Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Expiro Infection 2 removing residuals


  • This topic is locked This topic is locked
38 replies to this topic

#1 PlumAmp24

PlumAmp24

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 22 July 2013 - 07:40 AM

Hello,

 

I was originally on "Am I infected? What do I do?" and I was being helped to remove expiro from my computer, and it looks like I have gotten most of my system back, but I am still worried about it resurfacing because of it's severity. So I came here because more in-depth scans can be executed here that warn't allowed on the other forum. I will give you a summery on what I did and you can also read the original topic here http://www.bleepingcomputer.com/forums/t/500710/expiro-infection/

 

At the beginning I ran a couple of quick scans with avast! and malwarebytes, avast! tag a lot programs that I can be download again, but it also tag a lot of win32 exe's, almost all with Win32:Expiro-CE and one with Win32:Vitro. Malwarebytes tag three objects and deleted them. I ran rkill the log can be found on my previous topic. I had troubles trying to get access to the internet because firefox and internet explorer both got sack by my antivirus or the virus, so I downloaded opera and install it without problem and I am still using it. Then I ran the online ESET Scanner(log on previous topic link page 2) which found items infected with Win32/Expiro.NBF and three other different trojans. ESET had an error while cleaning "alg.exe". I then ran AdwCleaner(log found on page 3 in link), TFC(deleted 950mb temp files), and another ESET online scan which came back clean. After that I ran a full avast! scan which came back with 62 restore points infected with Win32:Expiro-CE, I don't understand if avast! and ESET put different names for there viruses or there are two different types. But I deleted the restore points following the proper procedures, and then created a new one. I then did another full avast! scan and nothing came up. I then ran sfc /scannow four time to check or repair the win32 exe's. I ran Autoruns, logs and actions taken afterwards on page 4 in link. After that I was told to come here.

 

 

 

