Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBR:Whistler-C [Rtk]


  • Please log in to reply
7 replies to this topic

#1 EarthAccessory

EarthAccessory

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 06 June 2013 - 07:25 AM

I have this on my computer.  I am not an expert but know enough about computers to be dangerous without guidance.  Is there a way or a program that will get rid of this for me without having to be a computer expert?  I have AVAST and it keeps detecting it but will not delete it.  I have searched the internet for solutions but most of them involve messing in the black screen which I am not familiar. Please assist me.  Any guidance would be greatly appreciated.  Thank you so much.


Edited by hamluis, 06 June 2013 - 08:00 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:25 AM

Posted 06 June 2013 - 12:41 PM

Hello and welcome!


Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 EarthAccessory

EarthAccessory
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 06 June 2013 - 06:12 PM

Thanks for your quick reply.   I hope I did this correctly.  Let me know. 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-06 17:18:41
-----------------------------
17:18:41.968    OS Version: Windows 5.1.2600 Service Pack 3
17:18:41.968    Number of processors: 1 586 0x209
17:18:41.968    ComputerName: PENNY-7HPY57BRG  UserName: Penny
17:18:43.453    Initialize success
17:18:43.828    AVAST engine defs: 13060601
17:18:48.718    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
17:18:48.718    Disk 0 Vendor:   Size: 0MB BusType: 0
17:18:48.828    Disk 0 MBR read successfully
17:18:48.828    Disk 0 MBR scan
17:18:48.828    Disk 0 MBR:Whistler-C [Rtk]
17:18:48.828    Disk 0 Whistler@MBR code has been found
17:18:48.828    Disk 0 MBR hidden
17:18:48.828    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       152625 MB offset 63
17:18:48.828    Disk 0 MBR [Whistler]  **ROOTKIT**
17:18:48.859    Disk 0 scanning C:\WINDOWS\system32\drivers
17:19:05.109    Service scanning
17:19:32.734    Modules scanning
17:19:48.937    Disk 0 trace - called modules:
17:19:48.937    ntoskrnl.exe >>UNKNOWN [0x89a0aa0a]<<
17:19:48.937    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8a3ab8]
17:19:48.937    \Driver\Disk[0x8a8a42f8] -> IRP_MJ_READ -> 0x89a0aa0a
17:19:50.218    AVAST engine scan C:\WINDOWS
17:20:09.000    AVAST engine scan C:\WINDOWS\system32
17:23:26.046    AVAST engine scan C:\WINDOWS\system32\drivers
17:23:47.953    AVAST engine scan C:\Documents and Settings\Penny
17:43:11.625    File: C:\Documents and Settings\Penny\Local Settings\Temp\e.exe  **INFECTED** Win32:Malware-gen
17:51:37.250    AVAST engine scan C:\Documents and Settings\All Users
17:52:30.078    File: C:\Documents and Settings\All Users\Application Data\FunGames\FunGamesLoader\WorldWinner\bigmoney\BigMoney.dll  **INFECTED** Win32:Trojan-gen
17:58:00.531    Scan finished successfully
18:04:21.328    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Penny\Desktop\MBR.dat"
18:04:21.343    The log file has been saved successfully to "C:\Documents and Settings\Penny\Desktop\scan.txt"



 

 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:25 AM

Posted 06 June 2013 - 07:28 PM

Yes that is good.

Re-Run aswMBR
  • Click Scan
  • On completion of the scan, click the FIXMBR button
  • There is a slight pause after clicking the 'FIXMBR' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.

  • Save the log as before and post in your next reply.
Next run these and tell me how it is after.......


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 EarthAccessory

EarthAccessory
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 08 June 2013 - 06:23 AM

There are not words for how grateful I am for your help.  Thank you so very much for your time and assistance.  My computer is back to normal!!!  Here are the logs you wanted to see. 

 


