Something is seriously wrong.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

onlykims

Thread Starter
Joined
Aug 14, 2003
Messages
104
A site that I visit regularly has moved servers a week ago. Now, I can only get onto the site every once in a while. Nobody else has this problem. It's only this one site. Nothing on the site's end (owner is a good friend of mine and she and a couple of others have been through it). Could it be something in my computer that is stopping me from getting through sometimes? I get page cannot be displayed/DNS error....I clear the cache and do the standard series of trouble shooting....I've even tried using Netscape instead of IE and same thing. It was getting better and I was getting the site every couple of hours instead of every 17 or so, but now it's getting worse again. Can it be a virus or something in my computer?
Thanks in advance for the help. I'm totally baffled at this point.
Kim
 
Joined
Jun 19, 2003
Messages
1,241
Hi onlykims,

How are you trying to connect up to the site. If from your favourites, it may be that the URL is wrong. Can you get to it by typing the address in the address bar of your browser?

Could you post a link to the site, and we can see if anyone else can connect, or if the problems are geographical, ie. a particular server could be down that you route through.

If the above ideas don't work, could you please download 'Hijack This!' from http://www.spywareinfo.com/files/hijackthis.zip
Unzip, doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, click "Save Log", and copy and paste it in a reply.

This will give us a rundown of what’s going on in your PC. One of us here will be glad to analyse it for you. Don’t fix anything yourself yet, as a lot of the stuff on that list will be harmless or required.

Cheers

Liam

Cheers

Liam
 
Joined
May 28, 2003
Messages
2,366
I'd do what e-laim suggested and just for fun, ping the site. I don't think there is a pest in your machine that will stop you from going to a site, many maybe, but not just one. It sounds more like a server problem to me.

You said your friend just moved server. I believe this 'new server' is the glich. For example, if it is a free server or low priced server, sometimes they draw many more clients thaen they can handle. The result is the "can not find" error.

Anyway, that's my view. :)

BillC
 

onlykims

Thread Starter
Joined
Aug 14, 2003
Messages
104
I've tried my link in fave's, I've replaced the link in fave's when I could get onto the site, I've typed in the URL. Same thing - it only lets me on when it feels like it. :) www.reptilerescue.on.ca is the URL. What BillC says sounds feasible, and I really hope it isn't the case. I'll find out who she is getting to host her site for her and maybe that'll tell us something. I'll try pinging the site when I can and can't get on and see if the results are different.

As for the Hijack This log....here you go:
Logfile of HijackThis v1.96.0
Scan saved at 10:10:04 AM, on 9/27/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\RedV Protector Suite\PopUpProtector\PopUpProtector.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\littleone\My Documents\My Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thatsracin.com/mld/thatsracin/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh304181.dll
O2 - BHO: (no name) - {9C777253-3E17-42d6-897A-11B8617A8F7C} - C:\Program Files\RedV Protector Suite\PopUpProtector\IELibTri.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E9407738-A996-421A-A309-5C93C699E10A} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Grokster\Grokster.exe /SYSTRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Popup & Privacy Defender for IE] "C:\Program Files\Popup & Privacy Defender for IE\pdie.exe" Minimize
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Startup: PopUpProtector.lnk = C:\Program Files\RedV Protector Suite\PopUpProtector\PopUpProtector.exe
O4 - Startup: Update Grokster.lnk = C:\Program Files\Grokster\WiseUpdt.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003050501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37687.6182175926
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

At this time I cannot gain access to the site and the ping result was: "Ping request could not find host www.reptilerescue.on.ca. Please check the name and try again."

This is the same error that Netscape was giving me and I get page cannot be displayed.
Kim
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
there is a lot of crud in your log that causes all sorts of problems and I will advise on that a bit later

But the problem is most likely with your ISP which I assume is MSN broadband.

