC WD20
    Case
    Apevia XJupiter
    Cooling
    air
    Keyboard
    Logitech MX 3200
    Mouse
    Logitech MX 600
    Internet Speed
    30 Mbps
Thanks again for the time.

Did a sfc/scannow, and it says it found a corrupt file, but was unable to repair it. I can post the CBS.log, but it's friggin' long! The file it cannot repair, according to that log, is mobsync.exe. Here is a sampling of what it says:

2012-04-28 14:39:12, Info CSI 000000c9 [SR] Cannot repair member file [l:22{11}]"mobsync.exe" of Microsoft-Windows-mobsyncexe, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked

A r-click on the process in TM reveals that the location of the exe is here:

C:\Program Files (x86)\Internet Explorer

Ran SYSTEMLOOK, and here are the results:

SystemLook 30.07.11 by jpshortstuff
Log created at 15:08 on 28/04/2012 by Jeff
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========
Searching for "iexplorer.exe"
No files found.

-= EOF =-


Cheers.

The CBS log contains a lot of information, but we only need a snippet. Please can you go to this tutorial:

http://www.vistax64.com/tutorials/66978-system-files-sfc-command.html

In the yellow tip box at the top, you should see a set of instructions. Please follow step 1 only. Copy and paste sfcdetails.txt into your next post.

Oops, that was stupid of me :o No wonder it didn't find any results when I told you the wrong file name! Please can you repeat it with this script:

Code:
:filefind
iexplore.exe

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Ok, got it.

I booted this morning, and noticed that instead of iexplore.exe running up the ram, another service, called msdcsc.exe was doing it. Kinda weird that it had a different name, but there it was. A search of msdcsc.exe yielded several results, and I deleted the exe from my HD, and also some registry entires, and now all is good!

Now onto my next issue....
 
Last edited:

My Computer

From what I can find, that file is the executable file for a trojan. You might want to run malwarebytes or spyhunter.
 

My Computer

System One

  • Operating System
    Vista Home Premium 64 bit SP2
    Manufacturer/Model
    Cyberpower
    CPU
    Intel Quad CPU Q6700 2.67 GHZ
    Motherboard
    NVIDIA 780i
    Memory
    4 GB
    Graphics Card(s)
    MSI GTX 560 TI Twin Frozr
    Sound Card
    Sound Blaster SB Audigy
    Monitor(s) Displays
    Viewsonic VG2436
    Screen Resolution
    1920x1080p
    Hard Drives
    Samsung HD 105SI
    WDC WD20
    Case
    Apevia XJupiter
    Cooling
    air
    Keyboard
    Logitech MX 3200
    Mouse
    Logitech MX 600
    Internet Speed
    30 Mbps
Yes, wither is completely right. You appear to have an infection called: Troj/Fynloski-B. Getting you clean is the first priority :) As well as following wither's advice, could you tell me what registry keys you deleted?

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Did a malwarebytes scan, and a Spybot scan, and neither found Troj/Fynloski-B, or anything similiar.

The reg keys I deleted was:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\msdcsc.exe”
 

My Computer

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Ok, d/l the latest updates for Spybot and MBytes, did another scan, and neither found anything.

Did a registry search for Fynloski, unchecking Match Whole String Only, and nothing was found.

Did a sfc/scannow again, and got the same result as last time: it says it found a corrupt file, but was unable to repair it.

So, earlier in this thread, you said:

The CBS log contains a lot of information, but we only need a snippet. Please can you go to this tutorial:

System Files - SFC Command

In the yellow tip box at the top, you should see a set of instructions. Please follow step 1 only. Copy and paste sfcdetails.txt into your next post.

