Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

Cannot Find Server *FRUSTRATED*

Thread Solved

Join Date: Aug 2005
Posts: 2
Reputation: Eldopa is an unknown quantity at this point 
Solved Threads: 0
Eldopa Eldopa is offline Offline
Newbie Poster

Cannot Find Server *FRUSTRATED*

 
0
  #1
Aug 15th, 2005
My Laptop was working fine on Friday, when I get into the office today, and I try to browse the internet I would click a link on ANY page and end up with "Cannot Find Server" error's left and right. Having to click back and refresh a million times to get it to open up. I ran the winsockfix repair tool but no go. I've posted my Hijackthis log and hopefully you can help me out. I am about to do a complete back and Format of my entire drive its exruciatingly Frustrating!

I hope this is enough to figure out wtf i need to do.

=====================================================


Logfile of HijackThis v1.99.1
Scan saved at 4:39:04 PM, on 8/15/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT2\System32\smss.exe
C:\WINNT2\system32\winlogon.exe
C:\WINNT2\system32\services.exe
C:\WINNT2\system32\lsass.exe
C:\WINNT2\system32\svchost.exe
C:\WINNT2\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT2\SYSTEM32\DWRCS.EXE
C:\WINNT2\System32\svchost.exe
D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT2\system32\regsvc.exe
C:\WINNT2\system32\MSTask.exe
C:\WINNT2\System32\WBEM\WinMgmt.exe
C:\WINNT2\system32\svchost.exe
C:\WINNT2\Explorer.exe
C:\WINNT2\System32\hkcmd.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT2\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT2\System32\System32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CIEObject Object - {5D647E9C-6B37-4636-9A78-DADB1EB93BDF} - C:\WINNT2\System32\CtxPopup.dll
O2 - BHO: (no name) - {74229664-DE88-3CCE-2C24-260883A74E04} - C:\WINNT2\system32\CV6g61e0.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT2\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT2\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT2\System32\hkcmd.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT2\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT2\web\related.htm
O16 - DPF: {76850F2A-FCAA-454F-82D3-BD46CB186EF5} (IEGCtrl Class) - http://64.52.15.164/goglobal/ggw-activex.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_6us.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = innovative.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{280BAA9C-2529-42A7-8085-80B542D55620}: Domain = innovative.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = innovative.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{280BAA9C-2529-42A7-8085-80B542D55620}: Domain = innovative.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = innovative.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{280BAA9C-2529-42A7-8085-80B542D55620}: Domain = innovative.com
O20 - Winlogon Notify: igfxcui - C:\WINNT2\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT2\System32\NavLogon.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINNT2\system32\dcom_9.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DefWatch - Symantec Corporation - D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT2\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINNT2\SYSTEM32\DWRCS.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
Reply With Quote Quick reply to this message  
Join Date: Dec 2003
Posts: 6,439
Reputation: DMR will become famous soon enough DMR will become famous soon enough 
Solved Threads: 363
Team Colleague
DMR's Avatar
DMR DMR is offline Offline
Wombat At Large

Re: Cannot Find Server *FRUSTRATED*

 
0
  #2
Aug 15th, 2005
1. Run HijackThis again, put a check in the boxes next to the following entries, and then click "Fix Checked": (Before fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser! HijackThis cannot fully perform its fixes while browsers are running.)

F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT2\System32\System32.exe
O2 - BHO: CIEObject Object - {5D647E9C-6B37-4636-9A78-DADB1EB93BDF} - C:\WINNT2\System32\CtxPopup.dll
O2 - BHO: (no name) - {74229664-DE88-3CCE-2C24-260883A74E04} - C:\WINNT2\system32\CV6g61e0.dll (file missing)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINNT2\system32\dcom_9.dll


2. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Locate and delete the following files:

C:\WINNT2\System32\System32.exe
C:\WINNT2\System32\CtxPopup.dll
C:\WINNT2\system32\CV6g61e0.dll
C:\WINNT2\system32\dcom_9.dll

(And why do you have a C:\WINNT2 folder? That is not normal.)

- For every user account listed under C:\Documents and Settings, delete the entire contents of the following folders (but not the folders themselves):

(Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!)

1. Cookies
2. Local Settings\Temp
3. Local Settings\History
4. Local Settings\Temporary Internet Files

- Delete the entire content of your C:\Windows\Temp folder.

- Delete the entire content of your C:\Windows\Prefetch folder.

Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.

- Empty your Recycle Bin.

- Reboot normally.


3. Run HijackThis again and post a new log.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing

Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.

However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Reply With Quote Quick reply to this message  
Join Date: Aug 2005
Posts: 2
Reputation: Eldopa is an unknown quantity at this point 
Solved Threads: 0
Eldopa Eldopa is offline Offline
Newbie Poster

Re: Cannot Find Server *FRUSTRATED*

 
0
  #3
Aug 15th, 2005
Unbelievable!

Thank You, those fixes took care of my problem and I'm able to use the Internet like before!

If there is a way to Rate you up Please let me know so I can do it!.

Oh and the reason there is a Winnt2 was that the previous installation got corrupted so I just reinstalled Windows using another folder to get in and save my data. Windows worked perfectly so I never really formatted the system.

Thanks Again!
=================================================
Logfile of HijackThis v1.99.1
Scan saved at 5:51:01 PM, on 8/15/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT2\System32\smss.exe
C:\WINNT2\system32\winlogon.exe
C:\WINNT2\system32\services.exe
C:\WINNT2\system32\lsass.exe
C:\WINNT2\system32\svchost.exe
C:\WINNT2\system32\spoolsv.exe
C:\WINNT2\SYSTEM32\DWRCS.EXE
C:\WINNT2\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT2\system32\regsvc.exe
C:\WINNT2\system32\MSTask.exe
C:\WINNT2\System32\WBEM\WinMgmt.exe
C:\WINNT2\system32\svchost.exe
C:\WINNT2\Explorer.exe
C:\WINNT2\System32\hkcmd.exe
C:\WINNT2\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT2\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT2\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT2\System32\hkcmd.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT2\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT2\web\related.htm
O16 - DPF: {76850F2A-FCAA-454F-82D3-BD46CB186EF5} (IEGCtrl Class) - http://64.52.15.164/goglobal/ggw-activex.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_6us.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = innovative.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{280BAA9C-2529-42A7-8085-80B542D55620}: Domain = innovative.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = innovative.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{280BAA9C-2529-42A7-8085-80B542D55620}: Domain = innovative.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = innovative.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{280BAA9C-2529-42A7-8085-80B542D55620}: Domain = innovative.com
O20 - Winlogon Notify: igfxcui - C:\WINNT2\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT2\System32\NavLogon.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT2\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINNT2\SYSTEM32\DWRCS.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
Reply With Quote Quick reply to this message  
Join Date: Dec 2003
Posts: 6,439
Reputation: DMR will become famous soon enough DMR will become famous soon enough 
Solved Threads: 363
Team Colleague
DMR's Avatar
DMR DMR is offline Offline
Wombat At Large

Re: Cannot Find Server *FRUSTRATED*

 
0
  #4
Aug 15th, 2005
Glad we could help you get things cleaned up.

The rating/reputation button is the one at the top right of each post with the icon of a scale on it. But I'm not too fussed about my rep; I know I'm good :mrgreen:

Now that we've gotten rid of the nasties, check out this thread for some good suggestions as to how to protect your system from future infections.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing

Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.

However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread has been marked solved.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC