Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Thousands of DNS Lookups for the Same Domains Every Day


  • Please log in to reply
11 replies to this topic

#1 Farmisht

Farmisht

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 23 August 2011 - 08:54 PM

Greetings:

My first post to this forum.

I recently switched from using my ISP's own DNS servers to a well-known public DNS service: OpenDNS. It was then that I realized that my computer is making literally thousands of forward DNS lookups every day for the same list of domains. The actual number of DNS lookups varies from day to day - sometimes more, sometimes less - but always adds up to a very large amount numbering in the thousands. By the end of today, my computer will easily surpass 100,000 DNS lookups in total for the same set of domains.

The domains in question are:

patch.everquest.com
app51.logmein.com
app52.logmein.com
app53.logmein.com
app54.logmein.com
app55.logmein.com
app56.logmein.com
app57.logmein.com
app58.logmein.com
app59.logmein.com
app04-01.logmein.com
app04-02.logmein.com
app04-03.logmein.com
app04-04.logmein.com
app04-05.logmein.com
app04-06.logmein.com
app04-07.logmein.com
app04-08.logmein.com
app04-09.logmein.com

From my research I learned that people who play Everquest - a popular MMOG - must connect to patch.everquest.com in order to play.

The remaining domains all belong to LogMeIn, a well-known application used for logging in to a computer remotely. According to LogMeIn technical support, the prefixes before logmein.com (app51, app52, app04-01, app04-02, etc.) indicate that these are servers that LogMeIn uses to balance the load of requests for its services.

I never installed Everquest on my computer. I did install LogMeIn many months ago, but I hardly used it and after a few days I uninstalled it.

Hundreds of times a day, sometimes thousands, my computer is sending DNS lookup requests for each of these domains, in the order shown above. By the end of a day, the total number of requests numbers in the thousands. (I setup OpenDNS to block these requests.)

To the best of my knowledge, my computer is not suffering any ill effects from all this activity. I have no error messages, no pop-ups, no strange behavior, and my computer runs as quickly as it always has. However, over the last few weeks my connection to the internet drops several times a day. I suspect that my ISP (Comcast) is cutting off my connection due to the thousands of rapid fire DNS requests, which it may consider the sign of malware. My ISP certainly has the right and the ability to defend their network in this way, but they claim that they do not do this.

I have scanned my computer with multiple malware scanners - Malwarebytes, Norton Power Eraser, Spybot Search & Destroy; as well as two rootkit scanners - Sophos and GMER. All scans say that I am not infected.

I do have a wireless network at home, but it is extremely unlikely that my network is hacked. I have always used WPA2-PSK authentication with AES encryption. I have an uncrackable (24-character, totally random, high entropy) password. In any case, I changed my network password and it made no difference.

Most recently, I added the domains to my hosts file. Then I checked each one by 'ping'-ing each domain to be sure that 127.0.0.1 was returned. For a couple of days this dramatically slowed the number of DNS requests, but they soon came back and more numerous than ever. Today is not over, and already each domain has been requested more than 5,000 times.

I am out of ideas and I could really use your help.

Edited by Farmisht, 23 August 2011 - 09:58 PM.


BC AdBot (Login to Remove)

 


#2 Farmisht

Farmisht
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 24 August 2011 - 07:17 AM

Little addition: Regardless of what my ISP claims, I am being thrown off the internet every half hour or so, which will make my ability to fix this problem that much harder. Whomever is doing this has apparently been angered by my attempts to thwart them: There were over 153,000 DNS lookups yesterday alone.

EDIT: My ISP has assured me that they would not knock me off the internet without first attempting to contact me, which I accept. In any case, I seem to have solved the problem of losing my internet connection. Time will tell, but it seems that was a hardware problem.

My router has the ability to block outbound access to specified domains, and I have blocked access to everquest.com and logmein.com. That seems to be working. Nevertheless...something is trying to contact these domains more than 100,000 times a day, and I would like to find the cause and a cure. Many thanks for reading thus far.

Edited by Farmisht, 24 August 2011 - 08:55 PM.


#3 Farmisht

Farmisht
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 25 August 2011 - 10:54 PM

Update - I am continuing to post new findings with the hope that this will be of value to my helper:

Blocking access to these domains in my router has definitely slowed the pace, but my computer is still trying to access the servers described in my original post. I estimate that there will be a total of about 16,000 attempts to contact these servers by the end of today, which is a far cry from 153,000. Still, something is able to bypass my hosts file and my router's blocking.

I have been using Microsoft's Network Monitor, which shows the DNS lookups in exquisite detail. But unfortunately, it does not tell me which process or PID is initiating the request. Microsoft's TCPView was able to show which process was initiating the DNS request (this was before I started blocking via the hosts file and my router) and it was our good friend svchost. Behind svchost were just other Microsoft processes.

Could something have installed a proxy on my computer? One good enough to fool multiple malware scanners?

Well, I'm just about at the limits of my technical knowledge to deal with this, so I'll be glad to hear from someone more knowledgeable than me.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:39 AM

Posted 27 August 2011 - 04:42 AM

I would use your ISP's DNS Servers

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#5 Farmisht

Farmisht
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 27 August 2011 - 04:02 PM

Hello to my Bleepin' Advisor:

MiniToolBox by Farbar
Ran by M and D (administrator) on 27-08-2011 at 16:52:37
Windows 7 Professional Service Pack 1 (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1 app04-09.logmein.com
127.0.0.1 patch.everquest.com
127.0.0.1 everquest.com
127.0.0.1 logmein.com
127.0.0.1 app51.logmein.com
127.0.0.1 app52.logmein.com
127.0.0.1 app53.logmein.com
127.0.0.1 app54.logmein.com
127.0.0.1 app55.logmein.com
127.0.0.1 app56.logmein.com
127.0.0.1 app57.logmein.com
127.0.0.1 app58.logmein.com
127.0.0.1 app59.logmein.com
127.0.0.1 app04-01.logmein.com
127.0.0.1 app04-02.logmein.com
127.0.0.1 app04-03.logmein.com
127.0.0.1 app04-04.logmein.com
127.0.0.1 app04-05.logmein.com
127.0.0.1 app04-06.logmein.com
127.0.0.1 app04-07.logmein.com

There are 1 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.0.199 metric=1 publish=Yes
add address name="Local Area Connection* 6-QoS Packet Scheduler-0000" address=192.168.62.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : XPS8100
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.ma.comcast.net.

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-1E-58-B2-8E-10
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.ma.comcast.net.
Description . . . . . . . . . . . : D-Link DWA-140 RangeBooster N USB Adapter
Physical Address. . . . . . . . . : 00-1E-58-B2-8E-11
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a89e:27a5:1550:e52f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.199(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, August 25, 2011 7:20:39 PM
Lease Expires . . . . . . . . . . : Sunday, August 28, 2011 4:07:10 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 301997656
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-24-37-A2-A4-BA-DB-E9-1A-81
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : A4-BA-DB-E9-1A-81
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hsd1.ma.comcast.net.:

Connection-specific DNS Suffix . : hsd1.ma.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.0.199%17(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:20cb:1b59:3f57:ff38(Preferred)
Link-local IPv6 Address . . . . . : fe80::20cb:1b59:3f57:ff38%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{63054022-615C-49F1-9683-E198CA7A5DCB}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{6D5E8163-7500-4FCF-B6A0-060A0D388918}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.93.105] with 32 bytes of data:
Reply from 74.125.93.105: bytes=32 time=30ms TTL=52
Reply from 74.125.93.105: bytes=32 time=30ms TTL=52

Ping statistics for 74.125.93.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 30ms, Average = 30ms

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=103ms TTL=52
Reply from 98.137.149.56: bytes=32 time=105ms TTL=52

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 103ms, Maximum = 105ms, Average = 104ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...00 1e 58 b2 8e 10 ......Microsoft Virtual WiFi Miniport Adapter
11...00 1e 58 b2 8e 11 ......D-Link DWA-140 RangeBooster N USB Adapter
10...a4 ba db e9 1a 81 ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
41...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.199 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 192.168.0.199 26
169.254.255.255 255.255.255.255 On-link 192.168.0.199 281
192.168.0.0 255.255.255.0 On-link 192.168.0.199 281
192.168.0.199 255.255.255.255 On-link 192.168.0.199 281
192.168.0.255 255.255.255.255 On-link 192.168.0.199 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.199 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.199 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.0.0 255.255.0.0 192.168.0.199 1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:20cb:1b59:3f57:ff38/128
On-link
11 281 fe80::/64 On-link
14 306 fe80::/64 On-link
17 281 fe80::5efe:192.168.0.199/128
On-link
14 306 fe80::20cb:1b59:3f57:ff38/128
On-link
11 281 fe80::a89e:27a5:1550:e52f/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/25/2011 10:56:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: WININET.dll, version: 8.0.7601.17638, time stamp: 0x4e002a95
Exception code: 0xc0000005
Fault offset: 0x00040bfc
Faulting process id: 0x910
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/25/2011 07:32:23 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 6.0.0.4240 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11b4

Start Time: 01cc637f212133b2

Termination Time: 27

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id:

Error: (08/25/2011 03:44:46 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (08/25/2011 03:40:20 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (08/25/2011 03:10:51 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (08/25/2011 03:00:14 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (08/20/2011 01:56:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: Studio.exe, version: 14.0.0.7255, time stamp: 0x4a8f2891
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58
Exception code: 0xc0150010
Fault offset: 0x0008477b
Faulting process id: 0xb70
Faulting application start time: 0xStudio.exe0
Faulting application path: Studio.exe1
Faulting module path: Studio.exe2
Report Id: Studio.exe3

Error: (08/20/2011 01:56:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: Studio.exe, version: 14.0.0.7255, time stamp: 0x4a8f2891
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000005
Fault offset: 0x0003753a
Faulting process id: 0xb70
Faulting application start time: 0xStudio.exe0
Faulting application path: Studio.exe1
Faulting module path: Studio.exe2
Report Id: Studio.exe3

Error: (08/18/2011 08:48:55 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 6.0.0.4240 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 67c

Start Time: 01cc5e09ac91bdd8

Termination Time: 19

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id:

Error: (08/18/2011 08:29:56 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 6.0.0.4240 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1408

Start Time: 01cc5e0706982dbe

Termination Time: 16

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id:


System errors:
=============
Error: (08/27/2011 09:16:08 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk7\DR12.

Error: (08/27/2011 05:11:49 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk7\DR11.

Error: (08/26/2011 08:56:41 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk7\DR10.

Error: (08/25/2011 10:25:30 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk7\DR9.

Error: (08/25/2011 10:02:55 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk7\DR8.

Error: (08/25/2011 07:20:38 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (08/25/2011 07:19:34 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/25/2011 01:36:10 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk7\DR8.

Error: (08/24/2011 09:47:17 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk7\DR7.

Error: (08/24/2011 09:35:47 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (08/25/2011 10:56:58 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912WININET.dll8.0.7601.176384e002a95c000000500040bfc91001cc639bcff0d7caC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\syswow64\WININET.dll0fac8c0c-cf8f-11e0-93bf-a4badbe91a81

Error: (08/25/2011 07:32:23 PM) (Source: Application Hang)(User: )
Description: firefox.exe6.0.0.424011b401cc637f212133b227C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Error: (08/25/2011 03:44:46 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.

Error: (08/25/2011 03:40:20 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.

Error: (08/25/2011 03:10:51 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.

Error: (08/25/2011 03:00:14 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.

Error: (08/20/2011 01:56:29 AM) (Source: Application Error)(User: )
Description: Studio.exe14.0.0.72554a8f2891ntdll.dll6.1.7601.175144ce7ba58c01500100008477bb7001cc5efdc2ccfbebC:\Program Files (x86)\Pinnacle\Studio 14\Programs\Studio.exeC:\Windows\SysWOW64\ntdll.dll25ad98e4-caf1-11e0-aaf1-a4badbe91a81

Error: (08/20/2011 01:56:21 AM) (Source: Application Error)(User: )
Description: Studio.exe14.0.0.72554a8f2891MSVCR90.dll9.0.30729.61614dace5b9c00000050003753ab7001cc5efdc2ccfbebC:\Program Files (x86)\Pinnacle\Studio 14\Programs\Studio.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll20c9d8e0-caf1-11e0-aaf1-a4badbe91a81

Error: (08/18/2011 08:48:55 PM) (Source: Application Hang)(User: )
Description: firefox.exe6.0.0.424067c01cc5e09ac91bdd819C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Error: (08/18/2011 08:29:56 PM) (Source: Application Hang)(User: )
Description: firefox.exe6.0.0.4240140801cc5e0706982dbe16C:\Program Files (x86)\Mozilla Firefox\firefox.exe


