Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple rundll32.exe?


  • Please log in to reply
9 replies to this topic

#1 svknight

svknight

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 29 June 2013 - 03:56 PM

I don't know if I'm really infected or not but I've been having multiple rundll32.exe running on my computer. It's usually 4 but sometimes it's 5 or 6. Also whenever I try to shutdown, windows always asks to end rundll32.exe. I'm using Windows XP Home SP3.



BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:43 PM

Posted 30 June 2013 - 02:43 AM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us
 

  • Please do NOT run, install or uninstall any programs,  unless instructed to do so. 
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
          
  • Please do not attach logs or use code boxes, just copy and paste the text. 
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
          
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
          
  • Please provide feedback about your experience as we go.   
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
          

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
- Do NOT backup any unknown files ending in .exe, .com, .scr, .pif, and .bat since files of these types are more likely to be infected.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

:step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!


  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Under Objects to scan, check the boxes next to Verify file digital signatures, Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.


:step2:

Please download AdwCleaner by Xplode onto your desktop.


  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.


:step3:

Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.


:step4:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:


  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points

NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

 

 


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 svknight

svknight
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 30 June 2013 - 09:14 AM

Hello, thanks for the reply. I've got something to 'report' I guess. My cousin was the 2nd to last use the computer yesterday and he scheduled a boot scan in Avast Free Antivirus. The last to use the computer was my grandmother and she said some weird text pop-up(avast started its boot scan or something) when starting the computer so she called my cousin(the one who scheduled the boot scan). When avast detected infected files he set it to 'delete all' but since it's taken so long he cancelled it at 10%(my grandmother wants to use the computer). I don't know if that will affect something or not but when I booted up the computer there's still 1 or 2 rundll32.exe running. Anyways, here are the logs:

 

