 Google search redirects, Google and MSN Bing frequently redirect |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Want a New HP LaserJet MFP? Trade in your old printer and receive $1,000 in savings!
Trade in your old printer and receive up to $1,000 in saving on a new HP LaserJet Multifunction Printer. Click here for savings!
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jan 24 2010, 02:49 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 6 Joined: 22-January 10 Member No.: 440,238  |
 Well, Google and MSN Bing frequently redirect to 3rd party sites. The search results show, click, and then off to the netherworld! In addition, had a new browser window pop from this site to Yellowbook. RootRepal error. In addition, upon startup, I get the message 'unable to connect to file system. InCD service not running' UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-12-01.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 2007-10-09 09:12:18 System Uptime: 2010-01-24 00:53:56 (1 hours ago) Motherboard: Intel Corporation | | D865GLC Processor: Intel® Pentium® 4 CPU 2.80GHz | J2E1 | 2793/200mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 114 GiB total, 92.197 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP920: 2009-10-26 03:00:33 - Software Distribution Service 3.0 RP921: 2009-10-26 05:27:04 - Software Distribution Service 3.0 RP922: 2009-10-26 05:54:56 - Software Distribution Service 3.0 RP923: 2009-10-26 22:06:07 - Software Distribution Service 3.0 RP924: 2009-10-27 08:35:37 - Installed Java™ 6 Update 15 RP925: 2009-10-27 08:38:56 - Installed MSN Toolbar Setup RP926: 2009-10-28 03:00:31 - Software Distribution Service 3.0 RP927: 2009-10-29 03:00:36 - Software Distribution Service 3.0 RP928: 2009-10-29 12:53:05 - Installed AVG 9.0 RP929: 2009-10-30 03:00:30 - Software Distribution Service 3.0 RP930: 2009-10-31 03:00:28 - Software Distribution Service 3.0 RP931: 2009-11-01 03:00:42 - Software Distribution Service 3.0 RP932: 2009-11-01 04:00:30 - Software Distribution Service 3.0 RP933: 2009-11-02 04:00:36 - Software Distribution Service 3.0 RP934: 2009-11-02 11:37:28 - Installed AVG 9.0 RP935: 2009-11-03 04:00:41 - Software Distribution Service 3.0 RP936: 2009-11-03 10:47:44 - Avg8 Update RP937: 2009-11-03 15:49:05 - Installed Java™ 6 Update 17 RP938: 2009-11-04 04:00:44 - Software Distribution Service 3.0 RP939: 2009-11-05 04:00:31 - Software Distribution Service 3.0 RP940: 2009-11-05 09:27:32 - Software Distribution Service 3.0 RP941: 2009-11-05 12:20:25 - Installed AVG 9.0 RP942: 2009-11-05 18:58:57 - Avg8 Update RP943: 2009-11-06 04:00:31 - Software Distribution Service 3.0 RP944: 2009-11-06 18:58:09 - Avg8 Update RP945: 2009-11-07 04:00:37 - Software Distribution Service 3.0 RP946: 2009-11-08 03:00:43 - Software Distribution Service 3.0 RP947: 2009-11-09 03:01:01 - Software Distribution Service 3.0 RP948: 2009-11-09 10:27:16 - Avg8 Update RP949: 2009-11-09 10:29:01 - Avg8 Update RP950: 2009-11-09 11:13:41 - Software Distribution Service 3.0 RP951: 2009-11-10 03:00:31 - Software Distribution Service 3.0 RP952: 2009-11-11 03:00:42 - Software Distribution Service 3.0 RP953: 2009-11-12 03:00:38 - Software Distribution Service 3.0 RP954: 2009-11-12 08:56:59 - Avg8 Update RP955: 2009-11-13 03:00:36 - Software Distribution Service 3.0 RP956: 2009-11-13 17:57:57 - Avg8 Update RP957: 2009-11-14 03:00:39 - Software Distribution Service 3.0 RP958: 2009-11-15 03:00:34 - Software Distribution Service 3.0 RP959: 2009-11-16 03:00:35 - Software Distribution Service 3.0 RP960: 2009-11-16 11:44:42 - Software Distribution Service 3.0 RP961: 2009-11-17 03:00:41 - Software Distribution Service 3.0 RP962: 2009-11-17 11:34:22 - Software Distribution Service 3.0 RP963: 2009-11-18 03:00:41 - Software Distribution Service 3.0 RP964: 2009-11-19 03:00:35 - Software Distribution Service 3.0 RP965: 2009-11-20 00:45:41 - Software Distribution Service 3.0 RP966: 2009-11-20 09:13:06 - Avg8 Update RP967: 2009-11-20 09:14:46 - Avg8 Update RP968: 2009-11-20 12:01:42 - Software Distribution Service 3.0 RP969: 2009-11-20 17:58:09 - Avg8 Update RP970: 2009-11-21 03:00:31 - Software Distribution Service 3.0 RP971: 2009-11-21 21:00:04 - Software Distribution Service 3.0 RP972: 2009-11-22 21:40:30 - System Checkpoint RP973: 2009-11-23 22:32:38 - System Checkpoint RP974: 2009-11-24 03:00:52 - Software Distribution Service 3.0 RP975: 2009-11-24 17:57:49 - Avg8 Update RP976: 2009-11-24 22:05:25 - Software Distribution Service 3.0 RP977: 2009-11-25 22:21:37 - System Checkpoint RP978: 2009-11-26 03:00:34 - Software Distribution Service 3.0 RP979: 2009-11-27 03:00:30 - Software Distribution Service 3.0 RP980: 2009-11-27 17:58:39 - Avg8 Update RP981: 2009-11-27 20:10:23 - Software Distribution Service 3.0 RP982: 2009-11-28 21:39:26 - System Checkpoint RP983: 2009-11-29 03:00:32 - Software Distribution Service 3.0 RP984: 2009-11-30 03:00:37 - Software Distribution Service 3.0 RP985: 2009-12-01 03:00:36 - Software Distribution Service 3.0 RP986: 2009-12-02 03:00:28 - Software Distribution Service 3.0 RP987: 2009-12-02 17:58:54 - Avg8 Update RP988: 2009-12-03 03:00:50 - Software Distribution Service 3.0 RP989: 2009-12-04 03:00:34 - Software Distribution Service 3.0 RP990: 2009-12-04 17:59:39 - Avg8 Update RP991: 2009-12-05 03:00:34 - Software Distribution Service 3.0 RP992: 2009-12-05 08:03:05 - Avg8 Update RP993: 2009-12-06 03:00:53 - Software Distribution Service 3.0 RP994: 2009-12-07 02:08:51 - Software Distribution Service 3.0 RP995: 2009-12-08 03:00:40 - Software Distribution Service 3.0 RP996: 2009-12-09 03:00:32 - Software Distribution Service 3.0 RP997: 2009-12-10 03:00:48 - Software Distribution Service 3.0 RP998: 2009-12-10 08:00:39 - Avg8 Update RP999: 2009-12-10 08:02:48 - Avg8 Update RP1000: 2009-12-11 02:08:16 - Software Distribution Service 3.0 RP1001: 2009-12-11 19:57:45 - Software Distribution Service 3.0 RP1002: 2009-12-12 07:41:49 - Avg8 Update RP1003: 2009-12-13 08:11:49 - Software Distribution Service 3.0 RP1004: 2009-12-14 03:00:33 - Software Distribution Service 3.0 RP1005: 2009-12-14 12:43:19 - Software Distribution Service 3.0 RP1006: 2009-12-15 03:00:38 - Software Distribution Service 3.0 RP1007: 2009-12-15 17:57:41 - Avg8 Update RP1008: 2009-12-16 03:00:35 - Software Distribution Service 3.0 RP1009: 2009-12-17 03:00:43 - Software Distribution Service 3.0 RP1010: 2009-12-18 03:00:39 - Software Distribution Service 3.0 RP1011: 2009-12-18 17:58:26 - Avg8 Update RP1012: 2009-12-19 03:00:33 - Software Distribution Service 3.0 RP1013: 2009-12-20 03:00:37 - Software Distribution Service 3.0 RP1014: 2009-12-21 03:00:39 - Software Distribution Service 3.0 RP1015: 2009-12-21 17:47:43 - Software Distribution Service 3.0 RP1016: 2009-12-22 03:00:29 - Software Distribution Service 3.0 RP1017: 2009-12-22 09:35:02 - Avg8 Update RP1018: 2009-12-23 03:00:34 - Software Distribution Service 3.0 RP1019: 2009-12-24 03:00:32 - Software Distribution Service 3.0 RP1020: 2009-12-24 22:33:13 - Software Distribution Service 3.0 RP1021: 2009-12-25 23:30:44 - System Checkpoint RP1022: 2009-12-26 03:00:43 - Software Distribution Service 3.0 RP1023: 2009-12-27 01:48:05 - Software Distribution Service 3.0 RP1024: 2009-12-28 01:54:52 - System Checkpoint RP1025: 2009-12-28 03:00:31 - Software Distribution Service 3.0 RP1026: 2009-12-29 02:01:54 - Software Distribution Service 3.0 RP1027: 2009-12-29 17:59:12 - Avg8 Update RP1028: 2009-12-30 03:00:38 - Software Distribution Service 3.0 RP1029: 2009-12-31 