1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Something is seriously wrong.

Discussion in 'Virus & Other Malware Removal' started by onlykims, Sep 27, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. onlykims

    onlykims Thread Starter

    Joined:
    Aug 14, 2003
    Messages:
    104
    A site that I visit regularly has moved servers a week ago. Now, I can only get onto the site every once in a while. Nobody else has this problem. It's only this one site. Nothing on the site's end (owner is a good friend of mine and she and a couple of others have been through it). Could it be something in my computer that is stopping me from getting through sometimes? I get page cannot be displayed/DNS error....I clear the cache and do the standard series of trouble shooting....I've even tried using Netscape instead of IE and same thing. It was getting better and I was getting the site every couple of hours instead of every 17 or so, but now it's getting worse again. Can it be a virus or something in my computer?
    Thanks in advance for the help. I'm totally baffled at this point.
    Kim
     
  2. e-liam

    e-liam

    Joined:
    Jun 19, 2003
    Messages:
    1,242
    Hi onlykims,

    How are you trying to connect up to the site. If from your favourites, it may be that the URL is wrong. Can you get to it by typing the address in the address bar of your browser?

    Could you post a link to the site, and we can see if anyone else can connect, or if the problems are geographical, ie. a particular server could be down that you route through.

    If the above ideas don't work, could you please download 'Hijack This!' from http://www.spywareinfo.com/files/hijackthis.zip
    Unzip, doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, click "Save Log", and copy and paste it in a reply.

    This will give us a rundown of what’s going on in your PC. One of us here will be glad to analyse it for you. Don’t fix anything yourself yet, as a lot of the stuff on that list will be harmless or required.

    Cheers

    Liam

    Cheers

    Liam
     
  3. BillC

    BillC

    Joined:
    May 28, 2003
    Messages:
    2,366
    I'd do what e-laim suggested and just for fun, ping the site. I don't think there is a pest in your machine that will stop you from going to a site, many maybe, but not just one. It sounds more like a server problem to me.

    You said your friend just moved server. I believe this 'new server' is the glich. For example, if it is a free server or low priced server, sometimes they draw many more clients thaen they can handle. The result is the "can not find" error.

    Anyway, that's my view. :)

    BillC
     
  4. onlykims

    onlykims Thread Starter

    Joined:
    Aug 14, 2003
    Messages:
    104
    I've tried my link in fave's, I've replaced the link in fave's when I could get onto the site, I've typed in the URL. Same thing - it only lets me on when it feels like it. :) www.reptilerescue.on.ca is the URL. What BillC says sounds feasible, and I really hope it isn't the case. I'll find out who she is getting to host her site for her and maybe that'll tell us something. I'll try pinging the site when I can and can't get on and see if the results are different.

    As for the Hijack This log....here you go:
    Logfile of HijackThis v1.96.0
    Scan saved at 10:10:04 AM, on 9/27/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\RedV Protector Suite\PopUpProtector\PopUpProtector.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\littleone\My Documents\My Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thatsracin.com/mld/thatsracin/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh304181.dll
    O2 - BHO: (no name) - {9C777253-3E17-42d6-897A-11B8617A8F7C} - C:\Program Files\RedV Protector Suite\PopUpProtector\IELibTri.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {E9407738-A996-421A-A309-5C93C699E10A} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [srng] \Program Files\Srng\Srng.exe
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Grokster\Grokster.exe /SYSTRAY
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Popup & Privacy Defender for IE] "C:\Program Files\Popup & Privacy Defender for IE\pdie.exe" Minimize
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - Startup: PopUpProtector.lnk = C:\Program Files\RedV Protector Suite\PopUpProtector\PopUpProtector.exe
    O4 - Startup: Update Grokster.lnk = C:\Program Files\Grokster\WiseUpdt.exe
    O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
    O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
    O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003050501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37687.6182175926
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

    At this time I cannot gain access to the site and the ping result was: "Ping request could not find host www.reptilerescue.on.ca. Please check the name and try again."

    This is the same error that Netscape was giving me and I get page cannot be displayed.
    Kim
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
    there is a lot of crud in your log that causes all sorts of problems and I will advise on that a bit later

    But the problem is most likely with your ISP which I assume is MSN broadband.

