Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijack: Redirected to random sites


  • This topic is locked This topic is locked
6 replies to this topic

#1 chichiree

chichiree

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 10 April 2009 - 10:48 AM

I'm having a browser hijack problem with all my web browsers. Basically I keep getting redirected to random sites. I think I might have to remove those Nameserver files in my log, but I'm not 100 percent confident in deleting them yet. Plus, there's probably some Malware I might be overlooking. Any help will be *greatly* appreciated. Thanks.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:04 AM, on 4/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\RainingData\OS33 RT\omnis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marjorie.WEDDINGDRESSES\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1238598561734
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = weddingdresses
O17 - HKLM\Software\..\Telephony: DomainName = weddingdresses
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D067090-38E7-402B-9364-ED0E37CDCD7F}: NameServer = 216.213.0.107,216.213.0.108
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = weddingdresses
O17 - HKLM\System\CS1\Services\Tcpip\..\{5D067090-38E7-402B-9364-ED0E37CDCD7F}: NameServer = 216.213.0.107,216.213.0.108
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:04 AM

Posted 11 April 2009 - 12:10 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 chichiree

chichiree
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 14 April 2009 - 12:24 PM

Sorry for the late reply. I posted this while at work and then took on a four day weekend. Anyway, below is the log from OTListIt2:

OTListIt Extras logfile created on: 4/14/2009 12:35:05 PM - Run 2

OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Marjorie.WEDDINGDRESSES\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



1014.07 Mb Total Physical Memory | 453.26 Mb Available Physical Memory | 44.70% Memory free

2.38 Gb Paging File | 1.74 Gb Available in Paging File | 73.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048;



%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 145.62 Gb Total Space | 129.71 Gb Free Space | 89.08% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive P: | 8.81 Gb Total Space | 3.62 Gb Free Space | 41.12% Space Free | Partition Type: NTFS



Computer Name: SALES

Current User Name: marjorie

Logged in as Administrator.



Current Boot Mode: Normal

Scan Mode: All users

Output = Standard

File Age = 30 Days

Company Name Whitelist: On



========== File Associations ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)

.cpl [@ = cplfile] -- C:\WINDOWS\system32\shell32.DLL (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)

.hta [@ = htafile] -- C:\WINDOWS\system32\mshta.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)

.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\WINDOWS\system32\shdocvw.DLL (Microsoft Corporation)

.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)

.txt [@ = txtfile] -- C:\WINDOWS\system32\NOTEPAD.EXE (Microsoft Corporation)

.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)



[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)



[HKEY_USERS\S-1-5-21-746137067-1284227242-682003330-1130\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)



========== Security Center Settings ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]



HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

"DisableNotifications" = 0



HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008



========== Authorized Applications List ==========



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2004/08/04 05:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL

File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL

File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2004/08/04 05:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL

File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL

File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL

[2003/08/06 13:24:20 | 12,037,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word

File not found -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe



========== HKEY_LOCAL_MACHINE Uninstall List ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player

"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module

"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio

"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy

"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU

"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Omnis Studio 3.3 Runtime" = Omnis Studio 3.3 Runtime

"PDFCreator Toolbar" = PDFCreator Toolbar

"PROSet" = Intel® PRO Network Connections Drivers

"QuickTime" = QuickTime

"RealPlayer 6.0" = RealPlayer Basic

"Registry Mechanic_is1" = Registry Mechanic 8.0

"Spyware Doctor" = Spyware Doctor 6.0

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"WinZip" = WinZip



========== HKEY_CURRENT_USER Uninstall List ==========



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome



========== HKEY_USERS Uninstall List ==========



[HKEY_USERS\S-1-5-21-746137067-1284227242-682003330-1130\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome



========== Last 10 Event Log Errors ==========



[ Application Events ]

Error - 4/14/2009 10:44:26 AM | Computer Name = SALES | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting

module unknown, version 0.0.0.0, fault address 0x10001e39.



Error - 4/14/2009 10:56:09 AM | Computer Name = SALES | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.



Error - 4/14/2009 10:57:25 AM | Computer Name = SALES | Source = AutoEnrollment | ID = 15

Description = Automatic certificate enrollment for local system failed to contact

the active directory (0x8007054b). The specified domain either does not exist

or could not be contacted. Enrollment will not be performed.



Error - 4/14/2009 10:58:03 AM | Computer Name = SALES | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting

module unknown, version 0.0.0.0, fault address 0x10001e39.



Error - 4/14/2009 10:58:23 AM | Computer Name = SALES | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.



Error - 4/14/2009 11:10:43 AM | Computer Name = SALES | Source = Microsoft Office 11 | ID = 1000

Description = Faulting application outlook.exe, version 11.0.5510.0, stamp 3f1380f0,

faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address

0x11061e39.



Error - 4/14/2009 11:21:44 AM | Computer Name = SALES | Source = Application Hang | ID = 1002

Description = Hanging application OUTLOOK.EXE, version 11.0.5510.0, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.



Error - 4/14/2009 11:36:43 AM | Computer Name = SALES | Source = Application Error | ID = 1000

Description = Faulting application firefox.exe, version 1.9.0.3372, faulting module

unknown, version 0.0.0.0, fault address 0x10001e39.



Error - 4/14/2009 11:39:02 AM | Computer Name = SALES | Source = Application Error | ID = 1000

Description = Faulting application firefox.exe, version 1.9.0.3372, faulting module

unknown, version 0.0.0.0, fault address 0x10001e39.



Error - 4/14/2009 12:13:48 PM | Computer Name = SALES | Source = Application Hang | ID = 1002

Description = Hanging application OUTLOOK.EXE, version 11.0.5510.0, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.



[ System Events ]

Error - 4/13/2009 11:28:28 AM | Computer Name = SALES | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 119 minutes. NtpClient has no source of accurate

time.



Error - 4/13/2009 1:28:28 PM | Computer Name = SALES | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 239 minutes. NtpClient has no source of accurate

time.



Error - 4/13/2009 5:28:28 PM | Computer Name = SALES | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 479 minutes. NtpClient has no source of accurate

time.



Error - 4/14/2009 1:28:28 AM | Computer Name = SALES | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 959 minutes. NtpClient has no source of accurate

time.



Error - 4/14/2009 10:55:54 AM | Computer Name = SALES | Source = NETLOGON | ID = 5719

Description = No Domain Controller is available for domain WEDDINGDRESSES due to

the following: %%1311. Make sure that the computer is connected to the network and

try again. If the problem persists, please contact your domain administrator.



Error - 4/14/2009 10:55:58 AM | Computer Name = SALES | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.



Error - 4/14/2009 10:56:13 AM | Computer Name = SALES | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.



Error - 4/14/2009 10:57:19 AM | Computer Name = SALES | Source = Service Control Manager | ID = 7000

Description = The Upload Manager service failed to start due to the following error:

%%1079



Error - 4/14/2009 11:11:29 AM | Computer Name = SALES | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 29 minutes. NtpClient has no source of accurate

time.



Error - 4/14/2009 11:41:29 AM | Computer Name = SALES | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 59 minutes. NtpClient has no source of accurate

time.





< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:04 AM

Posted 15 April 2009 - 11:58 AM

No problem on the delay, but that's the wrong log. That's the extra log and I need to see the main log.
Also if you could disable the double spacing before you post it that will make it much easier to review.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 chichiree

chichiree
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 16 April 2009 - 01:00 PM

OK, someone else is sending me the logs since the problem is on their computer. But the log they sent me was so long, I wasn't allowed to post it on this forum. Is it supposed to be that long? What did they do wrong?

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:04 AM

Posted 17 April 2009 - 09:17 AM

You can break it up into separate posts, or you can attach it.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:04 AM

Posted 09 May 2009 - 01:23 PM

As there has been no response, this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users