Here are DDS logs

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.7.2
Run by Main at 7:00:05 on 2013-07-22
#Option MBR scan  is disabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3318.2723 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system\HsMgr.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ASUS Xonar DG Audio\Customapp\Program\ASUSAUDIOCENTER.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ASUS Xonar DG Audio\Customapp\Program\MXMon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd
mRun: [Cmaudio8788GX] c:\windows\system\HsMgr.exe Envoke
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{9871CC2C-C414-4E12-8196-308EE27D91BD} : DHCPNameServer = 167.206.254.2 167.206.254.1
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-7-19 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-7-19 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-20 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-20 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-20 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-7-19 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-20 46808]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-4-20 10448]
R3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-3-26 1494528]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-8-9 1684736]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2010-8-9 14336]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2013-07-20 11:37:00 23040 -c--a-w- c:\windows\system32\dllcache\OLD33B5.tmp
2013-07-20 11:37:00 116224 -c--a-w- c:\windows\system32\dllcache\OLD33B8.tmp
2013-07-20 11:36:57 27648 -c--a-w- c:\windows\system32\dllcache\OLD33AF.tmp
2013-07-20 11:36:57 18944 -c--a-w- c:\windows\system32\dllcache\OLD33B2.tmp
2013-07-20 11:36:54 4608 -c--a-w- c:\windows\system32\dllcache\OLD33AC.tmp
2013-07-20 11:35:55 99865 -c--a-w- c:\windows\system32\dllcache\OLD33A9.tmp
2013-07-20 11:35:52 16970 -c--a-w- c:\windows\system32\dllcache\OLD33A4.tmp
2013-07-20 11:35:48 19455 -c--a-w- c:\windows\system32\dllcache\OLD33A1.tmp
2013-07-20 11:35:41 19200 -c--a-w- c:\windows\system32\dllcache\OLD339E.tmp
2013-07-20 11:35:41 12063 -c--a-w- c:\windows\system32\dllcache\OLD339B.tmp
2013-07-20 11:35:39 8192 -c--a-w- c:\windows\system32\dllcache\OLD3398.tmp
2013-07-20 11:33:58 364032 -c--a-w- c:\windows\system32\dllcache\OLD3331.tmp
2013-07-20 11:32:59 76288 -c--a-w- c:\windows\system32\dllcache\OLD32D9.tmp
2013-07-20 11:31:56 4992 -c--a-w- c:\windows\system32\dllcache\OLD328C.tmp
2013-07-20 11:30:58 28384 -c--a-w- c:\windows\system32\dllcache\OLD3247.tmp
2013-07-20 11:29:59 7552 -c--a-w- c:\windows\system32\dllcache\OLD3204.tmp
2013-07-20 11:28:59 104064 -c--a-w- c:\windows\system32\dllcache\OLD3157.tmp
2013-07-20 11:27:59 16640 -c--a-w- c:\windows\system32\dllcache\OLD3117.tmp
2013-07-20 11:26:58 4096 -c--a-w- c:\windows\system32\dllcache\OLD30B9.tmp
2013-07-20 11:25:58 128286 -c--a-w- c:\windows\system32\dllcache\OLD306D.tmp
2013-07-20 11:24:57 30495 -c--a-w- c:\windows\system32\dllcache\OLD2FF8.tmp
2013-07-20 11:23:57 180360 -c--a-w- c:\windows\system32\dllcache\OLD2FAF.tmp
2013-07-20 11:22:58 27936 -c--a-w- c:\windows\system32\dllcache\OLD2F76.tmp
2013-07-20 11:21:55 2944 -c--a-w- c:\windows\system32\dllcache\OLD2F33.tmp
2013-07-20 11:21:51 40960 -c--a-w- c:\windows\system32\dllcache\OLD2F30.tmp
2013-07-20 11:21:51 22016 -c--a-w- c:\windows\system32\dllcache\OLD2F2E.tmp
2013-07-20 11:21:51 1875968 -c--a-w- c:\windows\system32\dllcache\OLD2F2B.tmp
2013-07-20 11:21:50 98304 -c--a-w- c:\windows\system32\dllcache\OLD2F29.tmp
2013-07-20 11:21:31 35200 -c--a-w- c:\windows\system32\dllcache\OLD2F27.tmp
2013-07-20 11:21:28 6016 -c--a-w- c:\windows\system32\dllcache\OLD2F24.tmp
2013-07-20 11:21:26 56832 -c--a-w- c:\windows\system32\dllcache\OLD2F21.tmp
2013-07-20 11:21:26 51200 -c--a-w- c:\windows\system32\dllcache\OLD2F1E.tmp
2013-07-20 11:21:14 17280 -c--a-w- c:\windows\system32\dllcache\OLD2F1B.tmp
2013-07-20 11:21:02 15232 -c--a-w- c:\windows\system32\dllcache\OLD2F18.tmp
2013-07-20 11:19:59 18944 -c--a-w- c:\windows\system32\dllcache\OLD2EC5.tmp
2013-07-20 11:18:59 6144 -c--a-w- c:\windows\system32\dllcache\OLD2E39.tmp
2013-07-20 11:17:58 61952 -c--a-w- c:\windows\system32\dllcache\OLD2DA0.tmp
2013-07-20 11:16:59 5760 -c--a-w- c:\windows\system32\dllcache\OLD2D31.tmp
2013-07-20 11:15:59 8704 -c--a-w- c:\windows\system32\dllcache\OLD2CB2.tmp
2013-07-20 11:14:58 61952 -c--a-w- c:\windows\system32\dllcache\OLD2C15.tmp
2013-07-20 11:13:51 29696 -c--a-w- c:\windows\system32\dllcache\OLD2B9E.tmp
2013-07-20 11:12:59 17152 -c--a-w- c:\windows\system32\dllcache\OLD2B0A.tmp
2013-07-20 11:11:59 39680 -c--a-w- c:\windows\system32\dllcache\OLD2A63.tmp
2013-07-20 11:10:59 75136 -c--a-w- c:\windows\system32\dllcache\OLD28D7.tmp
2013-07-20 11:09:42 7168 -c--a-w- c:\windows\system32\dllcache\OLD27D1.tmp
2013-07-20 11:09:38 32827 -c--a-w- c:\windows\system32\dllcache\OLD27CC.tmp
2013-07-20 11:09:38 16384 -c--a-w- c:\windows\system32\dllcache\OLD27CF.tmp
2013-07-20 11:09:35 8192 -c--a-w- c:\windows\system32\dllcache\OLD27C9.tmp
2013-07-20 11:09:35 2134528 -c--a-w- c:\windows\system32\dllcache\OLD27C7.tmp
2013-07-20 11:09:35 189440 -c--a-w- c:\windows\system32\dllcache\OLD27C5.tmp
2013-07-20 11:09:34 20536 -c--a-w- c:\windows\system32\dllcache\OLD27C0.tmp
2013-07-20 11:09:34 16437 -c--a-w- c:\windows\system32\dllcache\OLD27C3.tmp
2013-07-20 11:09:30 66048 -c--a-w- c:\windows\system32\dllcache\OLD27BD.tmp
2013-07-20 11:09:17 2189952 -c--a-w- c:\windows\system32\dllcache\OLD27BA.tmp
2013-07-20 11:09:03 76800 -c--a-w- c:\windows\system32\dllcache\OLD27B8.tmp
2013-07-20 11:09:00 68608 -c--a-w- c:\windows\system32\dllcache\OLD27B6.tmp
2013-07-20 10:46:48 116224 -c--a-w- c:\windows\system32\dllcache\OLD274B.tmp
2013-07-20 10:46:47 23040 -c--a-w- c:\windows\system32\dllcache\OLD2748.tmp
2013-07-20 10:46:44 27648 -c--a-w- c:\windows\system32\dllcache\OLD2742.tmp
2013-07-20 10:46:44 18944 -c--a-w- c:\windows\system32\dllcache\OLD2745.tmp
2013-07-20 10:46:42 4608 -c--a-w- c:\windows\system32\dllcache\OLD273F.tmp
2013-07-20 10:45:39 99865 -c--a-w- c:\windows\system32\dllcache\OLD273C.tmp
2013-07-20 10:45:36 16970 -c--a-w- c:\windows\system32\dllcache\OLD2737.tmp
2013-07-20 10:45:31 19455 -c--a-w- c:\windows\system32\dllcache\OLD2734.tmp
