Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Afinding, Wserving And Nobicyt Infestation


  • This topic is locked This topic is locked
2 replies to this topic

#1 Tekn0cat

Tekn0cat

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 14 July 2008 - 07:57 PM

I originally created this thread in the "Am I infected?" section here to try to remove malware on a corporate laptop running Win XP Pro SP2. After trying several cleaner programs and the malware returning on every reboot, I was referred to post in this forum for more help.

Here are the Kaspersky and DSS logs that I just created. Note: I've removed many Hosts file entries in the DSS log for brevity, because my company has many custom hosts file entries for the IP addresses of 135 stores.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, July 14, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, July 14, 2008 22:33:50
Records in database: 953481
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 51163
Threat name: 11
Infected objects: 13
Suspicious objects: 0
Duration of the scan: 01:23:29


File name / Threat name / Threats count
C:\WINDOWS\system32\Nobicyt.exe/C:\WINDOWS\system32\Nobicyt.exe Infected: Trojan-Downloader.Win32.Delf.jxi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09480000.VBN Infected: Trojan.Win32.Delf.dbc 1
C:\Documents and Settings\pguay\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\pguay\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wserving.exe.vir Infected: Trojan-Downloader.Win32.Delf.jzd 1
C:\RECYCLER\S-1-5-21-728834251-2114719057-1536833037-1921\Dc37.exe Infected: Trojan-Downloader.Win32.Delf.jyn 1
C:\WINDOWS\system32\asck.exe Infected: not-a-virus:AdWare.Win32.AlexaBar.ah 1
C:\WINDOWS\system32\atpsck.exe Infected: not-a-virus:AdWare.Win32.AlexaBar.ak 1
C:\WINDOWS\system32\Nobicyt.exe Infected: Trojan-Downloader.Win32.Delf.jxi 1
C:\WINDOWS\system32\ntscpd.sys Infected: Trojan.Win32.Delf.daj 1
C:\WINDOWS\system32\nxtscpd.sys Infected: Trojan.Win32.Delf.del 1
C:\WINDOWS\system32\sxwand.sys Infected: Trojan.Win32.DNSChanger.ezd 1
C:\WINDOWS\system32\xwxfst.sys Infected: Trojan-Clicker.Win32.VB.bca 1

The selected area was scanned.
================================
Deckard's System Scanner v20071014.68
Run by helpdesk on 2008-07-14 20:25:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-07-15 00:25:53 UTC - RP7 - Deckard's System Scanner Restore Point
1: 2008-07-14 20:40:46 UTC - RP6 - PostVirusClean1


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-14 20:27:47
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Nobicyt.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\WINDOWS\system32\sxwand.sys
C:\WINDOWS\system32\wserving.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\perfs.exe
C:\Documents and Settings\Helpdesk\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136913118388
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {E7C44C86-0CD3-11D2-9311-00A0247A4E65} (SEAGULL J Walk ActiveX Client) - http://192.168.20.198/JWalkX/JWalkX.cab
O17 - HKLM\Software\..\Telephony: DomainName = laurasecord.ca
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = laurasecord.ca
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = laurasecord.ca
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = laurasecord.ca
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: NOBICYT - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe


--
End of file - 28383 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S1 ClntMgmt.sys - c:\windows\system32\drivers\clntmgmt.sys (file missing)
S3 catchme - c:\docume~1\pguay\locals~1\temp\catchme.sys (file missing)
S3 PCASp50 (PCASp50 NDIS Protocol Driver) - c:\windows\system32\drivers\pcasp50.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AFinding (AFinding Service) - c:\windows\system32\afinding.exe
R2 NOBICYT - c:\windows\system32\nobicyt.exe
R2 perfmons (perfmons Service) - c:\windows\system32\perfs.exe
R2 Routing (Routing Service) - c:\windows\system32\routing.exe
R2 WServing (WServing Service) - c:\windows\system32\wserving.exe
R3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe

S3 HP Port Resolver - c:\windows\system32\spool\drivers\w32x86\3\hpbpro.exe
S3 HP Status Server - c:\windows\system32\spool\drivers\w32x86\3\hpboid.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Files created between 2008-06-14 and 2008-07-14 -----------------------------

2008-07-14 17:19:09 1516 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-14 15:43:44 0 -rahs---- C:\MSDOS.SYS
2008-07-14 15:43:44 0 -rahs---- C:\IO.SYS
2008-07-14 15:43:07 0 d-------- C:\WINDOWS\ERUNT
2008-07-14 15:32:15 0 d-------- C:\Documents and Settings\pguay\Application Data\Malwarebytes
2008-07-14 13:00:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-14 12:54:19 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-14 12:54:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-14 12:54:12 0 d-------- C:\Documents and Settings\Helpdesk\Application Data\SUPERAntiSpyware.com
2008-07-09 12:50:42 0 d-------- C:\Documents and Settings\Helpdesk\Application Data\Malwarebytes
2008-07-09 12:50:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-09 12:50:31 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 10:03:27 68096 --a------ C:\WINDOWS\zip.exe
2008-07-09 10:03:27 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-09 10:03:27 212480 --a------ C:\WINDOWS\swxcacls.exe
2008-07-09 10:03:27 136704 --a------ C:\WINDOWS\swsc.exe
2008-07-09 10:03:27 161792 --a------ C:\WINDOWS\swreg.exe
2008-07-09 10:03:27 98816 --a------ C:\WINDOWS\sed.exe
2008-07-09 10:03:27 80412 --a------ C:\WINDOWS\grep.exe
2008-07-09 10:03:27 89504 --a------ C:\WINDOWS\fdsv.exe
2008-07-02 20:31:52 0 d-------- C:\Program Files\Boingo
2008-07-02 20:31:52 0 d-------- C:\Documents and Settings\All Users\Application Data\GoBoingo
2008-07-01 16:19:44 0 d-------- C:\Documents and Settings\pguay\Application Data\U3
2008-06-24 12:40:46 0 d-------- C:\Program Files\Lavasoft
2008-06-24 12:40:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 12:40:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 12:37:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-23 10:35:51 0 d-------- C:\Documents and Settings\Helpdesk\Application Data\Sun
2008-06-23 10:35:39 0 d-------- C:\Documents and Settings\Helpdesk\Application Data\Macromedia
2008-06-21 14:17:17 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-19 09:30:11 0 d---s---- C:\Documents and Settings\LocalService\UserData
2008-06-18 11:44:22 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-06-18 11:44:22 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-16 16:16:47 0 d-------- C:\Program Files\Microsoft Silverlight


-- Find3M Report ---------------------------------------------------------------

2008-07-14 20:03:49 0 d-------- C:\Program Files\Symantec AntiVirus
2008-07-11 16:28:28 0 d-------- C:\Program Files\PartyGaming
2008-06-24 12:40:03 0 d-------- C:\Program Files\Common Files
2008-06-23 10:35:39 0 d-------- C:\Documents and Settings\Helpdesk\Application Data\Adobe
2008-05-29 08:56:08 0 d-------- C:\Program Files\Common Files\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-04-27 08:33]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 07:50]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 13:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Check Version]
"C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Express Welcome]
"C:\Program Files\IBM\Client Access\cwbwlwiz.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Help Update]
"C:\Program Files\IBM\Client Access\cwbinhlp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access PC5250 Sound]
"C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Service]
"C:\Program Files\IBM\Client Access\cwbsvstr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoBoingo]
C:\Program Files\Boingo\GoBoingo\GoBoingo.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\InterVideo\DVD Check\DVDCheck.exe




-- Hosts -----------------------------------------------------------------------

216.223.143.164 SWHO
192.168.20.2 ls1.laurasecord.ca
192.168.20.2 LS1
192.168.20.3 Infinium
192.168.20.3 ACCDEV
192.168.20.4 FSS1
192.168.20.6 VNCgateway
192.168.20.7 FSS2
192.168.20.8 MMSI
192.168.20.10 Shiva

1 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-14 20:28:43 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.73GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 503.36 MiB / 238.37 MiB
Pagefile Memory (total/avail): 1227.38 MiB / 791.27 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.71 MiB

