Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple instances of iexplorer.exe


  • Please log in to reply
4 replies to this topic

#1 deeyk

deeyk

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 08 December 2012 - 06:34 AM

Hi guys. Just two days ago I was infected with System Progressive Protection. I seem to have removed it and it has never returned, but I noticed that there are multiple instances of iexplorer.exe in my task manager that keep popping up whenever I try to end it. Also, my computer cannot stream videos as fast anymore, if that has any relation to the iexplorer.

Thanks!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:42 PM

Posted 08 December 2012 - 10:34 AM

Hello,If you have multiple IE processes open, and no IE windows open - then you've most likely got an infection that's "phoning home". We need some info.



MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 deeyk

deeyk
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 08 December 2012 - 04:50 PM

Hi boopme, thank you for your reply.

MiniToolBox by Farbar Version: 25-11-2012
Ran by Darian (administrator) on 08-12-2012 at 11:30:18
Running from "C:\Documents and Settings\Darian\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : pc-darian

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-13-72-35-30-76

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Saturday, December 08, 2012 11:12:26 AM

Lease Expires . . . . . . . . . . : Sunday, December 09, 2012 11:12:26 AM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.224.162, 74.125.224.163, 74.125.224.164, 74.125.224.165
74.125.224.166, 74.125.224.167, 74.125.224.168, 74.125.224.169, 74.125.224.174
74.125.224.160, 74.125.224.161



Pinging google.com [74.125.224.163] with 32 bytes of data:



Reply from 74.125.224.163: bytes=32 time=56ms TTL=54

Reply from 74.125.224.163: bytes=32 time=58ms TTL=54



Ping statistics for 74.125.224.163:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 56ms, Maximum = 58ms, Average = 57ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=82ms TTL=52

Reply from 72.30.38.140: bytes=32 time=160ms TTL=52



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 82ms, Maximum = 160ms, Average = 121ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 72 35 30 76 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.3 192.168.1.3 20
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 20
192.168.1.3 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 20
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 20
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/07/2012 10:55:50 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1713.5056kb26980231033643finstallx865.1.2600.2.3.0.2560

Error: (12/07/2012 10:55:46 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{8F736E10-8E5C-4399-A532-D0C00A406227}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log.

Error: (12/07/2012 10:55:45 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Error: (12/07/2012 10:51:52 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Update for Outlook 2003 Junk E-mail Filter (KB2760492): OUTLFLTR' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (12/07/2012 10:51:52 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM.

Error: (12/04/2012 04:42:27 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/04/2012 04:38:33 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (12/04/2012 04:36:44 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (12/04/2012 04:20:00 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Error: (12/04/2012 04:20:00 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.


System errors:
=============
Error: (12/07/2012 11:53:12 PM) (Source: Service Control Manager) (User: )
Description: The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

Error: (12/07/2012 11:12:23 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 001372353076 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (12/07/2012 10:55:51 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023).

Error: (12/07/2012 10:51:52 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8024002d: Update for Outlook 2003 Junk E-mail Filter (KB2760492).

Error: (12/07/2012 08:01:58 AM) (Source: 0) (User: )
Description: 192.168.1.24C:0F:6E:D3:79:EA

Error: (12/07/2012 08:01:58 AM) (Source: 0) (User: )
Description: 192.168.1.24C:0F:6E:D3:79:EA

Error: (12/06/2012 08:27:19 PM) (Source: Dhcp) (User: )
Description: The IP address lease 98.150.131.137 for the Network Card with network address 001372353076 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (12/06/2012 08:26:33 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.100.2 on the
Network Card with network address 001372353076.

Error: (12/06/2012 06:04:36 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{5B72C6A4-4AD1-4BE6-96F4-B4BFA1C7FAF4} because another computer on the network has the same name. The server could not start.

Error: (12/06/2012 05:44:48 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.3 for the Network Card with network address 001372353076 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).


Microsoft Office Sessions:
=========================
Error: (12/07/2012 10:55:50 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1713.5056kb26980231033643finstallx865.1.2600.2.3.0.2560

Error: (12/07/2012 10:55:46 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{8F736E10-8E5C-4399-A532-D0C00A406227}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log

Error: (12/07/2012 10:55:45 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (12/07/2012 10:51:52 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Update for Outlook 2003 Junk E-mail Filter (KB2760492): OUTLFLTR1603(NULL)

Error: (12/07/2012 10:51:52 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM.(NULL)(NULL)(NULL)

Error: (12/04/2012 04:42:27 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset4.1.522.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (12/04/2012 04:38:33 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (12/04/2012 04:36:44 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (12/04/2012 04:20:00 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206

Error: (12/04/2012 04:20:00 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp448007043C