So here is the c&p of the sfc details, as outlined in that post:

---------------------------------------------------------

2012-05-07 12:11:32, Info CSI 00000006 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:11:32, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2012-05-07 12:11:33, Info CSI 00000009 [SR] Verify complete
2012-05-07 12:11:33, Info CSI 0000000a [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:11:33, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2012-05-07 12:11:35, Info CSI 0000000d [SR] Verify complete
2012-05-07 12:11:35, Info CSI 0000000e [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:11:35, Info CSI 0000000f [SR] Beginning Verify and Repair transaction
2012-05-07 12:11:38, Info CSI 00000013 [SR] Verify complete
2012-05-07 12:11:38, Info CSI 00000014 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:11:38, Info CSI 00000015 [SR] Beginning Verify and Repair transaction
2012-05-07 12:11:41, Info CSI 00000018 [SR] Verify complete
2012-05-07 12:11:41, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:11:41, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2012-05-07 12:11:43, Info CSI 0000001e [SR] Verify complete
2012-05-07 12:11:43, Info CSI 0000001f [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:11:43, Info CSI 00000020 [SR] Beginning Verify and Repair transaction
2012-05-07 12:11:46, Info CSI 00000022 [SR] Verify complete
2012-05-07 12:11:46, Info CSI 00000023 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:11:46, Info CSI 00000024 [SR] Beginning Verify and Repair transaction
2012-05-07 12:11:50, Info CSI 00000046 [SR] Verify complete
2012-05-07 12:11:50, Info CSI 00000047 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:11:50, Info CSI 00000048 [SR] Beginning Verify and Repair transaction
2012-05-07 12:11:53, Info CSI 0000004d [SR] Verify complete
2012-05-07 12:11:53, Info CSI 0000004e [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:11:53, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
2012-05-07 12:11:56, Info CSI 00000051 [SR] Verify complete
2012-05-07 12:11:56, Info CSI 00000052 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:11:56, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2012-05-07 12:11:59, Info CSI 00000055 [SR] Verify complete
2012-05-07 12:11:59, Info CSI 00000056 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:11:59, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2012-05-07 12:12:04, Info CSI 00000059 [SR] Verify complete
2012-05-07 12:12:04, Info CSI 0000005a [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:12:04, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2012-05-07 12:12:10, Info CSI 00000073 [SR] Verify complete
2012-05-07 12:12:10, Info CSI 00000074 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:12:10, Info CSI 00000075 [SR] Beginning Verify and Repair transaction
2012-05-07 12:12:15, Info CSI 00000077 [SR] Verify complete
2012-05-07 12:12:15, Info CSI 00000078 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:12:15, Info CSI 00000079 [SR] Beginning Verify and Repair transaction
2012-05-07 12:12:25, Info CSI 0000007b [SR] Verify complete
2012-05-07 12:12:25, Info CSI 0000007c [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:12:25, Info CSI 0000007d [SR] Beginning Verify and Repair transaction
2012-05-07 12:12:31, Info CSI 0000007f [SR] Verify complete
2012-05-07 12:12:31, Info CSI 00000080 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:12:31, Info CSI 00000081 [SR] Beginning Verify and Repair transaction
2012-05-07 12:12:33, Info CSI 00000083 [SR] Verify complete
2012-05-07 12:12:33, Info CSI 00000084 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:12:33, Info CSI 00000085 [SR] Beginning Verify and Repair transaction
2012-05-07 12:12:34, Info CSI 00000087 [SR] Verify complete
2012-05-07 12:12:34, Info CSI 00000088 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:12:34, Info CSI 00000089 [SR] Beginning Verify and Repair transaction
2012-05-07 12:12:36, Info CSI 0000008b [SR] Verify complete
2012-05-07 12:12:36, Info CSI 0000008c [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:12:36, Info CSI 0000008d [SR] Beginning Verify and Repair transaction
2012-05-07 12:12:43, Info CSI 000000a0 [SR] Verify complete
2012-05-07 12:12:43, Info CSI 000000a1 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:12:43, Info CSI 000000a2 [SR] Beginning Verify and Repair transaction
2012-05-07 12:12:44, Info CSI 000000a4 [SR] Verify complete
2012-05-07 12:12:44, Info CSI 000000a5 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:12:44, Info CSI 000000a6 [SR] Beginning Verify and Repair transaction
2012-05-07 12:12:46, Info CSI 000000a8 [SR] Verify complete
2012-05-07 12:12:46, Info CSI 000000a9 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:12:46, Info CSI 000000aa [SR] Beginning Verify and Repair transaction
2012-05-07 12:12:49, Info CSI 000000ac [SR] Verify complete
2012-05-07 12:12:49, Info CSI 000000ad [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:12:49, Info CSI 000000ae [SR] Beginning Verify and Repair transaction
2012-05-07 12:12:53, Info CSI 000000b0 [SR] Verify complete
2012-05-07 12:12:53, Info CSI 000000b1 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:12:53, Info CSI 000000b2 [SR] Beginning Verify and Repair transaction
2012-05-07 12:12:56, Info CSI 000000b4 [SR] Verify complete
2012-05-07 12:12:56, Info CSI 000000b5 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:12:56, Info CSI 000000b6 [SR] Beginning Verify and Repair transaction