    Either MSN are extremely slow in updating their DNS database or they do not recognise the non standard .on.ca domain

    a sam spade lookup/trace gives dns errors and a non recognised TLD
     
  6. onlykims

    onlykims Thread Starter

    Joined:
    Aug 14, 2003
    Messages:
    104
    Your last comment was about as clear as Mississippi mud to me. :) No, I don't use MSN - I used to work for them...I'm not silly enough to use them as an ISP - and they aren't in Canada and that's where I am. ;) I use Shaw cable. How is it possible that they haven't updated their DNS if I can gain access sometimes? I shouldn't be able to gain access to the site at all if they haven't updated, correct? They never had an issue with the .on.ca before the rescue site moved to a different server.
    Kim
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
    Some ISps use several DNS servers and it can take 72 hours or more for all the servers to have the updated information. I assume that is the problem, sometimes you hit a dns server that has been updated and sometimes you don't.

    I was assuming you used MSn/M$ broadband because of this entry in your log which is running at start up
    C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
     
  8. onlykims

    onlykims Thread Starter

    Joined:
    Aug 14, 2003
    Messages:
    104
    That's there because I run through a Microsoft Broadband router. :) The ISP thing makes sense only until you remember that this site changed servers over a week ago. I believe the date was the 20th of Sept that she moved the site. The servers should all have been updated by now, no? I'm sending Shaw an email to see what they say about it.
    Now about this "crud" in my system...... :)
    Thanks
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
    Kontiki & SRNG are known spyware and grokster especially the autoupdate part you have running frequently downloads spyware & other bandwith hogging scumware

    download AdAware 6 181
    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

    Then ........

    Make sure the following settings are made and on -------"ON=GREEN"
    From main window :Click "Start" then " Activate in-depth scan"

    then......

    click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

    then.........

    go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and tick "Automaticly try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"

    then...... click "proceed" to save your settings.

    Now to scan it´s just to click the "Scan" button.

    When scan is finished, mark everything for removal and get rid of it.

    then
    Download Spybot - Search & Destroy from http://security.kolla.de

    After installing, first press Online, and search for, put a check mark at, and install all updates.
    Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.


    then post a new hijackthis log to check what is left
     
  10. onlykims

    onlykims Thread Starter

    Joined:
    Aug 14, 2003
    Messages:
    104
    I run ad-aware and spy-bot regularly and they haven't come up with anything. I just ran them again, after clearing the cache, and nothing.
    Kim
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
    are you sure you are updating spybot & adaware because both usually remove shopnav(SRNG), which is a known hijacker
    O4 - HKLM\..\Run: [srng] \Program Files\Srng\Srng.exe
     
  12. onlykims

    onlykims Thread Starter

    Joined:
    Aug 14, 2003
    Messages:
    104
    I'm positive. I keep those programs up-to-date all the time and I run them a couple times a day. I'll go and do it again - but I did it 3 times after your last post and still nothing.
    Kim
     
  13. onlykims

    onlykims Thread Starter

    Joined:
    Aug 14, 2003
    Messages:
    104
    I need some serious help with this system before I lose it. It hasn't been right since I made the mistake of upgrading it. I can usually get it to run OK, but today it's not. SpyBot will not open for me. It binds up and I have to end the program and send the error report. Ad-aware will run and found a bunch of things (73 to be exact). I had to uninstall and reinstall both programs to get anything to work. After running Ad-aware, my Yahoo IM icon will not appear in the systray, I keep getting pop-ups that I haven't had in months (mysearchbar or something like that). I tried getting help once before...I posted my HJT log and was told to run Spy Bot and Ad-Aware to get rid of a couple things on there, but neither of the programs actually removed anything (snrg was one of the things it's supposed to remove and doesn't for me). When I said that happened, I didn't receive any responses. When I try to get a web page up, it takes a good 2 mins - I feel like I'm on dial-up with a pentiumI system. I'm running Windows XP home, NAV. System is XP1800 chip with a broadband connection - waiting for web pages is not something I do. In order to get the security threads to show I had to refresh with the control key.
    Would somebody please help me get this thing working right? I would so appreciate it since I'm trying to run a company with this machine and it's getting really difficult.
    Kim
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
  15. bassetman

    bassetman Moderator (deceased) - Gone but never forgotten

    Joined:
    Jun 7, 2001
    Messages:
    47,973
    Hate to jump on this thread Derek, but I just discovered I have a S&D problem too and none of the suggestions on your link have fixed it. :(
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Something seriously wrong
  1. KVP
    Replies:
    38
    Views:
    2,989
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/170991

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice