[TomHalstead]

Oh I forgot to tell you, X5XSEx_Pr143 is not bothering me anymore, and with the Microsoft.NET 4 I'm not sure whether or not that's working or not, I just can't see any items in "Turn on or off Windows programs" that's the problem.

[Advertisements]

Hi TomHalstead,

Proceed with the fix and let me know if that's still the case. Or have you already?

[Pyxis]

Hi TomHalstead,

Proceed with the fix and let me know if that's still the case. Or have you already?

[TomHalstead]

I have already done what you requested.

[Pyxis]

Hi TomHalstead,

I have done research on this and apparently the entry it appears as is Microsoft .NET Framework 3.5.1 in Windows Features. I also have an installation of the .NET Framework (version 4.5, actually) and this appears to be my case:

Do you see the same thing? If so, you should be good. If you are unconvinced, I can send you a very simple application that requires the .NET Framework to run in order to verify it is working correctly. Please let me know if you would like this.

[Pyxis]

Hi TomHalstead,

To test your installation, please download the attached file, unzip it, and run it. If you do not encounter any errors while attempting to do so, you have successfully installed a working copy of the .NET Framework.

 FrameworkTester.zip   3.81KB   120 downloads

In addition, kindly complete the following steps.

• Step 1

Run a free 'ESET Online Scan by ESET' by firstly saving the file to your desktop.

• Double-click esetsmartinstaller_enu.exe. Accept the Terms of Use then click on Start.
• Ensure the following settings are followed before clicking Start (you may or may not see the software warning at the very bottom):
  
  

  

• The virus signature database will begin to download. Wait for the scan to end--it may take several hours.
• Upon completion, use Notepad to open and save C:\Program Files\ESET\EsetOnlineScanner\log.txt to your desktop.
• Select Uninstall application on close and click Finish.
• Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the log back here.

• Step 2
  Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.
  
  
  • Double-click mbam-setup-*.exe and proceed to installing the program.
  • Accept the License Agreement.
  • At the end, ensure a check mark is both placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location.
  • In case you don't get a chance to do so, you may also find the log in the program's Logs tab.
• Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the log back here.

• Step 3

You are now required to uninstall ComboFix as a part of the final clean-up process.

• Rename ComboFix.exe into Uninstall.exe and double-click to run it.
• Wait for it to finish. A prompt will pop-up informing you so.

• Step 4

You currently have the following outdated program(s) installed. I highly recommend that you perform an update. You will find the download link(s) for the new version(s) below.

• Adobe Reader 10.1.7 -- Update (Please untick Free! McAfee Security Scan Plus before downloading it.)

Uninstall the previous version(s) before installing the updated one(s). If you run into any errors, let me know.

• Logs to Post

In summary of the above, I will need you to post the following log(s):

• log.txt (ESET Online Scan)
• mbam-log-*.txt (Malwarebytes' Anti-Malware)

Please let me know how it goes, as if it works, we'll wrap this up with final reminders and procedures so you will not get re-infected.

[TomHalstead]

Her is Malwarbytes logs:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.04.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Owner :: OWNER-PC [administrator]

Protection: Disabled

8/4/2013 4:27:55 PM
mbam-log-2013-08-04 (16-27-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214273
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end

And here is ESET logs:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f1c607c1fa5cdb4e84e85ed08fc78df1
# engine=14647
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-04 10:21:57
# local_time=2013-08-04 04:21:57 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1259943 127198367 0 0
# scanned=261129
# found=11
# cleaned=11
# scan_time=17364
sh=E6CBDE1DBBB05EFF2FAE69047FA613D061676F8E ft=0 fh=0000000000000000 vn="a variant of Java/JShrink.A application (cleaned by deleting - quarantined)" ac=C fn="C:\insidiaXV8cache\JFrame\WorldMap\WorldMap.jar"
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js"
sh=FE0DA3EB0E67D4B3069F1C53C38FADD29B7A79B8 ft=1 fh=fadc98a27da1e2f7 vn="Win32/InstallCore.CD application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Owner\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe"
sh=11664A975E7C31E25DA3F1CAF7A3FD08433B97E0 ft=1 fh=e6f7bc67c0af21c3 vn="a variant of Win32/InstallCore.T application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Owner\Downloads\ADLSoft_UnCompressor_v2.exe"
sh=365CAC91356CE7C19E8C9BB9CDE636E11C8CF939 ft=1 fh=51b7c83372c2731d vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Owner\Downloads\Driver_Fusion_1.7.0.exe"
sh=CE7E1C44F8B1C2B91E96F7F34374E328DA3B0D53 ft=1 fh=0b49b0e5c5a31b6d vn="Win32/Toolbar.Inbox.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Owner\Downloads\MapsSetup.exe"
sh=D337EE2A70E6F626D2F20A45F319B68BC250C281 ft=1 fh=3184551533f89551 vn="a variant of Win32/Adware.iBryte.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Owner\Downloads\Setup (4).exe"
sh=749D0A78AA9511BD429909C43BD381AC2DF38B2F ft=1 fh=200e15aebadc5f02 vn="a variant of Win32/Adware.iBryte.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Owner\Downloads\Setup (5).exe"
sh=78EA28DD9756A37066E675514A4ECCC9E04ABEE8 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AK trojan (deleted - quarantined)" ac=C fn="C:\Users\Owner\Downloads\SuperOneClickv1.8-ShortFuse.zip"
sh=EAFB46D14E5DD34BF93276D48B054FC80BC6AA2E ft=1 fh=445c5fd447c3f602 vn="a variant of Win32/OpenInstall application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Owner\Downloads\WinZip175.exe"
sh=FE0DA3EB0E67D4B3069F1C53C38FADD29B7A79B8 ft=1 fh=fadc98a27da1e2f7 vn="Win32/InstallCore.CD application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Owner\Downloads\ZipOpenerSetup.exe"