=========================== Installed Programs ============================

µTorrent (Version: 3.0.0)
7-Zip 9.20
Adobe Flash Player 10 ActiveX (Version: 10.3.181.34)
Adobe Flash Player 10 Plugin (Version: 10.3.183.10)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Athlon 64 Processor Driver (Version: 1.3.2.0)
ATI - Software Uninstall Utility (Version: 6.14.10.1022)
ATI Catalyst Control Center (Version: 2.010.0210.2338)
ATI Display Driver (Version: 8.593.100-100210a-095952E-ATI)
Bonjour (Version: 3.0.0.10)
Broadcom 440x 10/100 Integrated Controller (Version: 8.06.09)
Call of Duty® 4 - Modern Warfare™ (Version: 1.00.0000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455)
Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455)
Catalyst Control Center Localization All (Version: 2010.0210.2339.42455)
ccc-core-preinstall (Version: 2010.0210.2339.42455)
ccc-core-static (Version: 2010.0210.2339.42455)
ccc-utility (Version: 2010.0210.2339.42455)
CCC Help Chinese Standard (Version: 2010.0210.2338.42455)
CCC Help Chinese Traditional (Version: 2010.0210.2338.42455)
CCC Help Czech (Version: 2010.0210.2338.42455)
CCC Help Danish (Version: 2010.0210.2338.42455)
CCC Help Dutch (Version: 2010.0210.2338.42455)
CCC Help English (Version: 2010.0210.2338.42455)
CCC Help Finnish (Version: 2010.0210.2338.42455)
CCC Help French (Version: 2010.0210.2338.42455)
CCC Help German (Version: 2010.0210.2338.42455)
CCC Help Greek (Version: 2010.0210.2338.42455)
CCC Help Hungarian (Version: 2010.0210.2338.42455)
CCC Help Italian (Version: 2010.0210.2338.42455)
CCC Help Japanese (Version: 2010.0210.2338.42455)
CCC Help Korean (Version: 2010.0210.2338.42455)
CCC Help Norwegian (Version: 2010.0210.2338.42455)
CCC Help Polish (Version: 2010.0210.2338.42455)
CCC Help Portuguese (Version: 2010.0210.2338.42455)
CCC Help Russian (Version: 2010.0210.2338.42455)
CCC Help Spanish (Version: 2010.0210.2338.42455)
CCC Help Swedish (Version: 2010.0210.2338.42455)
CCC Help Thai (Version: 2010.0210.2338.42455)
CCC Help Turkish (Version: 2010.0210.2338.42455)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Counter-Strike
Counter-Strike: Source
Dell Resource CD (Version: 1.00.0000)
DragonNest
Google Chrome (Version: 23.0.1271.95)
iTunes (Version: 10.6.1.7)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 29 (Version: 6.0.290)
JDownloader 0.9 (Version: 0.9)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
MapleStory
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Office Professional Edition 2003 (Version: 11.0.7969.0)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSVCRT (Version: 14.0.1468.721)
Nexon Game Manager
NVIDIA Drivers
NVIDIA PhysX v8.10.29 (Version: 8.10.29)
Pando Media Booster (Version: 2.3.6.0)
QuickTime (Version: 7.70.80.34)
Revo Uninstaller 1.94 (Version: 1.94)
Segoe UI (Version: 14.0.4327.805)
SigmaTel Audio (Version: 5.10.4820.0)
Skins (Version: 2010.0210.2339.42455)
Skype Toolbars (Version: 5.5.7896)
Skype™ 5.10 (Version: 5.10.116)
Steam (Version: 1.0.0.0)
TI-Nspire CAS Student Software (Version: 3.1.0.392)
Trillian
UBCD4Win 3.60
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VLC media player 1.1.11 (Version: 1.1.11)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) (Version: 05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.01 (32-bit) (Version: 4.01.0)

========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 1022.42 MB
Available physical RAM: 475.95 MB
Total Pagefile: 2458.71 MB
Available Pagefile: 1650.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.43 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.04 GB) (Free:35.29 GB) NTFS

========================= Users: ========================================

User accounts for \\PC-DARIAN

Administrator ASPNET Darian
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****




