Can't connect to certain websites

viper22x said:

How did this turn out?
What do you mean?

Click to expand...

You posted a problem & asked for help. For the next 2 weeks nothing further happened, and I interpretted you got past needing help. I am a curious type, so I was inquiring what you did to resolved the problem.

For anyone seeking help with malware removal, the volunteers expect 3 logs: MBAM, SAS, & HJT. Following this procedure "normalizes" your case in that over 1000 malware threats have been addressed by the tools.

From this point it is easier to address your complaint about URL blocking / URL re-direction. There are specific tools for specific problems. Trained volunteers can get you there faster.

If you post the 3 logs, one of the volunteers may recognize this signal. Your description that mentions lingering problems should prompt them to suggest further tools to use.

Perhaps someone can spot if there is a conflict between programs. Your HJT log did not show AVAST.

Ok, well one night i could connect to a site, then the next POOF i cant. I dont know why it wont let me.
……….the only way im able to connect to the site is though proxy………….
reset the stuff in C:\windows\system32\drivers\ect\host…………..that didn't do anything. so please help.

Click to expand...

SpyBot [SS&D] uses 'host' to blacklist known malware sites. HJT also works with whitelists and blacklists. SS&D use of 'host' is whitelisted by HJT. However, some Internet Security Suites [such as ZoneAlarm] undo the 'host' file & use its own device. I believe that ZA uses the engine from Kaspersky Internet Security.

Well, ive used kaspersky but recently switched to Avast, nobody has helped me so yeah, your the only one who actually replied -.- im still having problems with going to the site. ill run a mbam, SAS and HJT this log. ill post em for you.

Do run them in this order: MBAM, SAS, HJT thanks.

Well here they are...

Things appear to be clean. However both MBAM & SAS need updating. Many changes during the last 5 days.

Are the symptoms gone?

Posts logs & advise us if still experiencing re-direction or other problems.

Differences noted for HJT

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
Component Name: PrxerNsp.dll
Description of : Proxifier, from Initex Software, is an application designed to enable networks to operate through a proxy server

legit O23castlecops
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe

Click to expand...

Ok, ill update them and scan again. as for HJT the vent_srv i manualy put that there. im running a ventrilo server on my computer. so i just changed it in the registry. ill run mbam and sas again and post another HJT log asap.

Still cant connect to the site =/ but ill try after i update and post logs.

well i tried deleting the 3 010's but it cant do it. i need LSPfix... im going to see if i can find it.

ok well i got LSPfix and got rid of 2 things that were from prxer. then i did a scan and all the 010's where gone. ^_^ ill post a mbam and sas and HJT tonight.

Well it appears i cant update mbam... i have no firewall atm. just avast and i cant update it... any ideas?

Again, my 'express' notation communicates poorly.

HJT differences were called to your attention. The O23 is legit. It may have brought in O10. I just do not know. I gave attributes for both to help you investigate things you're closer to.

HJT Tutorial with link to LSPfix

It was my intention to use updated MBAM / SAS to confirm clean appearances,

HOWEVER, inability to reach sites with needed updates for tools is a bad sign.

Yes, O10 can be an infection. I tend not to suspect these because there was a name associated with it, and you made another change showing up as O23 entry.

Therefore, I will assume the rou ter has been hacked. Take time to understand what special changes made to rou ter setting, if any, were made by you.. Also, if using a ADSL modem, be prepared to redo the configurations with your ISP provider.

Disconnect from rou ter or disable wireless.
Shut down computer..
Hard Reset rou ter.
Hard reset ISP modem

"Hard reset" means following procedures to force factory defaults.

Power Computer.
Run present version of MBAM & SAS

Re-connect to rou ter / ISP

Change password for the router.

Update tools

Post back success / failures.

I garentee you the 23 didnt bring in the 10. Ventrilo is a trusted program. Search if you like. i actually manualy installed the 10 -.-

restarting now, will update and see what happens.

Edit: well then LSP fix did nothing except kill my internet XD i had to system restore... im going to try and uninstall proxifier. that should just fix it and i still cant update mbam following your instructions.


Edit: Well after about an hour of trying to get this to work i finally uninstalled proxifier and got rid of all traces... then i was able to update MBAM and SAS. Will give a fresh scan of all asap ^_^

I put in a call for more help from mflynn.

Hold this post in reserve for future use . The upper right corner links to the full thread. Sometimes the problem is a corrupted registry.

It would be great to see 3 logs from current tools.

Ok thanks, the stupid proxifier was causing alot of problems. Scanning with mbam and SAS as we speak

For anyone seeking help with malware removal, the volunteers expect 3 logs: MBAM, SAS, & HJT. Following this procedure "normalizes" your case in that over 1000 malware threats have been addressed by the tools.

Click to expand...

rf6647, how about we put this on a sticky, all by itself, in bold print! There are some helpers who don't appear to understand the value of the logs! I'd like to 'borrow' the two sentences for use at appropriate times if you don't mind.

Sorry for the delay, been busy with school. but here they are...

Bump.... Also, i just found out something... The site wont let me connect through my IP... i try proxies and it works fine... any ideas?

My goodness, you fell through the cracks! I didn't get the notice of your reply. Maybe others didn't either. Mbam is clean and all SAS shows is Tracking Cookies- we'll reset the Cookies for that.

Please advise: Did you set a homepage to be blank? If so, okay. If not, you have about:blank malware:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

There is nothing in the HijackThis logs to account for the problem, re malware. But I would like you to try two things, one at a time, check system in between and see if any different:

1. Temporarily disable the Firefox add-on Sothink SWF Catcher
Check system
2. Temporarily disable the O23 - Service: Ventrilo: Start> services.msc> right click on the Service> Properties> change Startup to Disable.

