[RESOLVED] I cannot get google
Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: [RESOLVED] I cannot get google

  1. #1
    Join Date
    Oct 2002
    Location
    Vancouver, Canada
    Posts
    36

    Resolved [RESOLVED] I cannot get google

    Everytime I try to go to www.google.com I receive a dns error saying page not found. This strikes me as kind of odd, and I am wondering if some kind of "bug" has got me? I have scanned with Norton AV 2007 and I downloaded a virus removal tool from Grisoft (vcleaner.exe)and ran from safe mode as directed. Neither have come up with anything. Any help would be appreciated and if I have put this in wrong forum then please move . Thanks, and cheers

  2. #2
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    26,581
    Clear your browsers cache & cookies and try once more..

    If still no success then do a file search for hosts on your computer (just hosts not hosts.sam or anything else) and open it with notepad and see if there are any references to google (or any other site/search engine/antivirus site). If so copy paste it into a post here and let us see it.

    Then as a test try copy/pasting this into your browser address bar... 216.239.37.104 ..and see if that works.

    Thirdly it is possible that some malware has hijacked your computer and is unsuccesfully trying to get you to use another search site (an altered hosts file would be a sign that this has happened). Have a look through this thread...

    http://discussions.virtualdr.com/sho...d.php?t=167915

    and do all of the things it suggests then copy the Hijackthis log into this thread and then we'll move it to the Hijack forum where one of our experts can have a look at it and advise further.

    Pls make sure that hijackthis is installed into it's own permanent folder.. eg- C:/program files/hijackthis.

    Vcleaner only works with a very limited number of viruses so it would not be a good tool to use unless you already knew you were specifically infected with one of them.
    _____________________
    cat lovers click here

  3. #3
    Join Date
    Oct 2002
    Location
    Vancouver, Canada
    Posts
    36
    Hi fink, Thanks for your response. I followed your advice and deleted cookies and TIF. tried again no luck. Found the hosts file and it looks like this:
    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost
    127.0.0.1 forums.techguy.org
    127.0.0.1 www.castlecops.com
    127.0.0.1 castlecops.com
    127.0.0.1 www.microsoft.com
    127.0.0.1 siri.urz.free.fr
    127.0.0.1 www.majorgeeks.com
    127.0.0.1 majorgeeks.com
    127.0.0.1 www.spywareinfo.dk
    127.0.0.1 spywareinfo.dk
    127.0.0.1 www.superantispyware.com
    127.0.0.1 superantispyware.com
    127.0.0.1 www.compu-docs.com
    127.0.0.1 compu-docs.com
    127.0.0.1 www.pandasoftware.com
    127.0.0.1 pandasoftware.com
    127.0.0.1 download.bleepingcomputer.com
    127.0.0.1 www.bleepingcomputer.com
    127.0.0.1 bleepingcomputer.com
    127.0.0.1 www.google.com
    127.0.0.1 google.com
    127.0.0.1 www.google.ca
    127.0.0.1 google.ca
    127.0.0.1 www.ewido.net
    127.0.0.1 ewido.net
    127.0.0.1 www.greyknight17.com
    127.0.0.1 greyknight17.com
    127.0.0.1 help.lockergnome.com
    127.0.0.1 cleanup.stevengould.org
    127.0.0.1 stevengould.org
    127.0.0.1 www.tomcoyote.org
    127.0.0.1 tomcoyote.org
    127.0.0.1 www.depannetonpc.net
    127.0.0.1 depannetonpc.net
    127.0.0.1 www.wilderssecurity.com
    127.0.0.1 wilderssecurity.com
    I notice it does mention Google, as well as Anti virus sites. I typed in the ip address that you mentioned and was able to get into google. Followed the link you gave and followed the advice there. none of the scans i ran found anything. Downloaded Hijack this and ran it, results as follows:
    Logfile of HijackThis v1.99.1
    Scan saved at 7:53:31 AM, on 02/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
    C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\wwSecure.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/start/enCA/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SYS
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com...veXClient1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1167461531421
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1167841730359
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/...npseatools.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

    thanks for your help hope this info can aid in any suggestions you may have. Cheers

  4. #4
    Join Date
    Apr 2000
    Location
    Friern Barnet, London, England
    Posts
    46,565
    I think you must have been infected with something for your Hosts file to be set like that, so I'll move this over to the specialist HJT log forum
    Nick.

