BleepingComputer.com: Microsoft Visual C++ Runtime Error

OS XP SP2 ,
ANTIVIR: mcafee
when i try to update online game(A.V.A)
during update this error occurred
runtime error
program: C:\\ijji\english\ava\patcher_ava.exe

r6002
-floating point support not loaded.

i attached a photo of that .
and aslo in this link you see something about my last os :
http://www.bleepingcomputer.com/forums/topic423131.html/page__p__2438212#entry2438212

that means my os is newlly installed and is scan it with mcAfee

This post has been edited by hamluis: 21 October 2011 - 08:19 AM
Reason for edit: Moved from XP to Am I Infected.

am i infected? some one moved my post to here

Hi smohsen,

to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

• Do not run any other tool untill instructed to do so!
  
• Please do not attach logs or put logs in code boxes.
  
• Tell me about any problems that have occurred during the fix.
  
• Tell me of any other symptoms you may be having as these can also help.
  
• Do not run anything while running a fix.
  
• If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

---

Please download MiniToolBox and run it.

Checkmark following boxes:

• Report IE Proxy Settings
  
• Report FF Proxy Settings
  
• List content of Hosts
  
• List IP configuration
  
• List last 10 Event Viewer Log Errors
  
• List Installed Programs
  
• List Users, Partitions and Memory size

Click Go . Please put code boxes around just this entire log, like this, but without the letter x: [xcode] MiniToolBox log [/xcode]

Let's try rebooting into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu with several options. Press the down arrow key on your keyboard until Safe Mode with Networking is selected. Press Enter. Please see here for additional details.

Once in Safe Mode with Networking, download a new version of rkill from one of the following downloads (if you are unable to download or run rkill from one download, move to the next one.)

1. http://download.bleepingcomputer.com/grinler/rkill.com
2. http://download.bleepingcomputer.com/grinler/rkill.pif
3. http://download.bleepingcomputer.com/grinler/rkill.scr
4. http://download.bleepingcomputer.com/grinler/eXplorer.exe
5. http://download.bleepingcomputer.com/grinler/iExplore.exe
6. http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
7. http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
8. http://www.boredomsoft.org/hosted/rkill.exe
9. http://www.boredomsoft.org/hosted/rkill.com
10. http://www.boredomsoft.org/hosted/rkill.scr
11. http://www.boredomsoft.org/hosted/eXplorer.exe
12. http://www.boredomsoft.org/hosted/iExplore.exe

Please be patient while Rkill looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If it appears like Rkill did not stop the malware from running, please try running RKill again until the malware is no longer running.

Do not reboot your computer after running RKill as the malware programs will start again!

Rerun Malwarebytes
Still in Safe Mode with Networking, open Malwarebytes, click on the Update tab, and click the check for Updates button.

• If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
  
• Then click on the Scan button.
  
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When removal is completed, a log report will open in Notepad.
  
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  
• Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

If you have trouble updating, troubleshoot Malwarebytes' Anti-Malware


In your next reply, please include:

• MiniToolBox log
  
• Rkill log
  
• Malwarebytes log
  
• How's your computer running now?

This post has been edited by jntkwx: 21 October 2011 - 10:52 AM

thanks for the replay and try to help
i did what you said
here is what you want

just one thing; after this steps the error is occurred again !
and the problem is with ava patcher only

 MiniToolBox by Farbar 
Ran by sh (administrator) on 21-10-2011 at 20:11:25
Microsoft Windows XP Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ============================== 

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp 
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : ms-4702c0890b13

        Primary Dns Suffix  . . . . . . . : 

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 2:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

        Physical Address. . . . . . . . . : 1C-6F-65-26-9A-FC



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : 

        Description . . . . . . . . . . . : TP-LINK ADSL Router USB NDIS Device

        Physical Address. . . . . . . . . : 00-1D-0F-D4-5C-2B

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.2

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 192.168.1.1

        Lease Obtained. . . . . . . . . . : Friday, October 21, 2011 8:02:11 PM

        Lease Expires . . . . . . . . . . : Saturday, October 22, 2011 8:02:11 PM

Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  209.85.229.147, 209.85.229.99, 209.85.229.103, 209.85.229.104
	  209.85.229.105