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-06 20:11:53
-----------------------------
20:11:53.593    OS Version: Windows 5.1.2600 Service Pack 3
20:11:53.593    Number of processors: 1 586 0x209
20:11:53.593    ComputerName: PENNY-7HPY57BRG  UserName: Penny
20:11:54.328    Initialize success
20:11:54.781    AVAST engine defs: 13060601
20:11:57.296    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
20:11:57.296    Disk 0 Vendor:   Size: 0MB BusType: 0
20:11:57.578    Disk 0 MBR read successfully
20:11:57.578    Disk 0 MBR scan
20:11:57.578    Disk 0 MBR:Whistler-C [Rtk]
20:11:57.578    Disk 0 Whistler@MBR code has been found
20:11:57.578    Disk 0 MBR hidden
20:11:57.593    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       152625 MB offset 63
20:11:57.593    Disk 0 MBR [Whistler]  **ROOTKIT**
20:11:57.750    Disk 0 scanning C:\WINDOWS\system32\drivers
20:12:26.765    Service scanning
20:12:49.281    Modules scanning
20:13:15.406    Disk 0 trace - called modules:
20:13:15.406    ntoskrnl.exe >>UNKNOWN [0x89a0aa0a]<<
20:13:15.406    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8a3ab8]
20:13:15.406    \Driver\Disk[0x8a8a42f8] -> IRP_MJ_READ -> 0x89a0aa0a
20:13:16.484    AVAST engine scan C:\WINDOWS
20:13:57.828    AVAST engine scan C:\WINDOWS\system32
20:19:42.609    AVAST engine scan C:\WINDOWS\system32\drivers
20:20:29.343    AVAST engine scan C:\Documents and Settings\Penny
20:43:42.171    File: C:\Documents and Settings\Penny\Local Settings\Temp\e.exe  **INFECTED** Win32:Malware-gen
20:51:19.906    AVAST engine scan C:\Documents and Settings\All Users
20:51:56.437    File: C:\Documents and Settings\All Users\Application Data\FunGames\FunGamesLoader\WorldWinner\bigmoney\BigMoney.dll  **INFECTED** Win32:Trojan-gen
20:56:33.640    Scan finished successfully
20:58:39.156    Verifying
20:58:49.156    Disk 0 Windows 501 MBR fixed successfully
21:00:20.734    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Penny\Desktop\MBR.dat"
21:00:20.734    The log file has been saved successfully to "C:\Documents and Settings\Penny\Desktop\SCAN2.txt"

 

MiniToolBox by Farbar  Version:21-04-2013
Ran by Penny (administrator) on 06-06-2013 at 21:14:22
Running from "C:\Documents and Settings\Penny\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:5555

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Intel® PRO/1000 MT Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration        Host Name . . . . . . . . . . . . : penny-7hpy57brg        Primary Dns Suffix  . . . . . . . :         Node Type . . . . . . . . . . . . : Unknown        IP Routing Enabled. . . . . . . . : No        WINS Proxy Enabled. . . . . . . . : No        DNS Suffix Search List. . . . . . : diodecom.netEthernet adapter Local Area Connection:        Connection-specific DNS Suffix  . : diodecom.net        Description . . . . . . . . . . . : Intel® PRO/1000 MT Network Connection        Physical Address. . . . . . . . . : 00-0C-F1-AA-90-A3        Dhcp Enabled. . . . . . . . . . . : Yes        Autoconfiguration Enabled . . . . : Yes        IP Address. . . . . . . . . . . . : 192.168.0.101        Subnet Mask . . . . . . . . . . . : 255.255.255.0        Default Gateway . . . . . . . . . : 192.168.0.1        DHCP Server . . . . . . . . . . . : 192.168.0.1        DNS Servers . . . . . . . . . . . : 192.168.0.1        Lease Obtained. . . . . . . . . . : Thursday, June 06, 2013 9:01:37 PM        Lease Expires . . . . . . . . . . : Thursday, June 13, 2013 9:01:37 PM1.0.168.192.in-addr.arpa
    primary name server = localhost
    responsible mail addr = nobody.invalid
    serial  = 1
    refresh = 600 (10 mins)
    retry   = 1200 (20 mins)
    expire  = 604800 (7 days)
    default TTL = 10800 (3 hours)
Server:  UnKnown
Address:  192.168.0.1

Name:    google.com.diodecom.net
Address:  67.215.65.145

Pinging google.com [173.194.46.72] with 32 bytes of data:Reply from 173.194.46.72: bytes=32 time=59ms TTL=51Reply from 173.194.46.72: bytes=32 time=63ms TTL=51Ping statistics for 173.194.46.72:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 59ms, Maximum = 63ms, Average = 61msServer:  UnKnown
Address:  192.168.0.1