03:00:43 - Software Distribution Service 3.0 RP1030: 2009-12-31 03:12:47 - Software Distribution Service 3.0 RP1031: 2009-12-31 10:11:22 - Avg8 Update RP1032: 2009-12-31 12:38:00 - Software Distribution Service 3.0 RP1033: 2010-01-01 03:00:30 - Software Distribution Service 3.0 RP1034: 2010-01-02 03:00:49 - Software Distribution Service 3.0 RP1035: 2010-01-02 20:18:59 - Software Distribution Service 3.0 RP1036: 2010-01-03 20:41:09 - System Checkpoint RP1037: 2010-01-04 03:00:26 - Software Distribution Service 3.0 RP1038: 2010-01-04 18:12:07 - Software Distribution Service 3.0 RP1039: 2010-01-05 03:00:25 - Software Distribution Service 3.0 RP1040: 2010-01-05 17:31:57 - Software Distribution Service 3.0 RP1041: 2010-01-05 17:57:04 - Software Distribution Service 3.0 RP1042: 2010-01-06 08:04:35 - Software Distribution Service 3.0 RP1043: 2010-01-07 03:00:31 - Software Distribution Service 3.0 RP1044: 2010-01-08 03:00:36 - Software Distribution Service 3.0 RP1045: 2010-01-08 17:58:36 - Avg8 Update RP1046: 2010-01-08 19:57:12 - Software Distribution Service 3.0 RP1047: 2010-01-09 21:04:56 - System Checkpoint RP1048: 2010-01-10 01:10:26 - Software Distribution Service 3.0 RP1049: 2010-01-11 01:32:22 - System Checkpoint RP1050: 2010-01-11 03:00:33 - Software Distribution Service 3.0 RP1051: 2010-01-12 03:00:29 - Software Distribution Service 3.0 RP1052: 2010-01-13 03:00:38 - Software Distribution Service 3.0 RP1053: 2010-01-13 13:56:57 - Software Distribution Service 3.0 RP1054: 2010-01-13 14:31:12 - Software Distribution Service 3.0 RP1055: 2010-01-13 18:07:14 - Software Distribution Service 3.0 RP1056: 2010-01-14 03:00:34 - Software Distribution Service 3.0 RP1057: 2010-01-14 05:58:58 - Avg8 Update RP1058: 2010-01-14 08:19:15 - Avg8 Update RP1059: 2010-01-15 00:22:58 - Software Distribution Service 3.0 RP1060: 2010-01-16 01:08:39 - System Checkpoint RP1061: 2010-01-16 03:00:33 - Software Distribution Service 3.0 RP1062: 2010-01-16 19:18:59 - Software Distribution Service 3.0 RP1063: 2010-01-17 03:00:35 - Software Distribution Service 3.0 RP1064: 2010-01-17 04:32:39 - Restore Operation RP1065: 2010-01-17 04:55:00 - Software Distribution Service 3.0 RP1066: 2010-01-17 07:26:35 - Software Distribution Service 3.0 RP1067: 2010-01-17 21:44:29 - Software Distribution Service 3.0 RP1068: 2010-01-18 23:12:54 - System Checkpoint RP1069: 2010-01-19 03:00:29 - Software Distribution Service 3.0 RP1070: 2010-01-20 03:00:48 - Software Distribution Service 3.0 RP1071: 2010-01-21 00:41:02 - Software Distribution Service 3.0 RP1072: 2010-01-22 01:29:03 - System Checkpoint RP1073: 2010-01-22 03:00:34 - Software Distribution Service 3.0 RP1074: 2010-01-22 11:24:05 - Software Distribution Service 3.0 RP1075: 2010-01-22 19:24:57 - Installed HiJackThis RP1076: 2010-01-22 12:21:45 - System Checkpoint RP1077: 2010-01-22 13:57:34 - Avg8 Update RP1078: 2010-01-23 11:13:15 - Microsoft Antimalware Checkpoint RP1079: 2010-01-23 11:23:10 - Software Distribution Service 3.0 RP1080: 2010-01-23 12:03:33 - Software Distribution Service 3.0 RP1081: 2010-01-23 11:25:33 - System Checkpoint ==== Installed Programs ====================== Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 10 ActiveX Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Adobe® Photoshop® Album Starter Edition 3.2 AnalogX CookieWall ArcSoft Software Suite AutoUpdate AVG 9.0 Critical Update for Windows Media Player 11 (KB959772) DivX Codec DivX Converter DivX Player DivX Web Player EPSON Copy Utility EPSON EIC CX5400 EPSON Photo Print EPSON Printer Software EPSON Scan EPSON Smart Panel ESET Online Scanner v3 FLV Player 2.0, build 23 FrontierNet DSL Attendant FXCM Trading Station Gateway Drivers and Applications Recovery Gateway IE Customizations Gateway Ink