C: is Fixed (NTFS) - 37.26 GiB total, 20.06 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2040AH - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\IBM\\Client Access\\cwbunnav.exe"="C:\\Program Files\\IBM\\Client Access\\cwbunnav.exe:*:Enabled:cwbunnav.exe"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Helpdesk\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PBRENER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Helpdesk
LOGONSERVER=\\LSEXCHANGE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\PROGRA~1\IBM\CLIENT~1;C:\PROGRA~1\IBM\CLIENT~1\Shared;C:\PROGRA~1\IBM\CLIENT~1\Emulator;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Helpdesk\LOCALS~1\Temp
TMP=C:\DOCUME~1\Helpdesk\LOCALS~1\Temp
USERDNSDOMAIN=LAURASECORD.CA
USERDOMAIN=LS
USERNAME=helpdesk
USERPROFILE=C:\Documents and Settings\Helpdesk
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)
dputtock (admin)
pguay (admin)
Helpdesk (admin)
mtravas (admin)
pbrener (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL144.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL59.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL60.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL61.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL62.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL63.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL64.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL65.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL66.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL67.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL68.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL69.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL70.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL71.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL72.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL73.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL74.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL75.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL76.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL77.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL78.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL79.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL80.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL81.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL82.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL83.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL84.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL85.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL86.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL87.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL88.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL10.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL9.isu"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Agere Systems AC'97 Modem --> agrsmdel
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
GoBoingo! --> MsiExec.exe /X{12723C3A-0FF8-4A0C-8BD3-DC958F388F67}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
HijackThis 1.98.2 --> S:\Utilities\AntiSpy\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Accessories Product Tour --> MsiExec.exe /I{D0572854-191F-45DB-B959-641F8E5C8409}
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP User Guides 0004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3E5B5A9-88A4-4334-BBD0-96CCF002CBFF}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 1.01 B2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
IBM iSeries Access for Windows --> "C:\Program Files\IBM\Client Access\cwbinarp.exe"
IBM iSeries Access for Windows SI16496 --> "C:\Program Files\IBM\Client Access\cwbunsp.exe"
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
InterVideo DVD Check --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J Walk Windows Client (32 bit) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SEAGULL\J Walk Windows Client-Version 3.3C10\Uninst.isu"
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Converter Pack --> MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PDFCreator --> C:\Program Files\PDFCreator\unins000.exe
Quick Launch Buttons 5.10 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1} /l1033
VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type13758 / Error
Event Submitted/Written: 07/14/2008 08:26:43 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type13750 / Error
Event Submitted/Written: 07/14/2008 07:32:39 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Downloader in File: C:\QooBox\Quarantine\C\WINDOWS\system32\routing.exe.vir by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.

Event Record #/Type13739 / Error
Event Submitted/Written: 07/14/2008 06:30:21 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event Record #/Type13738 / Error
Event Submitted/Written: 07/14/2008 06:29:18 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type13735 / Error
Event Submitted/Written: 07/14/2008 06:28:18 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type23453 / Error
Event Submitted/Written: 07/14/2008 08:15:48 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 119 minutes.
NtpClient has no source of accurate time.

Event Record #/Type23452 / Warning
Event Submitted/Written: 07/14/2008 08:15:48 PM
Event ID/Source: 14 / W32Time
Event Description:
The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 120 minutes.

Event Record #/Type23451 / Warning
Event Submitted/Written: 07/14/2008 07:32:05 PM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server DNS/ns1.ilap.com. No authentication protocol was available.

Event Record #/Type23450 / Warning
Event Submitted/Written: 07/14/2008 07:32:05 PM
Event ID/Source: 8192 / LSASRV
Event Description:
The Security System detected an attempted downgrade attack for
server DNS/ns1.ilap.com. The failure code from authentication protocol Kerberos
was "There are currently no logon servers available to service the logon request.
(0xc000005e)".

Event Record #/Type23441 / Error
Event Submitted/Written: 07/14/2008 07:15:48 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.



-- End of Deckard's System Scanner: finished at 2008-07-14 20:28:43 ------------

BC AdBot (Login to Remove)

 


#2 Tekn0cat

Tekn0cat
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 15 July 2008 - 04:58 PM

Hello - to avoid wasting your time, you can close this thread.

User needed his laptop back ASAP, so I was forced to wipe the HDD and reinstall the O/S rather than waiting for a reply.

Thanks anyway!

#3 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 05 August 2008 - 11:10 AM

Since this issue appears to be resolved, the topic is now closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users