Name:    yahoo.com.diodecom.net
Address:  67.215.65.145

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:Reply from 98.138.253.109: bytes=32 time=109ms TTL=44Reply from 98.138.253.109: bytes=32 time=140ms TTL=43Ping statistics for 98.138.253.109:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 109ms, Maximum = 140ms, Average = 124msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0c f1 aa 90 a3 ...... Intel® PRO/1000 MT Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1   192.168.0.101      10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.0.0    255.255.255.0    192.168.0.101   192.168.0.101      10
    192.168.0.101  255.255.255.255        127.0.0.1       127.0.0.1      10
    192.168.0.255  255.255.255.255    192.168.0.101   192.168.0.101      10
        224.0.0.0        240.0.0.0    192.168.0.101   192.168.0.101      10
  255.255.255.255  255.255.255.255    192.168.0.101   192.168.0.101      1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/06/2013 09:07:16 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (06/06/2013 09:07:16 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/06/2013 09:07:16 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (06/06/2013 09:07:16 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/06/2013 09:07:14 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (06/06/2013 09:07:14 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/06/2013 09:07:14 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (06/06/2013 09:07:13 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/06/2013 09:06:27 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (06/06/2013 09:06:27 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (06/06/2013 09:02:07 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (06/06/2013 09:02:07 PM) (Source: Service Control Manager) (User: )
Description: The HID Input Service service terminated with the following error:
%%2

Error: (06/06/2013 08:49:58 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (06/06/2013 08:49:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (06/06/2013 08:48:55 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (06/06/2013 08:48:22 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (06/06/2013 08:47:51 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (06/06/2013 08:47:18 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (06/06/2013 08:18:17 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (06/06/2013 08:17:46 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (06/06/2013 09:07:16 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (06/06/2013 09:07:16 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/06/2013 09:07:16 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (06/06/2013 09:07:16 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/06/2013 09:07:14 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (06/06/2013 09:07:14 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/06/2013 09:07:14 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established

Error: (06/06/2013 09:07:13 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/06/2013 09:06:27 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (06/06/2013 09:06:27 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


=========================== Installed Programs ============================

ABBYY FineReader 5.0 Sprint (Version: 5.0.0.22227)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1990.41618)
ABBYY FineReader 9.0 Sprint (Version: 9.00.595.5857)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Acronis True Image Home (Version: 12.0.9709)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.5.502.110)
Adobe Reader 9.5.5 (Version: 9.5.5)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Advanced Audio FX Engine (Version: 1.12.05)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
ArcSoft MediaConverter 4 Platinum (Version: 4.0.0.164)
ArcSoft MediaImpression (Version: 1.5.9.442)
ArcSoft Panorama Maker 4 (Version: 4.5.0.112)
ArcSoft Photo Book Screen Saver (Version: 2.0.0.13)
ArcSoft PhotoStudio Darkroom 2 (Version: 2.0.0.174)
ArcSoft RAW Thumbnail Viewer (Version: 2.0.0.11)
ArcSoft Scan-n-Stitch Deluxe (Version: 1.1.0.17)
ArcSoft Video Downloader (Version: 2.0.0.39)
Atlantis (remove only)
Autodesk SketchBookPro 2011 (Version: 5.00.0000)
avast! Pro Antivirus (Version: 8.0.1489.0)
Bamboo
BCM V.92 56K Modem
Bejeweled 2 (remove only)
BetZip Version 2.0.6.64
Big Fish Games Client (Version: 1.2.5.17)
BookWorm Deluxe (remove only)
Burger Shop
Burger Shop (remove only)
Camera Window DS (Version: 5.3.1)
Camera Window DVC (Version: 5.4.4)
Camera Window DVC (Version: 6.0)
Camera Window MC (Version: 6.0)
Canon Camera Access Library (Version: 8.0.0.21)
Canon Camera Support Core Library (Version: 7.3.0.4)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.4)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.0)
Canon Camera Window DSLR 5 for ZoomBrowser EX (Version: 5.3.1)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.0)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.0.0.8)
Canon PhotoRecord (Version: 02.02.03002)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.2)
Canon Utilities PhotoStitch 3.1 (Version: 3.1.16)
Canon ZoomBrowser EX (E) (Version: 5.05.0000)
Carbonite (Version: 4.0.4 build 806 (Mar-03-2011))
Chuzzle Deluxe (remove only)
ConvertXtoDVD 3.1.3.40c (Version: 3.1.3.40c)
Coupon Printer for Windows (Version: 4.0)
Coupon Printer for Windows (Version: 5.0.0.2)
CouponBar (Version: 5.0.0.5)
Critical Update for Windows Media Player 11 (KB959772)
DefaultTab (Version: 2.2.8.0)
Dell Digital Jukebox Driver
Dell ResourceCD
Dell V520 Series Uninstaller
Dell Webcam Central (Version: 1.40.05)
DellConnect
Disney Pix Max Downloader (Version: 2.0.0)
Disney Toontown Online (Version: )
Download Updater (AOL LLC)
Driver Whiz (Version: 8.1)
DVD VHS Magic
eReg (Version: 1.20.138.34)
Fairies (remove only)
Feed Editor 5.2
FeralHeart version 1.13 (Version: 1.13)
FoneSync
Fraps (remove only)
GameMaker-Studio 1.1
Google Earth (Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
Google Updater (Version: 2.4.2432.1652)
Guffins
honestech Claymation Studio (Version: 3.0.0)
Intel® PRO Network Adapters and Drivers
InterActual Player
iWin Games (remove only)
J2SE Runtime Environment 5.0 Update 10 (Version: 1.5.0.100)
J2SE Runtime Environment 5.0 Update 11 (Version: 1.5.0.110)
J2SE Runtime Environment 5.0 Update 4 (Version: 1.5.0.40)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
J2SE Runtime Environment 5.0 Update 9 (Version: 1.5.0.90)
Jasc Paint Shop Photo Album (Version: 4.0.3)
Jasc Paint Shop Pro 8 Dell Edition (Version: 8.10.0000)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
JavaFX 2.1.1 (Version: 2.1.1)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Logitech SetPoint 6.51 (Version: 6.51.8)
MapsGalaxy Toolbar
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Publisher 2000 SR-1 (Version: 9.00.3821)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.3042.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0 (Version: 06.00.1829)
Microsoft Works Suite Add-in for Microsoft Word (Version: 2.0.0.0000)
Monitor Webcam Driver (1.01.02.0804)  
Move Media Player
MovieEdit Task (Version: 2.0.0.8)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSN Music Assistant
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
My Amazing Human Body
NVIDIA Drivers
OpenOffice.org 3.3 (Version: 3.3.9567)
PC Treasures-Disney/Pixar Active Play A Bug's Life (Version: 1.0)
Peggle (Version: 32.0.0.0)
PhotoStage Slideshow Producer
PhotoStitch (Version: 3.1.16)
Plants vs Zombies - Game of The Year
PokerStars (Version: 2.070)
PowerDVD
Punch! Home Design - Platinum
QuickBooks Pro 2006 (Version: )
QuickTime (Version: 7.72.80.56)
Rapport (Version: 3.5.1201.84)
RAW Image Task 2.2 (Version: 2.2)
RealPlayer
RegServe (Version: 7.1.3.7)
Roblox for Penny
Roxio MyDVD Essentials 8 (Version: 8.0.568)
Search Protect by conduit (Version: 1.5.0.71)
SelectionLinks (Version: 1.0)
SharePort Utility (Version: 1.1.0)
SILENT HILL 3 (Version: 1.00.0000)
SILENT HILL 4 (Version: 1.00.000)
SmartDraw 2014
Sonic RecordNow! (Version: 6.5.0)
Sonic Update Manager (Version: 2.9)
Sony USB Driver
SPORE™ (Version: 1.00.0000)
swMSM (Version: 12.0.0.1)
The Go Ronald Games (Version: 1.00.0000)
The Simpsons Hit & Run™ (Version: 1.00.000)
The Sims™ Life Stories
Tumblebugs (remove only)
Unity Web Player (Version: 2.5.5b4_50)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VideoPad Video Editor
WavePad Sound Editor
WebFldrs XP (Version: 9.50.6513)
WebTablet IE Plugin (Version: 1.1.0.4)
WebTablet Netscape Plugin (Version: 1.1.0.3)
Wik and The Fable of Souls (remove only)
Windows Defender Signatures (Version: 1.20.1459.12)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Movie Maker 2.0 (Version: 2.0.0000)
Windows XP Service Pack 3 (Version: 20080414.031525)
Wizard101 (Version: 1.0.0)
Works Suite OS Pack (Version: 1.0.0.0000)
Works Synchronization (Version: 1.0.0.0000)
WorldWinner Games (Version: 1.10.0.25)
Zoo Vet

========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 2047 MB
Available physical RAM: 1393.21 MB
Total Pagefile: 3942.82 MB
Available Pagefile: 3475.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.79 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:149.05 GB) (Free:79.98 GB) NTFS
3 Drive e: (HTF_DVD2_GOLDEN_1) (CDROM) (Total:3.93 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\PENNY-7HPY57BRG

Administrator            ASPNET                   Guest                    
HelpAssistant            Penny                    QBDataServiceUser        
Sierra                   SUPPORT_388945a0         Virgil                   