11:33:43.0546 1416 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:33:44.0171 1416 ============================================================
11:33:44.0171 1416 Current date / time: 2012/12/08 11:33:44.0171
11:33:44.0171 1416 SystemInfo:
11:33:44.0171 1416
11:33:44.0171 1416 OS Version: 5.1.2600 ServicePack: 3.0
11:33:44.0171 1416 Product type: Workstation
11:33:44.0171 1416 ComputerName: PC-DARIAN
11:33:44.0171 1416 UserName: Darian
11:33:44.0171 1416 Windows directory: C:\WINDOWS
11:33:44.0171 1416 System windows directory: C:\WINDOWS
11:33:44.0171 1416 Processor architecture: Intel x86
11:33:44.0171 1416 Number of processors: 1
11:33:44.0171 1416 Page size: 0x1000
11:33:44.0171 1416 Boot type: Normal boot
11:33:44.0171 1416 ============================================================
11:33:45.0078 1416 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
11:33:45.0078 1416 ============================================================
11:33:45.0078 1416 \Device\Harddisk0\DR0:
11:33:45.0078 1416 MBR partitions:
11:33:45.0078 1416 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
11:33:45.0078 1416 ============================================================
11:33:45.0109 1416 C: <-> \Device\Harddisk0\DR0\Partition1
11:33:45.0109 1416 ============================================================
11:33:45.0109 1416 Initialize success
11:33:45.0109 1416 ============================================================
11:34:01.0875 2096 ============================================================
11:34:01.0875 2096 Scan started
11:34:01.0875 2096 Mode: Manual; TDLFS;
11:34:01.0875 2096 ============================================================
11:34:01.0937 2096 ================ Scan system memory ========================
11:34:01.0937 2096 System memory - ok
11:34:01.0953 2096 ================ Scan services =============================
11:34:02.0062 2096 Abiosdsk - ok
11:34:02.0062 2096 abp480n5 - ok
11:34:02.0109 2096 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:34:02.0125 2096 ACPI - ok
11:34:02.0156 2096 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:34:02.0171 2096 ACPIEC - ok
11:34:02.0171 2096 adpu160m - ok
11:34:02.0218 2096 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:34:02.0218 2096 aec - ok
11:34:02.0265 2096 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:34:02.0265 2096 AFD - ok
11:34:02.0265 2096 Aha154x - ok
11:34:02.0281 2096 aic78u2 - ok
11:34:02.0296 2096 aic78xx - ok
11:34:02.0328 2096 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:34:02.0328 2096 Alerter - ok
11:34:02.0343 2096 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:34:02.0343 2096 ALG - ok
11:34:02.0343 2096 AliIde - ok
11:34:02.0390 2096 [ EFBB0956BAED786E137351B5CA272AEF ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
11:34:02.0390 2096 AmdK8 - ok
11:34:02.0390 2096 amsint - ok
11:34:02.0500 2096 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:34:02.0500 2096 Apple Mobile Device - ok
11:34:02.0546 2096 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:34:02.0546 2096 AppMgmt - ok
11:34:02.0546 2096 asc - ok
11:34:02.0562 2096 asc3350p - ok
11:34:02.0578 2096 asc3550 - ok
11:34:02.0687 2096 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:34:02.0687 2096 aspnet_state - ok
11:34:02.0718 2096 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:34:02.0718 2096 AsyncMac - ok
11:34:02.0765 2096 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
11:34:02.0765 2096 atapi - ok
11:34:02.0765 2096 Atdisk - ok
11:34:02.0828 2096 [ 471087B5E1E01CC82604E81EA14781D8 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:34:03.0218 2096 Ati HotKey Poller - ok
11:34:03.0265 2096 [ B979BA0120B6DB757196A8E2E873FE3C ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
11:34:03.0281 2096 ATI Smart - ok
11:34:03.0390 2096 [ C0B86ECB324E50F6BBD529F9D5C6B24B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:34:04.0093 2096 ati2mtag - ok
11:34:04.0093 2096 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:34:04.0109 2096 Atmarpc - ok
11:34:04.0125 2096 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:34:04.0125 2096 AudioSrv - ok
11:34:04.0156 2096 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:34:04.0156 2096 audstub - ok
11:34:04.0187 2096 [ 78E7B52DA292FA90BAD2F887BBF22159 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
11:34:04.0187 2096 bcm4sbxp - ok
11:34:04.0218 2096 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:34:04.0218 2096 Beep - ok
11:34:04.0265 2096 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:34:04.0281 2096 BITS - ok
11:34:04.0343 2096 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:34:04.0359 2096 Bonjour Service - ok
11:34:04.0390 2096 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
11:34:04.0406 2096 Browser - ok
11:34:04.0531 2096 catchme - ok
11:34:04.0562 2096 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:34:04.0578 2096 cbidf2k - ok
11:34:04.0625 2096 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:34:04.0625 2096 CCDECODE - ok
11:34:04.0625 2096 cd20xrnt - ok
11:34:04.0640 2096 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:34:04.0656 2096 Cdaudio - ok
11:34:04.0687 2096 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:34:04.0687 2096 Cdfs - ok
11:34:04.0734 2096 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:34:04.0734 2096 Cdrom - ok
11:34:04.0734 2096 cerc6 - ok
11:34:04.0750 2096 Changer - ok
11:34:04.0765 2096 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:34:04.0765 2096 CiSvc - ok
11:34:04.0781 2096 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:34:04.0781 2096 ClipSrv - ok
11:34:04.0843 2096 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:34:04.0843 2096 clr_optimization_v2.0.50727_32 - ok
11:34:04.0890 2096 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:34:04.0937 2096 clr_optimization_v4.0.30319_32 - ok
11:34:04.0937 2096 CmdIde - ok
11:34:04.0953 2096 COMSysApp - ok
11:34:04.0968 2096 Cpqarray - ok
11:34:04.0984 2096 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:34:04.0984 2096 CryptSvc - ok
11:34:05.0000 2096 dac2w2k - ok
11:34:05.0000 2096 dac960nt - ok
11:34:05.0062 2096 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:34:05.0078 2096 DcomLaunch - ok
11:34:05.0093 2096 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:34:05.0093 2096 Dhcp - ok
11:34:05.0109 2096 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:34:05.0109 2096 Disk - ok
11:34:05.0125 2096 dmadmin - ok
11:34:05.0187 2096 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:34:05.0250 2096 dmboot - ok
11:34:05.0296 2096 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:34:05.0296 2096 dmio - ok
11:34:05.0312 2096 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:34:05.0312 2096 dmload - ok
11:34:05.0343 2096 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:34:05.0343 2096 dmserver - ok
11:34:05.0375 2096 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:34:05.0375 2096 DMusic - ok
11:34:05.0406 2096 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:34:05.0406 2096 Dnscache - ok
11:34:05.0437 2096 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:34:05.0437 2096 Dot3svc - ok
11:34:05.0453 2096 dpti2o - ok
11:34:05.0468 2096 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:34:05.0468 2096 drmkaud - ok
11:34:05.0468 2096 EagleXNt - ok
11:34:05.0500 2096 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:34:05.0500 2096 EapHost - ok
11:34:05.0515 2096 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:34:05.0515 2096 ERSvc - ok
11:34:05.0531 2096 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:34:05.0531 2096 Eventlog - ok
11:34:05.0578 2096 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:34:05.0578 2096 EventSystem - ok
11:34:05.0609 2096 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:34:05.0609 2096 Fastfat - ok
11:34:05.0640 2096 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:34:05.0656 2096 FastUserSwitchingCompatibility - ok
11:34:05.0656 2096 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
11:34:05.0671 2096 Fdc - ok
11:34:05.0671 2096 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:34:05.0671 2096 Fips - ok
11:34:05.0687 2096 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
11:34:05.0687 2096 Flpydisk - ok
11:34:05.0718 2096 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:34:05.0718 2096 FltMgr - ok
11:34:05.0781 2096 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:34:05.0781 2096 FontCache3.0.0.0 - ok
11:34:05.0781 2096 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:34:05.0796 2096 Fs_Rec - ok
11:34:05.0796 2096 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:34:05.0812 2096 Ftdisk - ok
11:34:05.0828 2096 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:34:05.0828 2096 GEARAspiWDM - ok
11:34:05.0859 2096 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:34:05.0859 2096 Gpc - ok
11:34:05.0890 2096 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:34:05.0890 2096 HDAudBus - ok
11:34:05.0921 2096 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:34:05.0921 2096 helpsvc - ok
11:34:05.0937 2096 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
11:34:05.0937 2096 HidServ - ok
11:34:05.0968 2096 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:34:05.0968 2096 hidusb - ok
11:34:05.0984 2096 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:34:05.0984 2096 hkmsvc - ok
11:34:05.0984 2096 hpn - ok
11:34:06.0031 2096 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:34:06.0046 2096 HTTP - ok
11:34:06.0078 2096 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:34:06.0078 2096 HTTPFilter - ok
11:34:06.0078 2096 i2omgmt - ok
11:34:06.0093 2096 i2omp - ok
11:34:06.0109 2096 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
11:34:06.0109 2096 i8042prt - ok
11:34:06.0187 2096 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:34:06.0218 2096 idsvc - ok
11:34:06.0234 2096 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:34:06.0234 2096 Imapi - ok
11:34:06.0281 2096 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:34:06.0281 2096 ImapiService - ok
11:34:06.0281 2096 ini910u - ok
11:34:06.0296 2096 IntelIde - ok
11:34:06.0328 2096 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:34:06.0328 2096 Ip6Fw - ok
11:34:06.0343 2096 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:34:06.0343 2096 IpFilterDriver - ok
11:34:06.0375 2096 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:34:06.0375 2096 IpInIp - ok
11:34:06.0406 2096 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:34:06.0406 2096 IpNat - ok
11:34:06.0453 2096 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:34:06.0484 2096 iPod Service - ok
11:34:06.0500 2096 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:34:06.0500 2096 IPSec - ok
11:34:06.0546 2096 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:34:06.0546 2096 IRENUM - ok
11:34:06.0562 2096 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:34:06.0562 2096 isapnp - ok
11:34:06.0671 2096 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
11:34:06.0671 2096 JavaQuickStarterService - ok
11:34:06.0703 2096 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:34:06.0703 2096 Kbdclass - ok
11:34:06.0718 2096 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:34:06.0718 2096 kbdhid - ok
11:34:06.0750 2096 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:34:06.0765 2096 kmixer - ok
11:34:06.0781 2096 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:34:06.0781 2096 KSecDD - ok
11:34:06.0812 2096 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
11:34:06.0812 2096 LanmanServer - ok
11:34:06.0843 2096 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:34:06.0843 2096 lanmanworkstation - ok
11:34:06.0859 2096 lbrtfdc - ok
11:34:06.0890 2096 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:34:06.0890 2096 LmHosts - ok
11:34:06.0953 2096 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:34:06.0968 2096 MDM - ok
11:34:06.0984 2096 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:34:06.0984 2096 Messenger - ok
11:34:07.0000 2096 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:34:07.0000 2096 mnmdd - ok
11:34:07.0031 2096 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:34:07.0031 2096 mnmsrvc - ok
11:34:07.0062 2096 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:34:07.0062 2096 Modem - ok
11:34:07.0093 2096 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:34:07.0093 2096 Mouclass - ok
11:34:07.0109 2096 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:34:07.0109 2096 mouhid - ok
11:34:07.0125 2096 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:34:07.0125 2096 MountMgr - ok
11:34:07.0156 2096 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:34:07.0156 2096 MozillaMaintenance - ok
11:34:07.0203 2096 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:34:07.0203 2096 MpFilter - ok
11:34:07.0281 2096 [ A69630D039C38018689190234F866D77 ] MpKsl37a6972c c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{948954DB-3536-4B1C-A029-6F9358428379}\MpKsl37a6972c.sys
11:34:07.0281 2096 MpKsl37a6972c - ok
11:34:07.0296 2096 mraid35x - ok
11:34:07.0312 2096 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:34:07.0328 2096 MRxDAV - ok
11:34:07.0359 2096 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:34:07.0375 2096 MRxSmb - ok
11:34:07.0453 2096 [ B03E3F64B70F8031E65EB26DA23DE91A ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
11:34:07.0453 2096 MSCamSvc - ok
11:34:07.0484 2096 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:34:07.0484 2096 MSDTC - ok
11:34:07.0531 2096 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:34:07.0531 2096 Msfs - ok
11:34:07.0562 2096 [ 7A0F9CBDBDB135113B9A3C138E20C85D ] MSHUSBVideo C:\WINDOWS\system32\Drivers\nx6000.sys
11:34:07.0562 2096 MSHUSBVideo - ok
11:34:07.0562 2096 MSIServer - ok
11:34:07.0609 2096 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:34:07.0609 2096 MSKSSRV - ok
11:34:07.0656 2096 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:34:07.0656 2096 MsMpSvc - ok
11:34:07.0671 2096 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:34:07.0671 2096 MSPCLOCK - ok
11:34:07.0703 2096 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:34:07.0703 2096 MSPQM - ok
11:34:07.0750 2096 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:34:07.0750 2096 mssmbios - ok
11:34:07.0796 2096 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
11:34:07.0796 2096 MSTEE - ok
11:34:07.0828 2096 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:34:07.0828 2096 Mup - ok
11:34:07.0875 2096 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:34:07.0875 2096 NABTSFEC - ok
11:34:07.0921 2096 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:34:07.0937 2096 napagent - ok
11:34:07.0953 2096 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:34:07.0953 2096 NDIS - ok
11:34:08.0000 2096 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:34:08.0000 2096 NdisIP - ok
11:34:08.0046 2096 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:34:08.0046 2096 NdisTapi - ok
11:34:08.0078 2096 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:34:08.0078 2096 Ndisuio - ok
11:34:08.0093 2096 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:34:08.0093 2096 NdisWan - ok
11:34:08.0125 2096 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:34:08.0125 2096 NDProxy - ok
11:34:08.0140 2096 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:34:08.0140 2096 NetBIOS - ok
11:34:08.0156 2096 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:34:08.0171 2096 NetBT - ok
11:34:08.0203 2096 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:34:08.0203 2096 NetDDE - ok
11:34:08.0203 2096 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:34:08.0218 2096 NetDDEdsdm - ok
11:34:08.0234 2096 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:34:08.0234 2096 Netlogon - ok
11:34:08.0250 2096 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:34:08.0250 2096 Netman - ok
11:34:08.0296 2096 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:34:08.0296 2096 NetTcpPortSharing - ok
11:34:08.0328 2096 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:34:08.0343 2096 Nla - ok
11:34:08.0343 2096 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:34:08.0343 2096 Npfs - ok
11:34:08.0375 2096 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:34:08.0390 2096 Ntfs - ok
11:34:08.0406 2096 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:34:08.0406 2096 NtLmSsp - ok
11:34:08.0437 2096 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:34:08.0453 2096 NtmsSvc - ok
11:34:08.0468 2096 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:34:08.0468 2096 Null - ok
11:34:08.0484 2096 [ A0B3F3A5049931657164F0FFCF0B208E ] nvgts C:\WINDOWS\system32\drivers\nvgts.sys
11:34:08.0484 2096 nvgts - ok
11:34:08.0515 2096 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:34:08.0515 2096 NwlnkFlt - ok
11:34:08.0531 2096 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:34:08.0531 2096 NwlnkFwd - ok
11:34:08.0531 2096 OMCI - ok
11:34:08.0562 2096 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:34:08.0562 2096 ose - ok
11:34:08.0593 2096 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
11:34:08.0593 2096 Parport - ok
11:34:08.0609 2096 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:34:08.0609 2096 PartMgr - ok
11:34:08.0640 2096 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:34:08.0640 2096 ParVdm - ok
11:34:08.0640 2096 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:34:08.0640 2096 PCI - ok
11:34:08.0656 2096 PCIDump - ok
11:34:08.0656 2096 PCIIde - ok
11:34:08.0687 2096 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:34:08.0687 2096 Pcmcia - ok
11:34:08.0703 2096 PDCOMP - ok
11:34:08.0703 2096 PDFRAME - ok
11:34:08.0718 2096 PDRELI - ok
11:34:08.0718 2096 PDRFRAME - ok
11:34:08.0734 2096 perc2 - ok
11:34:08.0734 2096 perc2hib - ok
11:34:08.0781 2096 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:34:08.0781 2096 PlugPlay - ok
11:34:08.0843 2096 [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
11:34:08.0843 2096 PnkBstrA - ok
11:34:08.0859 2096 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:34:08.0859 2096 PolicyAgent - ok
11:34:08.0875 2096 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:34:08.0875 2096 PptpMiniport - ok
11:34:08.0921 2096 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
11:34:08.0921 2096 Processor - ok
11:34:08.0921 2096 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:34:08.0921 2096 ProtectedStorage - ok
11:34:08.0937 2096 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:34:08.0937 2096 PSched - ok
11:34:08.0953 2096 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:34:08.0953 2096 Ptilink - ok
11:34:08.0953 2096 ql1080 - ok
11:34:08.0968 2096 Ql10wnt - ok
11:34:08.0968 2096 ql12160 - ok
11:34:08.0984 2096 ql1240 - ok
11:34:09.0000 2096 ql1280 - ok
11:34:09.0015 2096 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:34:09.0015 2096 RasAcd - ok
11:34:09.0031 2096 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:34:09.0031 2096 RasAuto - ok
11:34:09.0046 2096 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:34:09.0062 2096 Rasl2tp - ok
11:34:09.0093 2096 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:34:09.0093 2096 RasMan - ok
11:34:09.0093 2096 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:34:09.0109 2096 RasPppoe - ok
11:34:09.0109 2096 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:34:09.0109 2096 Raspti - ok
11:34:09.0140 2096 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:34:09.0140 2096 Rdbss - ok
11:34:09.0156 2096 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:34:09.0156 2096 RDPCDD - ok
11:34:09.0203 2096 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:34:09.0203 2096 rdpdr - ok
11:34:09.0234 2096 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:34:09.0250 2096 RDPWD - ok
11:34:09.0281 2096 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:34:09.0281 2096 RDSessMgr - ok
11:34:09.0296 2096 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:34:09.0312 2096 redbook - ok
11:34:09.0328 2096 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:34:09.0343 2096 RemoteAccess - ok
11:34:09.0359 2096 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:34:09.0359 2096 RemoteRegistry - ok
11:34:09.0390 2096 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:34:09.0390 2096 RpcLocator - ok
11:34:09.0421 2096 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
11:34:09.0421 2096 RpcSs - ok
11:34:09.0453 2096 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:34:09.0453 2096 RSVP - ok
11:34:09.0468 2096 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:34:09.0468 2096 SamSs - ok
11:34:09.0515 2096 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:34:09.0515 2096 SCardSvr - ok
11:34:09.0562 2096 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:34:09.0562 2096 Schedule - ok
11:34:09.0593 2096 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:34:09.0593 2096 Secdrv - ok
11:34:09.0609 2096 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:34:09.0609 2096 seclogon - ok
11:34:09.0625 2096 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:34:09.0625 2096 SENS - ok
11:34:09.0640 2096 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
11:34:09.0640 2096 Serial - ok
11:34:09.0671 2096 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:34:09.0671 2096 Sfloppy - ok
11:34:09.0687 2096 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:34:09.0687 2096 SharedAccess - ok
11:34:09.0718 2096 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:34:09.0718 2096 ShellHWDetection - ok
11:34:09.0718 2096 Simbad - ok
11:34:09.0781 2096 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
11:34:09.0781 2096 SkypeUpdate - ok
11:34:09.0796 2096 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:34:09.0796 2096 SLIP - ok
11:34:09.0812 2096 Sparrow - ok
11:34:09.0843 2096 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:34:09.0843 2096 splitter - ok
11:34:09.0890 2096 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:34:09.0890 2096 Spooler - ok
11:34:09.0937 2096 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:34:09.0937 2096 sr - ok
11:34:09.0953 2096 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:34:09.0968 2096 srservice - ok
11:34:10.0000 2096 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:34:10.0046 2096 Srv - ok
11:34:10.0078 2096 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:34:10.0093 2096 SSDPSRV - ok
11:34:10.0109 2096 Steam Client Service - ok
11:34:10.0171 2096 [ 8990440E4B2A7CA5A56A1833B03741FD ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
11:34:10.0234 2096 STHDA - ok
11:34:10.0265 2096 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:34:10.0281 2096 stisvc - ok
11:34:10.0312 2096 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:34:10.0312 2096 streamip - ok
11:34:10.0328 2096 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:34:10.0328 2096 swenum - ok
11:34:10.0343 2096 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:34:10.0359 2096 swmidi - ok
11:34:10.0359 2096 SwPrv - ok
11:34:10.0375 2096 symc810 - ok
11:34:10.0375 2096 symc8xx - ok
11:34:10.0390 2096 sym_hi - ok
11:34:10.0390 2096 sym_u3 - ok
11:34:10.0406 2096 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:34:10.0421 2096 sysaudio - ok