2013-07-20 10:45:23 19200 -c--a-w- c:\windows\system32\dllcache\OLD2731.tmp
2013-07-20 10:45:22 12063 -c--a-w- c:\windows\system32\dllcache\OLD272E.tmp
2013-07-20 10:45:20 8192 -c--a-w- c:\windows\system32\dllcache\OLD272B.tmp
2013-07-20 10:43:53 25471 -c--a-w- c:\windows\system32\dllcache\OLD26FA.tmp
2013-07-20 10:42:58 794399 -c--a-w- c:\windows\system32\dllcache\OLD2687.tmp
2013-07-20 10:41:57 159232 -c--a-w- c:\windows\system32\dllcache\OLD2637.tmp
2013-07-20 10:40:58 36640 -c--a-w- c:\windows\system32\dllcache\OLD25E9.tmp
2013-07-20 10:39:58 101376 -c--a-w- c:\windows\system32\dllcache\OLD25A5.tmp
2013-07-20 10:38:58 29184 -c--a-w- c:\windows\system32\dllcache\OLD2529.tmp
2013-07-20 10:37:56 6784 -c--a-w- c:\windows\system32\dllcache\OLD24C4.tmp
2013-07-20 10:36:58 79872 -c--a-w- c:\windows\system32\dllcache\OLD246C.tmp
2013-07-20 10:35:59 16384 -c--a-w- c:\windows\system32\dllcache\OLD2420.tmp
2013-07-20 10:34:59 105984 -c--a-w- c:\windows\system32\dllcache\OLD23B7.tmp
2013-07-20 10:33:53 61696 -c--a-w- c:\windows\system32\dllcache\OLD2351.tmp
2013-07-20 10:32:56 39264 -c--a-w- c:\windows\system32\dllcache\OLD231B.tmp
2013-07-20 10:31:59 5504 -c--a-w- c:\windows\system32\dllcache\OLD22CF.tmp
2013-07-20 10:31:58 49024 -c--a-w- c:\windows\system32\dllcache\OLD22CC.tmp
2013-07-20 10:31:53 12416 -c--a-w- c:\windows\system32\dllcache\OLD22C9.tmp
2013-07-20 10:31:41 2944 -c--a-w- c:\windows\system32\dllcache\OLD22C6.tmp
2013-07-20 10:31:37 98304 -c--a-w- c:\windows\system32\dllcache\OLD22BC.tmp
2013-07-20 10:31:37 40960 -c--a-w- c:\windows\system32\dllcache\OLD22C3.tmp
2013-07-20 10:31:37 22016 -c--a-w- c:\windows\system32\dllcache\OLD22C1.tmp
2013-07-20 10:31:37 1875968 -c--a-w- c:\windows\system32\dllcache\OLD22BE.tmp
2013-07-20 10:31:17 35200 -c--a-w- c:\windows\system32\dllcache\OLD22BA.tmp
2013-07-20 10:31:14 6016 -c--a-w- c:\windows\system32\dllcache\OLD22B7.tmp
2013-07-20 10:31:12 56832 -c--a-w- c:\windows\system32\dllcache\OLD22B4.tmp
2013-07-20 10:31:12 51200 -c--a-w- c:\windows\system32\dllcache\OLD22B1.tmp
2013-07-20 10:31:02 17280 -c--a-w- c:\windows\system32\dllcache\OLD22AE.tmp
2013-07-20 10:29:57 797500 -c--a-w- c:\windows\system32\dllcache\OLD226D.tmp
2013-07-20 10:28:59 5120 -c--a-w- c:\windows\system32\dllcache\OLD21E8.tmp
2013-07-20 10:27:57 372824 -c--a-w- c:\windows\system32\dllcache\OLD2142.tmp
2013-07-20 10:26:58 289887 -c--a-w- c:\windows\system32\dllcache\OLD20D0.tmp
2013-07-20 10:25:58 320384 -c--a-w- c:\windows\system32\dllcache\OLD2062.tmp
2013-07-20 10:24:58 37120 -c--a-w- c:\windows\system32\dllcache\OLD1FAB.tmp
2013-07-20 10:23:51 8320 -c--a-w- c:\windows\system32\dllcache\OLD1F2E.tmp
2013-07-20 10:22:59 14848 -c--a-w- c:\windows\system32\dllcache\OLD1EA0.tmp
2013-07-20 10:21:59 164923 -c--a-w- c:\windows\system32\dllcache\OLD1DED.tmp
2013-07-20 10:20:59 870784 -c--a-w- c:\windows\system32\dllcache\OLD1C52.tmp
2013-07-20 10:19:33 7168 -c--a-w- c:\windows\system32\dllcache\OLD1B64.tmp
2013-07-20 10:19:30 32827 -c--a-w- c:\windows\system32\dllcache\OLD1B5F.tmp
2013-07-20 10:19:30 16384 -c--a-w- c:\windows\system32\dllcache\OLD1B62.tmp
2013-07-20 10:19:26 8192 -c--a-w- c:\windows\system32\dllcache\OLD1B5C.tmp
2013-07-20 10:19:26 2134528 -c--a-w- c:\windows\system32\dllcache\OLD1B5A.tmp
2013-07-20 10:19:26 189440 -c--a-w- c:\windows\system32\dllcache\OLD1B58.tmp
2013-07-20 10:19:25 20536 -c--a-w- c:\windows\system32\dllcache\OLD1B53.tmp
2013-07-20 10:19:25 16437 -c--a-w- c:\windows\system32\dllcache\OLD1B56.tmp
2013-07-20 10:19:19 66048 -c--a-w- c:\windows\system32\dllcache\OLD1B50.tmp
2013-07-20 10:19:07 2189952 -c--a-w- c:\windows\system32\dllcache\OLD1B4D.tmp
2013-07-20 09:27:48 116224 -c--a-w- c:\windows\system32\dllcache\OLD1AC3.tmp
2013-07-20 09:27:47 23040 -c--a-w- c:\windows\system32\dllcache\OLD1ABF.tmp
2013-07-20 09:27:45 18944 -c--a-w- c:\windows\system32\dllcache\OLD1ABB.tmp
2013-07-20 09:27:44 27648 -c--a-w- c:\windows\system32\dllcache\OLD1AB7.tmp
2013-07-20 09:27:42 4608 -c--a-w- c:\windows\system32\dllcache\OLD1AB3.tmp
2013-07-20 09:26:40 99865 -c--a-w- c:\windows\system32\dllcache\OLD1AAF.tmp
2013-07-20 09:26:37 16970 -c--a-w- c:\windows\system32\dllcache\OLD1AA9.tmp
2013-07-20 09:26:32 19455 -c--a-w- c:\windows\system32\dllcache\OLD1AA5.tmp
2013-07-20 09:26:26 19200 -c--a-w- c:\windows\system32\dllcache\OLD1AA1.tmp
2013-07-20 09:26:24 12063 -c--a-w- c:\windows\system32\dllcache\OLD1A9D.tmp
2013-07-20 09:26:22 8192 -c--a-w- c:\windows\system32\dllcache\OLD1A99.tmp
2013-07-20 09:24:59 33599 -c--a-w- c:\windows\system32\dllcache\OLD1A4F.tmp
2013-07-20 09:23:59 793598 -c--a-w- c:\windows\system32\dllcache\OLD19BF.tmp
2013-07-20 09:22:58 440576 -c--a-w- c:\windows\system32\dllcache\OLD1955.tmp
2013-07-20 09:21:59 36640 -c--a-w- c:\windows\system32\dllcache\OLD18F3.tmp
2013-07-20 09:20:59 99328 -c--a-w- c:\windows\system32\dllcache\OLD189F.tmp
2013-07-20 09:19:59 38912 -c--a-w- c:\windows\system32\dllcache\OLD1814.tmp
2013-07-20 09:18:59 36480 -c--a-w- c:\windows\system32\dllcache\OLD1788.tmp
2013-07-20 09:17:58 65664 -c--a-w- c:\windows\system32\dllcache\OLD1724.tmp
2013-07-20 09:16:58 16384 -c--a-w- c:\windows\system32\dllcache\OLD16B2.tmp
2013-07-20 09:15:58 105984 -c--a-w- c:\windows\system32\dllcache\OLD1629.tmp
2013-07-20 09:14:57 54528 -c--a-w- c:\windows\system32\dllcache\OLD15A5.tmp
2013-07-20 09:13:57 32840 -c--a-w- c:\windows\system32\dllcache\OLD156A.tmp
2013-07-20 09:12:58 1309184 -c--a-w- c:\windows\system32\dllcache\OLD14FE.tmp
2013-07-20 09:12:58 119808 -c--a-w- c:\windows\system32\dllcache\OLD1501.tmp
2013-07-20 09:12:57 126686 -c--a-w- c:\windows\system32\dllcache\OLD14FA.tmp
2013-07-20 09:12:43 5504 -c--a-w- c:\windows\system32\dllcache\OLD14F6.tmp
2013-07-20 09:12:42 49024 -c--a-w- c:\windows\system32\dllcache\OLD14F2.tmp
2013-07-20 09:12:37 12416 -c--a-w- c:\windows\system32\dllcache\OLD14EE.tmp
2013-07-20 09:12:19 2944 -c--a-w- c:\windows\system32\dllcache\OLD14EA.tmp
2013-07-20 09:12:14 98304 -c--a-w- c:\windows\system32\dllcache\OLD14DD.tmp
2013-07-20 09:12:14 40960 -c--a-w- c:\windows\system32\dllcache\OLD14E6.tmp
2013-07-20 09:12:14 22016 -c--a-w- c:\windows\system32\dllcache\OLD14E4.tmp
2013-07-20 09:12:14 1875968 -c--a-w- c:\windows\system32\dllcache\OLD14E0.tmp
2013-07-20 09:10:59 26624 -c--a-w- c:\windows\system32\dllcache\OLD149C.tmp
2013-07-20 09:09:59 48640 -c--a-w- c:\windows\system32\dllcache\OLD1417.tmp
