Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Two Rootkit infections - Alureon & Pichar.c


  • Please log in to reply
11 replies to this topic

#1 Rekhillbill

Rekhillbill

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 13 March 2013 - 09:47 AM

My first post...Good morning to all!

 

I have a Toshiba laptop running Windows 7 infected with following:

rootkit:Alureon->Mbr::Alureon

&

rootkit.Boot.Pihar.c

&

Other Trojans, etc., etc.,...

 

I downloaded and ran, from a bootable USB, the TDSSKILLER.  It left the computer with a blank screen and an un-bootable hard drive.

 

I tried to repair the MBR in Window Recovery Environment with Bootrec.exe, but it was unable to find an OS.  This was done before re-installing a Windows 7 from the DVD drive.

 

The re-Installed Windows 7 got the hard drive bootable again, but it did not install any drivers & I could not find any drivers on the hard drive...Plus, I could not get on the internet to search/download, so...

 

I am in process of running the Factory Recovery with option to save user data (I hope).  There are 67 drivers, etc. to configure & judging by the speed of the setup process, this is going to be an all day afair.  But, I've been struggling with this rootkit(s) issue since Friday 2nd March.

 

I contacted Microsoft at this support number 1-866-727-2338 (they only help with virus issues here).

 

Microsoft was very helpful with suggestions, but since I could not boot up from the hard drive they really only could say call back and let them help with installation of Microcoft Security Essentials.

 

The infected Toshiba was running MSE, when it became infected.  Microsoft further suggested "deactivation" of Java & Adobe.  Plus they said I should not run more than one anti-virus program at a time !...?

 

My question is What is the BEST ANTI VIRUS, MALWARE, ETC. program(s) to run & is it OK to run more than one program at a time?

 

I am running several on my "un-infected" Toshiba and it seems that as I down load a new one (anti virus program) it finds another virus or trojan or adware, etc, that the others had not  !!!

 

Thanks in advance for any help with the above question(s) ?

 

Bill


Edited by hamluis, 13 March 2013 - 01:05 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Allan

Allan

  • BC Advisor
  • 8,644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:01:40 AM

Posted 13 March 2013 - 10:05 AM

First, welcome to the forum :)

 

"Best" is very subjective. I think there is concensus that the best anti-malware apps are MalwareBytes and Super AntiSpyware. As for the "best" av, you'll have to make that decision for yourself. Start by deciding if you want to go free or paid. Among the best free are Avira, Avast, NOD, etc. Paid include a wide variety of options. My personal choice is Kaspersky. After using Symanted / Norton for more than 20 years, I switched to Kaspersky about 6 or 7 years ago and never looked back. The product and support are top notch.

 

As for running multiple products, you sould never have more than one AV installed, let alone run them. Pick one and stick with it. You CAN, however, install and run anti-malware products (MalwareBytes, etc) along with your AV.  In fact, you should. I run monthly scans with the free version of MalwareBytes.

 

Two other products I use and recommend are SpywareBlaster (passive protection for your browsers) and WinPatrol (provides protection against background installation of startup processes as well as the ability to manage all startup items - and much more)

 

If I were you, at this time I'd post in the Am I Infected forum and ask them to help determine if your system is indeed malware free.

Mod Edit:  Moved to Am I Infected - Hamluis.


Edited by hamluis, 13 March 2013 - 01:06 PM.


#3 Rekhillbill

Rekhillbill
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 13 March 2013 - 01:19 PM

Good afternoon to all!....This, my second post, was suggested by BC ADVISOR, who responded to my first post in Windows 7 forum.

 

I have a Toshiba laptop running Windows 7 that was (?) infected with following:

rootkit:Alureon->Mbr::Alureon

&

rootkit.Boot.Pihar.c

&

Other Trojans, etc., etc.,... 

 

I downloaded and ran, from a bootable USB, the TDSSKILLER.  It left the computer with a blank screen and an un-bootable hard drive. 

 

I tried to repair the MBR in Window Recovery Environment with Bootrec.exe, but it was unable to find an OS.  This was done before re-installing a Windows 7 from the DVD drive.

 

The re-Installed Windows 7 got the hard drive bootable again, but it did not install any drivers & I could not find any drivers on the hard drive...So I could not connect to the internet to search/download, so...

 

I ran the Factory Recovery with option to save user data (I hope).  67 drivers, etc. installed correctly & I am now able to connect to the internet... with some apprehension!

 

I contacted Microsoft at this support number 1-866-727-2338 (they only help with virus issues here). 

 

Microsoft was very helpful with suggestions, but since I could not boot up from the hard drive they really only could say call back and let them help with installation of Microcoft Security Essentials.  This help may cost me about $100.00?, on my visa card.

 

The infected Toshiba was running MSE, when it became infected, so I am somewhat reluctant to install it again?.  Microsoft further suggested "deactivation" of Java & Adobe.  Plus they said I should not run more than one anti-virus program at a time !...? 

 

My question is What is the "BEST" ANTI VIRUS, MALWARE, ETC. program(s) to run & is it OK to run more than one program at a time?

 

Maybe the other important question, too, is what is the difference between an anti-virus program and all the other malware, etc programs?

 

I am running several on my "un-infected" Toshiba and it seems that as I down load a new one (anti virus program) it finds another virus or trojan or adware, etc, that the others had not  !!! 

 

BC ADVISOR, suggested I ask the all important question...am I still infected?  If so what do I do next?

 

Thanks in advance for any help with the above question(s) ?

 

Bill



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:40 AM

Posted 13 March 2013 - 02:24 PM

Hello Bill. It is best to have ONE antivirus active. One or two antimalware.. Malwarebytes,Superantispyware etc.. One hardware firewall(a router)  and /or one software firewall..If you do not use a router.
 
The difference between them in short is they attack malware differently and different malwares are principly attacked.. A good short write up LOOK
 
 
We can take a look
 

MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
 
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 
 
Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
  • . Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • After completing the scan, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab .
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
    Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware. -- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

Edited by boopme, 13 March 2013 - 02:25 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:40 AM

Posted 13 March 2013 - 02:28 PM

I see now there were 2 topics and have merged them here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Allan

Allan

  • BC Advisor
  • 8,644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:01:40 AM

Posted 13 March 2013 - 03:08 PM

Yes, my fault. I should have asked you to move the post rather than suggest the OP create a second post. Anyway, you guys have it now :)



#7 Rekhillbill

Rekhillbill
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 13 March 2013 - 05:02 PM

Global Moderator,  Thanks for your VERY prompt help!!!

 

Here is the info requested:

 

Please note:  The Malwarebytes was run "first", i.e., before the MiniToolBox.

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by Cindy (administrator) on 13-03-2013 at 16:46:09
Running from "C:\Users\Cindy\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Cindy-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 24-EC-99-3F-9D-B8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e83d:7764:26ea:33ad%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.101(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, March 13, 2013 3:22:01 PM
   Lease Expires . . . . . . . . . . : Wednesday, March 20, 2013 3:22:01 PM
   Default Gateway . . . . . . . . . : fe80::226:5aff:fefb:b7d6%13
                                       192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-26-6C-21-F5-77
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{FB672C9D-A91A-46C9-9BB8-2589AC23829D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:456:2477:bd23:73b8(Preferred)
   Link-local IPv6 Address . . . . . : fe80::456:2477:bd23:73b8%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.0.1

Name:    google.com
Addresses:  2607:f8b0:4000:800::1000
      74.125.227.99
      74.125.227.100
      74.125.227.101
      74.125.227.102
      74.125.227.103
      74.125.227.104
      74.125.227.105
      74.125.227.110
      74.125.227.96
      74.125.227.97
      74.125.227.98


Pinging google.com [74.125.227.98] with 32 bytes of data:
Reply from 74.125.227.98: bytes=32 time=16ms TTL=54
Reply from 74.125.227.98: bytes=32 time=16ms TTL=54

Ping statistics for 74.125.227.98:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 16ms, Maximum = 16ms, Average = 16ms
Server:  UnKnown
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=673ms TTL=46
Reply from 98.138.253.109: bytes=32 time=755ms TTL=46

