Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do I download rkil and mbam to infected computer?


  • Please log in to reply
15 replies to this topic

#1 congerr

congerr

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 16 October 2011 - 02:38 PM

Hello,

My computer has the system restore virus, i've printed the repair guide from this site but have a couple of questions before I get started. The computer has no internet access and EVERYTHING is hidden, and it won't start in safe mode. I need to load rkill from another computer, (mbam and superantispyware are installed on the infected computer but I have no way to find or access it.I have a small usb thumbdrive, can I download the programs to it and transfer them to the infected computer, or should I plan on making a cd? Will the programs have a "save, install, run" option, which do I use when using the thumbdrive or cd? Will the thumb drive or cd show up when i insert it into the infected computer? At some point can I use unhide.exe to regain access to the already intalled mbam? I would greatly appreciate any help with the specific steps needed to get the repair programs running on the infected computer.

The infected computer is running Windows XP Pro sp3, I will gladly supply any needed info.

Thank you!

Edited by congerr, 16 October 2011 - 03:07 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:31 AM

Posted 16 October 2011 - 03:38 PM

Hello, Flash or CD will work

You need to use this file first
This infection family will also hide all the files on your computer from being seen. To make your files visible again, please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.


If you cannot use the Internet,you will need access to another computer that has a connection.
From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program.
If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.


You also need TDDS Killer
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.6.4.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 congerr

congerr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 16 October 2011 - 08:48 PM

boopme,

Thank you very much for your prompt assistance. I am back on my computer and it seems to be working well. I will outline the steps in case anyone else is interested in my experience.


-I was able to easily save Rkill and Unhide to a thumb drive on another computer.
-When I started the infected computer the virus didn't seem to start up for some reason, but everything was still hidden.
-When I inserted the thumb drive the normal Windows dialog opened with the option to open the drive using Windows Explorer (I was concerned that this might be affected by the virus).
-I ran Rkill from the thumb drive although no processes were stopped because the virus hadn't started. I think I noticed that after running Rkill the shortcuts to Internet Explorer and My Computer were displayed on the desktop (maybe this is a feature of Rkill?)
-I ran Unhide.exe from the thumb drive, this allowed me to find and view my existing installation of Mbam, as well as displaying all shortcuts, start menu, etc.
-I updated Mbam and scanned the computer, it found and repaired 10 infected objects.

Again, I appreciate your help.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:31 AM

Posted 16 October 2011 - 09:05 PM

Great! did you run the TDSS??
Having no logs I cannot ascertain if there is any further action to take,
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 congerr

congerr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 16 October 2011 - 10:00 PM

No I didn't, I misunderstood the directions in the uninstall guide, I thought that if Mbam updated successfully and everything seemed to work ok then I didn't need the TDSS killer. After your suggestion (and re-reading the guide) I will run it tomorrow, if anything is found I'll post the log for further advice. Thanks again.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:31 AM

Posted 17 October 2011 - 11:43 AM

Yes ,run it and if you can do it from Normal mode now that we have it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 congerr

congerr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 17 October 2011 - 01:08 PM

Hello boopme,

I downloaded TDSSkiller from your link above, it was v2.6.10.0. It ran in only 25 seconds, scanned 270 objects and found no threats. I haven't had any further problems and assume my computer is clean now. If you have any further suggestions please let me know.

I really appreciate having the resources of this site and your knowledgeable help.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:31 AM

Posted 17 October 2011 - 02:37 PM

Ok, that's good. Just to be sure before you go


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 congerr

congerr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 17 October 2011 - 07:49 PM

Before I read your last post I ran SuperAntiSpyware, all it found was a bunch of tracking cookies.

Then I ran ESET and incredibly it found three more threats, I'm not sure what they are, they didn't seem to be active because I haven't had any more problems, but I'm glad to be rid of them. It makes me wonder about my McAfee but apparently nothing can catch all threats.

ESET Log file:
C:\Documents and Settings\Gerry\Application Data\Sun\Java\Deployment\cache\6.0\0\649e4dc0-2953c82b probably a variant of Java/TrojanDownloader.Agent.NCT trojan deleted - quarantined
C:\WINDOWS\system32\mTsvDfhk.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\mTsvDfhk.ini2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

Thanks for your thoroughness! Any more suggestions?

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:31 AM

Posted 17 October 2011 - 08:34 PM

You're welcome, congerr!
Virtumonde.Neo application, is a class of trojan known as scareware. Scareware claims to be anti-virus or anti-spyware software and was part of your original infection. Peobably entered thru an exploitable application on your PC.
Let's check for that.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Java\Deployment\cache
When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder (C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache) for quick execution later and better performance. Malicious applets are also stored in the Java cache directory and your anti-virus may detect them and provide alerts. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache to ensure everything is cleaned out: Thanx to quietman7 for this writeup.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 congerr

congerr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 18 October 2011 - 11:48 AM

Hi again boopme,

I ran Minitoolbox and cleared temp internet files and java chache. I just wanted to make sure I understood your directions before I posted result.txt. Is there any problem with posting this file that contains IP addresses? I don't know enough to know what info should be kept private. Please reassure me and I'll post the file. Thanks!

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:31 AM

Posted 18 October 2011 - 12:08 PM

We will not ask you to post info that will pin you down. The IP will only get close to or name your town

Click on this link it will show you yours and some info.What Is My IP Address?

Edited by boopme, 18 October 2011 - 09:04 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 congerr

congerr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 18 October 2011 - 01:13 PM

I've tried to post a couple of times but must have done something wrong, I'm trying the full editor this time to see if that helps.

Sorry about my last question, I know you wouldn't ask for anything dangerous I just had a paranoid moment. Thanks for reassuring me.
Here is the log file. Any problems?

MiniToolBox by Farbar
Ran by Gerry (administrator) on 18-10-2011 at 12:29:28
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 3"

set address name="Wireless Network Connection 3" source=dhcp
set dns name="Wireless Network Connection 3" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 3" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=0.0.0.0 mask=0.0.0.0
set dns name="Local Area Connection" source=static addr=none register=PRIMARY
set wins name="Local Area Connection" source=static addr=none

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : LAPTOP1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection 3:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-13-02-A0-ED-A7

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Tuesday, October 18, 2011 12:00:49 PM

Lease Expires . . . . . . . . . . : Wednesday, October 19, 2011 12:00:49 PM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-15-C5-3C-F9-A3



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Bluetooth Personal Area Network from TOSHIBA

Physical Address. . . . . . . . . : 00-16-41-76-DA-2C

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.45.105, 74.125.45.103, 74.125.45.106, 74.125.45.99
74.125.45.147, 74.125.45.104



Pinging google.com [74.125.45.103] with 32 bytes of data:



Reply from 74.125.45.103: bytes=32 time=48ms TTL=53

Reply from 74.125.45.103: bytes=32 time=50ms TTL=53



Ping statistics for 74.125.45.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 48ms, Maximum = 50ms, Average = 49ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 67.195.160.76
72.30.2.43



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=163ms TTL=52

Reply from 72.30.2.43: bytes=32 time=194ms TTL=52



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 163ms, Maximum = 194ms, Average = 178ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 02 a0 ed a7 ...... Intel® PRO/Wireless 3945ABG Network Connection - McAfee Core NDIS Intermediate Filter Miniport
0x10004 ...00 15 c5 3c f9 a3 ...... Broadcom 440x 10/100 Integrated Controller - McAfee Core NDIS Intermediate Filter Miniport
0x10005 ...00 16 41 76 da 2c ...... Bluetooth Personal Area Network from TOSHIBA - McAfee Core NDIS Intermediate Filter Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.5 192.168.1.5 25
192.168.1.5 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.5 192.168.1.5 25
224.0.0.0 240.0.0.0 192.168.1.5 192.168.1.5 25
255.255.255.255 255.255.255.255 192.168.1.5 10005 1
255.255.255.255 255.255.255.255 192.168.1.5 10004 1
255.255.255.255 255.255.255.255 192.168.1.5 192.168.1.5 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/14/2011 05:08:15 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/13/2011 07:50:11 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (10/13/2011 07:50:11 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (10/13/2011 07:50:11 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (10/13/2011 07:50:11 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (10/13/2011 07:50:11 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (10/13/2011 07:50:11 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (10/13/2011 07:50:11 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (10/13/2011 07:50:11 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (10/13/2011 07:50:10 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


