Jump to content


Photo

Certain websites not loading


  • This topic is locked This topic is locked
14 replies to this topic

#1 Jakemainstreet

Jakemainstreet

    Member

  • New Member
  • Pip
  • 3 posts

Posted 12 June 2004 - 04:08 PM

Just in the past few days, my browser (IE v. 6.0) has stopped loading certain websites: cnn.com, villagevoice.com, freshdirect.com are the three I've discovered so far. Google also has problems loading, but only when I first boot up my computer: mysteriously, it begins loading if I close and reopen IE, but none of the other websites do.

I've been on tech support with Earthlink (my ISP) five times. I've emptied my internet caches, checked for adware and spyware using Adaware (using the latest updates), checked for viruses (using the latest updates), released and renewed my IP configuration, reset my browser settings, reloaded my TCP/IP, run an SFC scan, run regsvr32 on various files, updated Windows and IE, rebooted, cold booted, thrown my hands up in the air, etc. These certain websites are still not loading.

The reason I suspect it might be a worm is because it happened so suddenly, without me changing virtually anything on my computer. This sites had been working fine earlier this week. Also, even though I've run Adaware a half a dozen times and have my pop-up blocker turned on, I'm still sometimes getting pop-up ads at very tame, mainstream websites than don't normally give me popups.

As a last measure, I've downloaded and run HiJackThis. Here's my log file:

Logfile of HijackThis v1.97.7
Scan saved at 4:53:30 PM, on 6/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TDispVol.exe
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Bradley C. Phillips\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macrom...tor/cabs/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7877.4485763889
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

I'm no expert, but I don't see anything unusual. Can anyone help? I'm desperate.

#2 Jakemainstreet

Jakemainstreet

    Member

  • New Member
  • Pip
  • 3 posts

Posted 12 June 2004 - 04:11 PM

I forgot to say --

I can get the addresses of the problem sites in CMD by using nslookup, but pings always time out. Pings to sites that are working fine (most sites) are successful.

#3 Jeeves453

Jeeves453

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 12 June 2004 - 06:55 PM

i have the same problem i think...... http://cube.ign.com doesnt show me any pictures and http://www.ubi.com doesnt work at all..........i dunno what to do!!

Edited by Jeeves453, 12 June 2004 - 06:56 PM.


#4 Jakemainstreet

Jakemainstreet

    Member

  • New Member
  • Pip
  • 3 posts

Posted 12 June 2004 - 07:34 PM

Also, ALL of the problem sites seem to have an IP address that starts with 64, whatever that means.

#5 prosp

prosp

    Member

  • New Member
  • Pip
  • 2 posts

Posted 18 July 2004 - 10:01 AM

I seem to be having the same problem as other people on this thread. What caught my eye was the fact that the webisites that I could not access also started ip address 64.

Any help would be greatly appreciated! (I hope this has not been answered elsewhere. I tried to do a search but since "64" is only 2 characters I could not run that search)

#6 Master Green

Master Green

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 19 July 2004 - 08:52 AM

Hi,
Let's see if we can chip away at this...When I have done troubleshooting on computers and have come across this, I was more fortunate to get rid of it.

So the first thing I would ask you to look at is, go to control panel, tools, internet options and see what's there as your home page. What's there might give us a clue as to who the bad boy is.

The second suggestion is, disable system restore and run your virus scan.

The third suggestion is, go to www.CWShredder.com "if you can" and run it (I do beleive you can get a free version to run).

Keep us posted...

#7 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 19 July 2004 - 11:55 AM

Your log looks pretty clean, however there is one entry that I am unsure about. I have consulted with the other Helpers and Experts and they would like to analyze the file to make sure that it is not malicious.

Please send the following file to this e-mail: grinler@yahoo.com
C:\WINDOWS\System32\TDispVol.exe
You might have to set your computer to show hidden files.

I also suspect that the problem could be with your hosts file.

Run notepad and open the following file C:\WINDOWS\SYSTEM32\DRIVERS\etc\HOSTS, post the contents of this file here.

Grinler also suggests that you download and try firefox and see if you still experience the problem using firefox.

Edited by Trilobite, 19 July 2004 - 02:59 PM.


#8 prosp

prosp

    Member

  • New Member
  • Pip
  • 2 posts

Posted 19 July 2004 - 07:32 PM

Master Green - I have news.google.com as my homepage. I ran CWShredder and my system was completely clean.

Where do I go from here??

TIA

#9 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 20 July 2004 - 08:47 AM

prosp,
Please start a new topic of your own.

#10 Master Green

Master Green

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 21 July 2004 - 06:07 AM

Hi,
I'm not so sure it should say news.google.com...Try just putting in www.google.com, click apply and ok...Reboot and see if that changes anything. If not then we are going to go into the same area, except clicking on Internet Options we are going to click on Accounts and see whats there, maybe a few changes needs to be done, maybe not...

#11 Charlesvar

Charlesvar

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 21 July 2004 - 07:05 PM

The second suggestion is, disable system restore and run your virus scan.

Master Green,

IMHO bad advice. As you know, this deletes all the SR points which shouldn't be done untill known whether there is a virus infection and the infection has been successfully cleaned out - not beforehand. If a virus is present in the System Volume File, it is inert and will do no harm unless restored.

If anything goes seriously wrong with removal, "escape" is foreclosed. Time enough to delete the points afterwards.

Regards - Charles

#12 Master Green

Master Green

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 21 July 2004 - 09:12 PM

Hi,
I'm not so sure about bad advice...But rather than get into the debate as why it's the road I would travel, I will leave those who wish to assist the option to rise and shine. I'm moving on...

#13 Charlesvar

Charlesvar

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 21 July 2004 - 09:44 PM

Master Green, sorry if I offended you, but those that give advice ought to give a rational for it, especially if the consequences of that advice is potentially serious.

Regards - Charles

#14 WIZARD826

WIZARD826

    The Shizworker

  • Full Member
  • Pip
  • 8 posts

Posted 21 July 2004 - 11:09 PM

when i try to go to cwshredder.com it says that its blocked becuz of the HOSTS file wut does this mean?

#15 Charlesvar

Charlesvar

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 22 July 2004 - 12:39 AM

Hello WIZARD826,

What OS?

The Hosts file locations for the following OSes:

Windows 95/98/Me c:\windows\hosts

Windows NT/2000/XP Pro c:\winnt\system32\drivers\etc\hosts

Windows XP Home c:\windows\system32\drivers\etc\hosts

(you may need administrator access for Windows NT/2000/XP)

NOTE: Hosts is the name of the hosts file and not another directory (Folder) name. It does not have an extension (extensions are the .exe, .txt, .doc, etc. endings to filenames) and so appears to be another directory in the example above.

After you've found it, look for an entry that has cwshredder.com in it. Delete it. That should allow access.

Regards - Charles

EDIT: You can download CWSHredder here as a zip or execute - http://radiosplace.com/

The downloads are on the left - the blue bars.

Edited by Charlesvar, 22 July 2004 - 12:56 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button