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 673ms, Maximum = 755ms, Average = 714ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...24 ec 99 3f 9d b8 ......Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC
 11...00 26 6c 21 f5 77 ......Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.101     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.101    281
    192.168.0.101  255.255.255.255         On-link     192.168.0.101    281
    192.168.0.255  255.255.255.255         On-link     192.168.0.101    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.101    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.101    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13    281 ::/0                     fe80::226:5aff:fefb:b7d6
 12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:6ab8:456:2477:bd23:73b8/128
                                    On-link
 13    281 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::456:2477:bd23:73b8/128
                                    On-link
 13    281 fe80::e83d:7764:26ea:33ad/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/13/2013 04:42:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (03/13/2013 04:42:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (03/13/2013 04:42:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (03/13/2013 04:42:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (03/13/2013 04:42:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (03/13/2013 04:42:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (03/13/2013 04:42:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (03/13/2013 04:42:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (03/13/2013 04:42:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (03/13/2013 04:42:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (03/13/2013 04:42:05 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/13/2013 04:42:05 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/13/2013 04:42:05 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/13/2013 04:42:05 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/13/2013 04:42:05 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/13/2013 04:42:05 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/13/2013 04:42:05 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/13/2013 04:42:05 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/13/2013 04:42:05 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/13/2013 04:42:05 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


=========================== Installed Programs ============================

Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.228)
Adobe Reader X MUI (Version: 10.0.0)
Amazon Links (Version: 2.02)
AMD Accelerated Video Transcoding (Version: 2.00.0000)
AMD APP SDK Runtime (Version: 10.0.873.1)
AMD Catalyst Install Manager (Version: 3.0.870.0)
AMD Media Foundation Decoders (Version: 1.0.70213.1643)
AMD Steady Video Plug-In  (Version: 2.03.0000)
AMD VISION Engine Control Center (Version: 2012.0213.1644.29893)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 2.0.12.13)
Bejeweled 3 (Version: 2.2.0.97)
Bluetooth Stack for Windows by Toshiba (Version: v9.00.00(T))
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0213.1644.29893)
Catalyst Control Center Localization All (Version: 2012.0213.1644.29893)
CCC Help Chinese Standard (Version: 2012.0213.1643.29893)
CCC Help Chinese Traditional (Version: 2012.0213.1643.29893)
CCC Help Czech (Version: 2012.0213.1643.29893)
CCC Help Danish (Version: 2012.0213.1643.29893)
CCC Help Dutch (Version: 2012.0213.1643.29893)
CCC Help English (Version: 2012.0213.1643.29893)
CCC Help Finnish (Version: 2012.0213.1643.29893)
CCC Help French (Version: 2012.0213.1643.29893)
CCC Help German (Version: 2012.0213.1643.29893)
CCC Help Greek (Version: 2012.0213.1643.29893)
CCC Help Hungarian (Version: 2012.0213.1643.29893)
CCC Help Italian (Version: 2012.0213.1643.29893)
CCC Help Japanese (Version: 2012.0213.1643.29893)
CCC Help Korean (Version: 2012.0213.1643.29893)
CCC Help Norwegian (Version: 2012.0213.1643.29893)
CCC Help Polish (Version: 2012.0213.1643.29893)
CCC Help Portuguese (Version: 2012.0213.1643.29893)
CCC Help Russian (Version: 2012.0213.1643.29893)
CCC Help Spanish (Version: 2012.0213.1643.29893)
CCC Help Swedish (Version: 2012.0213.1643.29893)
CCC Help Thai (Version: 2012.0213.1643.29893)
CCC Help Turkish (Version: 2012.0213.1643.29893)
ccc-utility64 (Version: 2012.0213.1644.29893)
D3DX10 (Version: 15.4.2368.0902)
FATE (Version: 2.2.0.97)
Google Chrome (Version: 12.0.742.100)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.107)
Java Auto Updater (Version: 2.0.4.1)
Java™ 6 Update 25 (Version: 6.0.250)
Junk Mail filter update (Version: 15.4.3502.0922)
Letters from Nowhere 2 (Version: 2.2.0.97)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Penguins! (Version: 2.2.0.98)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.98)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Polar Bowler (Version: 2.2.0.97)
Premium Sound HD (Version: 1.12.0800)
Realtek High Definition Audio Driver (Version: 6.0.1.6577)
Realtek USB 2.0 Reader Driver (Version: 6.1.7601.39013)
Realtek WLAN Driver (Version: 2.00.0016)
RtkClassFilter (Version: 1.2.1.4)
Synaptics Pointing Device Driver (Version: 15.3.39.0)
TOSHIBA Application Installer (Version: 9.0.1.2)
TOSHIBA Assist (Version: 4.2.3.1)
Toshiba Book Place (Version: 3.0.9490)
TOSHIBA Bulletin Board (Version: 1.6.11.64)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA eco Utility (Version: 1.3.11.64)
TOSHIBA Face Recognition (Version: 3.1.18.64)
TOSHIBA Hardware Setup (Version: 2.1.0.10)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.12)
Toshiba Laptop Checkup (Version: 2.0.17.38)
TOSHIBA Media Controller (Version: 1.0.87.5)
TOSHIBA Media Controller Plug-in (Version: 1.0.7.7)
Toshiba Online Backup (Version: 2.0.0.31)
TOSHIBA PC Health Monitor (Version: 1.7.15.64)
TOSHIBA Quality Application (Version: 1.0.4)
TOSHIBA Recovery Media Creator (Version: 2.1.7.52020010)
TOSHIBA ReelTime (Version: 1.7.21.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (Version: 1.1.3.03)
Toshiba Security Dashboard (Version: 1.0.0.48)
TOSHIBA Service Station (Version: 2.2.13)
TOSHIBA Sleep Utility (Version: 1.4.0022.000104)
TOSHIBA Supervisor Password (Version: 2.1.0.5)
TOSHIBA User's Guide (Version: 1.00.02)
TOSHIBA Value Added Package (Version: 1.6.0025.640205)
TOSHIBA Web Camera Application (Version: 2.0.3.33)
TOSHIBARegistration (Version: 1.0.9)
Update Installer for WildTangent Games App
WildTangent Games (Version: 1.0.3.0)
WildTangent Games App (Toshiba Games) (Version: 4.0.5.36)
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (12/02/2011 2.3.8.1) (Version: 12/02/2011 2.3.8.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 7649.33 MB
Available physical RAM: 5764.87 MB
Total Pagefile: 15296.86 MB
Available Pagefile: 13122.43 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.58 MB

========================= Partitions: =====================================

1 Drive c: (TI106412W0C) (Fixed) (Total:581.38 GB) (Free:548.81 GB) NTFS

========================= Users: ========================================

User accounts for \\CINDY-PC

Administrator            Cindy                    Guest                    


**** End of log ****

 

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.13.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Cindy :: CINDY-PC [administrator]

Protection: Disabled

3/13/2013 3:48:53 PM
mbam-log-2013-03-13 (15-48-53).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 284815
Time elapsed: 20 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Thanks again for all the help and advice.

 

Best,

Bill

 



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:40 AM

Posted 13 March 2013 - 06:24 PM

Looks pretty clean,but it should after a format.

I did not see your antivirus program?

From Control Panel,Uninstall
Remove these
Adobe Reader X
Java™ 6 Update 25 (Version: 6.0.250)

 

Reboot

 

Now install..

Adobe Reader XI

Java Version 7 Update 17

 

 

 

There are some update errors so next run...

 

 

  • Run command Prompt as Administrator. To do that:
    • Go to Start and type cmd.exe in the Search box.
    • It gives you cmd.exe in the upper part. Right-click cmd.exe and select "Run As Administrator".
    • Copy the following command, right-click in the open Command prompt window and select Paste then press Enter: sfc /scannow

       

      This will check the integrity of system files and replaces them if needed. Please wait until the scan is done.

  • Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    p22001645.gif

     

    Once that is done then skip Steps 3 and 4.

    Go to Start Repairs tab and click Start button.

    p22001166.gif


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default)(if you see extra items not shown, leave them un-checked):

    p22001647.gif

    Click on box next to the Restart System when Finished. Then click on Start.