2012-05-07 12:12:59, Info CSI 000000b8 [SR] Verify complete
2012-05-07 12:12:59, Info CSI 000000b9 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:12:59, Info CSI 000000ba [SR] Beginning Verify and Repair transaction
2012-05-07 12:13:02, Info CSI 000000bc [SR] Verify complete
2012-05-07 12:13:02, Info CSI 000000bd [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:13:02, Info CSI 000000be [SR] Beginning Verify and Repair transaction
2012-05-07 12:13:05, Info CSI 000000c0 [SR] Verify complete
2012-05-07 12:13:05, Info CSI 000000c1 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:13:05, Info CSI 000000c2 [SR] Beginning Verify and Repair transaction
2012-05-07 12:13:08, Info CSI 000000c3 [SR] Cannot repair member file [l:22{11}]"mobsync.exe" of Microsoft-Windows-mobsyncexe, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2012-05-07 12:13:09, Info CSI 000000c9 [SR] Cannot repair member file [l:22{11}]"mobsync.exe" of Microsoft-Windows-mobsyncexe, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2012-05-07 12:13:11, Info CSI 000000dc [SR] Verify complete
2012-05-07 12:13:11, Info CSI 000000dd [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:13:11, Info CSI 000000de [SR] Beginning Verify and Repair transaction
2012-05-07 12:13:19, Info CSI 000000e0 [SR] Verify complete
2012-05-07 12:13:19, Info CSI 000000e1 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:13:19, Info CSI 000000e2 [SR] Beginning Verify and Repair transaction
2012-05-07 12:13:31, Info CSI 000000e4 [SR] Verify complete
2012-05-07 12:13:31, Info CSI 000000e5 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:13:31, Info CSI 000000e6 [SR] Beginning Verify and Repair transaction
2012-05-07 12:13:37, Info CSI 000000e8 [SR] Verify complete
2012-05-07 12:13:37, Info CSI 000000e9 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:13:37, Info CSI 000000ea [SR] Beginning Verify and Repair transaction
2012-05-07 12:13:42, Info CSI 000000ec [SR] Verify complete
2012-05-07 12:13:42, Info CSI 000000ed [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:13:42, Info CSI 000000ee [SR] Beginning Verify and Repair transaction
2012-05-07 12:13:45, Info CSI 000000f0 [SR] Verify complete
2012-05-07 12:13:45, Info CSI 000000f1 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:13:45, Info CSI 000000f2 [SR] Beginning Verify and Repair transaction
2012-05-07 12:13:48, Info CSI 000000f4 [SR] Verify complete
2012-05-07 12:13:48, Info CSI 000000f5 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:13:48, Info CSI 000000f6 [SR] Beginning Verify and Repair transaction
2012-05-07 12:13:50, Info CSI 000000fa [SR] Verify complete
2012-05-07 12:13:50, Info CSI 000000fb [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:13:50, Info CSI 000000fc [SR] Beginning Verify and Repair transaction
2012-05-07 12:13:57, Info CSI 000000fe [SR] Verify complete
2012-05-07 12:13:57, Info CSI 000000ff [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:13:57, Info CSI 00000100 [SR] Beginning Verify and Repair transaction
2012-05-07 12:14:03, Info CSI 00000102 [SR] Verify complete
2012-05-07 12:14:03, Info CSI 00000103 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:14:03, Info CSI 00000104 [SR] Beginning Verify and Repair transaction
2012-05-07 12:14:05, Info CSI 00000106 [SR] Verify complete
2012-05-07 12:14:05, Info CSI 00000107 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:14:05, Info CSI 00000108 [SR] Beginning Verify and Repair transaction
2012-05-07 12:14:12, Info CSI 0000010a [SR] Verify complete
2012-05-07 12:14:12, Info CSI 0000010b [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:14:12, Info CSI 0000010c [SR] Beginning Verify and Repair transaction
2012-05-07 12:14:15, Info CSI 0000010e [SR] Verify complete
2012-05-07 12:14:15, Info CSI 0000010f [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:14:15, Info CSI 00000110 [SR] Beginning Verify and Repair transaction
2012-05-07 12:14:18, Info CSI 00000112 [SR] Verify complete
2012-05-07 12:14:18, Info CSI 00000113 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:14:18, Info CSI 00000114 [SR] Beginning Verify and Repair transaction
2012-05-07 12:14:24, Info CSI 00000116 [SR] Verify complete
2012-05-07 12:14:24, Info CSI 00000117 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:14:24, Info CSI 00000118 [SR] Beginning Verify and Repair transaction
2012-05-07 12:14:32, Info CSI 0000011b [SR] Verify complete
2012-05-07 12:14:32, Info CSI 0000011c [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:14:32, Info CSI 0000011d [SR] Beginning Verify and Repair transaction
2012-05-07 12:14:34, Info CSI 0000011f [SR] Verify complete
2012-05-07 12:14:34, Info CSI 00000120 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:14:34, Info CSI 00000121 [SR] Beginning Verify and Repair transaction
2012-05-07 12:14:38, Info CSI 00000124 [SR] Verify complete
2012-05-07 12:14:38, Info CSI 00000125 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:14:38, Info CSI 00000126 [SR] Beginning Verify and Repair transaction
2012-05-07 12:14:41, Info CSI 00000128 [SR] Verify complete
2012-05-07 12:14:41, Info CSI 00000129 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:14:41, Info CSI 0000012a [SR] Beginning Verify and Repair transaction
2012-05-07 12:14:45, Info CSI 0000012d [SR] Verify complete
