0

My Laptop was working fine on Friday, when I get into the office today, and I try to browse the internet I would click a link on ANY page and end up with "Cannot Find Server" error's left and right. Having to click back and refresh a million times to get it to open up. I ran the winsockfix repair tool but no go. I've posted my Hijackthis log and hopefully you can help me out. I am about to do a complete back and Format of my entire drive its exruciatingly Frustrating!

I hope this is enough to figure out wtf i need to do.

=====================================================


Logfile of HijackThis v1.99.1
Scan saved at 4:39:04 PM, on 8/15/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT2\System32\smss.exe
C:\WINNT2\system32\winlogon.exe
C:\WINNT2\system32\services.exe
C:\WINNT2\system32\lsass.exe
C:\WINNT2\system32\svchost.exe
C:\WINNT2\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT2\SYSTEM32\DWRCS.EXE
C:\WINNT2\System32\svchost.exe
D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT2\system32\regsvc.exe
C:\WINNT2\system32\MSTask.exe
C:\WINNT2\System32\WBEM\WinMgmt.exe
C:\WINNT2\system32\svchost.exe
C:\WINNT2\Explorer.exe
C:\WINNT2\System32\hkcmd.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT2\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT2\System32\System32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CIEObject Object - {5D647E9C-6B37-4636-9A78-DADB1EB93BDF} - C:\WINNT2\System32\CtxPopup.dll
O2 - BHO: (no name) - {74229664-DE88-3CCE-2C24-260883A74E04} - C:\WINNT2\system32\CV6g61e0.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT2\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT2\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT2\System32\hkcmd.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT2\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT2\web\related.htm
O16 - DPF: {76850F2A-FCAA-454F-82D3-BD46CB186EF5} (IEGCtrl Class) - http://64.52.15.164/goglobal/ggw-activex.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6us.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = innovative.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{280BAA9C-2529-42A7-8085-80B542D55620}: Domain = innovative.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = innovative.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{280BAA9C-2529-42A7-8085-80B542D55620}: Domain = innovative.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = innovative.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{280BAA9C-2529-42A7-8085-80B542D55620}: Domain = innovative.com
O20 - Winlogon Notify: igfxcui - C:\WINNT2\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT2\System32\NavLogon.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINNT2\system32\dcom_9.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DefWatch - Symantec Corporation - D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT2\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINNT2\SYSTEM32\DWRCS.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)

2
Contributors
3
Replies
4
Views
12 Years
Discussion Span
Last Post by DMR
0

1. Run HijackThis again, put a check in the boxes next to the following entries, and then click "Fix Checked": (Before fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser! HijackThis cannot fully perform its fixes while browsers are running.)

F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT2\System32\System32.exe
O2 - BHO: CIEObject Object - {5D647E9C-6B37-4636-9A78-DADB1EB93BDF} - C:\WINNT2\System32\CtxPopup.dll
O2 - BHO: (no name) - {74229664-DE88-3CCE-2C24-260883A74E04} - C:\WINNT2\system32\CV6g61e0.dll (file missing)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINNT2\system32\dcom_9.dll


2. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Locate and delete the following files:

C:\WINNT2\System32\System32.exe
C:\WINNT2\System32\CtxPopup.dll
C:\WINNT2\system32\CV6g61e0.dll
C:\WINNT2\system32\dcom_9.dll

(And why do you have a C:\WINNT2 folder? That is not normal.)

- For every user account listed under C:\Documents and Settings, delete the entire contents of the following folders (but not the folders themselves):

(Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!)

1. Cookies
2. Local Settings\Temp
3. Local Settings\History
4. Local Settings\Temporary Internet Files

- Delete the entire content of your C:\Windows\Temp folder.

- Delete the entire content of your C:\Windows\Prefetch folder.

Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.

- Empty your Recycle Bin.

- Reboot normally.


3. Run HijackThis again and post a new log.

0

Unbelievable!

Thank You, those fixes took care of my problem and I'm able to use the Internet like before!

If there is a way to Rate you up Please let me know so I can do it!.

Oh and the reason there is a Winnt2 was that the previous installation got corrupted so I just reinstalled Windows using another folder to get in and save my data. Windows worked perfectly so I never really formatted the system.

Thanks Again!
=================================================
Logfile of HijackThis v1.99.1
Scan saved at 5:51:01 PM, on 8/15/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT2\System32\smss.exe
C:\WINNT2\system32\winlogon.exe
C:\WINNT2\system32\services.exe
C:\WINNT2\system32\lsass.exe
C:\WINNT2\system32\svchost.exe
C:\WINNT2\system32\spoolsv.exe
C:\WINNT2\SYSTEM32\DWRCS.EXE
C:\WINNT2\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT2\system32\regsvc.exe
C:\WINNT2\system32\MSTask.exe
C:\WINNT2\System32\WBEM\WinMgmt.exe
C:\WINNT2\system32\svchost.exe
C:\WINNT2\Explorer.exe
C:\WINNT2\System32\hkcmd.exe
C:\WINNT2\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT2\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT2\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT2\System32\hkcmd.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT2\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT2\web\related.htm
O16 - DPF: {76850F2A-FCAA-454F-82D3-BD46CB186EF5} (IEGCtrl Class) - http://64.52.15.164/goglobal/ggw-activex.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6us.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = innovative.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{280BAA9C-2529-42A7-8085-80B542D55620}: Domain = innovative.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = innovative.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{280BAA9C-2529-42A7-8085-80B542D55620}: Domain = innovative.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = innovative.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{280BAA9C-2529-42A7-8085-80B542D55620}: Domain = innovative.com
O20 - Winlogon Notify: igfxcui - C:\WINNT2\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT2\System32\NavLogon.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT2\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINNT2\SYSTEM32\DWRCS.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)

0

Glad we could help you get things cleaned up. :)

The rating/reputation button is the one at the top right of each post with the icon of a scale on it. But I'm not too fussed about my rep; I know I'm good :mrgreen:

Now that we've gotten rid of the nasties, check out this thread for some good suggestions as to how to protect your system from future infections.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.