Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 42
  1. #11
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington
    Hi Carla,

    Don't run HijackThis FIRST. Save it for later. Let's see what we can get rid of using some tools first

    Moissonite has given you a link to SpyBot Search and Destroy. Get that first, and run its update program. Then boot into safe mode and delete what it finds.

    I will get back to you with a couple of other ideas.





    Update them and run them in safe mode as well. OH............SwatIT takes a long time but is very thorough.

    Then try CWShredder.............I will post the link in a moment


  2. #12
    Join Date
    Aug 2004
    Actually on hindsight my fellow Brit, nihil, is right (even if he is from Bridlington )

    Leave the HijackThis until last.

    I still have painful memories of friends killing their net connections while irradicating an essential link to their modem/ISP after using HT.

    It's a great little program - but can go very wrong if your not entirely sure what should and should not be there.

    Just think - you may lose all contact with us - then you WOULD have something to cry about
    # Now if I ever needed inspiration,
    Right about now where I lose my patience,

  3. #13
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington

    I get quite a few with lots of spy/ad ware on them (kids with P2P and the like ) I find it easier to use the tools then HJT to sort out the rest.

    Too lazy to remove over a hundred by hand


  4. #14
    Senior Member
    Join Date
    Oct 2001
    It could be that your ISP really f*ked up their DNS entries. Or maybe implemented an IP-range block for AltaVista's IP block. I know for a fact that my ISP is really slow at updating their DNS entries and they also implement specific IP blocks. Like I can't visit my highschool's website from home and I can't visit my home server from my highschool. Although with proxies I can do so no problem. I'm going to complain to them about it some time soon...

    Anyways, to see if the address is being resolved, you should try Ping-ing altavista. The Ping is a level 8 ICMP packet that contains a random string (usually "ABCDEFGHIJKLMNOP" that repeats for the length indicated) and that gets a reply of the same random string from the destination computer. (The ping of death that is mentioned on the main page recently is just a ping that has an illegally long random string of over 65500 characters that some computers don't have the ability to deal with)

    Open up Command Prompt on your compter by going to Start -> Run -> Type in "CMD" (For Windows XP/2K/NT) -- a black box should appear. Type in the bolded parts:

    C:\Documents and Settings\UserName>ping www.altavista.com
    Pinging avatw.search.yahoo2.akadns.net [] with 32 bytes of data:
    Reply from bytes=32 time=32ms TTL=243
    Reply from bytes=32 time=47ms TTL=243
    Reply from bytes=32 time=47ms TTL=243
    Reply from bytes=32 time=47ms TTL=243
    Ping statistics for
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 32ms, Maximum =  47ms, Average =  43ms
    C:\Documents and Settings\UserName>
    You should get an IP address that is similar to mine above. If you get some sort of message like "Request timed out." then something is blocking your attempts to connect. Like your computer's firewall or your ISP's firewall. If you get "Unknown host www.altavista.com." then your ISP's DNS is messed up. You'd need to find another DNS server to use, or you could edit your hosts file to point to the IP I have above.

    Anyways, try that and tell us the results.

  5. #15
    Junior Member
    Join Date
    Oct 2004
    Hi Moissonite
    (and anyone else who knows what they are doing)

    I've taken you advice; downloaded and ran HijackThis.

    I'm posting my log file because though I've perused it, I cannot see anything in there that screams "I should not be here!" And so I am asking for some help in deteriming what is illegal and should be removed.

    Previously (to running HijackThis) I had downloaded and run Spybot and Adaware SE but I still could not access AltaVista.

    Here's my logfile. Let me know what you think.