Monitor Gateway Rhapsody Gateway User's Guide Google Toolbar for Internet Explorer HiJackThis HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) InCD InstallMgr Intel® 537EP Data Fax Modem Intel® Extreme Graphics 2 Driver Intel® PRO Network Adapters and Drivers Intel® PROSet Java 2 Runtime Environment, SE v1.4.2 Java™ 6 Update 17 Java™ 6 Update 6 Java™ 6 Update 7 Malwarebytes' Anti-Malware Malwarebytes' RogueRemover Microsoft Antimalware Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Default Manager Microsoft Encarta Encyclopedia Standard 2004 Microsoft IntelliPoint 4.0 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Learning and Research Plus Support Files Microsoft Money 2004 Microsoft Money 2004 System Pack Microsoft National Language Support Downlevel APIs Microsoft Office Basic Edition 2003 Microsoft Picture It! Express 7.0 Microsoft Picture It! Photo Premium 9 Microsoft Search Enhancement Pack Microsoft Security Essentials Microsoft Silverlight Microsoft Streets and Trips 2004 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works Microsoft Works 2004 Setup Launcher Microsoft Works Suite Add-in for Microsoft Word Mozilla Firefox (2.0.0.17) MSN Internet Software MSN Messenger 5.0 MSN Toolbar MSN Toolbar Platform MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MUSICMATCH® Jukebox Nero OEM Office 2003 Setup Files PC-Doctor for Windows QuickBooks Basic Edition 2004 QuickTime RealPlayer Basic Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB913433) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Shockwave Splendid City Sports Scheduler v6.6.2 Splendid City Sports Scheduler v6.7.1 SUPERAntiSpyware Free Edition Update for Windows Internet Explorer 8 (KB971180) Update for Windows Internet Explorer 8 (KB976749) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VLC media player 0.9.9 WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live ID Sign-in Assistant Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 Yahoo! Install Manager Yahoo! Toolbar ==== Event Viewer Messages From Past Week ======== 2010-01-23 13:03:39, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect. 2010-01-23 13:03:39, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2010-01-23 11:36:37, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TangoService service. 2010-01-23 11:25:48, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Security Update for Microsoft Office Excel 2003 (KB973475). 2010-01-23 11:25:48, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Security Update for Microsoft Office 2003 (KB974554). 2010-01-23 11:13:18, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...atid=2147630381 User: GATEWAY-2YM32XV\Owner Name: Exploit:Win32/Pdfjsc.CR ID: 2147630381 Severity: Severe Category: Exploit Path: Action: Quarantine Error Code: 0x80070002 Error description: The system cannot find the file specified. Status: Signature Version: AV: 1.73.24.0, AS: 1.73.24.0 Engine Version: 1.1.5405.0 2010-01-22 18:55:40, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. 2010-01-22 18:55:40, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2010-01-22 18:54:32, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG E-mail Scanner service to connect. 2010-01-22 18:54:32, error: Service Control Manager [7000] - The AVG E-mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2010-01-22 12:05:57, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 2010-01-22 11:48:00, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip 2010-01-21 23:41:59, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. 2010-01-21 23:41:59, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver. 2010-01-21 23:38:08, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s). 