Server Help

Trash Talk - Somthing is wroung....
Assassin2684 - Thu May 05, 2005 8:27 pm
Post subject: Somthing is wroung....
Ok somthing is wroung with my comp or its fire fox because it wont let me view some pages. Ok so say this one page for example that i cant go on www.ebay.com . My computer loads it VERY slow and still wont work i even tried internet explorer and still nothing. But then on the other hand my friend can go on perfectly fine.

Mabey its my computer? Im using windows xp home edition with firefox. This thing only happens to a few pages. Another one is www.aim.com .

I have no clue what is going on or how to fix this and it really getting annoying. I might as well go back to windows 98 where everythign worked.

Can somone help me wiht this? Thanks in advance.
Mine GO BOOM - Thu May 05, 2005 8:50 pm
Post subject:
Check for spyware, and look at your HOSTS file (%WINDIR%\system32\drivers\etc\HOSTS) to make sure nothing other than localhost is in there. If none of that fixes your problem, use Hijack This with some online log analyzer. Still have problems? Post the log here.
Purge - Thu May 05, 2005 10:05 pm
Post subject:
Switching to Win98 will just waste your time. It's most likely an internet problem since only your web pages load slower than normal. Try doing what MGB said. icon_smile.gif
Solo Ace - Fri May 06, 2005 5:52 am
Post subject:
To extend the information MGB gave, I'll give a short explaintation of what the host file does.

Your computer uses a system to resolve hostnames (like some.domain.com) into an IP address (like 10.112.80.203). This is done by sending a query (a question) to a DNS server, which gives information like the IP addresses linked to the hostname, then your computer knows which IP address to connect to.

The host file allows you (or programs) ot put hostnames and IP addresses in.
This is useful for entries that are not on DNS servers, or on your local network.
Hostnames found in the host file prevent the system from requesting the information of a DNS server for the information, because it already has it.

This can be dangerous, some programs (heh, or weirdos like me who start fooling games into requesting localhost for authorization) put entries in this file to redirect you to other pages.

In theory, what could happen is a program could put an entry like
10.112.80.203 hotmail.com
in the hosts file, which would bring your computer to the webserver running on IP address 10.112.80.203 (which is most likely not the real server of hotmail).
The front pages (including login pages) could be perfectly faked, or the fake page could act like some sort of proxy server, so the page would actually work, but your e-mail address and password would be logged on the fake hotmail server!
Of course, this could happen with pages which concern more confidential information too.

I'm not sure (and I'm not going to look it up) but I think this would be called a variation of "phising".

You shouldn't only use HijackThis I think, use other anti-adware / anti-spyware tools too (just not only to fix this problem), if you're experiencing problems like this you can assume more to be wrong.
Assassin2684 - Fri May 06, 2005 6:26 pm
Post subject:
Ok well i went to the drivers section on my computer and local host is not even in there. I iwll name the ones that are: hosts, lmhosts, networks, protocol, services. I hope this isent bad. But i was running on a network but we recently took out the other computer. These problems were there before that. I have linksys wireless router also. Here is the log file from hijackthis:

Code: Show/Hide
Logfile of HijackThis v1.99.1
Scan saved at 6:43:12 PM, on 5/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\backdoor.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Analog Devices\SoundMAX\smagent.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\Aim\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Nick\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50196
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Nick\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3E8F605E-E416-2AC5-8753-60550DF27817} - C:\WINDOWS\SYSTEM\MOTKP.DLL (file missing)
O2 - BHO: (no name) - {52B3B236-B165-4793-9FB8-DA6C5D950FAD} - C:\WINDOWS\system32\dfgkcf.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {67DA3505-B214-79CC-8753-60550DF37819} - C:\WINDOWS\SYSTEM32\lifiq.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: C:\WINDOWS\LBBHO.DLL - {BE8EF9B9-4DCF-4ECE-858A-E5AD0460CF37} - C:\WINDOWS\LBBHO.DLL
O2 - BHO: C:\WINDOWS\LBBHO.DLL - {DD319342-F260-495B-8E38-7796D3DCB430} - C:\WINDOWS\LBBHO.DLL
O2 - BHO: C:\WINDOWS\LBBHO.DLL - {E8D79982-90C9-4733-8EC0-21C668648721} - C:\WINDOWS\LBBHO.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\Smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AIM] C:\Program Files\Aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=10f08450ab596047f6c94d90b79b47d1528d9dc4c40924e2499f8b9bd779519ddd40d759133a448fde7f410342650f82cf1f1ae7:7ba4efda898ff66841613117fb4ea0f9
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/DistID/2501031120/BundleOuter2501031120.EXE
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O18 - Filter: text/html - {FFED5D85-3BE7-4B85-9428-5A56FCDF1E52} - C:\WINDOWS\system32\dfgkcf.dll
O18 - Filter: text/plain - {FFED5D85-3BE7-4B85-9428-5A56FCDF1E52} - C:\WINDOWS\system32\dfgkcf.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: backdoor - Unknown owner - C:\WINDOWS\system32\backdoor.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\smagent.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
Purge - Fri May 06, 2005 9:55 pm
Post subject:
What's this?