    Logfile of HijackThis v1.98.2
    Scan saved at 7:19:49 AM, on 10/24/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\Dell\AccessDirect\DadTray.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
    c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\Hijack This\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.brandeis.edu/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.library.brandeis.edu/cache.pac
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Carla Harris Pascal\Application Data\Mozilla\Profiles\default\sksbz8qx.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Carla Harris Pascal\Application Data\Mozilla\Profiles\default\sksbz8qx.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
    O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06642396...p/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094744860468
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    Not Applicable

  6. #16
    Junior Member
    Join Date
    Oct 2004
    Jeez Guys and Gals I am such a novice I did not even realize there was a second page counselling me against HijackThis. Anyhow, no harm done. All I did was run it. I have not changed a thing. Just posted my log. I am now going to read the rest of your advice and see if I can progress on that. Will let you know how I get on.

    Please note that I have repeatedly run Spybot and Adaware SE from Lavasoft. Must be a hundred times (or close) - and it has not helped my problem.
    Not Applicable

  7. #17
    Junior Member
    Join Date
    Oct 2004
    OK Folks

    I've downloaded and run the following to no avail. They found nothing expect Spybot keeps finding the 5 DSO Exploit thingies which I've read are no issue.

    I also unistalled and reinstalled Norton and run it.
    It found nothing.

    I've run HijackThis and cannot say that I see anything dangerous (not that I would know), anyhow I posted my logfile to you for advice.

    No, I cannot access altavista from any site/direction/route, not even the last suggested possibility which was

    I appear to be able to access all other sites except AltaVista.

    Time_Axe suggested that my ISP could have interfered with AltaVista's DNS entries. Though I do not quite understand what this means, I find that strange since I was originally able to access AltaVista using the very same ISP.

    Tim_Axe sent me some stuff to type to "ping" altavista. I am not clear as to what I must type in. (DOES IT START FROM?) C:\Documents
    (AND END AT?) C:\Documents and Settings\UserName>

    Do I type in all the stuff in between? Could I just copy and paste the text into the black box that Tim_Axe says should appear when I am going to ping this thing? (and thus avoid mistakes?)

    Just want you to know that it's really great to have the support even if I haven't solved the problem...yet. I almost threw the laptop through the window yesterday before subscribing to this forum.
    Not Applicable

  8. #18
    Antionline Herpetologist
    Join Date
    Aug 2001
    This is all you have to type:
    If the output is something like this, then you have DNS issues. Just contact your ISP and tell them your problem.
    C:\Documents and Settings\cgkanchi> ping www.altavista.com
    Ping request could not find host www.altavista.com. Please check the name and try again.
    Otherwise, if it's something like this, you have other issues.
    C:\Documents and Settings\cgkanchi>ping altavista.com

    Pinging altavista.com [] with 32 bytes of data:

    Reply from bytes=32 time=317ms TTL=240
    Reply from bytes=32 time=317ms TTL=240
    Reply from bytes=32 time=316ms TTL=240
    Reply from bytes=32 time=315ms TTL=239

    Ping statistics for
    Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 315ms, Maximum = 317ms, Average = 316ms
    Also, could you just post the contents of your C:\Windows\System32\drivers\etc\hosts file (just open it in notepad and copy/paste it here), that's one possibility that hasn't been checked.

    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  9. #19
    Junior Member
    Join Date
    Oct 2004
    Hey Cgkanchi

    Thanx! I've 'pinged'.
    The result was this and I guess it means that my ping was not successful.

    Pinging avatw.search.yahoo2.akadns.net [] with 32 bytes of data:
    Request timed out.
    Request timed out.
    Request timed out.
    Ping statistics for
    Packers: Sent = 4, Received = 0, Lost = 4 (100% loss)

    So, I guess we're into one of those other issues you referred to.
    As suggested, I've also posted the contents of my C:\Windows\System32\drivers\etc\hosts file

    # Copyright (c) 1993-1999 Microsoft Corp.
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    # For example:
    # rhino.acme.com # source server
    # x.acme.com # x client host localhost
    Not Applicable

  10. #20
    Flash M0nkey
    Join Date
    Sep 2001
    hmmmm whats the avatw.search.yahoo2.akadns.net all about?

    thought it was altavista you were trying to connect to not all the web?


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.