2013-07-20 09:08:59 5504 -c--a-w- c:\windows\system32\dllcache\OLD137B.tmp
2013-07-20 09:07:59 18560 -c--a-w- c:\windows\system32\dllcache\OLD12C0.tmp
2013-07-20 09:06:59 25952 -c--a-w- c:\windows\system32\dllcache\OLD1255.tmp
2013-07-20 09:05:58 7680 -c--a-w- c:\windows\system32\dllcache\OLD1197.tmp
2013-07-20 09:04:59 18503 -c--a-w- c:\windows\system32\dllcache\OLD10F2.tmp
2013-07-20 09:03:55 29696 -c--a-w- c:\windows\system32\dllcache\OLD106B.tmp
2013-07-20 09:02:59 50176 -c--a-w- c:\windows\system32\dllcache\OLDFB2.tmp
2013-07-20 09:01:59 714698 -c--a-w- c:\windows\system32\dllcache\OLDED2.tmp
2013-07-20 09:00:59 9472 -c--a-w- c:\windows\system32\dllcache\OLDD36.tmp
2013-07-20 08:59:28 7168 -c--a-w- c:\windows\system32\dllcache\OLDB94.tmp
2013-07-20 08:59:24 32827 -c--a-w- c:\windows\system32\dllcache\OLDB8F.tmp
2013-07-20 08:59:24 16384 -c--a-w- c:\windows\system32\dllcache\OLDB92.tmp
2013-07-20 08:59:21 8192 -c--a-w- c:\windows\system32\dllcache\OLDB8C.tmp
2013-07-20 08:59:21 2134528 -c--a-w- c:\windows\system32\dllcache\OLDB8A.tmp
2013-07-20 08:59:21 20536 -c--a-w- c:\windows\system32\dllcache\OLDB83.tmp
2013-07-20 08:59:21 189440 -c--a-w- c:\windows\system32\dllcache\OLDB88.tmp
2013-07-20 08:59:21 16437 -c--a-w- c:\windows\system32\dllcache\OLDB86.tmp
2013-07-20 08:59:16 66048 -c--a-w- c:\windows\system32\dllcache\OLDB80.tmp
2013-07-20 08:59:05 2189952 -c--a-w- c:\windows\system32\dllcache\OLDB7C.tmp
2013-07-20 08:40:37 876653 -c--a-w- c:\windows\system32\dllcache\OLDAF5.tmp
2013-07-20 05:01:38 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-07-20 05:01:35 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-07-20 05:01:35 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-07-20 05:01:32 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2013-07-20 05:01:30 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2013-07-20 05:00:29 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2013-07-20 05:00:26 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2013-07-20 05:00:25 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2013-07-20 05:00:18 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2013-07-20 05:00:17 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2013-07-20 05:00:16 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2013-07-20 04:59:35 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2013-07-20 04:59:30 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2013-07-20 04:59:27 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2013-07-20 04:59:15 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2013-07-20 04:59:09 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2013-07-20 04:59:06 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2013-07-20 04:59:04 41600 -c--a-w- c:\windows\system32\dllcache\OLDA51.tmp
2013-07-20 04:59:04 31232 -c--a-w- c:\windows\system32\dllcache\OLDA54.tmp
2013-07-20 04:59:00 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2013-07-20 04:57:59 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2013-07-20 04:56:58 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2013-07-20 04:55:54 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2013-07-20 04:54:59 45056 -c--a-w- c:\windows\system32\dllcache\OLD94B.tmp
2013-07-20 04:53:59 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2013-07-20 04:52:56 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2013-07-20 04:51:58 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2013-07-20 04:50:57 20736 -c--a-w- c:\windows\system32\dllcache\OLD803.tmp
2013-07-20 04:49:58 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2013-07-20 04:48:58 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2013-07-20 04:47:59 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2013-07-20 04:46:59 1309184 -c--a-w- c:\windows\system32\dllcache\mtlstrm.sys
2013-07-20 04:46:58 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
2013-07-20 04:46:45 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2013-07-20 04:46:44 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2013-07-20 04:46:38 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2013-07-20 04:46:26 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2013-07-20 04:46:24 40960 -c--a-w- c:\windows\system32\dllcache\OLD6FC.tmp
2013-07-20 04:46:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2013-07-20 04:46:23 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2013-07-20 04:46:04 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2013-07-20 04:46:01 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2013-07-20 04:46:00 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2013-07-20 04:44:59 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2013-07-20 04:43:59 9216 -c--a-w- c:\windows\system32\dllcache\OLD658.tmp
2013-07-20 04:42:59 15360 -c--a-w- c:\windows\system32\dllcache\OLD5CA.tmp
2013-07-20 04:41:59 8192 -c--a-w- c:\windows\system32\dllcache\OLD566.tmp
2013-07-20 04:40:59 2688 -c--a-w- c:\windows\system32\dllcache\hidswvd.sys
2013-07-20 04:39:59 43520 -c--a-w- c:\windows\system32\dllcache\OLD47A.tmp
2013-07-20 04:38:59 55999 -c--a-w- c:\windows\system32\dllcache\el556nd5.sys
2013-07-20 04:37:59 131156 -c--a-w- c:\windows\system32\dllcache\digidbp.dll
2013-07-20 04:36:58 24064 -c--a-w- c:\windows\system32\dllcache\OLD34A.tmp
2013-07-20 04:35:59 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2013-07-20 04:34:58 19456 -c--a-w- c:\windows\system32\dllcache\OLD125.tmp
2013-07-20 04:33:51 7168 -c--a-w- c:\windows\system32\dllcache\OLDC2.tmp
2013-07-20 04:32:59 14608 -c--a-w- c:\windows\system32\dllcache\OLD5F.tmp
2013-07-19 13:17:08 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-07-19 13:17:07 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-07-19 13:17:04 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-07-16 18:11:06 44544 ----a-w- c:\windows\system32\alg.exe.cln
2013-07-16 17:07:53 -------- d-----w- c:\program files\ESET
2013-07-15 23:35:38 -------- d-----w- c:\documents and settings\Main\local settings\application data\Opera Software
2013-07-15 23:35:35 -------- d-----w- c:\documents and settings\Main\application data\Opera Software
.
==================== Find3M  ====================
.
2013-07-19 13:17:19 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr
.
============= FINISH:  7:02:04.31 ===============
 