2010-01-21 23:38:08, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 2010-01-19 11:42:31, error: Dhcp [1002] - The IP address lease 192.168.254.1 for the Network Card with network address 000CF1ADC9F2 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message). 2010-01-18 21:07:42, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 2010-01-18 21:07:37, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip 2010-01-18 21:07:37, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning. 2010-01-18 21:07:37, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 2010-01-18 21:07:37, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 2010-01-18 21:07:37, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 2010-01-18 21:07:05, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 2010-01-18 21:07:03, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 2010-01-17 07:32:05, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB974554). 2010-01-17 07:29:09, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB973475). ==== End Of File =========================== ROOTREPEAL CRASH REPORT ------------------------- Windows Version: Windows XP SP3 Exception Code: 0xc0000094 Exception Address: 0x004eca19 |
 |
 
|
|
Jan 30 2010, 11:45 AM
Post
#2
|
|
 Forum Addict Group: Malware Study Hall Senior Posts: 1,898 Joined: 14-February 05 From: God's Country Member No.: 12,036 |
Hello and welcome to Bleeping Computer
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:
Information on A/V control HERE -------------------- |
|
|
|
|
Feb 4 2010, 02:24 PM
Post
#3
|
|
|
New Member Group: Members Posts: 6 Joined: 22-January 10 Member No.: 440,238 |
Thanks for your response!
Since my first post, it appears that microsoft security essentials chased the problem around and found this: 'virus: win32/Alureon.F' The search no longer redirects, however, I'm still having problems, specifically an error message upon bootup: 'cannot connect to file system. InCD service not running', as well as, on ocassion, 'your system is low on virtual memory', and the memory increases. Additionally, my system is slow to boot up, and also start Internet Explorer. Here is a new DDS log. 
Attach.zip ( 4.08k )
Number of downloads: 9
DDS.txt ( 18.87k )
Number of downloads: 14Thanks again for your attention! This post has been edited by ibait2fish: Feb 4 2010, 02:52 PM |
|
|
|
|
Feb 5 2010, 08:03 AM
Post
#4
|
|
|
Forum Addict Group: Malware Study Hall Senior Posts: 1,898 Joined: 14-February 05 From: God's Country Member No.: 12,036 |
Hello ibait2fish
I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy. As you can see the logs we ask for are very extensive and take a lot of time to investigate. In addition, since I am still in training all of my responses have to be reviewed by our excellent expert staff so there may be a delay in response time. The advantage is that your log will be evaluated by two sets of eyes and two brains. If you haven't already, you can keep the link to this topic in your Favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this Topic, where you can choose email notifications. Please make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box. Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions. If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use. Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7 Because the e-mail notification system is not completely reliable, please check your topic once a day for responses. Again, keep in mind that it may take a couple of days or more before I can reply but once we get started the process should speed up. Thank you for your patience!! -------------------- |
|
|
|
|
Feb 7 2010, 11:27 AM
Post
#5
|
|
|
New Member Group: Members Posts: 6 Joined: 22-January 10 Member No.: 440,238 |
Thanks!