=========================== Installed Programs ============================

Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.5)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Photoshop Elements 8.0 (Version: 8.0)
Adobe Photoshop.com Inspiration Browser (Version: 3.02)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Amazon MP3 Downloader 1.0.10
AMD APP SDK Runtime (Version: 2.5.684.213)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.60707.2331)
ATI AVIVO64 Codecs (Version: 11.6.0.10707)
ATI Catalyst Install Manager (Version: 3.0.833.0)
Audacity 1.3.12 (Unicode)
Bejeweled Twist
Canon Easy-PhotoPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.0
Canon MP990 series MP Drivers
Canon My Printer
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0707.2346.40825)
Catalyst Control Center Graphics Previews Common (Version: 2011.0707.2346.40825)
ccc-utility64 (Version: 2011.0707.2346.40825)
CCC Help English (Version: 2011.0707.2345.40825)
CCleaner (Version: 3.09)
Citrix Presentation Server Client - Web Only (Version: 10.100.55836)
Content Transfer (Version: 1.3.0.23190)
Definition update for Microsoft Office 2010 (KB982726)
DirectXInstallService (Version: 9.0.2)
erLT (Version: 1.20.138.34)
EssentialPIM (Version: 4.02)
Fast Duplicate File Finder 2.0.0.1 (Version: 2.0.0.1)
FileHippo.com Update Checker
Flight Simulator X Service Pack 1
Foxit Reader 5.0 (Version: 5.0.2.718)
Gutterball
HL-2270DW (Version: 1.0.6.0)
Image Resizer Powertoy Clone for Windows (64 bit) (Version: 2.1)
ImgBurn (Version: 2.5.5.0)
Intel® Control Center (Version: 1.2.0.1006)
Intel® Rapid Storage Technology (Version: 9.5.0.1037)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (64-bit) (Version: 6.0.260)
Java™ 6 Update 26 (Version: 6.0.260)
jv16 PowerTools 2011 (Version: )
Kodu Game Lab (Version: 1.1.0)
Logitech Webcam Software (Version: 2.0)
LWS VideoEffects (Version: 13.25.1005.0)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
MD5 Checker version 4.0.0
MediaMonkey 3.2 (Version: 3.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Flight Simulator X (Version: 10.0.61355.0)
Microsoft Flight Simulator X: Acceleration (Version: 10.0.61637.0)
Microsoft Network Monitor 3.4 (Version: 3.4.2350.0)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (Version: 3.4.2350.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Search Enhancement Pack (Version: 3.0.126.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Mozilla Firefox 6.0 (x86 en-US) (Version: 6.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Multimedia Card Reader (Version: 1.4.915.1)
Need for Madness
Net Nanny Parental Controls (Version: 6.5)
Norton AntiVirus (Version: 18.6.0.29)
OpenDNS Updater 2.2.1 (Version: 2.2.1)
PerfectDisk 12 Professional (Version: 12.00.275)
Photo Story 3 for Windows (Version: 3.0.1115.11)
Pinnacle Studio 14 (Version: 14.0.0.7255)
Pinnacle Video Driver (Version: 12.1.0.029)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
Ralink RT2870 Wireless LAN Card (Version: 1.5.12.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6410)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.26.0)
RetailEdge 8.2
Revo Uninstaller Pro 2.5.3 (Version: 2.5.3)
Scratch (Version: 1.4.0.0)
ShadowProtect Desktop (Version: 3.5.4183)
ShadowProtect Desktop (Version: 4.15.9340)
Skype™ 5.5 (Version: 5.5.113)
swMSM (Version: 12.0.0.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
VLC media player 1.1.10 (Version: 1.1.10)
WordWeb Pro (Version: 6)

========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 8151.08 MB
Available physical RAM: 6031.73 MB
Total Pagefile: 16300.35 MB
Available Pagefile: 14057.11 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.23 MB

========================= Partitions: =====================================

1 Drive c: (SYSTEM) (Fixed) (Total:246.76 GB) (Free:193.24 GB) NTFS
3 Drive e: (My Passport) (Fixed) (Total:931.48 GB) (Free:772.9 GB) NTFS
8 Drive l: (DATA) (Fixed) (Total:218.96 GB) (Free:89.63 GB) NTFS
9 Drive m: (BACKUP) (Fixed) (Total:465.76 GB) (Free:214.63 GB) NTFS

========================= Users: ========================================

User accounts for \\XPS8100

Administrator Guest M and D
Nathaniel Visitor

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:39 AM

Posted 29 August 2011 - 10:59 AM

Remove the following:


Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0707.2346.40825)
Catalyst Control Center Graphics Previews Common (Version: 2011.0707.2346.40825)
ccc-utility64 (Version: 2011.0707.2346.40825)
CCC Help English (Version: 2011.0707.2345.40825)
CCleaner (Version: 3.09)
Citrix Presentation Server Client - Web Only (Version: 10.100.55836)
Content Transfer (Version: 1.3.0.23190)
DirectXInstallService (Version: 9.0.2)
erLT (Version: 1.20.138.34)
EssentialPIM (Version: 4.02)
FileHippo.com Update Checker
jv16 PowerTools 2011 (Version: )
Kodu Game Lab (Version: 1.1.0)
Net Nanny Parental Controls (Version: 6.5)
Norton AntiVirus (Version: 18.6.0.29)
OpenDNS Updater 2.2.1 (Version: 2.2.1)
RetailEdge 8.2
Scratch (Version: 1.4.0.0)
ShadowProtect Desktop (Version: 3.5.4183)
ShadowProtect Desktop (Version: 4.15.9340)
swMSM (Version: 12.0.0.1)
WordWeb Pro (Version: 6)

And stop using OpenDNS.

#7 Farmisht

Farmisht
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 29 August 2011 - 02:23 PM

I can see that I'm wasting my time here. Goodbye.

Edited by Farmisht, 29 August 2011 - 02:34 PM.


#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:39 AM

Posted 29 August 2011 - 02:36 PM

No you are not wasting your time something you installed or done caused all these DNS Lookups to happen in the first place.

Any of these applications I have listed could be the culprit for this, and some of those applications are not needed and can cause issues. If you are unwilling to take the advice given and offered to you for free then it is I that is wasting my time here.

People think that using Open and FreeDNS is better because its free, but it is a common misconception. I have been using my ISP's provided DNS Servers for every ISP that I have used Verizon, Comcast, CIA-G (Local to Gallup/New Mexico), CNETCo (New Mexico), and others not one single issue for DNS. if you do not trust your ISP with DNS then you need a new ISP that you can trust.

Edited by cryptodan, 29 August 2011 - 02:38 PM.


#9 lolcats

lolcats

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 AM

Posted 29 August 2011 - 02:46 PM

What he meant to say was:

<begin sarcasm>
Thanks, CryptoDan, for reading all of my lengthy posts and spending your own time helping me, not that you're getting paid to do so, but simply because you chose to do so. Although I was not having any problems prior to switching to OpenDNS, and despite your well intentioned offer of advise, I will continue to use OpenDNS and may possibly now blame YOU for my problems. At this time I choose to look elsewhere for some "real" technical support.
<end sarcasm>


Dan, I see you posted this on Saturday, which means you were probably getting hit pretty hard by Hurricane Irene while trying to help this guy.
Just thought I'd put a little perspective on this.

lolcats


Edited for spelling

Edited by lolcats, 29 August 2011 - 02:47 PM.


#10 Farmisht

Farmisht
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 07 September 2011 - 12:33 PM

SOLVED

Solved, with help from OpenDNS. I'll cut right to the chase.

LogMeIn

I did install LogMeIn a few months ago, then uninstalled it several days later. LogMeIn does not always uninstall completely, and the LogMeIn Firefox plug-in can cause problems. (Both are topics of discussion in the LMI forums.) I discovered several bits of LogMeIn left on my machine, which I removed. Also did a clean re-install of Firefox. One or both of those actions solved the problem. No more DNS lookups for LogMeIn servers.

Everquest

Dell and/or nVidia pre-installed software for the nVidia card that shipped with my PC, and the software included support for EverQuest 2. I discovered several remaining bits of nVidia software left on my machine, which I removed. (I now use an AMD card.) No more DNS lookups for the Everquest patch server.

No hits from malware scanners because neither LogMeIn nor Everquest are malware.

#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:39 AM

Posted 07 September 2011 - 01:59 PM

Well I can tell you that I have been using LogMeIn for over the last 2 years and not once did I ever receive any DNS Lookup to any logmein server unless I went to their website. Something you did on your machine caused this issue.

Things just dont make requests unless initiated by the user and that is a plain and simple fact of computing and networking.

The fact that you had to get help from OpenDNS is fact and evidence enough that your use of OpenDNS caused this issue.

#12 Farmisht

Farmisht
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 09 September 2011 - 11:59 AM

<lol> Sour grapes.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users