**** End of log ****
 

C:\Documents and Settings\Penny\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab    Win32/OpenCandy application    deleted - quarantined
C:\Documents and Settings\Penny\Application Data\Sun\Java\Deployment\cache\6.0\15\474b614f-375fc191    a variant of Java/Exploit.CVE-2010-4452.H trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Penny\Desktop\couponprinter.exe    probably a variant of Win32/Adware.Softomate.AD application    cleaned by deleting - quarantined
C:\Documents and Settings\Penny\Desktop\MBR.dat    Win32/Agent.SDG.Gen trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Penny\Local Settings\Application Data\{8941DB01-64AE-4223-BD9E-7A6BB1EC0D2B}\chrome\content\overlay.xul    probably a variant of Win32/Agent.NVQFFQI trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Penny\Local Settings\Temp\e.exe    Win32/Cimag.CR trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Penny\Local Settings\Temp\jar_cache1281816171414620055.tmp    a variant of OSX/Exploit.Smid.D trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Penny\Local Settings\Temp\jar_cache53735.tmp    a variant of Java/TrojanDownloader.Agent.NAN trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Penny\Local Settings\Temp\jar_cache62604.tmp    a variant of Java/TrojanDownloader.Agent.NAN trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Penny\My Documents\Downloads\freeopener_715(1).exe    a variant of Win32/InstallIQ application    cleaned by deleting - quarantined
C:\Documents and Settings\Penny\My Documents\Downloads\freeopener_715.exe    a variant of Win32/InstallIQ application    cleaned by deleting - quarantined
C:\Documents and Settings\Penny\My Documents\Downloads\Guffins(2).exe    a variant of Win32/AdInstaller application    cleaned by deleting - quarantined
C:\Documents and Settings\Penny\My Documents\Downloads\Guffins.exe    a variant of Win32/AdInstaller application    cleaned by deleting - quarantined
C:\Documents and Settings\Penny\My Documents\Downloads\regserve-setup.exe    a variant of Win32/Adware.RegDefense application    cleaned by deleting - quarantined
C:\Documents and Settings\Penny\My Documents\Downloads\Setup(2).exe    a variant of Win32/Adware.iBryte.G application    cleaned by deleting - quarantined
C:\Documents and Settings\Penny\My Documents\Downloads\Setup(3).exe    a variant of Win32/Adware.iBryte.G application    cleaned by deleting - quarantined
C:\Documents and Settings\Penny\My Documents\Downloads\SoftonicDownloader_for_hypercam(1).exe    a variant of Win32/SoftonicDownloader.E application    cleaned by deleting - quarantined
C:\Documents and Settings\Penny\My Documents\Downloads\toontown_ban_blocker-install.zip_downloader.exe    a variant of Win32/InstallCore.W application    cleaned by deleting - quarantined
C:\Program Files\Mozilla Firefox\browser\nsprotector.js    Win32/Conduit.SearchProtect.A application    cleaned by deleting - quarantined
C:\Program Files\RegServe\RSRegistryUtil.dll    a variant of Win32/Adware.RegDefense application    cleaned by deleting - quarantined
C:\WINDOWS\Temp\Optimizer_Pro.exe    multiple threats    cleaned by deleting - quarantined
 

 

 

 



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:25 AM

Posted 08 June 2013 - 10:26 AM

Ok, great and you're welcome!!

 

Let's do this and finish up.

 

In Control Panel Add/remove, remove these. Older versions are exploitable.

 

Adobe Reader 9.5.5 (Version: 9.5.5)

Java 7 Update 9 (Version: 7.0.90)

Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)

 

Reboot

 

Install

Adobe Reader XI

Java Version 7 Update 21
 

..... Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can re-infect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:
[LIST]
[*]Go to Start > Programs > Accessories > System Tools and click "System Restore".[/*]
[*]Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.[/*]
[*] [/*]
[*]Then use Disk Cleanup[/*]
[*]to remove all but the most recently created Restore Point.[/*]
[*]Go to Start > Run and type: Cleanmgr[/*]
[*]Click "Ok". Disk Cleanup will scan your files for several minutes, then open.[/*]
[*]Click the "More Options" tab, then click the "Clean up" button under System Restore.[/*]
[*]Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"[/*]
[*]Click Yes, then click Ok.[/*]
[*]Click Yes again when prompted with "Are you sure you want to perform these actions?"[/*]
[*]Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links:[/*]
[*]Create a New Restore Point in Vista[/*]
[*]Create a New Restore Point in Windows 7 (alternate method)[/*]
[*]Disk Cleanup in Vista[/*]
[*]Disk Cleanup in Windows 7[/*]
 

 

 

If all is good


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 EarthAccessory

EarthAccessory
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 08 June 2013 - 03:21 PM

ok, I did all of that.  Thanks, I couldn't have done it without you. :)    I am so glad that there are people like you out there willing to help someone like me.   Many, many thanks!!!



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:25 AM

Posted 08 June 2013 - 08:41 PM

:grinner: You're welcome, thanks for the kind words


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users