Cannot find server

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

mike B.V.

Thread Starter
Joined
Sep 26, 2003
Messages
8
I am aU.K. user on Freeserve Using Windows Xp home edition. Whenever I logon to the server, connections to web pages initially work, but then after about five mnutes, pages stop loading, and "Cannot find server" message is displayed. I have checked with Freeserve and they have done all they can, saying the fault must be with the operating system. The only way I can continue is to restart the computer, then go on for another five minutes. Has anybody else had this problem, I have no idea whats causing it!
 

dvk01

Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First Name
Derek
o to http://www.tomcoyote.org/hjt/ , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents to the forum.

It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 

mike B.V.

Thread Starter
Joined
Sep 26, 2003
Messages
8
Logfile of HijackThis v1.97.2
Scan saved at 20:04:44, on 29/09/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wins\DLLHOST.EXE
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\System32.exe
C:\Program Files\DownloadWare\dw.exe
C:\PROGRA~1\COMMON~1\CMEII\CMESys.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\NORTON~1\NORTON~1\Navapw32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mike\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.freeserve.com/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchgateway.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_88.dll
O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\Program Files\MediaLoads Enhanced\ME2.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [CMESys] "C:\PROGRA~1\COMMON~1\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\Navapw32.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C76D7D8B-A561-4B08-BBC3-EA14132EC311}: NameServer = 195.92.195.94 195.92.195.95
 
Joined
Oct 4, 2002
Messages
2,773
You have a lot of work to do to clean this out

1. You have the w32.blaster.worm ......... go here to get rid of it :-

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

THEN

2. go to start/settings/ control panel .... add/remove programs and uninstall newdotnet (newnet domains)

Reboot

THEN

Please Download and install SpyBot,

http://security.kolla.de/

click the online tab to search for and download the updates, then shut down and relaunch SpyBot.

Go to the Settings tab > File Sets, and uncheck 'System Internals' and 'Tracks' .
These aren't needed for our present purpose, and you can always experiment with them later on.

Finally, after closing down Internet Explorer, click 'Check for problems', and have SpyBot remove all it finds 'Fix selected problems'

you may have to run spybot more than once to clear everything

Remove everything pre-ticked in Red

THEN

Post a new hijackthis log, so that we can review the progress

steam
 

mike B.V.

Thread Starter
Joined
Sep 26, 2003
Messages
8
Logfile of HijackThis v1.97.2
Scan saved at 19:28:49, on 30/09/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wins\DLLHOST.EXE
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\System32.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\NORTON~1\NORTON~1\Navapw32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Mike\Desktop\anti-virus stuff\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.freeserve.com/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\Navapw32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
 

dvk01

Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First Name
Derek
run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all

browser windows & press fix checked

F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe

then reboot into safe mode by pressing F8 atstart up and using windows explorer navigate to & delete the following file
C:\WINDOWS\System32\System32.exe

make sure it is the System32.exe file only and not the system32 folder
then reboot normally & run an online virus scan at one of the following sites
http://security.symantec.com/default.asp?
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/

that should get you all clear

if the original problem still persists then let us know and we can see if there might be another cause
 

mike B.V.

Thread Starter
Joined
Sep 26, 2003
Messages
8
I've followed your instructions and have run the symantec security check that you suggested. It has found a W32.Kwbot.F.Worm on my system, location: C:\WINDOWS\system32\xms32.exe. When I went to the location, I could not find this file to delete it. Has it already been deleted, as the symantec security check says it merely found the worm, but not mention deleting it. Computer definitley running much better now.
 

dvk01

Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First Name
Derek
make sure that you have all files set to show by opening explorer /tools/folder options/view and make sure that show hidden files & folders is ticked and hide protected operating system files is UNticked
then recheck the location and see if it shows
 

dvk01

Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First Name
Derek
to make sure it has gone
open a cmd prompt and enter:

del C:\WINDOWS\System32\xms32.exe

if it has already been deleted you will get a message saying no such file or similar, otherwise that command will delete it
 

mike B.V.

Thread Starter
Joined
Sep 26, 2003
Messages
8
found the xms32 file by checking the "view hidden files and folders" box, and I have deleted the file. Thank you all very much for your help you are the good guys on the net! Hope we dont have to contact you again, but its good to know that you are there when we need you. Best wishes!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top