Solved Multiple instances of iexplorer.exe and Rundll32

Running Repair Under System Account
Starting Repairs...
Start (4/13/2013 5:24:05 PM)

Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (4/13/2013 5:24:05 PM)
Running Repair Under Current User Account
Done (4/13/2013 5:24:08 PM)

Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (4/13/2013 5:24:08 PM)
Running Repair Under System Account
Done (4/13/2013 5:26:56 PM)

Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (4/13/2013 5:26:56 PM)
Running Repair Under System Account
Done (4/13/2013 5:27:42 PM)

Register System Files
Start (4/13/2013 5:27:42 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:28:17 PM)

Repair WMI
Start (4/13/2013 5:28:17 PM)
Running Repair Under Current User Account
Invalid Global Switch.

Invalid Global Switch.

Running Repair Under System Account
Invalid Global Switch.

Invalid Global Switch.

Done (4/13/2013 5:31:31 PM)

Repair Windows Firewall
Start (4/13/2013 5:31:31 PM)
Running Repair Under Current User Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

Running Repair Under System Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

Done (4/13/2013 5:32:03 PM)

Repair Internet Explorer
Start (4/13/2013 5:32:03 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:32:35 PM)

Repair MDAC/MS Jet
Start (4/13/2013 5:32:35 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:32:50 PM)

Repair Hosts File
Start (4/13/2013 5:32:50 PM)
Running Repair Under System Account
Access is denied.
Done (4/13/2013 5:32:53 PM)

Remove Policies Set By Infections
Start (4/13/2013 5:32:53 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:32:58 PM)

Repair Icons
Start (4/13/2013 5:32:58 PM)
Running Repair Under System Account
Could Not Find C:\Users\Subordinate\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\Subordinate\AppData\Local\IconCache.db
Done (4/13/2013 5:33:00 PM)

Repair Winsock & DNS Cache
Start (4/13/2013 5:33:00 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:33:19 PM)

Repair Proxy Settings
Start (4/13/2013 5:33:19 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:33:24 PM)

Repair Windows Updates
Start (4/13/2013 5:33:24 PM)
Running Repair Under Current User Account
The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Running Repair Under System Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Done (4/13/2013 5:34:08 PM)

Repair CD/DVD Missing/Not Working
Start (4/13/2013 5:34:08 PM)
Done (4/13/2013 5:34:08 PM)

Repair Volume Shadow Copy Service
Start (4/13/2013 5:34:08 PM)
Running Repair Under Current User Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

Running Repair Under System Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

Done (4/13/2013 5:34:17 PM)

Repair MSI (Windows Installer)
Start (4/13/2013 5:34:17 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:34:28 PM)

Repair bat Association
Start (4/13/2013 5:34:28 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:34:33 PM)

Repair cmd Association
Start (4/13/2013 5:34:33 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:34:38 PM)

Repair com Association
Start (4/13/2013 5:34:38 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:34:42 PM)

Repair Directory Association
Start (4/13/2013 5:34:42 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:34:47 PM)

Repair Drive Association
Start (4/13/2013 5:34:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:34:52 PM)

Repair exe Association
Start (4/13/2013 5:34:52 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:34:56 PM)

Repair Folder Association
Start (4/13/2013 5:34:56 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:35:01 PM)

Repair inf Association
Start (4/13/2013 5:35:01 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:35:06 PM)

Repair lnk (Shortcuts) Association
Start (4/13/2013 5:35:06 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:35:10 PM)

Repair msc Association
Start (4/13/2013 5:35:11 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:35:15 PM)

Repair reg Association
Start (4/13/2013 5:35:15 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:35:20 PM)

Repair scr Association
Start (4/13/2013 5:35:20 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:35:25 PM)

Repair Windows Safe Mode
Start (4/13/2013 5:35:25 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:35:29 PM)

Repair Print Spooler
Start (4/13/2013 5:35:29 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:35:42 PM)

Restore Important Windows Services
Start (4/13/2013 5:35:42 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:35:47 PM)

Set Windows Services To Default Startup
Start (4/13/2013 5:35:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/13/2013 5:35:58 PM)

Cleaning up empty logs...

All Selected Repairs Done.
Done (4/13/2013 5:35:58 PM)
Total Repair Time: 00:11:53


...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account





=============








Farbar Service Scanner Version: 03-03-2013
Ran by [REDACTED] (ATTENTION: The logged in user is not administrator) on 16-04-2013 at 19:02:47
Running from "C:\Users\[REDACTED]\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
FSS log is incomplete.

You didn't checkmark all required items.

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
 
Sorry about that.

Farbar Service Scanner Version: 03-03-2013
Ran by [REDACTED] (ATTENTION: The logged in user is not administrator) on 17-04-2013 at 01:26:04
Running from "C:\Users\[REDACTED]\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
OK.
1. FSS log says: ATTENTION: The logged in user is not administrator
Why? You need to run that tool as admin.
Redo.

2. Which browser is affected?
 
Firefox is affected.

Farbar Service Scanner Version: 03-03-2013
Ran by Subordinate (administrator) on 17-04-2013 at 22:42:13
Running from "C:\Users\[REDACTED]\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
781
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back