 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/20/2011 7:21:34 PM
System Uptime: 7/19/2013 9:49:45 PM (58 hours ago)
.
Motherboard: ecs |  | G31T-M5
Processor: Intel Pentium III Xeon processor | CPU 1 | 2493/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 410.655 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 7/19/2013 10:17:29 PM - System Checkpoint
RP2: 7/19/2013 10:18:44 PM - Repair Point
RP3: 7/20/2013 10:21:12 PM - System Checkpoint
RP4: 7/21/2013 11:02:04 PM - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Advertising Center
ASUS Xonar DG Audio
Audacity 1.3.12 (Unicode)
avast! Free Antivirus
Command & Conquer Red Alert 2
DolbyFiles
eReg
ESET Online Scanner v3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Image Resizer Powertoy for Windows XP
ImagXpress
Inkscape 0.48.2
Intel® Graphics Media Accelerator Driver
Java 7 Update 7
Java Auto Updater
Java™ 6 Update 31
LAME v3.98.2 for Audacity
Logitech SetPoint 6.22
Malwarebytes Anti-Malware version 1.75.0.1300
Media Player Classic - Home Cinema v1.5.0.2827
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Journal Viewer
Microsoft XNA Framework Redistributable 4.0
Movie Templates - Starter Kit
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero Vision Help
NeroExpress
neroxml
OpenAL
Opera Stable 15.0.1147.148
Paint.NET v3.5.10
Project64 1.6
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB972187)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975254)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Steam
Terrafirma
Terraria
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Winamp
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Search 4.0
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
7/20/2013 4:40:37 AM, information: Windows File Protection [64018]  - Windows File Protection file scan was cancelled by user interaction, user name is Main.
7/20/2013 12:32:37 AM, information: Windows File Protection [64016]  - Windows File Protection file scan was started.
7/20/2013 1:01:40 AM, information: Windows File Protection [64017]  - Windows File Protection file scan completed successfully.
7/18/2013 4:48:48 AM, error: Service Control Manager [7034]  - The Pml Driver HPZ12 service terminated unexpectedly.  It has done this 1 time(s).
7/18/2013 4:48:47 AM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
7/18/2013 4:48:47 AM, error: Service Control Manager [7031]  - The Nero BackItUp Scheduler 4.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 500 milliseconds: Restart the service.
7/16/2013 2:11:54 PM, information: Windows File Protection [64001]  - File replacement was attempted on the protected system file c:\windows\system32\wupdmgr.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.4.2600.0, the version of the system file is 5.4.2600.0.
7/16/2013 2:11:54 PM, information: Windows File Protection [64001]  - File replacement was attempted on the protected system file c:\windows\system32\winmine.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.0, the version of the system file is 5.1.2600.0.
7/16/2013 2:11:53 PM, information: Windows File Protection [64001]  - File replacement was attempted on the protected system file c:\windows\system32\sol.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.0, the version of the system file is 5.1.2600.0.
7/16/2013 2:11:50 PM, information: Windows File Protection [64001]  - File replacement was attempted on the protected system file c:\windows\system32\sndvol32.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.0, the version of the system file is 5.1.2600.0.
7/16/2013 2:11:47 PM, information: Windows File Protection [64001]  - File replacement was attempted on the protected system file c:\windows\system32\sndrec32.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
7/16/2013 2:11:47 PM, information: Windows File Protection [64001]  - File replacement was attempted on the protected system file c:\windows\system32\osk.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
7/16/2013 2:11:44 PM, information: Windows File Protection [64001]  - File replacement was attempted on the protected system file c:\windows\system32\odbcad32.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 3.525.1132.0, the version of the system file is 3.525.1132.0.
7/16/2013 2:11:43 PM, information: Windows File Protection [64001]  - File replacement was attempted on the protected system file c:\windows\system32\narrator.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
7/16/2013 2:11:39 PM, information: Windows File Protection [64001]  - File replacement was attempted on the protected system file c:\windows\system32\mstsc.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.1.7600.16385, the version of the system file is 6.0.6001.18000.
7/16/2013 2:11:38 PM, information: Windows File Protection [64001]  - File replacement was attempted on the protected system file c:\windows\system32\msiexec.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 3.1.4001.5512, the version of the system file is 3.1.4001.5512.
7/16/2013 2:11:38 PM, information: Windows File Protection [64001]  - File replacement was attempted on the protected system file c:\windows\system32\mobsync.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
7/16/2013 2:11:35 PM, information: Windows File Protection [64001]  - File replacement was attempted on the protected system file c:\windows\system32\magnify.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
7/16/2013 2:11:34 PM, information: Windows File Protection [64001]  - File replacement was attempted on the protected system file c:\windows\system32\freecell.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.0, the version of the system file is 5.1.2600.0.
7/16/2013 2:11:33 PM, information: Windows File Protection [64001]  - File replacement was attempted on the protected system file c:\windows\system32\cleanmgr.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
7/16/2013 2:11:33 PM, information: Windows File Protection [64001]  - File replacement was attempted on the protected system file c:\windows\system32\charmap.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.0, the version of the system file is 5.1.2600.0.
7/16/2013 2:11:30 PM, information: Windows File Protection [64001]  - File replacement was attempted on the protected system file c:\windows\system32\calc.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.0, the version of the system file is 5.1.2600.0.
7/16/2013 2:11:13 PM, information: Windows File Protection [64002]  - File replacement was attempted on the protected system file c:\windows\system32\alg.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
7/16/2013 2:11:13 PM, information: Windows File Protection [64001]  - File replacement was attempted on the protected system file c:\program files\outlook express\wab.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
7/16/2013 2:11:13 PM, information: Windows File Protection [64001]  - File replacement was attempted on the protected system file c:\program files\outlook express\msimn.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
7/16/2013 2:09:31 PM, information: Windows File Protection [64001]  - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.1.4027.0, the version of the system file is 2.1.4027.0.
7/15/2013 11:13:52 PM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,230 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:34 AM