  • Important: Restart

 


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Rekhillbill

Rekhillbill
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 14 March 2013 - 02:47 PM

Global Moderator,

 

I've installed Avast Internet Security.

 

Uninstalled the Adobe Reader & Java, and after a re-boot, installed the Adobe Reader XI (11.0.02) & JAVA Version 7 update 17.

 

Ran as admistrator (paste) sfc /scannow with results that Windows Resource Protection did not find any integrity violations.

 

Ran Tweaking.com Windows Repair ver 1.9.12  "Step 2" & "Start Repairs"  with following log results:

 

   Running Repair Under System Account
Starting Repairs...
   Start (3/14/2013 1:22:39 PM)

Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (3/14/2013 1:22:39 PM)
   Running Repair Under Current User Account
   Done (3/14/2013 1:22:44 PM)

Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (3/14/2013 1:22:44 PM)
   Running Repair Under System Account
   Done (3/14/2013 1:25:45 PM)

Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (3/14/2013 1:25:45 PM)
   Running Repair Under System Account
   Done (3/14/2013 1:27:04 PM)

Reset File Permissions 01/07
   C:\Backup_13-Mar-13 & Sub Folders
   Start (3/14/2013 1:27:04 PM)
   Running Repair Under System Account
   Done (3/14/2013 1:27:18 PM)

Reset File Permissions 02/07
   C:\Boot & Sub Folders
   Start (3/14/2013 1:27:18 PM)
   Running Repair Under System Account
   Done (3/14/2013 1:27:24 PM)

Reset File Permissions 03/07
   C:\Program Files & Sub Folders
   Start (3/14/2013 1:27:24 PM)
   Running Repair Under System Account
   Done (3/14/2013 1:28:02 PM)

Reset File Permissions 04/07
   C:\Program Files (x86) & Sub Folders
   Start (3/14/2013 1:28:02 PM)
   Running Repair Under System Account
   Done (3/14/2013 1:28:57 PM)

Reset File Permissions 05/07
   C:\ProgramData & Sub Folders
   Start (3/14/2013 1:28:57 PM)
   Running Repair Under System Account

Stopping, Waiting for current repair to finish...


Stopping, Waiting for current repair to finish...


Stopping, Waiting for current repair to finish...

Repairs Stopped By User.
   Done (3/14/2013 1:30:53 PM)
   Total Repair Time: 00:08:14

Starting Repairs...
   Start (3/14/2013 1:31:32 PM)

Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (3/14/2013 1:31:32 PM)
   Running Repair Under Current User Account
   Done (3/14/2013 1:31:34 PM)

Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (3/14/2013 1:31:34 PM)
   Running Repair Under System Account
   Done (3/14/2013 1:34:33 PM)

Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (3/14/2013 1:34:33 PM)
   Running Repair Under System Account
   Done (3/14/2013 1:35:36 PM)

Reset File Permissions 01/07
   C:\Backup_13-Mar-13 & Sub Folders
   Start (3/14/2013 1:35:36 PM)
   Running Repair Under System Account
   Done (3/14/2013 1:35:44 PM)

Reset File Permissions 02/07
   C:\Boot & Sub Folders
   Start (3/14/2013 1:35:44 PM)
   Running Repair Under System Account
   Done (3/14/2013 1:35:48 PM)

Reset File Permissions 03/07
   C:\Program Files & Sub Folders
   Start (3/14/2013 1:35:49 PM)
   Running Repair Under System Account
   Done (3/14/2013 1:36:22 PM)

Reset File Permissions 04/07
   C:\Program Files (x86) & Sub Folders
   Start (3/14/2013 1:36:22 PM)
   Running Repair Under System Account
   Done (3/14/2013 1:36:55 PM)

Reset File Permissions 05/07
   C:\ProgramData & Sub Folders
   Start (3/14/2013 1:36:55 PM)
   Running Repair Under System Account
   Done (3/14/2013 1:37:15 PM)

Reset File Permissions 06/07
   C:\RegBackup & Sub Folders
   Start (3/14/2013 1:37:15 PM)
   Running Repair Under System Account
   Done (3/14/2013 1:37:25 PM)

Reset File Permissions 07/07
   C:\Windows & Sub Folders
   Start (3/14/2013 1:37:25 PM)
   Running Repair Under System Account
   Done (3/14/2013 1:44:56 PM)

Reset File Permissions: Cleanup
    & Sub Folders
   Start (3/14/2013 1:44:56 PM)
   Running Repair Under System Account
   Done (3/14/2013 1:47:07 PM)

Register System Files
   Start (3/14/2013 1:47:07 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/14/2013 1:47:59 PM)

Repair WMI
   Start (3/14/2013 1:47:59 PM)
   Running Repair Under Current User Account
Invalid Global Switch.