TDSSKiller.2.8.18.0_30.06.2013_21.55.42_log.txt

21:55:42.0140 0212  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
21:55:43.0437 0212  ============================================================
21:55:43.0437 0212  Current date / time: 2013/06/30 21:55:43.0437
21:55:43.0437 0212  SystemInfo:
21:55:43.0437 0212  
21:55:43.0437 0212  OS Version: 5.1.2600 ServicePack: 3.0
21:55:43.0437 0212  Product type: Workstation
21:55:43.0437 0212  ComputerName: ESVI-F5640E383C
21:55:43.0437 0212  UserName: Esvi
21:55:43.0437 0212  Windows directory: C:\WINDOWS
21:55:43.0437 0212  System windows directory: C:\WINDOWS
21:55:43.0437 0212  Processor architecture: Intel x86
21:55:43.0437 0212  Number of processors: 1
21:55:43.0437 0212  Page size: 0x1000
21:55:43.0437 0212  Boot type: Normal boot
21:55:43.0437 0212  ============================================================
21:55:44.0734 0212  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:55:44.0781 0212  ============================================================
21:55:44.0781 0212  \Device\Harddisk0\DR0:
21:55:44.0781 0212  MBR partitions:
21:55:44.0781 0212  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
21:55:44.0796 0212  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0x8DD30AA
21:55:44.0796 0212  ============================================================
21:55:44.0828 0212  D: <-> \Device\Harddisk0\DR0\Partition2
21:55:44.0859 0212  C: <-> \Device\Harddisk0\DR0\Partition1
21:55:44.0859 0212  ============================================================
21:55:44.0859 0212  Initialize success
21:55:44.0859 0212  ============================================================
21:56:36.0765 2304  ============================================================
21:56:36.0765 2304  Scan started
21:56:36.0765 2304  Mode: Manual; SigCheck; TDLFS;
21:56:36.0765 2304  ============================================================
21:56:37.0000 2304  ================ Scan system memory ========================
21:56:37.0000 2304  System memory - ok
21:56:37.0000 2304  ================ Scan services =============================
21:56:37.0109 2304  Abiosdsk - ok
21:56:37.0125 2304  abp480n5 - ok
21:56:37.0156 2304  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:56:37.0968 2304  ACPI - ok
21:56:37.0984 2304  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
21:56:38.0109 2304  ACPIEC - ok
21:56:38.0125 2304  adpu160m - ok
21:56:38.0156 2304  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
21:56:38.0281 2304  aec - ok
21:56:38.0312 2304  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
21:56:38.0343 2304  AFD - ok
21:56:38.0343 2304  Aha154x - ok
21:56:38.0359 2304  aic78u2 - ok
21:56:38.0359 2304  aic78xx - ok
21:56:38.0406 2304  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
21:56:38.0531 2304  Alerter - ok
21:56:38.0562 2304  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
21:56:38.0609 2304  ALG - ok
21:56:38.0609 2304  AliIde - ok
21:56:38.0625 2304  amsint - ok
21:56:38.0734 2304  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:56:38.0750 2304  Apple Mobile Device - ok
21:56:38.0765 2304  AppMgmt - ok
21:56:38.0765 2304  asc - ok
21:56:38.0781 2304  asc3350p - ok
21:56:38.0796 2304  asc3550 - ok
21:56:38.0921 2304  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:56:38.0937 2304  aspnet_state - ok
21:56:38.0968 2304  [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:56:39.0046 2304  aswFsBlk - ok
21:56:39.0046 2304  [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
21:56:39.0078 2304  aswMonFlt - ok
21:56:39.0093 2304  [ 7B43265F92257A21CBFD88E7A651044C ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
21:56:39.0109 2304  AswRdr - ok
21:56:39.0125 2304  [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
21:56:39.0140 2304  aswRvrt - ok
21:56:39.0171 2304  [ CCD565A8A72AF7D45F9A242013870926 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
21:56:39.0203 2304  aswSnx - ok
21:56:39.0234 2304  [ 937300BC7C4CDF7576BCCE44E19BBB9D ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
21:56:39.0265 2304  aswSP - ok
21:56:39.0296 2304  [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
21:56:39.0312 2304  aswTdi - ok
21:56:39.0328 2304  [ 8CFAA2B965773A653F48F1207A9CB9C4 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
21:56:39.0343 2304  aswVmm - ok
21:56:39.0390 2304  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:56:39.0515 2304  AsyncMac - ok
21:56:39.0531 2304  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
21:56:39.0656 2304  atapi - ok
21:56:39.0656 2304  Atdisk - ok
21:56:39.0671 2304  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:56:39.0781 2304  Atmarpc - ok
21:56:39.0828 2304  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
21:56:39.0968 2304  AudioSrv - ok
21:56:40.0000 2304  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
21:56:40.0171 2304  audstub - ok
21:56:40.0234 2304  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:56:40.0250 2304  avast! Antivirus - ok
21:56:40.0312 2304  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
21:56:40.0500 2304  Beep - ok
21:56:40.0546 2304  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
21:56:40.0703 2304  BITS - ok
21:56:40.0750 2304  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:56:40.0781 2304  Bonjour Service - ok
21:56:40.0828 2304  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
21:56:40.0859 2304  Browser - ok
21:56:40.0890 2304  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
21:56:41.0015 2304  cbidf2k - ok
21:56:41.0015 2304  cd20xrnt - ok
21:56:41.0046 2304  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
21:56:41.0171 2304  Cdaudio - ok
21:56:41.0203 2304  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
21:56:41.0359 2304  Cdfs - ok
21:56:41.0390 2304  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:56:41.0515 2304  Cdrom - ok
21:56:41.0531 2304  Changer - ok
21:56:41.0546 2304  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
21:56:41.0671 2304  CiSvc - ok
21:56:41.0671 2304  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
21:56:41.0796 2304  ClipSrv - ok
21:56:41.0859 2304  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:56:41.0875 2304  clr_optimization_v2.0.50727_32 - ok
21:56:41.0921 2304  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:56:41.0984 2304  clr_optimization_v4.0.30319_32 - ok
21:56:42.0000 2304  CmdIde - ok
21:56:42.0000 2304  COMSysApp - ok
21:56:42.0015 2304  Cpqarray - ok
21:56:42.0062 2304  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
21:56:42.0203 2304  CryptSvc - ok
21:56:42.0218 2304  dac2w2k - ok
21:56:42.0218 2304  dac960nt - ok
21:56:42.0265 2304  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
21:56:42.0328 2304  DcomLaunch - ok
21:56:42.0375 2304  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
21:56:42.0500 2304  Dhcp - ok
21:56:42.0546 2304  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
21:56:42.0687 2304  Disk - ok
21:56:42.0703 2304  dmadmin - ok
21:56:42.0734 2304  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
21:56:42.0875 2304  dmboot - ok
21:56:42.0906 2304  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
21:56:43.0031 2304  dmio - ok
21:56:43.0062 2304  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
21:56:43.0171 2304  dmload - ok
21:56:43.0187 2304  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
21:56:43.0312 2304  dmserver - ok
21:56:43.0343 2304  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
21:56:43.0468 2304  DMusic - ok
21:56:43.0515 2304  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
21:56:43.0531 2304  Dnscache - ok
21:56:43.0562 2304  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
21:56:43.0703 2304  Dot3svc - ok
21:56:43.0703 2304  dpti2o - ok
21:56:43.0734 2304  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
21:56:43.0843 2304  drmkaud - ok
21:56:43.0859 2304  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
21:56:43.0984 2304  EapHost - ok
21:56:44.0015 2304  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
21:56:44.0140 2304  ERSvc - ok
21:56:44.0171 2304  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
21:56:44.0218 2304  Eventlog - ok
21:56:44.0281 2304  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
21:56:44.0296 2304  EventSystem - ok
21:56:44.0343 2304  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
21:56:44.0484 2304  Fastfat - ok
21:56:44.0515 2304  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:56:44.0546 2304  FastUserSwitchingCompatibility - ok
21:56:44.0578 2304  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
21:56:44.0718 2304  Fdc - ok
21:56:44.0734 2304  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
21:56:44.0875 2304  Fips - ok
21:56:44.0890 2304  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
21:56:45.0015 2304  Flpydisk - ok
21:56:45.0062 2304  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:56:45.0187 2304  FltMgr - ok
21:56:45.0234 2304  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:56:45.0250 2304  FontCache3.0.0.0 - ok
21:56:45.0265 2304  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:56:45.0390 2304  Fs_Rec - ok
21:56:45.0421 2304  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:56:45.0531 2304  Ftdisk - ok
21:56:45.0562 2304  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:56:45.0578 2304  GEARAspiWDM - ok
21:56:45.0609 2304  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:56:45.0734 2304  Gpc - ok
21:56:45.0781 2304  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:56:45.0921 2304  HDAudBus - ok