Posted 24 July 2013 - 09:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check..

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 PlumAmp24

PlumAmp24
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 24 July 2013 - 10:54 AM

Ok here are the two logs

 

 

ComboFix 13-07-24.02 - Main 07/24/2013  11:26:25.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3318.2581 [GMT -4:00]
Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Main\Application Data\Mozilla\Firefox\Profiles\c8ewr615.Bill's Interwebs\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
c:\documents and settings\Main\Application Data\Mozilla\Firefox\Profiles\c8ewr615.Bill's Interwebs\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\chrome.manifest
c:\documents and settings\Main\Application Data\Mozilla\Firefox\Profiles\c8ewr615.Bill's Interwebs\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\install.rdf
c:\windows\system32\PowerToyReadme.htm
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-24 to 2013-07-24  )))))))))))))))))))))))))))))))
.
.
2013-07-20 11:37 . 2008-04-14 09:42 116224 -c--a-w- c:\windows\system32\dllcache\OLD33B8.tmp
2013-07-20 11:37 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\OLD33B5.tmp
2013-07-20 11:36 . 2008-04-14 09:42 18944 -c--a-w- c:\windows\system32\dllcache\OLD33B2.tmp
2013-07-20 11:36 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\OLD33AF.tmp
2013-07-20 11:36 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\OLD33AC.tmp
2013-07-20 11:35 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\OLD33A9.tmp
2013-07-20 11:35 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\OLD33A4.tmp
2013-07-20 11:35 . 2008-04-14 02:04 19455 -c--a-w- c:\windows\system32\dllcache\OLD33A1.tmp
2013-07-20 11:35 . 2008-04-14 04:16 19200 -c--a-w- c:\windows\system32\dllcache\OLD339E.tmp
2013-07-20 11:35 . 2008-04-14 02:04 12063 -c--a-w- c:\windows\system32\dllcache\OLD339B.tmp
2013-07-20 11:35 . 2008-04-14 09:42 8192 -c--a-w- c:\windows\system32\dllcache\OLD3398.tmp
2013-07-20 11:33 . 2008-04-14 12:00 364032 -c--a-w- c:\windows\system32\dllcache\OLD3331.tmp
2013-07-20 11:32 . 2008-04-14 12:00 76288 -c--a-w- c:\windows\system32\dllcache\OLD32D9.tmp
2013-07-20 11:31 . 2001-08-17 17:51 4992 -c--a-w- c:\windows\system32\dllcache\OLD328C.tmp
2013-07-20 11:30 . 2001-08-17 18:07 28384 -c--a-w- c:\windows\system32\dllcache\OLD3247.tmp
2013-07-20 11:29 . 2001-08-17 17:56 7552 -c--a-w- c:\windows\system32\dllcache\OLD3204.tmp
2013-07-20 11:28 . 2001-08-17 16:50 104064 -c--a-w- c:\windows\system32\dllcache\OLD3157.tmp
2013-07-20 11:27 . 2001-08-17 17:51 16640 -c--a-w- c:\windows\system32\dllcache\OLD3117.tmp
2013-07-20 11:26 . 2008-04-14 12:00 4096 -c--a-w- c:\windows\system32\dllcache\OLD30B9.tmp
2013-07-20 11:25 . 2001-08-17 17:28 128286 -c--a-w- c:\windows\system32\dllcache\OLD306D.tmp
2013-07-20 11:24 . 2008-04-14 02:05 29502 -c--a-w- c:\windows\system32\dllcache\OLD2FFB.tmp
2013-07-20 11:23 . 2008-04-14 03:53 180360 -c--a-w- c:\windows\system32\dllcache\OLD2FAF.tmp
2013-07-20 11:22 . 2001-08-17 16:50 27936 -c--a-w- c:\windows\system32\dllcache\OLD2F76.tmp
2013-07-20 11:21 . 2001-08-17 18:00 2944 -c--a-w- c:\windows\system32\dllcache\OLD2F33.tmp
2013-07-20 11:21 . 2008-04-14 12:00 40960 -c--a-w- c:\windows\system32\dllcache\OLD2F30.tmp
2013-07-20 11:21 . 2008-04-14 12:00 1875968 -c--a-w- c:\windows\system32\dllcache\OLD2F2B.tmp
2013-07-20 11:21 . 2008-04-14 04:24 22016 -c--a-w- c:\windows\system32\dllcache\OLD2F2E.tmp
2013-07-20 11:21 . 2008-04-14 12:00 98304 -c--a-w- c:\windows\system32\dllcache\OLD2F29.tmp
2013-07-20 11:21 . 2001-08-17 18:02 35200 -c--a-w- c:\windows\system32\dllcache\OLD2F27.tmp
2013-07-20 11:21 . 2001-08-17 17:48 6016 -c--a-w- c:\windows\system32\dllcache\OLD2F24.tmp
2013-07-20 11:21 . 2008-04-14 09:42 56832 -c--a-w- c:\windows\system32\dllcache\OLD2F21.tmp
2013-07-20 11:21 . 2008-04-14 04:16 51200 -c--a-w- c:\windows\system32\dllcache\OLD2F1E.tmp
2013-07-20 11:21 . 2001-08-17 17:52 17280 -c--a-w- c:\windows\system32\dllcache\OLD2F1B.tmp
2013-07-20 11:21 . 2008-04-14 04:16 15232 -c--a-w- c:\windows\system32\dllcache\OLD2F18.tmp
2013-07-20 11:19 . 2008-04-14 12:00 18944 -c--a-w- c:\windows\system32\dllcache\OLD2EC5.tmp
2013-07-20 11:18 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\OLD2E39.tmp
2013-07-20 11:17 . 2001-08-18 02:36 61952 -c--a-w- c:\windows\system32\dllcache\OLD2DA0.tmp
2013-07-20 11:16 . 2001-08-17 17:52 5760 -c--a-w- c:\windows\system32\dllcache\OLD2D31.tmp
2013-07-20 11:15 . 2008-04-14 12:00 8704 -c--a-w- c:\windows\system32\dllcache\OLD2CB2.tmp
2013-07-20 11:14 . 2001-08-18 02:36 61952 -c--a-w- c:\windows\system32\dllcache\OLD2C15.tmp
2013-07-20 11:13 . 2001-08-17 16:11 29696 -c--a-w- c:\windows\system32\dllcache\OLD2B9E.tmp
2013-07-20 11:12 . 2001-08-17 17:50 17152 -c--a-w- c:\windows\system32\dllcache\OLD2B0A.tmp
2013-07-20 11:11 . 2001-08-17 16:12 39680 -c--a-w- c:\windows\system32\dllcache\OLD2A63.tmp
2013-07-20 11:10 . 2008-04-14 02:04 57856 -c--a-w- c:\windows\system32\dllcache\OLD28DD.tmp
2013-07-20 11:09 . 2008-04-14 12:00 7168 -c--a-w- c:\windows\system32\dllcache\OLD27D1.tmp
2013-07-20 11:09 . 2003-03-24 20:52 16384 -c--a-w- c:\windows\system32\dllcache\OLD27CF.tmp
2013-07-20 11:09 . 2003-03-24 20:52 32827 -c--a-w- c:\windows\system32\dllcache\OLD27CC.tmp
2013-07-20 11:09 . 2008-04-14 12:00 8192 -c--a-w- c:\windows\system32\dllcache\OLD27C9.tmp
2013-07-20 11:09 . 2008-04-14 12:00 2134528 -c--a-w- c:\windows\system32\dllcache\OLD27C7.tmp
2013-07-20 11:09 . 2008-04-14 12:00 189440 -c--a-w- c:\windows\system32\dllcache\OLD27C5.tmp
2013-07-20 11:09 . 2003-03-24 20:52 20536 -c--a-w- c:\windows\system32\dllcache\OLD27C0.tmp
2013-07-20 11:09 . 2003-03-24 20:52 16437 -c--a-w- c:\windows\system32\dllcache\OLD27C3.tmp
2013-07-20 11:09 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\OLD27BD.tmp
2013-07-20 11:09 . 2010-02-17 16:10 2189952 -c--a-w- c:\windows\system32\dllcache\OLD27BA.tmp
2013-07-20 11:09 . 2008-04-14 12:00 76800 -c--a-w- c:\windows\system32\dllcache\OLD27B8.tmp
2013-07-20 11:09 . 2008-04-14 12:00 68608 -c--a-w- c:\windows\system32\dllcache\OLD27B6.tmp
2013-07-20 10:46 . 2008-04-14 09:42 116224 -c--a-w- c:\windows\system32\dllcache\OLD274B.tmp
2013-07-20 10:46 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\OLD2748.tmp
2013-07-20 10:46 . 2008-04-14 09:42 18944 -c--a-w- c:\windows\system32\dllcache\OLD2745.tmp
2013-07-20 10:46 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\OLD2742.tmp
2013-07-20 10:46 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\OLD273F.tmp
2013-07-20 10:45 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\OLD273C.tmp
2013-07-20 10:45 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\OLD2737.tmp
2013-07-20 10:45 . 2008-04-14 02:04 19455 -c--a-w- c:\windows\system32\dllcache\OLD2734.tmp
2013-07-20 10:45 . 2008-04-14 04:16 19200 -c--a-w- c:\windows\system32\dllcache\OLD2731.tmp
2013-07-20 10:45 . 2008-04-14 02:04 12063 -c--a-w- c:\windows\system32\dllcache\OLD272E.tmp
2013-07-20 10:45 . 2008-04-14 09:42 8192 -c--a-w- c:\windows\system32\dllcache\OLD272B.tmp
2013-07-20 10:43 . 2008-04-14 02:04 25471 -c--a-w- c:\windows\system32\dllcache\OLD26FA.tmp
2013-07-20 10:42 . 2001-08-17 17:28 794399 -c--a-w- c:\windows\system32\dllcache\OLD2687.tmp
2013-07-20 10:41 . 2001-08-17 16:51 159232 -c--a-w- c:\windows\system32\dllcache\OLD2637.tmp
2013-07-20 10:40 . 2001-08-17 16:50 36640 -c--a-w- c:\windows\system32\dllcache\OLD25E9.tmp
2013-07-20 10:39 . 2008-04-14 12:00 101376 -c--a-w- c:\windows\system32\dllcache\OLD25A5.tmp
2013-07-20 10:38 . 2008-04-14 12:00 29184 -c--a-w- c:\windows\system32\dllcache\OLD2529.tmp
2013-07-20 10:37 . 2001-08-17 17:53 6784 -c--a-w- c:\windows\system32\dllcache\OLD24C4.tmp
2013-07-20 10:36 . 2001-08-18 02:36 79872 -c--a-w- c:\windows\system32\dllcache\OLD246C.tmp
2013-07-20 10:35 . 2008-04-14 12:00 16384 -c--a-w- c:\windows\system32\dllcache\OLD2420.tmp
2013-07-20 10:34 . 2001-08-18 02:37 105984 -c--a-w- c:\windows\system32\dllcache\OLD23B7.tmp
2013-07-20 10:33 . 2008-04-14 04:16 61696 -c--a-w- c:\windows\system32\dllcache\OLD2351.tmp
2013-07-20 10:32 . 2001-08-17 16:50 39264 -c--a-w- c:\windows\system32\dllcache\OLD231B.tmp
2013-07-20 10:31 . 2008-04-14 04:09 5504 -c--a-w- c:\windows\system32\dllcache\OLD22CF.tmp
2013-07-20 10:31 . 2008-04-14 04:16 49024 -c--a-w- c:\windows\system32\dllcache\OLD22CC.tmp
2013-07-20 10:31 . 2001-08-17 17:48 12416 -c--a-w- c:\windows\system32\dllcache\OLD22C9.tmp
2013-07-20 10:31 . 2001-08-17 18:00 2944 -c--a-w- c:\windows\system32\dllcache\OLD22C6.tmp
2013-07-20 10:31 . 2008-04-14 12:00 98304 -c--a-w- c:\windows\system32\dllcache\OLD22BC.tmp
2013-07-20 10:31 . 2008-04-14 12:00 40960 -c--a-w- c:\windows\system32\dllcache\OLD22C3.tmp
2013-07-20 10:31 . 2008-04-14 12:00 1875968 -c--a-w- c:\windows\system32\dllcache\OLD22BE.tmp
2013-07-20 10:31 . 2008-04-14 04:24 22016 -c--a-w- c:\windows\system32\dllcache\OLD22C1.tmp
2013-07-20 10:31 . 2001-08-17 18:02 35200 -c--a-w- c:\windows\system32\dllcache\OLD22BA.tmp
2013-07-20 10:31 . 2001-08-17 17:48 6016 -c--a-w- c:\windows\system32\dllcache\OLD22B7.tmp
2013-07-20 10:31 . 2008-04-14 09:42 56832 -c--a-w- c:\windows\system32\dllcache\OLD22B4.tmp
2013-07-20 10:31 . 2008-04-14 04:16 51200 -c--a-w- c:\windows\system32\dllcache\OLD22B1.tmp
2013-07-20 10:31 . 2001-08-17 17:52 17280 -c--a-w- c:\windows\system32\dllcache\OLD22AE.tmp
2013-07-20 10:29 . 2001-08-17 17:28 797500 -c--a-w- c:\windows\system32\dllcache\OLD226D.tmp
2013-07-20 10:28 . 2008-04-14 12:00 5120 -c--a-w- c:\windows\system32\dllcache\OLD21E8.tmp
2013-07-20 10:27 . 2001-08-18 02:36 372824 -c--a-w- c:\windows\system32\dllcache\OLD2142.tmp
2013-07-20 10:26 . 2001-08-17 17:28 289887 -c--a-w- c:\windows\system32\dllcache\OLD20D0.tmp
2013-07-20 10:25 . 2001-08-17 16:49 320384 -c--a-w- c:\windows\system32\dllcache\OLD2062.tmp
2013-07-20 10:24 . 2001-08-17 16:19 37120 -c--a-w- c:\windows\system32\dllcache\OLD1FAB.tmp
2013-07-20 10:23 . 2008-04-14 04:10 8320 -c--a-w- c:\windows\system32\dllcache\OLD1F2E.tmp
2013-07-20 10:22 . 2001-08-17 17:50 14848 -c--a-w- c:\windows\system32\dllcache\OLD1EA0.tmp
2013-07-20 10:21 . 2001-08-17 16:13 164923 -c--a-w- c:\windows\system32\dllcache\OLD1DED.tmp
2013-07-20 10:20 . 2008-04-14 09:41 870784 -c--a-w- c:\windows\system32\dllcache\OLD1C52.tmp
2013-07-20 10:19 . 2008-04-14 12:00 7168 -c--a-w- c:\windows\system32\dllcache\OLD1B64.tmp
2013-07-20 10:19 . 2003-03-24 20:52 16384 -c--a-w- c:\windows\system32\dllcache\OLD1B62.tmp
2013-07-20 10:19 . 2003-03-24 20:52 32827 -c--a-w- c:\windows\system32\dllcache\OLD1B5F.tmp
2013-07-20 10:19 . 2008-04-14 12:00 8192 -c--a-w- c:\windows\system32\dllcache\OLD1B5C.tmp
2013-07-20 10:19 . 2008-04-14 12:00 2134528 -c--a-w- c:\windows\system32\dllcache\OLD1B5A.tmp
2013-07-20 10:19 . 2008-04-14 12:00 189440 -c--a-w- c:\windows\system32\dllcache\OLD1B58.tmp
2013-07-20 10:19 . 2003-03-24 20:52 20536 -c--a-w- c:\windows\system32\dllcache\OLD1B53.tmp
2013-07-20 10:19 . 2003-03-24 20:52 16437 -c--a-w- c:\windows\system32\dllcache\OLD1B56.tmp
2013-07-20 10:19 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\OLD1B50.tmp
2013-07-20 10:19 . 2010-02-17 16:10 2189952 -c--a-w- c:\windows\system32\dllcache\OLD1B4D.tmp
2013-07-20 09:27 . 2008-04-14 09:42 116224 -c--a-w- c:\windows\system32\dllcache\OLD1AC3.tmp
2013-07-20 09:27 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\OLD1ABF.tmp
2013-07-20 09:27 . 2008-04-14 09:42 18944 -c--a-w- c:\windows\system32\dllcache\OLD1ABB.tmp
2013-07-20 09:27 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\OLD1AB7.tmp
2013-07-20 09:27 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\OLD1AB3.tmp
2013-07-20 09:26 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\OLD1AAF.tmp
2013-07-20 09:26 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\OLD1AA9.tmp
2013-07-20 09:26 . 2008-04-14 02:04 19455 -c--a-w- c:\windows\system32\dllcache\OLD1AA5.tmp
2013-07-20 09:26 . 2008-04-14 04:16 19200 -c--a-w- c:\windows\system32\dllcache\OLD1AA1.tmp
2013-07-20 09:26 . 2008-04-14 02:04 12063 -c--a-w- c:\windows\system32\dllcache\OLD1A9D.tmp
2013-07-20 09:26 . 2008-04-14 09:42 8192 -c--a-w- c:\windows\system32\dllcache\OLD1A99.tmp
2013-07-20 09:24 . 2008-04-14 02:04 33599 -c--a-w- c:\windows\system32\dllcache\OLD1A4F.tmp
2013-07-20 09:23 . 2001-08-17 17:28 793598 -c--a-w- c:\windows\system32\dllcache\OLD19BF.tmp
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-19 13:17 . 2011-03-20 22:10 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-07-19 13:17 . 2011-03-20 22:10 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2011-03-20 22:10 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2011-03-20 22:10 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2011-03-20 22:10 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2011-03-20 22:10 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-03-20 22:10 229648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-24 02:29 . 2012-08-24 02:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"SkyTel"="SkyTel.EXE" [2007-11-20 1826816]
"Cmaudio8788GX"="c:\windows\system\HsMgr.exe" [2008-07-11 200704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 9\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Terraria\\Terraria.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [7/19/2013 9:17 AM 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [7/19/2013 9:17 AM 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/20/2011 6:10 PM 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/20/2011 6:10 PM 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/20/2011 6:10 PM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [7/19/2013 9:17 AM 66336]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [4/20/2011 5:14 PM 10448]
R3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [3/26/2011 11:20 AM 1494528]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/9/2010 5:23 PM 1684736]
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-24 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-07-19 08:58]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Cmaudio8788 - cmicnfgp.cpl
AddRemove-Steam App 105600 - c:\program files\Steam\steam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-24 11:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2013-07-24  11:31:53
ComboFix-quarantined-files.txt  2013-07-24 15:31
.
Pre-Run: 440,381,571,072 bytes free
Post-Run: 440,357,826,560 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A9271930E638CB4AAD68D91DD7A0F710
8F558EB6672622401DA993E1E865C861
 

 

 

 Results of screen317's Security Check version 0.99.71  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 31  
 Java 7 Update 7  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
  Adobe Flash Player 10.3.183.10 Flash Player out of Date!  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox 12.0 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 5% 
````````````````````End of Log`````````````````````` 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,230 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:34 AM

Posted 24 July 2013 - 12:53 PM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 6 Update 31
Java 7 Update 7


Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.224 and earlier versions for Windows, Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.291 and earlier versions for Linux, Adobe Flash Player 11.1.115.63 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)

If still present removed also these old versions
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.10 Flash Player out of Date!

===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Please let me know what problem persists.

#5 PlumAmp24

PlumAmp24
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 24 July 2013 - 01:53 PM

I'm I safe to log on to my email account and other accounts I have? Is the cleaning process done? Should I do these updates first and then the windows updates? The computer seems fine now, do I have to worry about the win32 exe's anymore have they been repaired?

Thanks 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,230 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:34 AM

Posted 25 July 2013 - 07:12 AM

Secure your system by updating 3rd party programs first.

Your logs do not show any sign of malware.

do I have to worry about the win32 exe's anymore have they been repaired?

To you have any reason to think other wise?

You can go to your mail account.
If you use this computer for banking I suggest you change you password to be on the safe side.


===

When all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.
===

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful addons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#7 PlumAmp24

PlumAmp24
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 25 July 2013 - 09:21 AM

"To you have any reason to think other wise?"

 

I was hoping not to have a reason but when I tried to remove java 6 and 7 from Add or Remove Programs I get "The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance." I remember that avast! deleted "msiexec.exe" which according to bleepingcomputer's startup list is the Windows Installer's exe. I believe that is the only win32 exe that avast! deleted. I also remember that Malwarebytes quarantined and deleted this "C:\WINDOWS\system32\utilman.exe" labeling it with "(Trojan.FakeMS)" Is that going to be problem also? What should I do? 


Edited by PlumAmp24, 25 July 2013 - 09:30 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,230 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:34 AM

Posted 25 July 2013 - 10:12 AM

Remove what is left over from the badly uninstaller of Java.

Totally uninstall [Java], using the Revo Uninstaller.

Download and run the free version of Revo Uninstaller.

Select [Java] and click Uninstall.

Set it to 'Advanced' and click Scan.

Revo will do this:

Step 1. Create restore point.

Step 2. Run the official [name] uninstaller.

Step 3. When uninstaller finishes, click Scan in Revo and it will search for remnants. Delete everything found (Select All, Delete All).

Reboot if asked to.
===

I also remember that Malwarebytes quarantined and deleted this "C:\WINDOWS\system32\utilman.exe" labeling it with "(Trojan.FakeMS)" Is that going to be problem also?

This was a security risk.
http://www.technibble.com/bypass-windows-logons-utilman/

#9 PlumAmp24

PlumAmp24
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 25 July 2013 - 12:29 PM

I removed "Java 6 Update 31"  "Java 7 Update 7" with the Revo Uninstaller, it displayed that same massage about the windows installer but it went through with the removal process. For java 6 it found 200 some items and java 7 found 2000 plus items. I restarted the computer because it said that it will clean up additional items left over. I used Revo Uninstaller on both adobe flash and reader, Revo left behind the desktop icon and a couple of empty folders that only have two files in them, do I just manually delete them? Do I really need adobe reader? I heard that it is not the safest or fastest reader. Can I replace it with a alternative reader? 

 

Update: While trying to install the new version of java, windows threw me the same warning massage as I mentioned in post #7. I can't really do nothing now.


Edited by PlumAmp24, 25 July 2013 - 09:24 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,230 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:34 AM

Posted 26 July 2013 - 07:24 AM

I used Revo Uninstaller on both adobe flash and reader, Revo left behind the desktop icon and a couple of empty folders that only have two files in them, do I just manually delete them?

Yes.

Alternatives to the Adobe Reader.
http://www.pcworld.com/article/2027961/ditch-the-pdf-headaches-three-safer-speedier-adobe-reader-alternatives.html
===
 

Windows Installer is not correctly installed.


Download and install the latest version of the Installer.
http://www.microsoft.com/en-us/download/details.aspx?id=8483

Keep me posted.

#11 PlumAmp24

PlumAmp24
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 26 July 2013 - 08:44 AM

Everything went smoothly when installing "windows installer." After that I installed java and flash with no problems too. 

 

I have a question though, back when my computer was still infected I was backing up my files on to flash drives. Is there a way to scan them safely? 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,230 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:34 AM

Posted 26 July 2013 - 09:19 AM

Can you not use avast! Antivirus on the drive.

Of you can try this.

Scan Your Thumb Drive for Viruses from the AutoPlay Dialog
http://www.howtogeek.com/howto/18021/scan-your-thumb-drive-for-viruses-from-the-autoplay-dialog/

#13 PlumAmp24

PlumAmp24
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 26 July 2013 - 10:02 AM

I can use avast! but I was worried about the autoplay feature that xp has. Is there a way to turn off autoplay?



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,230 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:34 AM

Posted 26 July 2013 - 12:30 PM

Alternate download link 1
Alternate download link 2

  • Double-click on USBVaccineSetup.exe to install the program to C:\Program Files\Panda USB Vaccine.
  • Read and accept the license agreement, then click Next.
  • When setup completes, make sure "Launch Panda USB Vaccine" is checked and click Finish to open the program.
  • Click the Vaccinate computer button. It should now show a green checkmark and confirm Computer vaccinated.
  • Hold down the Shift key and insert your USB external drive.
  • When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
  • Exit the program when done
Note: Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.

#15 PlumAmp24

PlumAmp24
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 28 July 2013 - 06:46 AM

I have been downloading the numerous amount of windows updates and I am having trouble installing...

"Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86"

It hanged at the installations part for ten minutes with no progress in the progress bar, and then it told me that it failed at installing.  

 

I noticed that this particular update had caused problems for many others too. I looked for a solution but I am getting confused about the way I should approach the problem. Because avast! moved these to the virus chest back when the infection was active.

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
You see I don't know if the problem is that these above microsoft .net exe's are causing the problem or if it is the actual update it self. Now I have half downloaded or installed .net files on my computer, a couple of the solutions used 3rd party program to remove the unfinished installation. But some advised not to use them. I also found some methods on microsoft support page.
Will one of these fix the problem?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users