For each of the above, you need to UNCHECK on Startup:
Start> Run> msconfig> enter> Selective Startup> Startup tab> UNCHECK each> Apply> OK> Reboot.
You can ignore the nag message after checking 'don't show this message again.' Stay in Selective Startup.

If neither of the above produces results, we will need to check the Services. Easiest way is to look for Error in the Event Viewer that corresponds to the failed access of the web page. You do not give us any error message:
Start> Run> cmd> type in eventvwr

Do this on each the System and the Applications logs:
1. Click to open the log>
2. Look for the Error>
3 .Right click on the Error> Properties>
4. Click on Copy button, top right, below the down arrow
5. Paste here (Ctrl V)

Click to expand...

Ignore Warnings. Please do not copy the entire log. You can omit the lines of code-if any-in the box below the Description.

Reset Cookies:

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy section> Cookies> CHECK 'accept Cookies'> UNCHECK 'accept third party Cookies'.

Click to expand...

Update Java:

Your version of Java is now outdated. Java vulnerabilities are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 6.0 Update 10 ): http://java.com/en/download/manual.jsp
Please install it and then reboot your computer.

Remove the older versions of Java:
1. Click Start, Control Panel, Add/Remove Programs.
2. Delete all Java updates except J2SE Runtime Environment 6.0 Update 11

Click to expand...

Check this description of the Google Gears out. I'm wondering if there can be any conflict between it and the SQL you are using: http://code.google.com/apis/gears/

I also don't see any PDF Reader. Do you not need one or is there one included in something you have that I don't know about?
In case you need it:
Adobe Reader: . Click here to download the latest version v9: https://www.techspot.com/downloads/2083-adobe-reader-dc.html
OR
Install the FoxIt Reader: this does the same thing as Adobe, but doesn’t have the bloat: http://www.foxitsoftware.com/pdf/rd_intro.php

Well, nobody replied for over like... a month?

I havent tried what you posted yet, have to get to school. just going to post a new hijackthis log. When i get back ill read this more throughly and see if any of that helps. thanks.

Well, nobody replied for over like... a month?

Click to expand...

And that rarely happens. But everyone here has a problem and they are more problems than 'fixers'. So occasionally, a post will go unanswered and also, occasionally, the part of the site that send us notice that someone has replied doesn't work. We;come to cyberspace where nothing is perfect-much like the other part of the world we live in!

I havent tried what you posted yet, have to get to school. just going to post a new hijackthis log. When i get back ill read this more throughly and see if any of that helps

Click to expand...

This won't help, because what I posted was based on the previous logs.

This however, is new and it needs to be stopped while cleaning- it is considered Real Time monitoring:

O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
Plus Stopzilla has an additional Service:
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

It is a valid LSP, but will effect the outcome of the scans you do here. I am also at a loss as to why there are 6 of the processes.

Click to expand...

In the Hijck log on Post #7, you had this:

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
Prxernsp.dll is related to Proxifier from Initex Software. prxernsp.dll is used for enable networks to operate through a proxy server.

Click to expand...

Member rf6647 brought your attention to it, now that is gone. Only to be replaced by Stopzilla.

The Hijack log in Post #15 shows no LSP entry but currently you have Stopzilla.

You will need to go back, run all three of the cleaning program again and attach new logs. Please do NOT add or remove anything unless you are instructed to do so. You can follow my directions in Post #17, the do the rescans.

You should not be adding and changing programs and processes when the cleaning is going on. I would also like to know what the current problems with the system are, as clearly as you can describe them. Has anything changed from the original problems? What?

Oh lol, proxifier thing was bad. StopZilla is a Anti-Everything program. I trust it, and its very effective. Id say even more then MBAM... Im not going to remove it just because i know what it is.

Also, stopzilla is a very picky program, you can only run it after reboot when it auto starts. Other then that it will sit at "Loading..." so im not going to remove it. other then that... i really don't know why it wont let me connect... ive done EVERYTHING!

I'll try and posts MBAM and SAS asap. Don't really need hijackthis because nothing has changed.

There are no systems, system works just fine. But it just stoped letting me connect to the site over night. No one used my computer, its my personal computer..

Hosts File problem !?

Hi :

I have wondered from the start IF you MAY have a Hosts File "problem" !? To
discover IF this is possibility, you would Post the Log from HijackThis's "Hosts
File Manager" . This is done by clicking the "Config" button, then the "Misc Tools"
button, then the "Hosts File Manager" button . IF there is any Info other than 1 line
below the "Explanation", that Log should be posted in One of your future Replies .

A comment for you> it is almost two months since you began with this problem. It would appear that you want help in resolving it or you wouldn't have posted.

The reason for you problem is not apparent at this point, so we instruct you to do different thing to see if it will resolve. A firewall is a good thing too. Yet, if not configured correctly, it can prevent certain functions.

Perhaps someone else will be willing to work with you.

I realize you know what Stopzilla is and have it intentionally. But I want you to stop it and see if it could possible be causing the problem.

If you don't care to follow the suggestions- that's okay. But you will just have to continue to go "poof."

Well, this has started before ive even had stopzilla, ive only had it for about a week or so.
and to spirit

This is whats in my hosts, ive already cleared this out before though...

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost

You started this thread almost a month ago. You had a problem you wanted help resolving.

Well, this has started before ive even had stopzilla, ive only had it for about a week or so.
and to spirit

Click to expand...

Adding something else to the mix shouldn't have been done.

Spirit Wind can work with you on the Host files.

Oh wow, i really forgot about this sorry... christmas and stuff had me distracted then school. So, spirit what do you need me to do?

I really think Spybot: Search and Destroy did this... atleast im almost sure it did...