21:56:46.0015 2304  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:56:46.0140 2304  helpsvc - ok
21:56:46.0156 2304  HidServ - ok
21:56:46.0171 2304  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:56:46.0296 2304  hidusb - ok
21:56:46.0328 2304  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
21:56:46.0468 2304  hkmsvc - ok
21:56:46.0468 2304  hpn - ok
21:56:46.0515 2304  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
21:56:46.0531 2304  HTTP - ok
21:56:46.0562 2304  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
21:56:46.0703 2304  HTTPFilter - ok
21:56:46.0718 2304  i2omgmt - ok
21:56:46.0718 2304  i2omp - ok
21:56:46.0750 2304  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:56:46.0890 2304  i8042prt - ok
21:56:46.0937 2304  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:56:47.0000 2304  idsvc - ok
21:56:47.0031 2304  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
21:56:47.0140 2304  Imapi - ok
21:56:47.0187 2304  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
21:56:47.0328 2304  ImapiService - ok
21:56:47.0328 2304  ini910u - ok
21:56:47.0343 2304  IntelIde - ok
21:56:47.0375 2304  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:56:47.0500 2304  intelppm - ok
21:56:47.0531 2304  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:56:47.0656 2304  Ip6Fw - ok
21:56:47.0687 2304  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:56:47.0812 2304  IpFilterDriver - ok
21:56:47.0828 2304  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:56:47.0953 2304  IpInIp - ok
21:56:47.0984 2304  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:56:48.0125 2304  IpNat - ok
21:56:48.0171 2304  [ E3E71649A926CB34FA4D7AB75DCE126C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:56:48.0218 2304  iPod Service - ok
21:56:48.0250 2304  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:56:48.0390 2304  IPSec - ok
21:56:48.0421 2304  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
21:56:48.0484 2304  IRENUM - ok
21:56:48.0531 2304  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:56:48.0656 2304  isapnp - ok
21:56:48.0781 2304  [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
21:56:48.0796 2304  JavaQuickStarterService - ok
21:56:48.0843 2304  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:56:48.0984 2304  Kbdclass - ok
21:56:49.0031 2304  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
21:56:49.0140 2304  kmixer - ok
21:56:49.0171 2304  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
21:56:49.0203 2304  KSecDD - ok
21:56:49.0234 2304  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
21:56:49.0281 2304  LanmanServer - ok
21:56:49.0312 2304  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:56:49.0359 2304  lanmanworkstation - ok
21:56:49.0359 2304  lbrtfdc - ok
21:56:49.0406 2304  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
21:56:49.0546 2304  LmHosts - ok
21:56:49.0562 2304  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
21:56:49.0687 2304  Messenger - ok
21:56:49.0718 2304  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
21:56:49.0875 2304  mnmdd - ok
21:56:49.0890 2304  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
21:56:50.0031 2304  mnmsrvc - ok
21:56:50.0062 2304  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
21:56:50.0187 2304  Modem - ok
21:56:50.0218 2304  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:56:50.0343 2304  Mouclass - ok
21:56:50.0359 2304  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:56:50.0484 2304  mouhid - ok
21:56:50.0531 2304  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
21:56:50.0640 2304  MountMgr - ok
21:56:50.0687 2304  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:56:50.0734 2304  MozillaMaintenance - ok
21:56:50.0750 2304  mraid35x - ok
21:56:50.0750 2304  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:56:50.0906 2304  MRxDAV - ok
21:56:50.0953 2304  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:56:51.0015 2304  MRxSmb - ok
21:56:51.0031 2304  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
21:56:51.0156 2304  MSDTC - ok
21:56:51.0171 2304  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
21:56:51.0312 2304  Msfs - ok
21:56:51.0312 2304  MSIServer - ok
21:56:51.0343 2304  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:56:51.0468 2304  MSKSSRV - ok
21:56:51.0484 2304  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:56:51.0609 2304  MSPCLOCK - ok
21:56:51.0609 2304  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
21:56:51.0750 2304  MSPQM - ok
21:56:51.0781 2304  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:56:51.0906 2304  mssmbios - ok
21:56:51.0921 2304  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
21:56:51.0937 2304  Mup - ok
21:56:51.0968 2304  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
21:56:52.0093 2304  napagent - ok
21:56:52.0125 2304  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
21:56:52.0265 2304  NDIS - ok
21:56:52.0296 2304  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:56:52.0328 2304  NdisTapi - ok
21:56:52.0359 2304  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:56:52.0484 2304  Ndisuio - ok
21:56:52.0515 2304  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:56:52.0656 2304  NdisWan - ok
21:56:52.0687 2304  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
21:56:52.0718 2304  NDProxy - ok
21:56:52.0765 2304  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
21:56:52.0890 2304  NetBIOS - ok
21:56:52.0906 2304  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
21:56:53.0031 2304  NetBT - ok
21:56:53.0062 2304  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
21:56:53.0203 2304  NetDDE - ok
21:56:53.0218 2304  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
21:56:53.0343 2304  NetDDEdsdm - ok
21:56:53.0375 2304  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
21:56:53.0515 2304  Netlogon - ok
21:56:53.0546 2304  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
21:56:53.0687 2304  Netman - ok
21:56:53.0718 2304  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:53.0734 2304  NetTcpPortSharing - ok
21:56:53.0765 2304  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
21:56:53.0812 2304  Nla - ok
21:56:53.0828 2304  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
21:56:53.0968 2304  Npfs - ok
21:56:54.0000 2304  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
21:56:54.0171 2304  Ntfs - ok
21:56:54.0187 2304  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
21:56:54.0312 2304  NtLmSsp - ok
21:56:54.0343 2304  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
21:56:54.0500 2304  NtmsSvc - ok
21:56:54.0531 2304  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
21:56:54.0656 2304  Null - ok
21:56:54.0890 2304  [ 6773CA16B32A66DDED1F0CA6CC780619 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:56:55.0250 2304  nv - ok
21:56:55.0296 2304  [ 55E823719F5F1795D7AE78D189A95CBA ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
21:56:55.0328 2304  NVSvc - ok
21:56:55.0437 2304  [ A9AFE5B0648C8D7A411A72D8222F7F6E ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:56:55.0546 2304  nvUpdatusService - ok
21:56:55.0562 2304  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:56:55.0718 2304  NwlnkFlt - ok
21:56:55.0890 2304  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:56:56.0031 2304  NwlnkFwd - ok
21:56:56.0062 2304  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
21:56:56.0171 2304  Parport - ok
21:56:56.0187 2304  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
21:56:56.0328 2304  PartMgr - ok
21:56:56.0359 2304  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
21:56:56.0484 2304  ParVdm - ok
21:56:56.0515 2304  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
21:56:56.0640 2304  PCI - ok
21:56:56.0656 2304  PCIDump - ok
21:56:56.0656 2304  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
21:56:56.0781 2304  PCIIde - ok
21:56:56.0812 2304  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
21:56:56.0937 2304  Pcmcia - ok
21:56:56.0953 2304  PDCOMP - ok
21:56:56.0953 2304  PDFRAME - ok
21:56:56.0968 2304  PDRELI - ok
21:56:56.0968 2304  PDRFRAME - ok
21:56:56.0984 2304  perc2 - ok
21:56:56.0984 2304  perc2hib - ok
21:56:57.0031 2304  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
21:56:57.0046 2304  PlugPlay - ok
21:56:57.0062 2304  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
21:56:57.0187 2304  PolicyAgent - ok
21:56:57.0203 2304  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:56:57.0328 2304  PptpMiniport - ok
21:56:57.0343 2304  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:56:57.0468 2304  ProtectedStorage - ok
21:56:57.0484 2304  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
21:56:57.0593 2304  PSched - ok
21:56:57.0609 2304  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:56:57.0750 2304  Ptilink - ok
21:56:57.0765 2304  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:56:57.0781 2304  PxHelp20 - ok
21:56:57.0796 2304  ql1080 - ok
21:56:57.0796 2304  Ql10wnt - ok
21:56:57.0812 2304  ql12160 - ok
21:56:57.0812 2304  ql1240 - ok
21:56:57.0828 2304  ql1280 - ok
21:56:57.0843 2304  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:56:57.0968 2304  RasAcd - ok
21:56:57.0984 2304  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
21:56:58.0125 2304  RasAuto - ok
21:56:58.0140 2304  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:56:58.0265 2304  Rasl2tp - ok
21:56:58.0312 2304  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:56:58.0484 2304  RasMan - ok
21:56:58.0500 2304  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:56:58.0625 2304  RasPppoe - ok
21:56:58.0625 2304  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
21:56:58.0750 2304  Raspti - ok
21:56:58.0781 2304  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:56:58.0906 2304  Rdbss - ok
21:56:58.0921 2304  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:56:59.0046 2304  RDPCDD - ok
21:56:59.0093 2304  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
21:56:59.0109 2304  RDPWD - ok
21:56:59.0140 2304  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
21:56:59.0281 2304  RDSessMgr - ok
21:56:59.0328 2304  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
21:56:59.0468 2304  redbook - ok
21:56:59.0500 2304  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:56:59.0625 2304  RemoteAccess - ok
21:56:59.0656 2304  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
21:56:59.0781 2304  RpcLocator - ok
21:56:59.0812 2304  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
21:56:59.0843 2304  RpcSs - ok
21:56:59.0859 2304  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
21:57:00.0015 2304  RSVP - ok
21:57:00.0046 2304  [ 69EE1E8DC0C750A5D03739E6E9429959 ] RTL8023xp       C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
21:57:00.0109 2304  RTL8023xp - ok
21:57:00.0125 2304  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:57:00.0250 2304  rtl8139 - ok
21:57:00.0265 2304  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
21:57:00.0390 2304  SamSs - ok
21:57:00.0421 2304  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
21:57:00.0578 2304  SCardSvr - ok
21:57:00.0609 2304  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:57:00.0750 2304  Schedule - ok
21:57:00.0765 2304  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:57:00.0843 2304  Secdrv - ok
21:57:00.0875 2304  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
21:57:00.0984 2304  seclogon - ok
21:57:01.0015 2304  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
21:57:01.0140 2304  SENS - ok
21:57:01.0171 2304  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
21:57:01.0281 2304  serenum - ok
21:57:01.0312 2304  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
21:57:01.0437 2304  Serial - ok
21:57:01.0468 2304  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
21:57:01.0578 2304  Sfloppy - ok
21:57:01.0609 2304  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
21:57:01.0750 2304  SharedAccess - ok
21:57:01.0781 2304  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:57:01.0812 2304  ShellHWDetection - ok
21:57:01.0812 2304  Simbad - ok
21:57:01.0828 2304  Sparrow - ok
21:57:01.0859 2304  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
21:57:02.0000 2304  splitter - ok
21:57:02.0046 2304  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
21:57:02.0062 2304  Spooler - ok
21:57:02.0109 2304  [ 68103A2B441BBF3908EBB587F0704D6C ] sptd            C:\WINDOWS\System32\Drivers\sptd.sys
21:57:02.0156 2304  sptd - ok
21:57:02.0171 2304  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
21:57:02.0218 2304  sr - ok
21:57:02.0250 2304  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
21:57:02.0312 2304  srservice - ok
21:57:02.0343 2304  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
21:57:02.0390 2304  Srv - ok
21:57:02.0421 2304  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
21:57:02.0484 2304  SSDPSRV - ok
21:57:02.0593 2304  [ F01F2D9C9D0FF3E0F84F23F7A105E922 ] STacSV          c:\program files\idt\v114_ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe
21:57:02.0609 2304  STacSV - ok
21:57:02.0671 2304  [ C6301D9FB30C312F8FAE0C29C97D5051 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
21:57:02.0734 2304  STHDA - ok
21:57:02.0781 2304  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
21:57:02.0937 2304  stisvc - ok
21:57:02.0953 2304  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
21:57:03.0093 2304  swenum - ok
21:57:03.0125 2304  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
21:57:03.0250 2304  swmidi - ok
21:57:03.0265 2304  SwPrv - ok
21:57:03.0281 2304  symc810 - ok
21:57:03.0281 2304  symc8xx - ok
21:57:03.0296 2304  sym_hi - ok
21:57:03.0296 2304  sym_u3 - ok
21:57:03.0343 2304  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
21:57:03.0453 2304  sysaudio - ok
21:57:03.0484 2304  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
21:57:03.0625 2304  SysmonLog - ok
21:57:03.0656 2304  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
21:57:03.0781 2304  TapiSrv - ok
21:57:03.0828 2304  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:57:03.0843 2304  Tcpip - ok
21:57:03.0875 2304  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
21:57:04.0015 2304  TDPIPE - ok
21:57:04.0046 2304  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
21:57:04.0187 2304  TDTCP - ok
21:57:04.0203 2304  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
21:57:04.0343 2304  TermDD - ok
21:57:04.0375 2304  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
21:57:04.0515 2304  TermService - ok
21:57:04.0531 2304  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
21:57:04.0546 2304  Themes - ok
21:57:04.0562 2304  TosIde - ok
21:57:04.0578 2304  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
21:57:04.0703 2304  TrkWks - ok
21:57:04.0750 2304  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
21:57:04.0890 2304  Udfs - ok
21:57:04.0890 2304  ultra - ok
21:57:04.0937 2304  [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
21:57:04.0984 2304  UMWdf - ok
21:57:05.0015 2304  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
21:57:05.0156 2304  Update - ok
21:57:05.0171 2304  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
21:57:05.0250 2304  upnphost - ok
21:57:05.0265 2304  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
21:57:05.0390 2304  UPS - ok
21:57:05.0437 2304  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
21:57:05.0453 2304  USBAAPL - ok
21:57:05.0484 2304  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:57:05.0609 2304  usbehci - ok
21:57:05.0656 2304  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:57:05.0781 2304  usbhub - ok
21:57:05.0812 2304  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:57:05.0937 2304  usbprint - ok
21:57:05.0953 2304  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:57:06.0078 2304  usbscan - ok
21:57:06.0109 2304  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:57:06.0218 2304  usbstor - ok
21:57:06.0281 2304  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:57:06.0406 2304  usbuhci - ok
21:57:06.0406 2304  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
21:57:06.0531 2304  VgaSave - ok
21:57:06.0546 2304  ViaIde - ok
21:57:06.0593 2304  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
21:57:06.0703 2304  VolSnap - ok
21:57:06.0734 2304  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
21:57:06.0812 2304  VSS - ok
21:57:06.0843 2304  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
21:57:06.0968 2304  W32Time - ok
21:57:07.0000 2304  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:57:07.0125 2304  Wanarp - ok
21:57:07.0140 2304  WDICA - ok
21:57:07.0171 2304  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
21:57:07.0296 2304  wdmaud - ok
21:57:07.0312 2304  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
21:57:07.0468 2304  WebClient - ok
21:57:07.0546 2304  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
21:57:07.0671 2304  winmgmt - ok
21:57:07.0703 2304  [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
21:57:07.0734 2304  WmdmPmSN - ok
21:57:07.0750 2304  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:57:07.0875 2304  WmiApSrv - ok
21:57:07.0953 2304  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:57:08.0000 2304  WPFFontCache_v0400 - ok
21:57:08.0015 2304  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
21:57:08.0140 2304  wscsvc - ok
21:57:08.0171 2304  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
21:57:08.0296 2304  wuauserv - ok
21:57:08.0328 2304  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
21:57:08.0484 2304  WZCSVC - ok
21:57:08.0515 2304  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
21:57:08.0640 2304  xmlprov - ok
21:57:08.0656 2304  ================ Scan global ===============================
21:57:08.0687 2304  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:57:08.0718 2304  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
21:57:08.0734 2304  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
21:57:08.0765 2304  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:57:08.0781 2304  [Global] - ok
21:57:08.0781 2304  ================ Scan MBR ==================================
21:57:08.0796 2304  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:57:09.0093 2304  \Device\Harddisk0\DR0 - ok
21:57:09.0093 2304  ================ Scan VBR ==================================
21:57:09.0093 2304  [ 0F5BC9F2FFF5780AE54D2EF94B86ED9F ] \Device\Harddisk0\DR0\Partition1
21:57:09.0093 2304  \Device\Harddisk0\DR0\Partition1 - ok
21:57:09.0109 2304  [ 28837B28F841D8F81607936D39C4F375 ] \Device\Harddisk0\DR0\Partition2
21:57:09.0109 2304  \Device\Harddisk0\DR0\Partition2 - ok
21:57:09.0109 2304  ============================================================
21:57:09.0109 2304  Scan finished
21:57:09.0109 2304  ============================================================
21:57:09.0218 3632  Detected object count: 0
21:57:09.0218 3632  Actual detected object count: 0
21:57:20.0781 2112  Deinitialize success
 

AdwCleaner[R1].txt

# AdwCleaner v2.303 - Logfile created 06/30/2013 at 21:59:16
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Esvi - ESVI-F5640E383C
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Esvi\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Esvi\Application Data\Mozilla\Firefox\Profiles\kob4tzub.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [996 octets] - [30/06/2013 21:59:16]

########## EOF - C:\AdwCleaner[R1].txt - [1055 octets] ##########
 

FSS.txt

Farbar Service Scanner Version: 27-06-2013
Ran by Esvi (administrator) on 30-06-2013 at 22:00:35
Running from "C:\Documents and Settings\Esvi\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

 

Result.txt

MiniToolBox by Farbar  Version: 16-06-2013
Ran by Esvi (administrator) on 30-06-2013 at 22:03:06
Running from "C:\Documents and Settings\Esvi\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : esvi-f5640e383c

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

        Physical Address. . . . . . . . . : 00-21-97-84-06-11

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.10.102

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.10.1

        DHCP Server . . . . . . . . . . . : 192.168.10.1

        DNS Servers . . . . . . . . . . . : 192.168.10.1

        Lease Obtained. . . . . . . . . . : Sunday, June 30, 2013 10:01:42 PM

        Lease Expires . . . . . . . . . . : Monday, July 01, 2013 12:01:42 AM

Server:  UnKnown
Address:  192.168.10.1

Name:    google.com
Addresses:  122.2.153.44, 122.2.153.45, 122.2.153.49, 122.2.153.50
      122.2.153.54, 122.2.153.55, 122.2.153.59, 122.2.153.20, 122.2.153.24
      122.2.153.25, 122.2.153.29, 122.2.153.30, 122.2.153.34, 122.2.153.35
      122.2.153.39, 122.2.153.40



Pinging google.com [122.2.128.247] with 32 bytes of data:



