Tech Support Guy banner
Cancel

W2000/IE6 website DNS error?

Jump to Latest Follow
Status
Not open for further replies.
1 - 7 of 7 Posts
J

· Registered
Joined
·
5 Posts
Discussion Starter · #1 ·
Hi all, I am not too familiar with what a DNS is or how to figure what is going on here, but I will explain:

1) I recently removed the trojan TROJ_GEMA.A
2) After removing it, I noticed a few things "screwy" with my system.
a) I cant get to my website login: 63.247.87.234:2082
b) All other IP's work fine, and yes, the login at the above dotted quad has been successful for a while.

For now this is the only issue that is critical. Anyone got any ideas?

Thank you all so very much for any help you can provide.

JPNOLL
 
mobo

· Registered
Joined
·
16,832 Posts
#2 ·
Please get Spybot S&D to clear out any spyware.
http://www.safer-networking.org/index.php?page=mirrors

Install the program and open it.

Before doing any scanning click Online and Search for Updates .
Put a check mark at and install all updates .
Click Check for Problems nd when the scan is finished have Spybot fix all it finds marked in red .

Then after reboot :
Download 'Hijack This! http://www.spychecker.com/program/hijackthis.html
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the " scan " button will change into a " save log " button.
Press that, save the log , load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
 
J

· Registered
Joined
·
5 Posts
Discussion Starter · #3 ·
Here is the log MOBO:

IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII

Logfile of HijackThis v1.97.7
Scan saved at 8:12:07 PM, on 3/28/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Iomg_NT\IoSecur.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PIXELA\PTP Manager\PixePtpManager.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS07
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/html/index.cfm?p=16&m=106
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.iquicksearch.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.rr.com/v5/home/0,1793,106,00.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {D97287B6-4018-4060-948D-54D2122FC5C3} - C:\PROGRA~1\COMMON~1\GSERVI~1\0002C00.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EasySpreadsheet2] C:\Program Files\EasyOffice\EasySpreadsheet2 -x
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - Global Startup: PTP Manager.lnk = C:\Program Files\PIXELA\PTP Manager\PixePtpManager.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/stop-sign_stp.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?1080399146125
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII
Thanks,

james
 
mobo

· Registered
Joined
·
16,832 Posts
#4 ·
Rescan and put a check next to each of these then close all browser windows and click "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.com/search.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS07

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.iquicksearch.com/search.htm

O2 - BHO: (no name) - {D97287B6-4018-4060-948D-54D2122FC5C3} - C:\PROGRA~1\COMMON~1\GSERVI~1\0002C00.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
 
J

· Registered
Joined
·
5 Posts
Discussion Starter · #6 ·
IT WORKED!! WOW!

I want to thank you so very much for all your help. I will definately make an contribution to your cause. This is a service that literally puts microsoft to shame! I will also tell others about this too. Again, thank you. I know where I am going for tech support - -- "THE TECH SUPPORT GUY!!!"

James Noll
:D

P.S., Sadly, I have much to learn! heh heh!
 
1 - 7 of 7 Posts
Status
Not open for further replies.
About this Discussion
6 Replies
2 Participants
Last post:
mobo
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top