Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Abandoned Tweet Counter Hijacked With Malicious Script

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

Google search redirects

Started by ibait2fish , Jan 24 2010 02:49 AM

This topic is locked

9 replies to this topic

#1 ibait2fish

Members
6 posts
OFFLINE

Local time:04:32 AM

Posted 24 January 2010 - 02:49 AM

Well, Google and MSN Bing frequently redirect to 3rd party sites. The search results show, click, and then off to
the netherworld!

In addition, had a new browser window pop from this site to Yellowbook.

RootRepal error.

In addition, upon startup, I get the message 'unable to connect to file system. InCD service not running'

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2007-10-09 09:12:18
System Uptime: 2010-01-24 00:53:56 (1 hours ago)

Motherboard: Intel Corporation | | D865GLC
Processor: Intel® Pentium® 4 CPU 2.80GHz | J2E1 | 2793/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 114 GiB total, 92.197 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP920: 2009-10-26 03:00:33 - Software Distribution Service 3.0
RP921: 2009-10-26 05:27:04 - Software Distribution Service 3.0
RP922: 2009-10-26 05:54:56 - Software Distribution Service 3.0
RP923: 2009-10-26 22:06:07 - Software Distribution Service 3.0
RP924: 2009-10-27 08:35:37 - Installed Java™ 6 Update 15
RP925: 2009-10-27 08:38:56 - Installed MSN Toolbar Setup
RP926: 2009-10-28 03:00:31 - Software Distribution Service 3.0
RP927: 2009-10-29 03:00:36 - Software Distribution Service 3.0
RP928: 2009-10-29 12:53:05 - Installed AVG 9.0
RP929: 2009-10-30 03:00:30 - Software Distribution Service 3.0
RP930: 2009-10-31 03:00:28 - Software Distribution Service 3.0
RP931: 2009-11-01 03:00:42 - Software Distribution Service 3.0
RP932: 2009-11-01 04:00:30 - Software Distribution Service 3.0
RP933: 2009-11-02 04:00:36 - Software Distribution Service 3.0
RP934: 2009-11-02 11:37:28 - Installed AVG 9.0
RP935: 2009-11-03 04:00:41 - Software Distribution Service 3.0
RP936: 2009-11-03 10:47:44 - Avg8 Update
RP937: 2009-11-03 15:49:05 - Installed Java™ 6 Update 17
RP938: 2009-11-04 04:00:44 - Software Distribution Service 3.0
RP939: 2009-11-05 04:00:31 - Software Distribution Service 3.0
RP940: 2009-11-05 09:27:32 - Software Distribution Service 3.0
RP941: 2009-11-05 12:20:25 - Installed AVG 9.0
RP942: 2009-11-05 18:58:57 - Avg8 Update
RP943: 2009-11-06 04:00:31 - Software Distribution Service 3.0
RP944: 2009-11-06 18:58:09 - Avg8 Update
RP945: 2009-11-07 04:00:37 - Software Distribution Service 3.0
RP946: 2009-11-08 03:00:43 - Software Distribution Service 3.0
RP947: 2009-11-09 03:01:01 - Software Distribution Service 3.0
RP948: 2009-11-09 10:27:16 - Avg8 Update
RP949: 2009-11-09 10:29:01 - Avg8 Update
RP950: 2009-11-09 11:13:41 - Software Distribution Service 3.0
RP951: 2009-11-10 03:00:31 - Software Distribution Service 3.0
RP952: 2009-11-11 03:00:42 - Software Distribution Service 3.0
RP953: 2009-11-12 03:00:38 - Software Distribution Service 3.0
RP954: 2009-11-12 08:56:59 - Avg8 Update
RP955: 2009-11-13 03:00:36 - Software Distribution Service 3.0
RP956: 2009-11-13 17:57:57 - Avg8 Update
RP957: 2009-11-14 03:00:39 - Software Distribution Service 3.0
RP958: 2009-11-15 03:00:34 - Software Distribution Service 3.0
RP959: 2009-11-16 03:00:35 - Software Distribution Service 3.0
RP960: 2009-11-16 11:44:42 - Software Distribution Service 3.0
RP961: 2009-11-17 03:00:41 - Software Distribution Service 3.0