|
|
|
|
|
Feb 8 2010, 12:02 PM
Post
#6
|
|
|
Forum Addict Group: Malware Study Hall Senior Posts: 1,898 Joined: 14-February 05 From: God's Country Member No.: 12,036 |
Hello ibait2fish,
I have some bad news  One or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information and download and execute files. I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? When Should I Format, How Should I Reinstall We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. Thanks!! -------------------- |
|
|
|
|
Feb 9 2010, 07:40 PM
Post
#7
|
|
|
New Member Group: Members Posts: 6 Joined: 22-January 10 Member No.: 440,238 |
K, thanks!
I would prefer to wipe and clean the entire machine, however...I have have basically 2 questions... 1) When you say to backup all data, am I able to do this without reinfecting my computer? 2) How do I wipe the drive clean? I really don't know how the Hell I got this...a backup 'puter is on order.. Please respond...My next correspondence with you will be via the public library..k? ---Bob |
|
|
|
|
Feb 10 2010, 04:33 PM
Post
#8
|
|
|
Forum Addict Group: Malware Study Hall Senior Posts: 1,898 Joined: 14-February 05 From: God's Country Member No.: 12,036 |
QUOTE 1) When you say to backup all data, am I able to do this without reinfecting my computer? Yes, if done properly. When you backup data you need to save any files that you want to keep as a clean install of the operating system will completely erase those files. You can backup or save your files by burning them to CD, saving to a floppy disk, an external drive, flash or thumb drive. These might include word documents, .pdf files, music and pictures. Do not backup any programs or applications. If you use an external drive to save your data you will need to run FlashDisinfector prior to backing up. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
Note that the files with the following extensions should not be backed up: .exe .scr .htm .html .xml .zip .rar .asp .php QUOTE 2) How do I wipe the drive clean? If you do not know how to perform a fresh install, use these websites and read for instructions on how to format and reinstall Windows:
http://www.winsupersite.com/showcase/windowsxp_sg_clean.asp Thanks!! -------------------- |
|
|
|
|
Feb 10 2010, 07:15 PM
Post
#9
|
|
|
New Member Group: Members Posts: 6 Joined: 22-January 10 Member No.: 440,238 |
Thank you very much!
There are several things of which I think you should be aware. 1) This may have been a targeted attack...I have reported and been responsible for reporting several cp and other sites..I do not seek these out, but, if they show up on my 'puter..die... 2) I was able to identify the domain registrar hack of several years ago..1 of 4...(world-wide). Thus... 3) This may have been a targeted attack...if so, it won't only me, but several 100 thousands world wide... 4) I have reported this to all appropiate agencies/organizations/companies..., including Department of homeland security. 5) There is the possiblility that one of my guests may have clicked on a link, trying to close it...as well as close it. 6) Are far as I can tell, the site that is most responsible for this is the 'google kit' banner (this is doubtful, but where else?) website. (bizkit) 7) Finally, and very most importantly...Thank you for your time...I can and will update this message as I have information have been exemplary.. Thanks, Bob |
|
|
|
|
Feb 15 2010, 11:51 AM
Post
#10
|
|
 Just Curious Group: Malware Response Team Posts: 11,474 Joined: 8-December 07 From: The Netherlands Member No.: 175,240 |
This thread will now be closed since the issue seems to be resolved. If you should have a new issue, please start a new topic. --------------------  |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th September 2010 - 05:28 AM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.