Pinging google.com [209.85.169.106] with 32 bytes of data:



Reply from 209.85.169.106: bytes=32 time=275ms TTL=45

Reply from 209.85.169.106: bytes=32 time=275ms TTL=45



Ping statistics for 209.85.169.106:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 275ms, Maximum = 275ms, Average = 275ms

Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.139.180.149, 209.191.122.70, 67.195.160.76, 72.30.2.43
	  98.137.149.56



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=348ms TTL=48

Reply from 98.137.149.56: bytes=32 time=346ms TTL=48



Ping statistics for 98.137.149.56:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 346ms, Maximum = 348ms, Average = 347ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...1c 6f 65 26 9a fc ...... Realtek PCIe GBE Family Controller - Packet Scheduler Miniport
0x10004 ...00 1d 0f d4 5c 2b ...... TP-LINK ADSL Router USB NDIS Device - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.2	  30
    72.55.140.181  255.255.255.255      192.168.1.1     192.168.1.2	  30
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1	  1
      192.168.1.0    255.255.255.0      192.168.1.2     192.168.1.2	  30
      192.168.1.2  255.255.255.255        127.0.0.1       127.0.0.1	  30
    192.168.1.255  255.255.255.255      192.168.1.2     192.168.1.2	  30
        224.0.0.0        240.0.0.0      192.168.1.2     192.168.1.2	  30
  255.255.255.255  255.255.255.255      192.168.1.2     192.168.1.2	  1
  255.255.255.255  255.255.255.255      192.168.1.2               2	  1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/17/2011 09:34:40 PM) (Source: McLogEvent) (User: sh)sh
Description: The scan found and cleaned detections using Scan engine version 5400.1158 DAT version 6478.

Error: (10/17/2011 09:09:00 PM) (Source: McLogEvent) (User: sh)sh
Description: The scan found detections. Scan engine version 5400.1158 DAT version 6478.

Error: (10/14/2011 02:55:49 PM) (Source: McLogEvent) (User: sh)sh
Description: The scan found and cleaned detections using Scan engine version 5400.1158 DAT version 6478.

Error: (10/13/2011 11:43:26 PM) (Source: Application Hang) (User: )
Description: Hanging application REACTOR.exe, version 1.0.2.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/13/2011 07:53:27 AM) (Source: McLogEvent) (User: sh)sh
Description: The scan found detections. Scan engine version 5400.1158 DAT version 6478.

Error: (10/13/2011 07:53:27 AM) (Source: McLogEvent) (User: sh)sh
Description: The file f:\ComboFix.exe\66.nsis contains the Tool-NirCmd Potentially Unwanted Program. Undetermined clean error, deleted successfully. Detected using Scan engine version 5400.1158 DAT version 6478.0000.

Error: (10/12/2011 10:51:12 PM) (Source: McLogEvent) (User: sh)sh
Description: The scan found detections. Scan engine version 5400.1158 DAT version 6366.

Error: (01/01/2009 10:00:00 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (01/01/2009 10:00:00 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (01/01/2009 10:00:00 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


System errors:
=============
Error: (10/21/2011 11:07:09 AM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (10/21/2011 11:07:00 AM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (10/21/2011 11:06:51 AM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (10/21/2011 11:06:50 AM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (10/21/2011 11:06:41 AM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (10/21/2011 11:06:39 AM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (10/21/2011 11:06:31 AM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (10/21/2011 11:06:29 AM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (10/21/2011 11:06:21 AM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (10/21/2011 10:08:32 AM) (Source: Service Control Manager) (User: )
Description: The AOL Connectivity Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (10/17/2011 09:34:40 PM) (Source: McLogEvent)(User: sh)sh
Description: The scan found and cleaned detections using Scan engine version 5400.1158 DAT version 6478.

Error: (10/17/2011 09:09:00 PM) (Source: McLogEvent)(User: sh)sh
Description: The scan found detections. Scan engine version 5400.1158 DAT version 6478.

Error: (10/14/2011 02:55:49 PM) (Source: McLogEvent)(User: sh)sh
Description: The scan found and cleaned detections using Scan engine version 5400.1158 DAT version 6478.

Error: (10/13/2011 11:43:26 PM) (Source: Application Hang)(User: )
Description: REACTOR.exe1.0.2.2hungapp0.0.0.000000000

Error: (10/13/2011 07:53:27 AM) (Source: McLogEvent)(User: sh)sh
Description: The scan found detections. Scan engine version 5400.1158 DAT version 6478.

Error: (10/13/2011 07:53:27 AM) (Source: McLogEvent)(User: sh)sh
Description: The file f:\ComboFix.exe\66.nsis contains the Tool-NirCmd Potentially Unwanted Program. Undetermined clean error, deleted successfully. Detected using Scan engine version 5400.1158 DAT version 6478.0000.

Error: (10/12/2011 10:51:12 PM) (Source: McLogEvent)(User: sh)sh
Description: The scan found detections. Scan engine version 5400.1158 DAT version 6366.

Error: (01/01/2009 10:00:00 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (01/01/2009 10:00:00 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (01/01/2009 10:00:00 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.


=========================== Installed Programs ============================

A.V.A (Version: 28.52.02977)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Flash Player 10 Plugin (Version: 10.1.85.3)
Adobe Reader 9.1 (Version: 9.1.0)
AOL Uninstaller (Choose which Products to Remove)
Enable S3 for USB Device
Handy Recovery 4.0
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Internet Download Manager
K-Lite Mega Codec Pack 3.5.3 (Version: 3.5.3)
McAfee Agent (Version: 4.5.0.1810)
McAfee VirusScan Enterprise (Version: 8.8.00000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft XML Parser (Version: 8.70.1104.04)
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.17.0)
Nero 8 (Version: 8.10.316)
neroxml (Version: 1.0.0)
NVIDIA Drivers (Version: 1.10)
REACTOR (Version: 1.00.0000)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.26.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5998)
VCRedistSetup (Version: 1.0.0)
Viewpoint Media Player
WebFldrs XP (Version: 9.50.7523)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803) (Version: 3.1)
Windows Media Format Runtime
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 2046.42 MB
Available physical RAM: 1395.16 MB
Total Pagefile: 3939.13 MB
Available Pagefile: 3376.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1996.77 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:122.07 GB) (Free:108.4 GB) NTFS
3 Drive d: () (Fixed) (Total:38.96 GB) (Free:38.88 GB) NTFS
4 Drive e: () (Fixed) (Total:110.81 GB) (Free:110.74 GB) NTFS
5 Drive f: () (Fixed) (Total:107.42 GB) (Free:92.71 GB) NTFS
6 Drive g: (Music & Movie) (Fixed) (Total:107.42 GB) (Free:16.92 GB) NTFS
7 Drive h: (game installed) (Fixed) (Total:107.42 GB) (Free:69.21 GB) NTFS
8 Drive i: (Game) (Fixed) (Total:104.43 GB) (Free:56.37 GB) NTFS

========================= Users: ========================================

User accounts for \\MS-4702C0890B13

Administrator            Guest                    HelpAssistant            
sh                       SUPPORT_388945a0         


**** End of log ****
 

This log file is located at C:\rkill.log. 
Please post this only if requested to by the person helping you. 
Otherwise you can close this log when you wish. 

Rkill was run on 10/21/2011 at 20:18:58. 
Operating System: Microsoft Windows XP 


Processes terminated by Rkill or while it was running: 



Rkill completed on 10/21/2011 at 20:19:00. 
  

 Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 7994

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

10/21/2011 8:34:11 PM
mbam-log-2011-10-21 (20-34-11).txt

Scan type: Quick scan
Objects scanned: 167198
Time elapsed: 2 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

Hi smohsen,

I don't think your computer is infected with malware. I suggest you try asking for support from A.V.A's website: http://help.ijji.com/mystuff/askaquestion.nhn

thanks for the replay any way
i send this post first in windows xp section , cuz i was sure this problem was not for malware . any way thanks again