2012-05-07 12:14:45, Info CSI 0000012e [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:14:45, Info CSI 0000012f [SR] Beginning Verify and Repair transaction
2012-05-07 12:14:49, Info CSI 00000131 [SR] Verify complete
2012-05-07 12:14:49, Info CSI 00000132 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:14:49, Info CSI 00000133 [SR] Beginning Verify and Repair transaction
2012-05-07 12:14:52, Info CSI 00000135 [SR] Verify complete
2012-05-07 12:14:52, Info CSI 00000136 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:14:52, Info CSI 00000137 [SR] Beginning Verify and Repair transaction
2012-05-07 12:14:54, Info CSI 00000139 [SR] Verify complete
2012-05-07 12:14:54, Info CSI 0000013a [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:14:54, Info CSI 0000013b [SR] Beginning Verify and Repair transaction
2012-05-07 12:14:58, Info CSI 0000013d [SR] Verify complete
2012-05-07 12:14:58, Info CSI 0000013e [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:14:58, Info CSI 0000013f [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:01, Info CSI 00000141 [SR] Verify complete
2012-05-07 12:15:02, Info CSI 00000142 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:02, Info CSI 00000143 [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:04, Info CSI 00000145 [SR] Verify complete
2012-05-07 12:15:04, Info CSI 00000146 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:04, Info CSI 00000147 [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:07, Info CSI 00000149 [SR] Verify complete
2012-05-07 12:15:07, Info CSI 0000014a [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:07, Info CSI 0000014b [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:09, Info CSI 0000014d [SR] Verify complete
2012-05-07 12:15:09, Info CSI 0000014e [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:09, Info CSI 0000014f [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:13, Info CSI 00000159 [SR] Verify complete
2012-05-07 12:15:13, Info CSI 0000015a [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:13, Info CSI 0000015b [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:15, Info CSI 0000015d [SR] Verify complete
2012-05-07 12:15:15, Info CSI 0000015e [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:15, Info CSI 0000015f [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:16, Info CSI 00000161 [SR] Verify complete
2012-05-07 12:15:16, Info CSI 00000162 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:16, Info CSI 00000163 [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:19, Info CSI 00000165 [SR] Verify complete
2012-05-07 12:15:19, Info CSI 00000166 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:19, Info CSI 00000167 [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:22, Info CSI 0000016a [SR] Verify complete
2012-05-07 12:15:22, Info CSI 0000016b [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:22, Info CSI 0000016c [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:23, Info CSI 0000016e [SR] Verify complete
2012-05-07 12:15:23, Info CSI 0000016f [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:23, Info CSI 00000170 [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:25, Info CSI 00000174 [SR] Verify complete
2012-05-07 12:15:25, Info CSI 00000175 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:25, Info CSI 00000176 [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:27, Info CSI 0000017b [SR] Verify complete
2012-05-07 12:15:27, Info CSI 0000017c [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:27, Info CSI 0000017d [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:36, Info CSI 00000187 [SR] Verify complete
2012-05-07 12:15:36, Info CSI 00000188 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:36, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:38, Info CSI 0000018e [SR] Verify complete
2012-05-07 12:15:38, Info CSI 0000018f [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:38, Info CSI 00000190 [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:40, Info CSI 00000192 [SR] Verify complete
2012-05-07 12:15:40, Info CSI 00000193 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:40, Info CSI 00000194 [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:41, Info CSI 00000199 [SR] Verify complete
2012-05-07 12:15:41, Info CSI 0000019a [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:41, Info CSI 0000019b [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:43, Info CSI 000001a4 [SR] Verify complete
2012-05-07 12:15:43, Info CSI 000001a5 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:43, Info CSI 000001a6 [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:47, Info CSI 000001c4 [SR] Verify complete
2012-05-07 12:15:47, Info CSI 000001c5 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:47, Info CSI 000001c6 [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:48, Info CSI 000001c8 [SR] Verify complete
2012-05-07 12:15:48, Info CSI 000001c9 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:48, Info CSI 000001ca [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:49, Info CSI 000001cc [SR] Verify complete
2012-05-07 12:15:49, Info CSI 000001cd [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:49, Info CSI 000001ce [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:51, Info CSI 000001df [SR] Verify complete
2012-05-07 12:15:51, Info CSI 000001e0 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:51, Info CSI 000001e1 [SR] Beginning Verify and Repair transaction
