Status
Not open for further replies.
1 - 20 of 20 Posts

#### Rbaby86

·
##### Registered
Joined
·
11 Posts
Discussion Starter · ·
For the last four days my websites have been acting oddly. Half of them I can get on and the other half keep coming up with Page cannot be displayed messages/ cannot find server messages.

Some sites I can still access but have no access to msn, xanga, and a bunch of others.

My friends on campus can still access these so it cant be the network

#### deepdiver01

·
##### Registered
Joined
·
738 Posts
Every time this happens to me, there is some malware that has gotten into the system.

Run a spyware and/or antivirus scan and see what it comes up with.

If you are unsure of which programs to use, check out some other threads in TSG. There is a heap of great sugestions in here.

Or perhaps your security options in IE have changed. Open IE, go to tools>internet options. Check your "security" and "privacy" settings, and see if they are set above medium. (My settings, firewalls and guardians are now so touchy, they even block some images here in TSG). Then go to advanced and I suggest you click "restore defaults" to get you explorer back to original settings.

Good luck.

#### flavallee

·
Joined
·
86,016 Posts
Rbaby86:

Download and install Ad-Aware SE Personal 1.05 and Spybot - Search & Destroy 1.3. Run their update function afterwards. Run a scan and delete everything that Ad-Aware finds and delete everything in red that Spybot finds.

Download and unzip HijackThis 1.99.0 into a folder that you create for it. Run a scan, save the log in Notepad, then post the entire contents of the log here.

You can download all 3 utilities from the spyware tools section at http://www.majorgeeks.com.

#### Rbaby86

·
##### Registered
Joined
·
11 Posts
Discussion Starter · ·
I dont want to download anything onto the comp, I have all the virus and spyware stuff and it is all coming up negative, theres nothing on the comp i just cant access certain sites, it wouldnt be a big deal if it wasnt my online journal which keeps me connected to friends back home and my banking.
Any ideas?

#### Rollin' Rog

·
##### Registered
Joined
·
46,025 Posts
If you don't want to post a HijackThis scanlog and don't want to download anything, the only thing I can suggest for you is to do a search for a file named hosts with NO extension (not hosts.sam).

If you find one, just rename it ghosts

#### flavallee

·
Joined
·
86,016 Posts
You have what spyware stuff?

An antivirus program is not going to find and delete spyware, malware, browser hijackers, etc.. That's what programs like AD-AWARE and SPYBOT are for.

HIJACKTHIS allows us to see what running processes are in your computer and if any "nasties" are hiding.

All 3 of these programs should be a "must have" in every computer.

If you're not willing to make use of these programs, there's not much we can do for you.

#### Marrion

·
##### Registered
Joined
·
7 Posts
I found several files named "hosts" should I rename them all?

#### Rollin' Rog

·
##### Registered
Joined
·
46,025 Posts
Are you the same person, or a different one having the same problem?

The only one that may need renaming is the one that does not have an extension.

The file is not used by default but can be used to associate IPs and Domain Names. Some web accelerators use it, but Hijackers do it also. When the IPs get changed you get DNS errors.

They can be opened in Notepad for viewing if you want to check.

A default hosts file will look like this:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
If there is anything UNDER this last entry, it is not the default.

#### Rbaby86

·
##### Registered
Joined
·
11 Posts
Discussion Starter · ·
That is a different person.
I still don't know how to fix mine, and I do not understand how downloading a bunch of programs will help, it is not like I cannot access any websites, it is just two simple websites that I would like to be able to access to do my banking and keep up with my friends.

I just don't understand because nothing on my computer has changed except that right before this happened the network at school had gone down, but it is up again. Could that be the cause of my problem?

#### Rollin' Rog

·
##### Registered
Joined
·
46,025 Posts
I can't assure you that downloading anything will help. But for starters we need to know what's really there -- just like a doctor taking an Xray. Antivirus and spyware detection programs often miss things.

One of the things they miss is alterations to the HOSTS file because that can be used for legitimate purposes and they cannot determine whehter an IP association there is valid.

Give us a HijackThis Scanlog and let us know the urls you are having trouble with so we can verify connectivity ourselves. If you know the IPs for these addresses give us those. If you don't, try this:

Open a command prompt (start > run: command and try entering:

ping www.blabla.com

where "blabla.com" is the domain you are trying to access.

See what IP is returned from that address and try entering it directly in the address bar.

For example if you ping www.techguy.org you will get:

24.137.12.208

enter that in the Address bar, and here you are.

Did you look at your Hosts file?

And yes, you could have configuration problems with your School network if that is what you are connecting through. You will have to contact them for help.

#### Rbaby86

·
##### Registered
Joined
·
11 Posts
Discussion Starter · ·
Is this what I am supposed to post from Hijack this?