11:34:10.0437 2096 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:34:10.0437 2096 SysmonLog - ok
11:34:10.0500 2096 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:34:10.0500 2096 TapiSrv - ok
11:34:10.0515 2096 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:34:10.0531 2096 Tcpip - ok
11:34:10.0562 2096 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:34:10.0578 2096 TDPIPE - ok
11:34:10.0578 2096 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:34:10.0578 2096 TDTCP - ok
11:34:10.0609 2096 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:34:10.0609 2096 TermDD - ok
11:34:10.0625 2096 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:34:10.0640 2096 TermService - ok
11:34:10.0656 2096 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:34:10.0656 2096 Themes - ok
11:34:10.0687 2096 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:34:10.0687 2096 TlntSvr - ok
11:34:10.0687 2096 TosIde - ok
11:34:10.0718 2096 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:34:10.0734 2096 TrkWks - ok
11:34:10.0765 2096 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:34:10.0765 2096 Udfs - ok
11:34:10.0765 2096 ultra - ok
11:34:10.0812 2096 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:34:10.0843 2096 Update - ok
11:34:10.0875 2096 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:34:10.0890 2096 upnphost - ok
11:34:10.0921 2096 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:34:10.0921 2096 UPS - ok
11:34:10.0968 2096 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
11:34:10.0968 2096 USBAAPL - ok
11:34:11.0000 2096 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
11:34:11.0000 2096 usbaudio - ok
11:34:11.0031 2096 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:34:11.0031 2096 usbccgp - ok
11:34:11.0062 2096 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:34:11.0062 2096 usbehci - ok
11:34:11.0078 2096 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:34:11.0078 2096 usbhub - ok
11:34:11.0109 2096 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:34:11.0109 2096 usbohci - ok
11:34:11.0140 2096 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:34:11.0140 2096 usbscan - ok
11:34:11.0156 2096 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:34:11.0171 2096 USBSTOR - ok
11:34:11.0187 2096 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
11:34:11.0203 2096 usbvideo - ok
11:34:11.0203 2096 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:34:11.0203 2096 VgaSave - ok
11:34:11.0218 2096 ViaIde - ok
11:34:11.0234 2096 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:34:11.0234 2096 VolSnap - ok
11:34:11.0281 2096 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:34:11.0281 2096 VSS - ok
11:34:11.0328 2096 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:34:11.0328 2096 W32Time - ok
11:34:11.0343 2096 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:34:11.0343 2096 Wanarp - ok
11:34:11.0343 2096 WDICA - ok
11:34:11.0390 2096 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:34:11.0390 2096 wdmaud - ok
11:34:11.0421 2096 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:34:11.0421 2096 WebClient - ok
11:34:11.0484 2096 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:34:11.0500 2096 winmgmt - ok
11:34:11.0546 2096 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:34:11.0546 2096 WmdmPmSN - ok
11:34:11.0578 2096 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:34:11.0609 2096 Wmi - ok
11:34:11.0640 2096 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:34:11.0656 2096 WmiApSrv - ok
11:34:11.0734 2096 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
11:34:11.0765 2096 WMPNetworkSvc - ok
11:34:11.0890 2096 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:34:11.0953 2096 WPFFontCache_v0400 - ok
11:34:12.0000 2096 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:34:12.0000 2096 WS2IFSL - ok
11:34:12.0031 2096 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:34:12.0046 2096 wscsvc - ok
11:34:12.0062 2096 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:34:12.0062 2096 WSTCODEC - ok
11:34:12.0093 2096 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:34:12.0093 2096 wuauserv - ok
11:34:12.0125 2096 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:34:12.0125 2096 WudfPf - ok
11:34:12.0140 2096 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:34:12.0140 2096 WudfRd - ok
11:34:12.0156 2096 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:34:12.0156 2096 WudfSvc - ok
11:34:12.0203 2096 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:34:12.0218 2096 WZCSVC - ok
11:34:12.0250 2096 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:34:12.0250 2096 xmlprov - ok
11:34:12.0265 2096 ================ Scan global ===============================
11:34:12.0296 2096 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:34:12.0343 2096 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:34:12.0359 2096 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:34:12.0390 2096 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:34:12.0390 2096 [Global] - ok
11:34:12.0390 2096 ================ Scan MBR ==================================
11:34:12.0406 2096 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:34:12.0687 2096 \Device\Harddisk0\DR0 - ok
11:34:12.0687 2096 ================ Scan VBR ==================================
11:34:12.0687 2096 [ F30A09C973CBDC4073F127C115F86682 ] \Device\Harddisk0\DR0\Partition1
11:34:12.0687 2096 \Device\Harddisk0\DR0\Partition1 - ok
11:34:12.0687 2096 ============================================================
11:34:12.0687 2096 Scan finished
11:34:12.0687 2096 ============================================================
11:34:12.0703 5124 Detected object count: 0
11:34:12.0703 5124 Actual detected object count: 0
11:35:08.0312 5476 Deinitialize success




Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.08.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Darian :: PC-DARIAN [administrator]

12/8/2012 11:43:13 AM
mbam-log-2012-12-08 (11-43-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196274
Time elapsed: 5 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:42 PM

Posted 08 December 2012 - 11:27 PM

looks good,are you having any issues?

If you do a Google search for multiple instances of iexplore.exe running in Task Manager, you will find thousands of complaints with various causes (malware and non-malware related).

There are some worms (i.e. W32/Lovgate-AD) which can launch iexplorer.exe but it usually drops the malicious file in the Windows directory or C:\Windows\system32 folder. One of the ways that malware tries to hide is to give itself the same name as a legitimate or critical system file like iexplore.exe. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. The legitimate iexplore.exe is located in the C:\Program Files\Internet Explorer folder. Be sure to confirm the spelling of the file. If it is iexplor.exe or iexplorer.exe, then it's malware.

While there are some malware infections which can launch iexplorer.exe, be aware that if Internet Explorer is open, the browser itself may be creating multiple instances in Task Manager. If you're not finding any malware after performing various security scans look more closely at your browser.

If using Internet Explorer 8 or Windows 7, the browser will run an extra instance of iexplorer.exe for each opened tab as part of the Loosely-Coupled IE and Automatic Crash Recovery features by design. ACR stores information about a browsing session on the hard disk so that in the event of a browser crash, hang, or other unexpected shutdown, it will allow you to resume the last browsing session. If using multiple tabs, ARC allows recovery of all opened tabs in case of a browser failure. Essentially that allows Internet Explorer to prevent itself from closing when a web site in one tab crashes. In order to this, Internet Explorer 8 will open a new process for the main window and another process with any opened tab. As such, it is not unusual to find multiple instances of iexplore.exe running in Task Manager. More information about ACR and LCIE can be found on the IEBlog: IE8 and Reliability and an explanation of multiple instances of iexplorer.exe is provided by Don Varnau (MS MVP-IE) here. One drawback of this new feature is that ACR has been reported to utilize high memory resources.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 deeyk

deeyk
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 09 December 2012 - 12:46 AM

Ah I see. Even though I don't use Internet explorer, it just seems odd that I have 6 of them running. Oh well. I don't really have any obvious problems. Thank you very much for working with me on this!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users