RP962: 2009-11-17 11:34:22 - Software Distribution Service 3.0
RP963: 2009-11-18 03:00:41 - Software Distribution Service 3.0
RP964: 2009-11-19 03:00:35 - Software Distribution Service 3.0
RP965: 2009-11-20 00:45:41 - Software Distribution Service 3.0
RP966: 2009-11-20 09:13:06 - Avg8 Update
RP967: 2009-11-20 09:14:46 - Avg8 Update
RP968: 2009-11-20 12:01:42 - Software Distribution Service 3.0
RP969: 2009-11-20 17:58:09 - Avg8 Update
RP970: 2009-11-21 03:00:31 - Software Distribution Service 3.0
RP971: 2009-11-21 21:00:04 - Software Distribution Service 3.0
RP972: 2009-11-22 21:40:30 - System Checkpoint
RP973: 2009-11-23 22:32:38 - System Checkpoint
RP974: 2009-11-24 03:00:52 - Software Distribution Service 3.0
RP975: 2009-11-24 17:57:49 - Avg8 Update
RP976: 2009-11-24 22:05:25 - Software Distribution Service 3.0
RP977: 2009-11-25 22:21:37 - System Checkpoint
RP978: 2009-11-26 03:00:34 - Software Distribution Service 3.0
RP979: 2009-11-27 03:00:30 - Software Distribution Service 3.0
RP980: 2009-11-27 17:58:39 - Avg8 Update
RP981: 2009-11-27 20:10:23 - Software Distribution Service 3.0
RP982: 2009-11-28 21:39:26 - System Checkpoint
RP983: 2009-11-29 03:00:32 - Software Distribution Service 3.0
RP984: 2009-11-30 03:00:37 - Software Distribution Service 3.0
RP985: 2009-12-01 03:00:36 - Software Distribution Service 3.0
RP986: 2009-12-02 03:00:28 - Software Distribution Service 3.0
RP987: 2009-12-02 17:58:54 - Avg8 Update
RP988: 2009-12-03 03:00:50 - Software Distribution Service 3.0
RP989: 2009-12-04 03:00:34 - Software Distribution Service 3.0
RP990: 2009-12-04 17:59:39 - Avg8 Update
RP991: 2009-12-05 03:00:34 - Software Distribution Service 3.0
RP992: 2009-12-05 08:03:05 - Avg8 Update
RP993: 2009-12-06 03:00:53 - Software Distribution Service 3.0
RP994: 2009-12-07 02:08:51 - Software Distribution Service 3.0
RP995: 2009-12-08 03:00:40 - Software Distribution Service 3.0
RP996: 2009-12-09 03:00:32 - Software Distribution Service 3.0
RP997: 2009-12-10 03:00:48 - Software Distribution Service 3.0
RP998: 2009-12-10 08:00:39 - Avg8 Update
RP999: 2009-12-10 08:02:48 - Avg8 Update
RP1000: 2009-12-11 02:08:16 - Software Distribution Service 3.0
RP1001: 2009-12-11 19:57:45 - Software Distribution Service 3.0
RP1002: 2009-12-12 07:41:49 - Avg8 Update
RP1003: 2009-12-13 08:11:49 - Software Distribution Service 3.0
RP1004: 2009-12-14 03:00:33 - Software Distribution Service 3.0
RP1005: 2009-12-14 12:43:19 - Software Distribution Service 3.0
RP1006: 2009-12-15 03:00:38 - Software Distribution Service 3.0
RP1007: 2009-12-15 17:57:41 - Avg8 Update
RP1008: 2009-12-16 03:00:35 - Software Distribution Service 3.0
RP1009: 2009-12-17 03:00:43 - Software Distribution Service 3.0
RP1010: 2009-12-18 03:00:39 - Software Distribution Service 3.0
RP1011: 2009-12-18 17:58:26 - Avg8 Update
RP1012: 2009-12-19 03:00:33 - Software Distribution Service 3.0
RP1013: 2009-12-20 03:00:37 - Software Distribution Service 3.0
RP1014: 2009-12-21 03:00:39 - Software Distribution Service 3.0
RP1015: 2009-12-21 17:47:43 - Software Distribution Service 3.0
RP1016: 2009-12-22 03:00:29 - Software Distribution Service 3.0
RP1017: 2009-12-22 09:35:02 - Avg8 Update
RP1018: 2009-12-23 03:00:34 - Software Distribution Service 3.0
RP1019: 2009-12-24 03:00:32 - Software Distribution Service 3.0
RP1020: 2009-12-24 22:33:13 - Software Distribution Service 3.0
RP1021: 2009-12-25 23:30:44 - System Checkpoint
RP1022: 2009-12-26 03:00:43 - Software Distribution Service 3.0