Reply from 122.2.128.247: bytes=32 time=38ms TTL=56

Reply from 122.2.128.247: bytes=32 time=28ms TTL=56



Ping statistics for 122.2.128.247:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 28ms, Maximum = 38ms, Average = 33ms

Server:  UnKnown
Address:  192.168.10.1

DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Addresses:  98.139.183.24, 206.190.36.45, 98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=268ms TTL=45

Reply from 98.139.183.24: bytes=32 time=269ms TTL=45



Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 268ms, Maximum = 269ms, Average = 268ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 97 84 06 11 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.10.1  192.168.10.102      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      169.254.0.0      255.255.0.0   192.168.10.102  192.168.10.102      20
     192.168.10.0    255.255.255.0   192.168.10.102  192.168.10.102      20
   192.168.10.102  255.255.255.255        127.0.0.1       127.0.0.1      20
   192.168.10.255  255.255.255.255   192.168.10.102  192.168.10.102      20
        224.0.0.0        240.0.0.0   192.168.10.102  192.168.10.102      20
  255.255.255.255  255.255.255.255   192.168.10.102  192.168.10.102      1
Default Gateway:      192.168.10.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/30/2013 09:00:37 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework (English) - Update '{14303301-758B-402B-9A0D-2C6A591680DB}' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (06/30/2013 09:00:37 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework (English) -- The install cannot continue because this version of the .NET Framework is incompatible with a previously installed one.  For more information, see http://support.microsoft.com/support/kb/articles/q312/5/00.asp

Error: (06/30/2013 08:14:16 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 22.0.0.4917, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/30/2013 03:00:37 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework (English) - Update '{14303301-758B-402B-9A0D-2C6A591680DB}' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (06/30/2013 03:00:37 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework (English) -- The install cannot continue because this version of the .NET Framework is incompatible with a previously installed one.  For more information, see http://support.microsoft.com/support/kb/articles/q312/5/00.asp

Error: (06/29/2013 08:19:55 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework (English) - Update '{14303301-758B-402B-9A0D-2C6A591680DB}' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (06/29/2013 08:19:55 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework (English) -- The install cannot continue because this version of the .NET Framework is incompatible with a previously installed one.  For more information, see http://support.microsoft.com/support/kb/articles/q312/5/00.asp

Error: (06/29/2013 03:00:35 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework (English) - Update '{14303301-758B-402B-9A0D-2C6A591680DB}' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (06/29/2013 03:00:35 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework (English) -- The install cannot continue because this version of the .NET Framework is incompatible with a previously installed one.  For more information, see http://support.microsoft.com/support/kb/articles/q312/5/00.asp

Error: (06/28/2013 07:56:23 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework (English) - Update '{14303301-758B-402B-9A0D-2C6A591680DB}' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (06/30/2013 09:00:37 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.0 Service Pack 3, English Version.

Error: (06/30/2013 03:00:46 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.0 Service Pack 3, English Version.

Error: (06/29/2013 08:19:55 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.0 Service Pack 3, English Version.

Error: (06/29/2013 03:00:44 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.0 Service Pack 3, English Version.

Error: (06/28/2013 07:56:24 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.0 Service Pack 3, English Version.

Error: (06/28/2013 03:01:14 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.0 Service Pack 3, English Version.

Error: (06/27/2013 07:23:06 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.0 Service Pack 3, English Version.

Error: (06/27/2013 03:20:40 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.0 Service Pack 3, English Version.

Error: (06/27/2013 03:00:57 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.0 Service Pack 3, English Version.

Error: (06/26/2013 04:35:08 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.0 Service Pack 3, English Version.


Microsoft Office Sessions:
=========================
Error: (06/30/2013 09:00:37 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework (English){14303301-758B-402B-9A0D-2C6A591680DB}1603(NULL)

Error: (06/30/2013 09:00:37 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework (English) -- The install cannot continue because this version of the .NET Framework is incompatible with a previously installed one.  For more information, see http://support.microsoft.com/support/kb/articles/q312/5/00.asp(NULL)(NULL)(NULL)

Error: (06/30/2013 08:14:16 AM) (Source: Application Hang)(User: )
Description: firefox.exe22.0.0.4917hungapp0.0.0.000000000

Error: (06/30/2013 03:00:37 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework (English){14303301-758B-402B-9A0D-2C6A591680DB}1603(NULL)

Error: (06/30/2013 03:00:37 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework (English) -- The install cannot continue because this version of the .NET Framework is incompatible with a previously installed one.  For more information, see http://support.microsoft.com/support/kb/articles/q312/5/00.asp(NULL)(NULL)(NULL)

Error: (06/29/2013 08:19:55 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework (English){14303301-758B-402B-9A0D-2C6A591680DB}1603(NULL)

Error: (06/29/2013 08:19:55 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework (English) -- The install cannot continue because this version of the .NET Framework is incompatible with a previously installed one.  For more information, see http://support.microsoft.com/support/kb/articles/q312/5/00.asp(NULL)(NULL)(NULL)

Error: (06/29/2013 03:00:35 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework (English){14303301-758B-402B-9A0D-2C6A591680DB}1603(NULL)

Error: (06/29/2013 03:00:35 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework (English) -- The install cannot continue because this version of the .NET Framework is incompatible with a previously installed one.  For more information, see http://support.microsoft.com/support/kb/articles/q312/5/00.asp(NULL)(NULL)(NULL)

Error: (06/28/2013 07:56:23 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework (English){14303301-758B-402B-9A0D-2C6A591680DB}1603(NULL)


=========================== Installed Programs ============================

µTorrent (Version: 3.3.0.29677)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Flash Player ActiveX (Version: 9.0.124.0)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 8.0.1489.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.02)
Combined Community Codec Pack 2013-05-30 (Version: 2013.05.30.0)
DAEMON Tools Lite (Version: 4.47.1.0333)
Fallout (Version: 2.0.0.14)
Garena - League of Legends
Garena Plus (Version: 2011)
GIMP 2.8.4 (Version: 2.8.4)
IDT Audio (Version: 1.0.6099.6)
iTunes (Version: 11.0.3.42)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Knights of Pen and Paper
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework (English) v1.0.3705 (Version: 1.0.3705)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
NVIDIA Control Panel 320.18 (Version: 320.18)
NVIDIA GeForce Experience 1.5 (Version: 1.5)
NVIDIA Graphics Driver 320.18 (Version: 320.18)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA nView 140.54 (Version: 140.54)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Update 4.11.9 (Version: 4.11.9)
NVIDIA Update Components (Version: 4.11.9)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Razer Game Booster (Version: 3.6)
The Sims™ 3 (Version: 1.50.56)
The Sims™ 3 Ambitions (Version: 4.10.1)
The Sims™ 3 Generations (Version: 8.0.152)
The Sims™ 3 Late Night (Version: 6.5.1)
The Sims™ 3 Seasons (Version: 16.0.136)
The Sims™ 3 Supernatural (Version: 15.0.135)
The Sims™ 3 University Life (Version: 18.0.126)
The Sims™ 3 World Adventures (Version: 2.17.2)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.63 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
WinRAR 5.00 beta 4 (32-bit) (Version: 5.00.4)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 15%
Total physical RAM: 3071.23 MB
Available physical RAM: 2607.09 MB
Total Pagefile: 4961.26 MB
Available Pagefile: 4623.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.87 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:78.13 GB) (Free:32.41 GB) NTFS
2 Drive d: (Games) (Fixed) (Total:70.91 GB) (Free:35 GB) NTFS

========================= Users: ========================================

User accounts for \\ESVI-F5640E383C

Administrator            ASPNET                   Esvi                     
Guest                    HelpAssistant            SUPPORT_388945a0         
UpdatusUser              

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

09-06-2013 02:57:06 Software Distribution Service 3.0
09-06-2013 19:00:50 Software Distribution Service 3.0
10-06-2013 13:06:39 Installed The Sims 3 Ambitions
10-06-2013 13:32:19 Installed The Sims 3 Ambitions
10-06-2013 19:00:14 Software Distribution Service 3.0
10-06-2013 21:02:17 Installed The Sims 3 World Adventures
10-06-2013 21:23:02 Installed The Sims 3 World Adventures
11-06-2013 04:03:23 Software Distribution Service 3.0
11-06-2013 09:26:57 Software Distribution Service 3.0
12-06-2013 04:53:14 Software Distribution Service 3.0
12-06-2013 09:01:17 Software Distribution Service 3.0
12-06-2013 19:03:38 Software Distribution Service 3.0
13-06-2013 07:20:26 Software Distribution Service 3.0
14-06-2013 11:37:11 Software Distribution Service 3.0
15-06-2013 11:30:17 Software Distribution Service 3.0
16-06-2013 12:07:32 System Checkpoint
16-06-2013 19:00:13 Software Distribution Service 3.0
17-06-2013 12:09:48 Software Distribution Service 3.0
18-06-2013 05:31:06 Software Distribution Service 3.0
18-06-2013 11:49:28 Software Distribution Service 3.0
19-06-2013 14:39:26 System Checkpoint
19-06-2013 17:58:52 Software Distribution Service 3.0
20-06-2013 04:32:15 Software Distribution Service 3.0
20-06-2013 11:19:19 Installed Java 7 Update 25
20-06-2013 15:38:58 Software Distribution Service 3.0
20-06-2013 19:00:15 Software Distribution Service 3.0
20-06-2013 19:29:16 Software Distribution Service 3.0
21-06-2013 17:04:02 Software Distribution Service 3.0
22-06-2013 05:22:23 Software Distribution Service 3.0
22-06-2013 19:00:36 Software Distribution Service 3.0
22-06-2013 19:07:34 Software Distribution Service 3.0
22-06-2013 23:11:55 Software Distribution Service 3.0
23-06-2013 19:00:24 Software Distribution Service 3.0
23-06-2013 21:48:54 Software Distribution Service 3.0
24-06-2013 19:00:15 Software Distribution Service 3.0
24-06-2013 20:03:10 Software Distribution Service 3.0
25-06-2013 19:00:52 Software Distribution Service 3.0
25-06-2013 20:34:55 Software Distribution Service 3.0
26-06-2013 19:00:17 Software Distribution Service 3.0
26-06-2013 19:20:25 Software Distribution Service 3.0
26-06-2013 23:22:41 Software Distribution Service 3.0
27-06-2013 10:33:36 Removed Java 7 Update 21
27-06-2013 10:34:51 Installed Java 7 Update 25
27-06-2013 19:00:16 Software Distribution Service 3.0
27-06-2013 23:56:02 Software Distribution Service 3.0
28-06-2013 19:00:14 Software Distribution Service 3.0
29-06-2013 00:19:37 Software Distribution Service 3.0
29-06-2013 19:00:14 Software Distribution Service 3.0
30-06-2013 01:00:17 Software Distribution Service 3.0

**** End of log ****
 

 

 



#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:43 PM

Posted 30 June 2013 - 10:57 AM

Hi

Please do the following next:

:step1:

Going over your logs I noticed that you have utorrent installed.

  • Avoid peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.  
  • P2p programs share a directory or set of directories on your computer to the world. Anyone can type in a search, and potentially download something from your computer. This makes the machine an open web server -- massively increasing the attack surface of the machine.
  • To reduce the risk of infection avoid using any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall utorrent, however that choice is up to you.

If you choose to remove these programs, you can do so via:

  • Click the StartBtn.gif button.
  • Click Control Panel then Add/Remove Programs.


If you wish to keep it, please do not use it until your computer is cleaned.


:step2:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.



:step3:

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam-download.php to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes'
    Anti-Malware
    and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.


If requested by MBAM, restart the computer.

The log can also be found here:
C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt


:step4:

I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista / Windows 7 / Windows 8 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
       icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 svknight

svknight
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 30 June 2013 - 02:16 PM

AdwCleaner[S1].txt

# AdwCleaner v2.303 - Logfile created 07/01/2013 at 00:43:03
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Esvi - ESVI-F5640E383C
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Esvi\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Esvi\Application Data\Mozilla\Firefox\Profiles\kob4tzub.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1124 octets] - [30/06/2013 21:59:16]
AdwCleaner[S1].txt - [1062 octets] - [01/07/2013 00:43:03]

########## EOF - C:\AdwCleaner[S1].txt - [1122 octets] ##########
 

mbam-log-2013-07-01 (00-49-16).txt

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.30.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Esvi :: ESVI-F5640E383C [administrator]

7/1/2013 12:49:16 AM
mbam-log-2013-07-01 (00-49-16).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 290012
Time elapsed: 48 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

esetscan.txt

C:\Documents and Settings\Esvi\Application Data\uTorrent\uTorrent.exe    a variant of Win32/Bunndle application    cleaned by deleting - quarantined
C:\WINDOWS\system32\Tools\Hide.exe    Win32/KillProc.C application    cleaned by deleting - quarantined
D:\Programs\DTLite4471-0333.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
D:\Programs\utorrent.exe    a variant of Win32/Bunndle application    cleaned by deleting - quarantined
D:\Programs\winamp563_full_emusic-7plus_all.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
 



#6 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:43 PM

Posted 30 June 2013 - 02:57 PM

How is the computer running now?


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#7 svknight

svknight
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 30 June 2013 - 04:03 PM

It's running okay I guess. The numbers of rundll32.exe is still 1 or 2 but I guess that's because of some applications I'm running(I'm fairly certain of it). The rundll32.exe end now message at shutdown also stopped.



#8 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:43 PM

Posted 01 July 2013 - 05:26 AM

Ok great

 

Next:

 

:step1:

 

Important Note: Your version of Adobe Flash is out of date.

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.



Uninstall Adobe Flash
  • Open Programs and Features or Add and Remove Programs by clicking the Start / Windows "Orb" button, clicking Control Panel, clicking Programs, and then clicking Programs and Features or Add and Remove Programs.                
  • Select any program with Adobe Flash in the name, and then click Uninstall.
  • Repeat step 2 until no more programs containing Adobe Flash are visible.

Note: Some programs include the option to change or repair the program in  addition to uninstalling it. but many simply offer the option to  uninstall. To change a program, click
Change or Repair. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Please follow these steps to Install the latest Adobe flash player:

 

 

:step2:

 

Please rerun Minitoolbox on your desktop

Checkmark the following checkboxes:

  • List Installed Programs


Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#9 svknight

svknight
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 01 July 2013 - 02:25 PM

MiniToolBox by Farbar  Version: 16-06-2013
Ran by Esvi (administrator) on 02-07-2013 at 03:24:22
Running from "C:\Documents and Settings\Esvi\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

=========================== Installed Programs ============================

Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 8.0.1489.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.03)
Combined Community Codec Pack 2013-05-30 (Version: 2013.05.30.0)
DAEMON Tools Lite (Version: 4.47.1.0333)
ESET Online Scanner v3
Fallout (Version: 2.0.0.14)
Garena - League of Legends
GIMP 2.8.4 (Version: 2.8.4)
IDT Audio (Version: 1.0.6099.6)
iTunes (Version: 11.0.3.42)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Knights of Pen and Paper
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework (English) v1.0.3705 (Version: 1.0.3705)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
NVIDIA Control Panel 320.49 (Version: 320.49)
NVIDIA GeForce Experience 1.5 (Version: 1.5)
NVIDIA Graphics Driver 320.49 (Version: 320.49)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA nView 140.62 (Version: 140.62)
NVIDIA PhysX (Version: 9.13.0604)
NVIDIA PhysX System Software 9.13.0604 (Version: 9.13.0604)
NVIDIA Update 4.11.9 (Version: 4.11.9)
NVIDIA Update Components (Version: 4.11.9)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Razer Game Booster (Version: 3.6)
The Sims™ 3 (Version: 1.50.56)
The Sims™ 3 Ambitions (Version: 4.10.1)
The Sims™ 3 Generations (Version: 8.0.152)
The Sims™ 3 Late Night (Version: 6.5.1)
The Sims™ 3 Seasons (Version: 16.0.136)
The Sims™ 3 Supernatural (Version: 15.0.135)
The Sims™ 3 University Life (Version: 18.0.126)
The Sims™ 3 World Adventures (Version: 2.17.2)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.63 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
WinRAR 5.00 beta 4 (32-bit) (Version: 5.00.4)

**** End of log ****
 



#10 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:43 PM

Posted 01 July 2013 - 02:43 PM

FINAL STEPS

If you are not experiencing any other malware related issues, it is time to do our final steps:

  • Any programs that we had you download and/or install can be removed at this time.
  • If you used DeFogger to disable your Disk Emulation Software, you can reopen DeFogger and use the "Enable" button.
  • You can download this tool to delete more traces of our tools. Delete the tool itself afterwards.
  • Toggle System Restore OFF and then back ON.
  • You should delete your our old, potentially infected System Restore points and create a new, clean restore point.
    • If you are using Windows XP, read and follow the steps on "How to turn off or turn on System Restore" from this link
    • If you are using Windows Vista, read and follow the steps on "How do I turn System Restore on and off?" proceeded by "How do I create a restore point manually?" from this link.
    • If you are using Windows 7, read and follow the steps on "To delete all restore points" from this link proceeded by "Create a restore point" from this link.
    • If you are using Windows 8, read and follow the steps on "Disabling System Restore" from this link proceeded by "Manually Creating Restore Points" from this link.
  • Recommended reading material to protect your computer from infection in the future:

    Be safe  :hello:


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users