  5. #5
    Join Date
    Oct 2002
    Location
    Vancouver, Canada
    Posts
    36
    Thanks, SuperSparks.

  6. #6
    Join Date
    Jun 2001
    Location
    Albuquerque, NM USA
    Posts
    14,686
    Radar1--In the mean time, you should delete all entries in that HOSTS file after 127.0.0.1 localhost and click Save. With luck it will not be re-created and you should be able to access all the sites mentioned. Of course, whatever malware installed those entries in the first place, may just put them all back.
    Jim
    WIN7 Ultimate SP1 64bit, IE 11, NTFS,
    cable, MS Security Essentials, Windows 7 firewall

  7. #7
    Join Date
    Oct 2002
    Location
    Vancouver, Canada
    Posts
    36
    Welshjim, I have deleted the entries after 127.0.0.1 as per your suggestion. So far so good as i am able to get to www.google.com or www.google.ca .Hopefully this has got it solved, Thanks for your help!

  8. #8
    Join Date
    Jun 2005
    Location
    Ft Myers FL
    Posts
    8,520
    Hi Radar, looks like the party started without me. Your log is clean, although there are a couple of entries you can remove. Run HJT again and check the boxes next to the following items:

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    Unless you set this deliberately with Spybot Search and Destroy or similar program, remove this one also:

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    With your browser window(s) closed, click fix checked.
    -----------
    If the original problem with the host file returns, post back and we'll replace it with the "armored" version.

  9. #9
    Join Date
    Oct 2002
    Location
    Vancouver, Canada
    Posts
    36
    lgbpop, Thanks, I will do as you suggest and hope that the armored version is not required.

  10. #10
    Join Date
    Jun 2001
    Location
    Albuquerque, NM USA
    Posts
    14,686
    Radar1--Armoring the HOSTS file is no big deal. Scroll about 60% down this page (to "Locking the HOSTS file")
    http://mvps.org/winhelp2002/hostsfaq.htm#Locking
    for two .bat files. (One to lock, the other to unlock.)
    The only problem is the few seconds it takes to lock and unlock--but it is pretty simple. You just click the appropriate .bat file. (You will want to unlock to make any changes you want to make.)
    Similar tools are in Spybot S&D and ZoneAlarm.
    Jim
    WIN7 Ultimate SP1 64bit, IE 11, NTFS,
    cable, MS Security Essentials, Windows 7 firewall

  11. #11
    Join Date
    Jun 2005
    Location
    Ft Myers FL
    Posts
    8,520
    That's not what I meant, but it may be helpful too.

    If you have any problem, Radar1, please post back and we'll go from there.

  12. #12
    Join Date
    Oct 2002
    Location
    Vancouver, Canada
    Posts
    36

    Resolved

    Thanks to all of you, the problem seems to be resolved (touch wood). Thanks again folks for your assistance it is most appreciated!

  13. #13
    Join Date
    Jun 2001
    Location
    Albuquerque, NM USA
    Posts
    14,686
    Radar1--You are welcome for whatever small amount of help I have been.
    BTW--I do not lock my HOSTS file. But I do have a backup copy created by SpywareBlaster (HOSTS Safe) if I ever needed to replace a hijacked version.

    lgbpop--I would like to learn your method for armoring HOSTS.
    Jim
    WIN7 Ultimate SP1 64bit, IE 11, NTFS,
    cable, MS Security Essentials, Windows 7 firewall

  14. #14
    Join Date
    Jun 2005
    Location
    Ft Myers FL
    Posts
    8,520
    Not armoring a host file, an "armored" host file. A free download with scores of malware sites ready to be blocked. About the most comprehensive one I've come across.

  15. #15
    Join Date
    Jun 2001
    Location
    Albuquerque, NM USA
    Posts
    14,686
    lgbpop--Thanks.
    Yes, that is a good site (and the Hosts.zip file very easy to use), but unless the site that hijacked Radar1's HOSTS file is on it, I am not sure it will prevent reoccurence of problems such as Radar 1 experienced. And viruses, etc., can be spread by means other than surfing the web.
    Jim
    WIN7 Ultimate SP1 64bit, IE 11, NTFS,
    cable, MS Security Essentials, Windows 7 firewall

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •