• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Jakemainstreet

Certain websites not loading

15 posts in this topic

Just in the past few days, my browser (IE v. 6.0) has stopped loading certain websites: cnn.com, villagevoice.com, freshdirect.com are the three I've discovered so far. Google also has problems loading, but only when I first boot up my computer: mysteriously, it begins loading if I close and reopen IE, but none of the other websites do.

 

I've been on tech support with Earthlink (my ISP) five times. I've emptied my internet caches, checked for adware and spyware using Adaware (using the latest updates), checked for viruses (using the latest updates), released and renewed my IP configuration, reset my browser settings, reloaded my TCP/IP, run an SFC scan, run regsvr32 on various files, updated Windows and IE, rebooted, cold booted, thrown my hands up in the air, etc. These certain websites are still not loading.

 

The reason I suspect it might be a worm is because it happened so suddenly, without me changing virtually anything on my computer. This sites had been working fine earlier this week. Also, even though I've run Adaware a half a dozen times and have my pop-up blocker turned on, I'm still sometimes getting pop-up ads at very tame, mainstream websites than don't normally give me popups.

 

As a last measure, I've downloaded and run HiJackThis. Here's my log file:

 

Logfile of HijackThis v1.97.7

Scan saved at 4:53:30 PM, on 6/12/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\mcshield.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\System32\TFNF5.exe

C:\WINDOWS\System32\TPWRTRAY.EXE

C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\System32\TDispVol.exe

C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\toshiba\ivp\ism\pinger.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Documents and Settings\Bradley C. Phillips\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE

O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7877.4485763889

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

I'm no expert, but I don't see anything unusual. Can anyone help? I'm desperate.

Share this post


Link to post
Share on other sites

I forgot to say --

 

I can get the addresses of the problem sites in CMD by using nslookup, but pings always time out. Pings to sites that are working fine (most sites) are successful.

Share this post


Link to post
Share on other sites

I seem to be having the same problem as other people on this thread. What caught my eye was the fact that the webisites that I could not access also started ip address 64.

 

Any help would be greatly appreciated! (I hope this has not been answered elsewhere. I tried to do a search but since "64" is only 2 characters I could not run that search)

Share this post


Link to post
Share on other sites

Hi,

Let's see if we can chip away at this...When I have done troubleshooting on computers and have come across this, I was more fortunate to get rid of it.

 

So the first thing I would ask you to look at is, go to control panel, tools, internet options and see what's there as your home page. What's there might give us a clue as to who the bad boy is.

 

The second suggestion is, disable system restore and run your virus scan.

 

The third suggestion is, go to www.CWShredder.com "if you can" and run it (I do beleive you can get a free version to run).

 

Keep us posted...

Share this post


Link to post
Share on other sites

Your log looks pretty clean, however there is one entry that I am unsure about. I have consulted with the other Helpers and Experts and they would like to analyze the file to make sure that it is not malicious.

 

Please send the following file to this e-mail: grinler@yahoo.com

C:\WINDOWS\System32\TDispVol.exe

You might have to set your computer to show hidden files.

 

I also suspect that the problem could be with your hosts file.

 

Run notepad and open the following file C:\WINDOWS\SYSTEM32\DRIVERS\etc\HOSTS, post the contents of this file here.

 

Grinler also suggests that you download and try firefox and see if you still experience the problem using firefox.

Edited by Trilobite

Share this post


Link to post
Share on other sites

Master Green - I have news.google.com as my homepage. I ran CWShredder and my system was completely clean.

 

Where do I go from here??

 

TIA

Share this post


Link to post
Share on other sites

Hi,

I'm not so sure it should say news.google.com...Try just putting in www.google.com, click apply and ok...Reboot and see if that changes anything. If not then we are going to go into the same area, except clicking on Internet Options we are going to click on Accounts and see whats there, maybe a few changes needs to be done, maybe not...

Share this post


Link to post
Share on other sites
The second suggestion is, disable system restore and run your virus scan.

 

Master Green,

 

IMHO bad advice. As you know, this deletes all the SR points which shouldn't be done untill known whether there is a virus infection and the infection has been successfully cleaned out - not beforehand. If a virus is present in the System Volume File, it is inert and will do no harm unless restored.

 

If anything goes seriously wrong with removal, "escape" is foreclosed. Time enough to delete the points afterwards.

 

Regards - Charles

Share this post


Link to post
Share on other sites

Hi,

I'm not so sure about bad advice...But rather than get into the debate as why it's the road I would travel, I will leave those who wish to assist the option to rise and shine. I'm moving on...

Share this post


Link to post
Share on other sites

Master Green, sorry if I offended you, but those that give advice ought to give a rational for it, especially if the consequences of that advice is potentially serious.

 

Regards - Charles

Share this post


Link to post
Share on other sites

Hello WIZARD826,

 

What OS?

 

The Hosts file locations for the following OSes:

 

Windows 95/98/Me c:\windows\hosts

 

Windows NT/2000/XP Pro c:\winnt\system32\drivers\etc\hosts

 

Windows XP Home c:\windows\system32\drivers\etc\hosts

 

(you may need administrator access for Windows NT/2000/XP)

 

NOTE: Hosts is the name of the hosts file and not another directory (Folder) name. It does not have an extension (extensions are the .exe, .txt, .doc, etc. endings to filenames) and so appears to be another directory in the example above.

 

After you've found it, look for an entry that has cwshredder.com in it. Delete it. That should allow access.

 

Regards - Charles

 

EDIT: You can download CWSHredder here as a zip or execute - http://radiosplace.com/

 

The downloads are on the left - the blue bars.

Edited by Charlesvar

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0