Either MSN are extremely slow in updating their DNS database or they do not recognise the non standard .on.ca domain

a sam spade lookup/trace gives dns errors and a non recognised TLD
 

onlykims

Thread Starter
Joined
Aug 14, 2003
Messages
104
Your last comment was about as clear as Mississippi mud to me. :) No, I don't use MSN - I used to work for them...I'm not silly enough to use them as an ISP - and they aren't in Canada and that's where I am. ;) I use Shaw cable. How is it possible that they haven't updated their DNS if I can gain access sometimes? I shouldn't be able to gain access to the site at all if they haven't updated, correct? They never had an issue with the .on.ca before the rescue site moved to a different server.
Kim
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Some ISps use several DNS servers and it can take 72 hours or more for all the servers to have the updated information. I assume that is the problem, sometimes you hit a dns server that has been updated and sometimes you don't.

I was assuming you used MSn/M$ broadband because of this entry in your log which is running at start up
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
 

onlykims

Thread Starter
Joined
Aug 14, 2003
Messages
104
That's there because I run through a Microsoft Broadband router. :) The ISP thing makes sense only until you remember that this site changed servers over a week ago. I believe the date was the 20th of Sept that she moved the site. The servers should all have been updated by now, no? I'm sending Shaw an email to see what they say about it.
Now about this "crud" in my system...... :)
Thanks
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Kontiki & SRNG are known spyware and grokster especially the autoupdate part you have running frequently downloads spyware & other bandwith hogging scumware

download AdAware 6 181
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

then......

click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

then.........

go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and tick "Automaticly try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"

then...... click "proceed" to save your settings.

Now to scan it´s just to click the "Scan" button.

When scan is finished, mark everything for removal and get rid of it.

then
Download Spybot - Search & Destroy from http://security.kolla.de

After installing, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.


then post a new hijackthis log to check what is left
 

onlykims

Thread Starter
Joined
Aug 14, 2003
Messages
104
I run ad-aware and spy-bot regularly and they haven't come up with anything. I just ran them again, after clearing the cache, and nothing.
Kim
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
are you sure you are updating spybot & adaware because both usually remove shopnav(SRNG), which is a known hijacker
O4 - HKLM\..\Run: [srng] \Program Files\Srng\Srng.exe
 

onlykims

Thread Starter
Joined
Aug 14, 2003
Messages
104
I'm positive. I keep those programs up-to-date all the time and I run them a couple times a day. I'll go and do it again - but I did it 3 times after your last post and still nothing.
Kim
 

onlykims

Thread Starter
Joined
Aug 14, 2003
Messages
104
I need some serious help with this system before I lose it. It hasn't been right since I made the mistake of upgrading it. I can usually get it to run OK, but today it's not. SpyBot will not open for me. It binds up and I have to end the program and send the error report. Ad-aware will run and found a bunch of things (73 to be exact). I had to uninstall and reinstall both programs to get anything to work. After running Ad-aware, my Yahoo IM icon will not appear in the systray, I keep getting pop-ups that I haven't had in months (mysearchbar or something like that). I tried getting help once before...I posted my HJT log and was told to run Spy Bot and Ad-Aware to get rid of a couple things on there, but neither of the programs actually removed anything (snrg was one of the things it's supposed to remove and doesn't for me). When I said that happened, I didn't receive any responses. When I try to get a web page up, it takes a good 2 mins - I feel like I'm on dial-up with a pentiumI system. I'm running Windows XP home, NAV. System is XP1800 chip with a broadband connection - waiting for web pages is not something I do. In order to get the security threads to show I had to refresh with the control key.
Would somebody please help me get this thing working right? I would so appreciate it since I'm trying to run a company with this machine and it's getting really difficult.
Kim
 

bassetman

Moderator (deceased) - Gone but never forgotten
Joined
Jun 7, 2001
Messages
47,973
Hate to jump on this thread Derek, but I just discovered I have a S&D problem too and none of the suggestions on your link have fixed it. :(
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top