2012-05-07 12:15:56, Info CSI 000001e3 [SR] Verify complete
2012-05-07 12:15:56, Info CSI 000001e4 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:15:56, Info CSI 000001e5 [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:01, Info CSI 000001f3 [SR] Verify complete
2012-05-07 12:16:01, Info CSI 000001f4 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:01, Info CSI 000001f5 [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:02, Info CSI 000001f7 [SR] Verify complete
2012-05-07 12:16:02, Info CSI 000001f8 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:02, Info CSI 000001f9 [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:05, Info CSI 000001fc [SR] Verify complete
2012-05-07 12:16:05, Info CSI 000001fd [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:05, Info CSI 000001fe [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:06, Info CSI 00000200 [SR] Verify complete
2012-05-07 12:16:06, Info CSI 00000201 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:06, Info CSI 00000202 [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:09, Info CSI 00000204 [SR] Verify complete
2012-05-07 12:16:09, Info CSI 00000205 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:09, Info CSI 00000206 [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:10, Info CSI 00000208 [SR] Verify complete
2012-05-07 12:16:10, Info CSI 00000209 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:10, Info CSI 0000020a [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:14, Info CSI 00000226 [SR] Verify complete
2012-05-07 12:16:14, Info CSI 00000227 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:14, Info CSI 00000228 [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:17, Info CSI 0000022a [SR] Verify complete
2012-05-07 12:16:17, Info CSI 0000022b [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:17, Info CSI 0000022c [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:24, Info CSI 0000022e [SR] Verify complete
2012-05-07 12:16:24, Info CSI 0000022f [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:24, Info CSI 00000230 [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:25, Info CSI 00000232 [SR] Verify complete
2012-05-07 12:16:25, Info CSI 00000233 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:25, Info CSI 00000234 [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:27, Info CSI 00000236 [SR] Verify complete
2012-05-07 12:16:27, Info CSI 00000237 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:27, Info CSI 00000238 [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:32, Info CSI 0000023b [SR] Verify complete
2012-05-07 12:16:32, Info CSI 0000023c [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:32, Info CSI 0000023d [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:33, Info CSI 0000023f [SR] Verify complete
2012-05-07 12:16:33, Info CSI 00000240 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:33, Info CSI 00000241 [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:35, Info CSI 00000243 [SR] Verify complete
2012-05-07 12:16:35, Info CSI 00000244 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:35, Info CSI 00000245 [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:37, Info CSI 00000247 [SR] Verify complete
2012-05-07 12:16:37, Info CSI 00000248 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:37, Info CSI 00000249 [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:38, Info CSI 0000024c [SR] Verify complete
2012-05-07 12:16:38, Info CSI 0000024d [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:38, Info CSI 0000024e [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:40, Info CSI 00000250 [SR] Verify complete
2012-05-07 12:16:40, Info CSI 00000251 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:40, Info CSI 00000252 [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:42, Info CSI 00000254 [SR] Verify complete
2012-05-07 12:16:42, Info CSI 00000255 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:42, Info CSI 00000256 [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:44, Info CSI 00000259 [SR] Verify complete
2012-05-07 12:16:44, Info CSI 0000025a [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:44, Info CSI 0000025b [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:47, Info CSI 0000025d [SR] Verify complete
2012-05-07 12:16:47, Info CSI 0000025e [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:47, Info CSI 0000025f [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:51, Info CSI 00000261 [SR] Verify complete
2012-05-07 12:16:51, Info CSI 00000262 [SR] Verifying 100 (0x0000000000000064) components
2012-05-07 12:16:51, Info CSI 00000263 [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:53, Info CSI 00000265 [SR] Verify complete
2012-05-07 12:16:53, Info CSI 00000266 [SR] Repairing 1 components
2012-05-07 12:16:53, Info CSI 00000267 [SR] Beginning Verify and Repair transaction
2012-05-07 12:16:53, Info CSI 00000268 [SR] Cannot repair member file [l:22{11}]"mobsync.exe" of Microsoft-Windows-mobsyncexe, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2012-05-07 12:16:53, Info CSI 00000269 [SR] Cannot repair member file [l:22{11}]"mobsync.exe" of Microsoft-Windows-mobsyncexe, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2012-05-07 12:16:53, Info CSI 0000026b [SR] Repair complete
2012-05-07 12:16:53, Info CSI 0000026c [SR] Committing transaction
2012-05-07 12:16:53, Info CSI 00000270 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired
 