Invalid Global Switch.

   Running Repair Under System Account
Invalid Global Switch.

Invalid Global Switch.

   Done (3/14/2013 1:51:44 PM)

Repair Windows Firewall
   Start (3/14/2013 1:51:44 PM)
   Running Repair Under Current User Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

   Running Repair Under System Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

   Done (3/14/2013 1:52:25 PM)

Repair Internet Explorer
   Start (3/14/2013 1:52:26 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/14/2013 1:52:49 PM)

Remove Policies Set By Infections
   Start (3/14/2013 1:52:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/14/2013 1:52:55 PM)

Repair Winsock & DNS Cache
   Start (3/14/2013 1:52:55 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/14/2013 1:53:16 PM)

Repair Proxy Settings
   Start (3/14/2013 1:53:16 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/14/2013 1:53:22 PM)

Repair Windows Updates
   Start (3/14/2013 1:53:22 PM)
   Running Repair Under Current User Account
The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
   Running Repair Under System Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
   Done (3/14/2013 1:54:31 PM)

Repair MSI (Windows Installer)
   Start (3/14/2013 1:54:31 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/14/2013 1:54:41 PM)

Set Windows Services To Default Startup
   Start (3/14/2013 1:54:41 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/14/2013 1:54:58 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done (3/14/2013 1:54:58 PM)
   Total Repair Time: 00:23:26


...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under System Account

 

System restart was checked & computer did restart.

 

I've undated Windows with all avaliable updates.

 

Ran a full scan with Avast with resultant report that no problems were found.

 

Assume that I am "free" of the two subject rootkit issues?

 

Please advise if there is more that you suggest I do?

 

Have installed MalwareBytes and plan to install SuperAntiSpyware, SpywareBlaster.

 

Thank you for all your help.

 

Best,

Bill



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:40 AM

Posted 14 March 2013 - 09:08 PM

Looks good and those are good protection choices.

 

Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

  • Go to StartBtn.gif > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to StartBtn.gif > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.

Vista and Windows 7 users can refer to these links:

 


 


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Rekhillbill

Rekhillbill
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 15 March 2013 - 07:43 AM

Global Moderator

 

System Tools, System Restore resulted in following:

"...No restore points have been created...open System Protection..."

 

I oppened System Protection, System Properties

 

Used Create option to create a restore point for TI106412WOC (C:) (System), which had Protection turned "ON".

 

The "pop-up" said "...The restore point was created successfully."

 

Then went to System Tools, System Restore to confirm that my named restore point was present...it was!

 

OK.  Thanks again for all your help.

 

Also, one suggestion (comment) for anyone reading this thread...I have learned more & have received more help here than I did at Microsoft &/or at Toshiba.  I spent an entire day (8 + hours) on the phone with Toshiba plus they had control of my computer for all that time and they (Toshiba) were not able to help me as much as Bleepingcomputer.com has in these few short posts!

 

Had I known about bleepingcomputer.com, before I tried to get help from Toshiba, I may have been able to save myself the time & cost of having to do a Factory Recovery and subsequent re-installation of all the software and files.

 

...Maybe even from becoming infected in the first place!!!

 

Thanks again.

 

Best

Bill



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:40 AM

Posted 15 March 2013 - 02:18 PM

Thank you Bill for those kind word and for choosing to visit us at Bleepingcomputer,we appreciate it!!

 

You may want to read through the Pinned topics here also.

http://www.bleepingcomputer.com/forums/f/25/antivirus-firewall-and-privacy-products-and-protection-methods/


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users