RP1023: 2009-12-27 01:48:05 - Software Distribution Service 3.0
RP1024: 2009-12-28 01:54:52 - System Checkpoint
RP1025: 2009-12-28 03:00:31 - Software Distribution Service 3.0
RP1026: 2009-12-29 02:01:54 - Software Distribution Service 3.0
RP1027: 2009-12-29 17:59:12 - Avg8 Update
RP1028: 2009-12-30 03:00:38 - Software Distribution Service 3.0
RP1029: 2009-12-31 03:00:43 - Software Distribution Service 3.0
RP1030: 2009-12-31 03:12:47 - Software Distribution Service 3.0
RP1031: 2009-12-31 10:11:22 - Avg8 Update
RP1032: 2009-12-31 12:38:00 - Software Distribution Service 3.0
RP1033: 2010-01-01 03:00:30 - Software Distribution Service 3.0
RP1034: 2010-01-02 03:00:49 - Software Distribution Service 3.0
RP1035: 2010-01-02 20:18:59 - Software Distribution Service 3.0
RP1036: 2010-01-03 20:41:09 - System Checkpoint
RP1037: 2010-01-04 03:00:26 - Software Distribution Service 3.0
RP1038: 2010-01-04 18:12:07 - Software Distribution Service 3.0
RP1039: 2010-01-05 03:00:25 - Software Distribution Service 3.0
RP1040: 2010-01-05 17:31:57 - Software Distribution Service 3.0
RP1041: 2010-01-05 17:57:04 - Software Distribution Service 3.0
RP1042: 2010-01-06 08:04:35 - Software Distribution Service 3.0
RP1043: 2010-01-07 03:00:31 - Software Distribution Service 3.0
RP1044: 2010-01-08 03:00:36 - Software Distribution Service 3.0
RP1045: 2010-01-08 17:58:36 - Avg8 Update
RP1046: 2010-01-08 19:57:12 - Software Distribution Service 3.0
RP1047: 2010-01-09 21:04:56 - System Checkpoint
RP1048: 2010-01-10 01:10:26 - Software Distribution Service 3.0
RP1049: 2010-01-11 01:32:22 - System Checkpoint
RP1050: 2010-01-11 03:00:33 - Software Distribution Service 3.0
RP1051: 2010-01-12 03:00:29 - Software Distribution Service 3.0
RP1052: 2010-01-13 03:00:38 - Software Distribution Service 3.0
RP1053: 2010-01-13 13:56:57 - Software Distribution Service 3.0
RP1054: 2010-01-13 14:31:12 - Software Distribution Service 3.0
RP1055: 2010-01-13 18:07:14 - Software Distribution Service 3.0
RP1056: 2010-01-14 03:00:34 - Software Distribution Service 3.0
RP1057: 2010-01-14 05:58:58 - Avg8 Update
RP1058: 2010-01-14 08:19:15 - Avg8 Update
RP1059: 2010-01-15 00:22:58 - Software Distribution Service 3.0
RP1060: 2010-01-16 01:08:39 - System Checkpoint
RP1061: 2010-01-16 03:00:33 - Software Distribution Service 3.0
RP1062: 2010-01-16 19:18:59 - Software Distribution Service 3.0
RP1063: 2010-01-17 03:00:35 - Software Distribution Service 3.0
RP1064: 2010-01-17 04:32:39 - Restore Operation
RP1065: 2010-01-17 04:55:00 - Software Distribution Service 3.0
RP1066: 2010-01-17 07:26:35 - Software Distribution Service 3.0
RP1067: 2010-01-17 21:44:29 - Software Distribution Service 3.0
RP1068: 2010-01-18 23:12:54 - System Checkpoint
RP1069: 2010-01-19 03:00:29 - Software Distribution Service 3.0
RP1070: 2010-01-20 03:00:48 - Software Distribution Service 3.0
RP1071: 2010-01-21 00:41:02 - Software Distribution Service 3.0
RP1072: 2010-01-22 01:29:03 - System Checkpoint
RP1073: 2010-01-22 03:00:34 - Software Distribution Service 3.0
RP1074: 2010-01-22 11:24:05 - Software Distribution Service 3.0
RP1075: 2010-01-22 19:24:57 - Installed HiJackThis
RP1076: 2010-01-22 12:21:45 - System Checkpoint
RP1077: 2010-01-22 13:57:34 - Avg8 Update
RP1078: 2010-01-23 11:13:15 - Microsoft Antimalware Checkpoint
RP1079: 2010-01-23 11:23:10 - Software Distribution Service 3.0
RP1080: 2010-01-23 12:03:33 - Software Distribution Service 3.0
RP1081: 2010-01-23 11:25:33 - System Checkpoint