And with the Microsoft.NET thing, Microsoft.NET is working fine, but the whole entire "Turn on or off Microsoft programs" is completely blank there is no options to un-check anything, So the whole entire window is completely blank except for the words at the top.

[Pyxis]

Hi TomHalstead,

Thank you for posting the logs. Both are clean except for the files in your Downloads folder (now removed), which are bundled with adware. As for you issue, I see. Let us try the following steps.

• Step 1
  Press the Windows button and the R button at the same time.
  
  
  • Type services.msc and press OK.
  • Locate the following services:
    
    Desktop Window Manager Session Manager
    Themes
    Windows Modules Installer
• Right-click on each service and choose Properties. Change the Startup type to Automatic.
• Press Apply > OK.
• Close all windows and reboot your system.

• Step 2

Download http://www.microsoft....aspx?id=20858' class='bbc_url' title='External link' rel='nofollow external'>'System Update Readiness Tool by Microsoft' and save it to your desktop.

• Ensure all programs and windows are closed before proceeding.
• Simply double-click the program icon to run it. It will ask for administrator privileges.
• Follow the on-screen instructions to install the program.
• The process will take some time to complete--please allow it to finish.
• Once done, click Close and reboot your computer.
• Test Windows Features and see whether a list populates.

As usual, let me know how it goes.

[TomHalstead]

When I try to put them all on Automatic they were all there except Windows Modules Installer, and when I did try to change it to automatic it gave me the error: The delayed auto-start flag could not be set error 87: The Parameter is incorrect. Also nothing happened when I ran that System Update Readiness tool by Microsoft all it said was "Installation Complete"

[Pyxis]

Hi TomHalstead,

Just to clarify--when you attempted to run the tool, it just gave you that message immediately? I am safe to assume Windows Features still does not display a list?

[TomHalstead]

Yeah Windows Features does not show a list still and yeah it gave me that message immediately.

[Pyxis]

Hi TomHalstead,

I see. Could you attach C:\Windows\Logs\CBS\CheckSUR.log for me, please? It will let me know what went wrong.

[TomHalstead]

Hey, sorry it took me so long to reply, I went out of town for a few days. But here is that log for you.


=================================
Checking System Update Readiness.
Binary Version 6.1.7601.21645
Package Version 19.0
2013-08-06 01:20

Checking Windows Servicing Packages

Checking Package Manifests and Catalogs
(f) CBS MUM Corrupt 0x00000000 servicing\Packages\Microsoft-Windows-IE-Hyphenation-Parent-Package-English~31bf3856ad364e35~~~10.2.9200.16437.mum Expected file name Microsoft-Windows-IE-Hyphenation-Parent-Package-English~31bf3856ad364e35~neutral~~10.2.9200.16437.mum does not match the actual file name
(f) CBS MUM Corrupt 0x00000000 servicing\Packages\Microsoft-Windows-IE-Spelling-Parent-Package-English~31bf3856ad364e35~~~10.2.9200.16437.mum Expected file name Microsoft-Windows-IE-Spelling-Parent-Package-English~31bf3856ad364e35~neutral~~10.2.9200.16437.mum does not match the actual file name
(f) CBS Catalog Corrupt 0x800B0100 servicing\Packages\Package_1_for_KB2675157~31bf3856ad364e35~amd64~~9.4.1.0.cat
(f) CBS Catalog Corrupt 0x800B0100 servicing\Packages\Package_2_for_KB2799926~31bf3856ad364e35~amd64~~6.1.1.0.cat
(f) CBS MUM Corrupt 0x800F0900 servicing\Packages\Package_for_KB2656373_SP1~31bf3856ad364e35~amd64~~6.1.1.0.mum Line 268: publiGIF89aà
[
÷$

Checking Package Watchlist

Checking Component Watchlist

Checking Packages

Checking Component Store
(f) CSI Manifest Zero Length 0x00000000 winsxs\Manifests\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_9.4.8112.20546_none_cddbb8ff0a399327.manifest x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_9.4.8112.20546_none_cddbb8ff0a399327
(f) CSI Manifest and S256H Do Not Match 0x00000000 winsxs\Manifests\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.manifest x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128
(f) CSI Manifest Failed Catalog Check 0x00000000 winsxs\Manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada
(f) CSI Manifest Failed Catalog Check 0x00000000 winsxs\Manifests\amd64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20554_none_bd33558e2f3bc741.manifest amd64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20554_none_bd33558e2f3bc741
(f) CSI Manifest Failed Catalog Check 0x00000000 winsxs\Manifests\amd64_microsoft-windows-ie-ieproxy_31bf3856ad364e35_9.4.8112.16448_none_04be84cf1d3e4853.manifest amd64_microsoft-windows-ie-ieproxy_31bf3856ad364e35_9.4.8112.16448_none_04be84cf1d3e4853
(f) CSI Manifest Failed Catalog Check 0x00000000 winsxs\Manifests\wow64_microsoft-windows-ieframe_31bf3856ad364e35_10.2.9200.20681_none_d5fe3bba6c9d7cb7.manifest wow64_microsoft-windows-ieframe_31bf3856ad364e35_10.2.9200.20681_none_d5fe3bba6c9d7cb7
(f) CSI Manifest Failed Catalog Check 0x00000000 winsxs\Manifests\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20546_none_d9b9a94699ec2253.manifest amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20546_none_d9b9a94699ec2253
(f) CSI Manifest Zero Length 0x00000000 winsxs\Manifests\x86_microsoft-windows-ie-extcompat_31bf3856ad364e35_10.2.9200.20681_none_47983547a85a4657.manifest x86_microsoft-windows-ie-extcompat_31bf3856ad364e35_10.2.9200.20681_none_47983547a85a4657
(f) CSI Manifest Failed Catalog Check 0x00000000 winsxs\Manifests\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20681_none_0cd17cc273935223.manifest x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20681_none_0cd17cc273935223

Summary:
Seconds executed: 814
Found 14 errors
CSI Manifest Zero Length Total count: 2
CSI Manifest and S256H Do Not Match Total count: 1
CSI Manifest Failed Catalog Check Total count: 6
CBS MUM Corrupt Total count: 3
CBS Catalog Corrupt Total count: 2

Unavailable repair files:
winsxs\manifests\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_9.4.8112.20546_none_cddbb8ff0a399327.manifest
winsxs\manifests\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.manifest
winsxs\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest
winsxs\manifests\amd64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20554_none_bd33558e2f3bc741.manifest
winsxs\manifests\amd64_microsoft-windows-ie-ieproxy_31bf3856ad364e35_9.4.8112.16448_none_04be84cf1d3e4853.manifest
winsxs\manifests\wow64_microsoft-windows-ieframe_31bf3856ad364e35_10.2.9200.20681_none_d5fe3bba6c9d7cb7.manifest
winsxs\manifests\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20546_none_d9b9a94699ec2253.manifest
winsxs\manifests\x86_microsoft-windows-ie-extcompat_31bf3856ad364e35_10.2.9200.20681_none_47983547a85a4657.manifest
winsxs\manifests\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20681_none_0cd17cc273935223.manifest
servicing\packages\Microsoft-Windows-IE-Hyphenation-Parent-Package-English~31bf3856ad364e35~~~10.2.9200.16437.mum
servicing\packages\Microsoft-Windows-IE-Spelling-Parent-Package-English~31bf3856ad364e35~~~10.2.9200.16437.mum
servicing\packages\Package_1_for_KB2675157~31bf3856ad364e35~amd64~~9.4.1.0.mum
servicing\packages\Package_2_for_KB2799926~31bf3856ad364e35~amd64~~6.1.1.0.mum
servicing\packages\Package_for_KB2656373_SP1~31bf3856ad364e35~amd64~~6.1.1.0.mum
servicing\packages\Microsoft-Windows-IE-Hyphenation-Parent-Package-English~31bf3856ad364e35~~~10.2.9200.16437.cat
servicing\packages\Microsoft-Windows-IE-Spelling-Parent-Package-English~31bf3856ad364e35~~~10.2.9200.16437.cat
servicing\packages\Package_1_for_KB2675157~31bf3856ad364e35~amd64~~9.4.1.0.cat
servicing\packages\Package_2_for_KB2799926~31bf3856ad364e35~amd64~~6.1.1.0.cat
servicing\packages\Package_for_KB2656373_SP1~31bf3856ad364e35~amd64~~6.1.1.0.cat

[Pyxis]

Hi TomHalstead,

No problem. That log is saying it was unable to fix some items. Do you happen to still have your Windows disc with you?

[TomHalstead]

I'll have to check for it in my CD carriers. I'll get back to you asap.

[TomHalstead]

Once again, sorry it took me so long to reply, I did a lot of looking I even went to my storage to see if it was there but I just could not find it. I appreciate all your help thus far.