And for the sites I can't acces, xanga.com ip 209.66.88.13
members1st.org, not sure of ip and i think msn.com some others possibly but not that I use

Logfile of HijackThis v1.99.0
Scan saved at 2:14:23 PM, on 2/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\AWS\WeatherBug\Weather.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Danielle\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak01.pictures.aol.com/ygp/aol/plugin/screensaver/YGPPicScreensaver.en-US.9.1.6.20.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown - C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe (file missing)

Thank you all for all the help

#### flavallee

·
Joined
·
86,016 Posts
Rbaby86:

Thanks for finally posting a HijackThis log. :up:

----------------------------------------------------------------

As I suspected, your computer has too many unnecessary programs loading during startup and running in the background. This will cause a longer startup time, drain system resources, sap performance, and increase the risk of error messages and freezes. :down:

----------------------------------------------------------------

Before we work on reducing the startup load, however, let's have someone more knowledgeable than me with Hijackthis logs assist you in fixing it and getting rid of any "nasties".

There are some entries though that I see that you can fix. Run another scan with HijackThis, place a checkmark in the following, then click "Fix Checked":

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

----------------------------------------------------------------

Have you installed and updated and run a scan yet with AD-AWARE and SPYBOT? I see Wild Tangent among the startup list, and SPYBOT would've found that one.

---------------------------------------------------------------

#### Rbaby86

·
##### Registered
Joined
·
11 Posts
Discussion Starter · ·
yes I did those after I posted last time so thats all done

#### Rollin' Rog

·
##### Registered
Joined
·
46,025 Posts
HijackThis should be moved to a permanent folder before it is used to do anything. That way backups can be reliably restored if necessary.

I see no malware in the log that should be an issue.

One legitimate program that from time to time is responsible for blocking access is Norton Internet Security. I would recommend disabling it for a test.

You can also configure it, I believe, to ensure the domains involved are not blocked.

http://service1.symantec.com/SUPPOR...85256ede00518dfb?OpenDocument&src=bar_sch_nam

I can't get to xanga by way of the IP addresses either. However www.xanga.com does work for me.

Also I can connect to members1st.org using:

http://64.9.49.132/

or

http://www.members1st.org/

Sometimes these issues resolve themselves after a few days due to ISPs caching of domains needing to be updated when they are changed.

#### Rbaby86

·
##### Registered
Joined
·
11 Posts
Discussion Starter · ·
Ok, thank you all for all the help that you have been, I guess it might just be the network because I am still not able to access these sites, although all the other comps on campus can access them. Who knows. But thanks for your help all the more.

God Bless and God Speed,
Dani

#### Rollin' Rog

·
##### Registered
Joined
·
46,025 Posts
You're welcome for the help, but you really haven't given me any feedback on whether you have tried disabling Norton Internet Security, or verified the integrity of the Hosts file. You may also be using lmhosts which is used in some LAN configurations.

If you are connecting through a broadband modem you should try unplugging the power to it after shutting down -- to clear its cache.

And if you haven't done this, open Internet Options and clear the Temporary Internet Cache, offline content, history and cookies.

#### Rbaby86

·
##### Registered
Joined
·
11 Posts
Discussion Starter · ·
yea i did try it all, still no luck

#### Rollin' Rog

·
##### Registered
Joined
·
46,025 Posts
Actually I just noticed you have Windows XP SP2 (you posted in the wrong forum).

Have you tried doing a System Restore to a date prior to the problem? Be advised any installed software since then, that you want to keep will have to be reinstalled.

Before doing this, you might also want to try the XP Winsock repair. Damage to Winsock registry keys can be a source of such problems.

http://www.spychecker.com/program/winsockxpfix.html

#### Rbaby86

·
##### Registered
Joined
·
11 Posts
Discussion Starter · ·
oh, im sorry bout that, i didnt realize it was the wrong forum, and i tried system restore and the comp wont let me onto that link

#### Rollin' Rog

·
##### Registered
Joined
·
46,025 Posts
Well if System Restore completed successfully to a date you know to be prior to the problem, it would have fixed any Winsock issues and virtually any XP or IE "system issue" that might be involved.

That leaves only two issues I think: the ISP you are using and hardware problems.

Since you are connecting through a School network, they may have some help available there in stepping you through the configuration issues that might be involved.

If the problem is widespread, not just a few sites, I have to think that what you are having now is a hardware problem. If you have any external routers you might try bypassing them, and check any cables. If the networking card is one you have installed it may be worthwhile to reseat it.

By the way, this entry indicates thay you are, or were, using a Wireless connection:

O23 - Service: WLTRYSVC - Unknown - C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe (file missing)

The file c:\WINDOWS\System32\bcmwltry.exe is NOT missing, this is a HijackThis error. However I can't verify C:\WINDOWS\System32\WLTRYSVC.EXE

I would definitely troubleshoot this problem by bypassing any unnecessary hardware and connecting as directly as possible to your cable or dsl line.

1 - 20 of 20 Posts
Status
Not open for further replies.