Code: Show/Hide
O23 - Service: backdoor - Unknown owner - C:\WINDOWS\system32\backdoor.exe
i88gerbils - Fri May 06, 2005 10:00 pm
Post subject:
MTU settings?
Mine GO BOOM - Fri May 06, 2005 10:27 pm
Post subject:
Assassin2684 wrote:
Here is the log file from hijackthis:

Seriously, check out the link I had before, about the HijackThis! Log Analyzer, as that can answer and assist you very quickly with most of the bad stuff. Once you get all the red-flagged things, and then check over the "this maybe bad" stuff, then you post the log here for further assistance.
Solo Ace - Sat May 07, 2005 7:33 am
Post subject:
Assassin, you looked in the (right) directory, but not in the hosts file.
Open the "hosts" file with a text editor (like notepad), then see what's in there.
Ignore all lines starting with a '#' as they are comments.

This is what mine looks like:
Code: Show/Hide
# Copyright (c) 1993-1999 Microsoft Corp.
#
# Dit is een voorbeeld HOSTS-bestand dat wordt gebruikt door Microsoft TCP/IP for Windows.
#
# Dit bestand bevat de toewijzingen van IP-adressen naar hostnamen. Elke vermelding
# moet op een afzonderlijke regel staan. Het IP-adres dient in de eerste kolom te worden
# geplaatst, gevolgd door de bijbehorende hostnaam. Het IP-adres en de hostnaam dienen
# gescheiden te zijn door ten minste één spatie.
#
# Daarnaast kunnen opmerkingen (zoals deze) worden toegevoegd op extra
# regels of gevolgd door de computernaam, voorafgegaan door een #.
#
# Bijvoorbeeld:
#
#      102.54.94.97     rhino.acme.com          # bronserver
#       38.25.63.10     x.acme.com              # x clienthost

127.0.0.1       localhost

Yours probably has an English explaination.
Look if there's any other stuff under the (last) "127.0.0.1 localhost" line, that probably shouldn't be there.
Assassin2684 - Sat May 07, 2005 8:45 am
Post subject:
Ooooo Ok mine looks like yours solo. Also here is the log from the log anyaliser.

Code: Show/Hide
Logfile of HijackThis v1.99.1
Scan saved at 8:19:19 AM, on 5/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\Smss.exe
C:\WINDOWS\system32\Winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Svchost.exe
C:\WINDOWS\System32\Svchost.exe
C:\WINDOWS\system32\Spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\backdoor.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Svchost.exe
C:\Program Files\Common Files\WinTools\[b]wtoolss.exe[/b]
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\PROGRA~1\COMMON~1\WinTools\[b]wtoolsa.exe[/b]
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Aim\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\WinTools\[b]wsup.exe[/b]
C:\WINDOWS\System32\Svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\unzipped\hijackthis\HijackThis.exe

Do you know this site? --> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Nick\LOCALS~1\Temp\sp.dll/sp.html
Do you know this site? --> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
Do you know this site? --> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50196
Do you know this site? --> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Nick\LOCALS~1\Temp\sp.dll/sp.html
Do you know this site? --> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
Do you know this site? --> R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
Do you know this site? --> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
Do you know this site? --> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
Do you know this site? --> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
Do you know this site? --> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
Do you know this site? --> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
Do you know this site? --> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - [b]{87766247-311C-43B4-8499-3D5FEC94A183}[/b] - C:\PROGRA~1\COMMON~1\WINTOOLS\wtoolsb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\acroiehelper.dll
O2 - BHO: (no name) - {3E8F605E-E416-2AC5-8753-60550DF27817} - C:\WINDOWS\SYSTEM\MOTKP.DLL (file missing) <-- Always Remove
O2 - BHO: (no name) - {52B3B236-B165-4793-9FB8-DA6C5D950FAD} - C:\WINDOWS\system32\dfgkcf.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) <-- Always Remove
O2 - BHO: (no name) - {67DA3505-B214-79CC-8753-60550DF37819} - C:\WINDOWS\SYSTEM32\lifiq.dll
O2 - BHO: (no name) - [b]{87766247-311C-43B4-8499-3D5FEC94A183}[/b] - C:\PROGRA~1\COMMON~1\WINTOOLS\wtoolsb.dll     
O2 - BHO: (no name) - [b]{8DA5457F-A8AA-4CCF-A842-70E6FD27409}[/b] - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll     
O2 - BHO: C:\WINDOWS\LBBHO.DLL - {BE8EF9B9-4DCF-4ECE-858A-E5AD0460CF37} - C:\WINDOWS\LBBHO.DLL
O2 - BHO: C:\WINDOWS\LBBHO.DLL - {DD319342-F260-495B-8E38-7796D3DCB430} - C:\WINDOWS\LBBHO.DLL
O2 - BHO: C:\WINDOWS\LBBHO.DLL - {E8D79982-90C9-4733-8EC0-21C668648721} - C:\WINDOWS\LBBHO.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\Smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\nerocheck.exe
O4 - HKLM\..\Run: [kernelfaultcheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [b][WinTools][/b] C:\PROGRA~1\COMMON~1\WinTools\[b]wtoolsa.exe[/b]
O4 - HKCU\..\Run: [AIM] C:\Program Files\Aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=10f08450ab596047f6c94d90b79b47d1528d9dc4c40924e2499f8b9bd779519ddd40d759133a448fde7f410342650f82cf1f1ae7:7ba4efda898ff66841613117fb4ea0f9
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/DistID/2501031120/BundleOuter2501031120.EXE
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O18 - Filter: text/html - {FFED5D85-3BE7-4B85-9428-5A56FCDF1E52} - C:\WINDOWS\system32\dfgkcf.dll
O18 - Filter: text/plain - {FFED5D85-3BE7-4B85-9428-5A56FCDF1E52} - C:\WINDOWS\system32\dfgkcf.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: backdoor - Unknown owner - C:\WINDOWS\system32\backdoor.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: [b]WinTools for IE service[/b] (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\wtoolss.exe


Things that are bolded were red flaged! Thanks in advance.
Solo Ace - Sat May 07, 2005 9:19 am
Post subject:
Remove all entries which were colored red.

HijackThis wrote:
:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\backdoor.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Analog Devices\SoundMAX\smagent.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\Aim\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Nick\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50196
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Nick\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3E8F605E-E416-2AC5-8753-60550DF27817} - C:\WINDOWS\SYSTEM\MOTKP.DLL (file missing)
O2 - BHO: (no name) - {52B3B236-B165-4793-9FB8-DA6C5D950FAD} - C:\WINDOWS\system32\dfgkcf.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {67DA3505-B214-79CC-8753-60550DF37819} - C:\WINDOWS\SYSTEM32\lifiq.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: C:\WINDOWS\LBBHO.DLL - {BE8EF9B9-4DCF-4ECE-858A-E5AD0460CF37} - C:\WINDOWS\LBBHO.DLL
O2 - BHO: C:\WINDOWS\LBBHO.DLL - {DD319342-F260-495B-8E38-7796D3DCB430} - C:\WINDOWS\LBBHO.DLL
O2 - BHO: C:\WINDOWS\LBBHO.DLL - {E8D79982-90C9-4733-8EC0-21C668648721} - C:\WINDOWS\LBBHO.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\Smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AIM] C:\Program Files\Aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=10f08450ab596047f6c94d90b79b47d1528d9dc4c40924e2499f8b9bd779519ddd40d759133a448fde7f410342650f82cf1f1ae7:7ba4efda898ff66841613117fb4ea0f9
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/DistID/2501031120/BundleOuter2501031120.EXE
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O18 - Filter: text/html - {FFED5D85-3BE7-4B85-9428-5A56FCDF1E52} - C:\WINDOWS\system32\dfgkcf.dll
O18 - Filter: text/plain - {FFED5D85-3BE7-4B85-9428-5A56FCDF1E52} - C:\WINDOWS\system32\dfgkcf.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: backdoor - Unknown owner - C:\WINDOWS\system32\backdoor.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\smagent.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe


Blue entries are things you should probably remove, red entries should be removed immediately.

Also, there's something I don't understand about your logs:
Why is there less Wintools crap in the first log than in the second log?
Assassin2684 - Sat May 07, 2005 9:33 am
Post subject:
Im....not...sure icon_eek.gif That is wierd. Im going to delete that stuff real quick though.

*EDIT*

Ok i deleted all thew red stuff at least the files i could delete. Some fiels were being used and i couldemt delete them but that was only like 2.
D1st0rt - Sat May 07, 2005 10:11 am
Post subject:
Did you try ending the processes if they were running?
Purge - Sat May 07, 2005 10:18 am
Post subject:
D1st0rt wrote:
Did you try ending the processes if they were running?


Ctrl Alt Del > Processes > Highlite Process > End Process.
Solo Ace - Sat May 07, 2005 12:03 pm
Post subject:
You should RED the guide at this announcement, eh MGB? sa_tongue.gif
Mine GO BOOM - Sat May 07, 2005 12:15 pm
Post subject:
Solo Ace wrote:
You should RED the guide at this announcement, eh MGB?

Quick spelling mistake. I need a grammar checker to go with my spell checker.
Assassin2684 - Sat May 07, 2005 10:46 pm
Post subject:
Ya i did the end prosses thing. Anyway the sites still dont work. I dont think this has to do wit ha virus. It might be firefox... Im not sure.
Purge - Sun May 08, 2005 1:15 am
Post subject:
Does it do the same on another browser?
Assassin2684 - Sun May 08, 2005 8:00 am
Post subject:
Ya it does it on firefox and Internet explorer.
All times are -5 GMT
View topic
Powered by phpBB 2.0 .0.11 © 2001 phpBB Group