System errors:
=============
Error: (10/18/2011 00:13:35 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverIVCS-1NetBT_Tcpip_{C7BB140F-F8F6-43BA-BC

Error: (10/17/2011 10:00:00 PM) (Source: Schedule) (User: )
Description: The At47.job command failed to start due to the following error:
%%2147942402

Error: (10/17/2011 10:00:00 PM) (Source: Schedule) (User: )
Description: The At23.job command failed to start due to the following error:
%%2147942402

Error: (10/17/2011 09:56:46 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverIVCS-1NetBT_Tcpip_{C7BB140F-F8F6-43BA-BC

Error: (10/17/2011 09:00:00 PM) (Source: Schedule) (User: )
Description: The At46.job command failed to start due to the following error:
%%2147942402

Error: (10/17/2011 09:00:00 PM) (Source: Schedule) (User: )
Description: The At22.job command failed to start due to the following error:
%%2147942402

Error: (10/17/2011 08:44:29 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverIVCS-1NetBT_Tcpip_{C7BB140F-F8F6-43BA-BC

Error: (10/17/2011 08:00:00 PM) (Source: Schedule) (User: )
Description: The At45.job command failed to start due to the following error:
%%2147942402

Error: (10/17/2011 08:00:00 PM) (Source: Schedule) (User: )
Description: The At21.job command failed to start due to the following error:
%%2147942402

Error: (10/17/2011 07:44:17 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverIVCS-1NetBT_Tcpip_{C7BB140F-F8F6-43BA-BC


Microsoft Office Sessions:
=========================
Error: (12/04/2007 02:02:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 4476 seconds with 3240 seconds of active time. This session ended with a crash.

Error: (10/13/2007 05:00:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 222 seconds with 180 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Reader 7.0.9 (Version: 7.0.9)
Adobe Shockwave Player 11.5 (Version: 11.5.2.602)
AnswerWorks 4.0 Runtime - English (Version: 4.0.101)
AnswerWorks 5.0 English Runtime (Version: 008.000.0003)
AOLIcon (Version: 1.00.0000)
Apple Software Update (Version: 2.1.1.116)
Architectural Home Designer (Version: 8.4.0.66)
Backspin Billiards
BlazeDTV 2.5
Bluetooth Stack for Windows by Toshiba (Version: v4.00.22(D))
Broadcom Management Programs (Version: 8.65.05)
CCleaner (Version: 3.05)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conexant HDA D110 MDC V.92 Modem
CoPilot - Navigator 9 (Version: 9.0.0.40)
Dell Digital Jukebox Driver
Dell Media Experience (Version: 3.00)
Dell Support Center (Support Software) (Version: 2.2.09085)
Dell System Restore (Version: 2.00.0000)
DellSupport (Version: 6.0.3062)
Digital Content Portal (Version: 1.00.0000)
DMX Update
Documentation & Support Launcher (Version: 1.00.0000)
DVICO FusionHDTVDemo 2.60
EducateU (Version: 1.00.0000)
ELIcon (Version: 1.00.0000)
Escape Whisper Valley
ESET Online Scanner v3
Games, Music, & Photos Launcher (Version: 1.00.0000)
Garmin POI Loader (Version: 2.5.3.0)
Garmin WebUpdater (Version: 2.4)
Garmin WebUpdater (Version: 2.4.1.1)
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 6.0.3.2197)
Google Toolbar for Internet Explorer
Google Update Helper (Version: 1.3.21.69)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Hoyle Solitaire and Mahjong
HP Deskjet 3050A J611 series Basic Device Software (Version: 25.0.571.0)
HP Deskjet 3050A J611 series Help (Version: 140.0.2.2)
HP Deskjet 3050A J611 series Product Improvement Study (Version: 25.0.571.0)
Hummingbird HostExplorer V9.0 (Version: 9.0.0.0)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4446)
Intel® PROSet/Wireless Software (Version: 11.01.0000)
iTunes (Version: 8.0.1.11)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 5 (Version: 1.6.0.50)
LanguageNow!
Logitech Gaming Software (Version: 4.60)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MapSend Topo US
McAfee SecurityCenter (Version: 10.5.247)
McAfee Virtual Technician (Version: 5.5.2.0)
McAfee Virtual Technician (Version: 6.0.0.0)
mCore (Version: 9.24.0000)
MCU (Version: 1.00.0000)
mDriver (Version: 9.24.0000)
mDrWiFi (Version: 9.24.0000)
mHlpDell (Version: 9.24.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Encarta Encyclopedia Standard 2002 (Version: 2002)
Microsoft Flight Simulator 2004 A Century of Flight (Version: 9.0)
Microsoft FrontPage Client - English (Version: 7.00.9209)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access 2007 (Version: 12.0.6425.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Basic Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
mIWA (Version: 9.24.0000)
mLogView (Version: 9.24.0000)
mMHouse (Version: 9.24.0000)
Modem Helper (Version: 3.01)
mPfMgr (Version: 9.24.0000)
mPfWiz (Version: 9.24.0000)
mProSafe (Version: 9.00.0000)
mSCfg (Version: 9.24.0000)
mSSO (Version: 9.24.0000)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
Musicmatch for Windows Media Player (Version: 0.00.000)
mWlsSafe (Version: 9.00.0000)
mWMI (Version: 9.24.0000)
mZConfig (Version: 9.24.0000)
NASA World Wind 1.4
NetWaiting (Version: 2.5.23)
Personal Ancestral File 5
PokerStars (Version: 1.817)
PokerStars.net
PowerDVD 5.7
Quicken 2007 (Version: 16.1.5.7)
QuickSet (Version: 7.1.8)
QuickTime (Version: 7.55.90.70)
RealPlayer Basic
Search Assist (Version: 1.00.0000)
SetPoint (Version: 2.50)
Sonic DLA (Version: 5.2.1)
Sonic MyDVD LE (Version: 6.1.1)
Sonic RecordNow Audio (Version: 2.0.0)
Sonic RecordNow Copy (Version: 2.0.0)
Sonic RecordNow Data (Version: 2.0.0)
Sonic Update Manager (Version: 3.0.0)
Sony Picture Utility (Version: 2.0.03.13170)
Sony USB Driver (Version: 2.00)
SUPERAntiSpyware Free Edition (Version: 4.22.0.1014)
Synaptics Pointing Device Driver (Version: 8.2.4.6)
TurboTax 2008
TurboTax 2008 WinPerFedFormset (Version: 008.000.0326)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0215)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0174)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.0982)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0420)
TurboTax 2008 wrapper (Version: 008.000.0063)
TurboTax 2009
TurboTax 2009 WinPerFedFormset (Version: 009.000.2068)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0238)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.4012)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0457)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0213)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006 (Version: 10.00.0000)
URL Assistant
Viewpoint Media Player
Visual Studio.NET Baseline - English (Version: 7.1.3088)
WebCyberCoach 3.2 Dell
WebFldrs XP (Version: 9.50.7523)
WexTech AnswerWorks (Version: 1.00.000)
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06) (Version: 03/13/2008 2.04.06)
Windows Driver Package - Philips SPOT USB (03/30/2006 1.0.3.0) (Version: 03/30/2006 1.0.3.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.5.0540.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 (Version: 9.00.3636)
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 1014.37 MB
Available physical RAM: 475.26 MB
Total Pagefile: 2441.05 MB
Available Pagefile: 1734.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1997.6 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:88.06 GB) (Free:47.89 GB) NTFS

========================= Users: ========================================

User accounts for \\LAPTOP1

Administrator Gerry Guest
HelpAssistant Pam SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:31 AM

Posted 18 October 2011 - 09:11 PM

Hello, how is it running now?
If you do not use the Google Toolbar ,you should uninstall it.

You have a couple exploitables in Java and Adobe Reader to fix.


Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 congerr

congerr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 20 October 2011 - 03:45 PM

Hi boopme,

I just got back to my computer and finished updating Java and Adobe Reader per your instructions. Everything seems to run well and I feel much safter without the vulnerable applications. I can't tell you how much I appreciate your valuable help. If you have any more advice let me know. Thanks! congerr




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users