My Computer

Thanks :) That's great. Unfortunately, it didn't shed any light on your problem. Can you do this for me please:

System Look

Please download SystemLook from one of the links below and save it to your Desktop.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :filefind
    iexplore.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
System look says this:

SystemLook 30.07.11 by jpshortstuff
Log created at 03:56 on 11/05/2012 by Jeff
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== filefind ==========
Searching for "iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe --a---- 675328 bytes [09:35 02/11/2006] [11:15 02/11/2006] C1D2955B400F4B9610673906D6E7FC4C
C:\Program Files (x86)\Internet Explorer\iexplore.exe --a---- 623616 bytes [12:12 02/11/2006] [09:45 02/11/2006] 8308F01F27DF839E0010B0F72F855E35
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe --a---- 199240 bytes [15:11 01/05/2012] [20:56 04/04/2012] 097D0E812D7A9A3101CE46CB2BE0474D
C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_8949d990d570e12b\iexplore.exe --a---- 675328 bytes [09:35 02/11/2006] [11:15 02/11/2006] C1D2955B400F4B9610673906D6E7FC4C
C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_939e83e309d1a326\iexplore.exe --a---- 623616 bytes [12:12 02/11/2006] [09:45 02/11/2006] 8308F01F27DF839E0010B0F72F855E35
-= EOF =-
 

My Computer

Back
Top