==== Installed Programs ======================

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe® Photoshop® Album Starter Edition 3.2
AnalogX CookieWall
ArcSoft Software Suite
AutoUpdate
AVG 9.0
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
EPSON Copy Utility
EPSON EIC CX5400
EPSON Photo Print
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
ESET Online Scanner v3
FLV Player 2.0, build 23
FrontierNet DSL Attendant
FXCM Trading Station
Gateway Drivers and Applications Recovery
Gateway IE Customizations
Gateway Ink Monitor
Gateway Rhapsody
Gateway User's Guide
Google Toolbar for Internet Explorer
HiJackThis
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
InCD
InstallMgr
Intel® 537EP Data Fax Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Java 2 Runtime Environment, SE v1.4.2
Java™ 6 Update 17
Java™ 6 Update 6
Java™ 6 Update 7
Malwarebytes' Anti-Malware
Malwarebytes' RogueRemover
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Encarta Encyclopedia Standard 2004
Microsoft IntelliPoint 4.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Learning and Research Plus Support Files
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Picture It! Express 7.0
Microsoft Picture It! Photo Premium 9
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Streets and Trips 2004
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (2.0.0.17)
MSN Internet Software
MSN Messenger 5.0
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MUSICMATCH® Jukebox
Nero OEM
Office 2003 Setup Files
PC-Doctor for Windows
QuickBooks Basic Edition 2004
QuickTime
RealPlayer Basic
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shockwave
Splendid City Sports Scheduler v6.6.2
Splendid City Sports Scheduler v6.7.1
SUPERAntiSpyware Free Edition
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 0.9.9
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Install Manager
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

2010-01-23 13:03:39, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
2010-01-23 13:03:39, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2010-01-23 11:36:37, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TangoService service.
2010-01-23 11:25:48, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Security Update for Microsoft Office Excel 2003 (KB973475).
2010-01-23 11:25:48, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Security Update for Microsoft Office 2003 (KB974554).
2010-01-23 11:13:18, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...atid=2147630381 User: GATEWAY-2YM32XV\Owner Name: Exploit:Win32/Pdfjsc.CR ID: 2147630381 Severity: Severe Category: Exploit Path: Action: Quarantine Error Code: 0x80070002 Error description: The system cannot find the file specified. Status: Signature Version: AV: 1.73.24.0, AS: 1.73.24.0 Engine Version: 1.1.5405.0
2010-01-22 18:55:40, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
2010-01-22 18:55:40, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2010-01-22 18:54:32, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG E-mail Scanner service to connect.
2010-01-22 18:54:32, error: Service Control Manager [7000] - The AVG E-mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2010-01-22 12:05:57, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2010-01-22 11:48:00, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
2010-01-21 23:41:59, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
2010-01-21 23:41:59, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
2010-01-21 23:38:08, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
2010-01-21 23:38:08, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
2010-01-19 11:42:31, error: Dhcp [1002] - The IP address lease 192.168.254.1 for the Network Card with network address 000CF1ADC9F2 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
2010-01-18 21:07:42, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2010-01-18 21:07:37, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
2010-01-18 21:07:37, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
2010-01-18 21:07:37, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2010-01-18 21:07:37, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2010-01-18 21:07:37, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2010-01-18 21:07:05, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2010-01-18 21:07:03, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2010-01-17 07:32:05, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB974554).
2010-01-17 07:29:09, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB973475).

==== End Of File ===========================

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows XP SP3
Exception Code: 0xc0000094
Exception Address: 0x004eca19

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 pwgib

Malware Response Team
2,957 posts
OFFLINE

Gender:Male
Location:God's Country
Local time:05:32 AM

Posted 30 January 2010 - 11:45 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 ibait2fish

Topic Starter

Members
6 posts
OFFLINE

Local time:04:32 AM

Posted 04 February 2010 - 02:24 PM

Thanks for your response!

Since my first post, it appears that microsoft security essentials chased the problem around and found this:
'virus: win32/Alureon.F'

The search no longer redirects, however, I'm still having problems, specifically an error message upon bootup:
'cannot connect to file system. InCD service not running', as well as, on ocassion, 'your system is low on virtual
memory', and the memory increases.

Additionally, my system is slow to boot up, and also start Internet Explorer.

Here is a new DDS log.

Attach.zip 4.08KB 10 downloads

DDS.txt 18.87KB 15 downloads

Thanks again for your attention!

Edited by ibait2fish, 04 February 2010 - 02:52 PM.

#4 pwgib

Malware Response Team
2,957 posts
OFFLINE

Gender:Male
Location:God's Country
Local time:05:32 AM

Posted 05 February 2010 - 08:03 AM

Hello ibait2fish

I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy.

As you can see the logs we ask for are very extensive and take a lot of time to investigate. In addition, since I am still in training all of my responses have to be reviewed by our excellent expert staff so there may be a delay in response time. The advantage is that your log will be evaluated by two sets of eyes and two brains.

If you haven't already, you can keep the link to this topic in your Favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this Topic, where you can choose email notifications.

Please make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box.
Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

Again, keep in mind that it may take a couple of days or more before I can reply but once we get started the process should speed up.

Thank you for your patience!!

#5 ibait2fish

Topic Starter

Members
6 posts
OFFLINE

Local time:04:32 AM

Posted 07 February 2010 - 11:27 AM

Thanks!

#6 pwgib

Malware Response Team
2,957 posts
OFFLINE

Gender:Male
Location:God's Country
Local time:05:32 AM

Posted 08 February 2010 - 12:02 PM

Hello ibait2fish,

I have some bad news

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Thanks!!

#7 ibait2fish

Topic Starter

Members
6 posts
OFFLINE

Local time:04:32 AM

Posted 09 February 2010 - 07:40 PM

K, thanks!

I would prefer to wipe and clean the entire machine, however...I have have basically 2 questions...

1) When you say to backup all data, am I able to do this without reinfecting my computer?
2) How do I wipe the drive clean?

I really don't know how the Hell I got this...a backup 'puter is on order..

Please respond...My next correspondence with you will be via the public library..k?

---Bob

#8 pwgib

Malware Response Team
2,957 posts
OFFLINE

Gender:Male
Location:God's Country
Local time:05:32 AM

Posted 10 February 2010 - 04:33 PM

QUOTE

1) When you say to backup all data, am I able to do this without reinfecting my computer?

Yes, if done properly.

When you backup data you need to save any files that you want to keep as a clean install of the operating system will completely erase those files.

You can backup or save your files by burning them to CD, saving to a floppy disk, an external drive, flash or thumb drive. These might include word documents, .pdf files, music and pictures. Do not backup any programs or applications. If you use an external drive to save your data you will need to run FlashDisinfector prior to backing up.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Note that the files with the following extensions should not be backed up:
.exe
.scr
.htm
.html
.xml
.zip
.rar
.asp
.php

QUOTE

2) How do I wipe the drive clean?

If you do not know how to perform a fresh install, use these websites and read for instructions on how to format and reinstall Windows:

http://www.theeldergeek.com/clean_installa..._windows_xp.htm

http://www.winsupersite.com/showcase/windowsxp_sg_clean.asp

If you have any more questions please don't hesitate to ask.

Thanks!!

#9 ibait2fish

Topic Starter

Members
6 posts
OFFLINE

Local time:04:32 AM

Posted 10 February 2010 - 07:15 PM

Thank you very much!

There are several things of which I think you should be aware.

1) This may have been a targeted attack...I have reported and been responsible for reporting several cp and other
sites..I do not seek these out, but, if they show up on my 'puter..die...

2) I was able to identify the domain registrar hack of several years ago..1 of 4...(world-wide). Thus...

3) This may have been a targeted attack...if so, it won't only me, but several 100 thousands world wide...

4) I have reported this to all appropiate agencies/organizations/companies..., including Department of homeland
security.
5) There is the possiblility that one of my guests may have clicked on a link, trying to close it...as well as close
it.
6) Are far as I can tell, the site that is most responsible for this is the 'google kit' banner (this is doubtful, but where
else?) website. (bizkit)

7) Finally, and very most importantly...Thank you for your time...I can and will update this message as I have
information have been exemplary..

Thanks,

Bob