Hi,
I don't know what's wrong with my Internet Explorer, it won't load any pages from this site www.jdorama.com. But I can still surf other websites...

My latest HJT log,

Logfile of HijackThis v1.99.1
Scan saved at 11:19:40 PM, on 5/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.d ll
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.d ll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with &Etomi - res://C:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbme s.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbme s.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1129526711204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1135787451687
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


BTW, this is what I got when I typed this in command prompt:

ping www.jdorama.com

Pinging jdorama.com [72.20.18.85] with 32 bytes of data:

Reply from 72.20.18.85: bytes=32 time=561ms TTL=46
Reply from 72.20.18.85: bytes=32 time=530ms TTL=46
Reply from 72.20.18.85: bytes=32 time=531ms TTL=46
Reply from 72.20.18.85: bytes=32 time=540ms TTL=46

Ping statistics for 72.20.18.85:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 530ms, Maximum = 561ms, Average = 540ms

Thanks

There are no obvious issues in your HijackThis log.


Your ping reply times appear to be excessive (average time=540ms) and could account for your inability to load the jdorama site:

My pinging stats:

C:\WINDOWS\Profiles\_vop\Desktop>ping www.jdorama.com

Pinging jdorama.com [72.20.18.85] with 32 bytes of data:

Reply from 72.20.18.85: bytes=32 time=141ms TTL=45
Reply from 72.20.18.85: bytes=32 time=124ms TTL=45
Reply from 72.20.18.85: bytes=32 time=136ms TTL=45
Reply from 72.20.18.85: bytes=32 time=134ms TTL=45

I also get the following when I type http://72.20.18.85/ into the browser address bar:

Welcome To Turtle Hosting!

Our hosting offers the most reliable service and performance on our enterprise level Intel(R) Pentium(R) III server, our specifications are below.

There is absolutely no clickable links on the opening page. Are you trying to access them using an FTP client or what? Perhaps your client configuration setup needs to be repaired or reinitialized?

There is absolutely no clickable links on the opening page.

I don't really get what you mean here... btw, I'm not sure if I'm using ftp client or not,

http://72.20.18.85


There were no links on the page that was shown to me by typing in the above in the address bar. Try the above link (instead of the URL) in your address bar - see if you get anything or the same like I did.


It is not a normal webpage because you cannot go to anywhere from that page because of an absense of any links. The URL appears to be a webhosting site. What were you accessing from that URL before - perhaps it is no longer being hosted there?

http://72.20.18.85

There were no links on the page that was shown to me by typing in the above in the address bar. Try the above link (instead of the URL) in your address bar - see if you get anything or the same like I did.

I clicked on the link http://72.20.18.85 and the page still won't load (the small computer icon at the bottom right hand corner is black in color... ) I left this IE window opened and when I opened another IE and make it load some webpages from other websites, the small computer icon start showing sign that there's bytes receive...after about 5 minutes(really slow) I also get this:

Welcome To Turtle Hosting!

Our hosting offers the most reliable service and performance on our enterprise level Intel(R) Pentium(R) III server, our specifications are below.

It is not a normal webpage because you cannot go to anywhere from that page because of an absense of any links. The URL appears to be a webhosting site. What were you accessing from that URL before - perhaps it is no longer being hosted there?

It is this address www.jdorama.com I access from that URL. I remember the webmaster from that site say he'll move jdorama.com to a new location. Is there still anything that I can do?

Thanks

Two problems:

It is this address www.jdorama.com I access from that URL. I remember the webmaster from that site say he'll move jdorama.com to a new location. Is there still anything that I can do?

There is no useful site at this web address currently to worry about accessibility. That site's DNS routing path entries that you access may no longer exist but may still be active from the DNS sources that I access.


The access from your ISP is potentially so slow as to time out - it just seems to give up trying to access that site. Try to access that site from another PC in your community to see what happens. Nevertheless, there is nothing there to access except one page that leads to no where.

I haven't try to access that site from another PC, but I can access that site using my brother 3G mobile phone. And I can actually get accessed to this webpage with the title Japanese Drama Homepage. I'm really curious why we got this earlier :

Welcome To Turtle Hosting!

Our hosting offers the most reliable service and performance on our enterprise level Intel(R) Pentium(R) III server, our specifications are below.

Would it be that the IP address is not correct

Each DNS server is like an independent telephone directory lookup source.

At some point www.jdorama.com translated to [72.20.18.85]. When that site is in the process of changing locations (IP address) not all directories may get their entries adjusted in a timely manner or even correctly.



You may have a DNS (Domain Name Service) issue or HOSTS file issue:

DNS
In a command box, enter the following:

IPCONFIG /? (to see some exploration options)

IPCONFIG /flushdns (purges the DNS resolver cache)



HOSTS file
Run HJT.
Select 'Open Misc Tools section' button.
Select 'Open hosts file manager' button.
Open the HOSTS file (if any) in NOTEPAD or WORDPAD if necessary.
See if you can find any entries for 72.20.18.85 or www.jdorama.com .

You may find an unwelcome redirection entry that looks like this:
72.20.18.85 www.jdorama.com
Delete any such line(s), if found.





If you still continue to get 500ms+ average access times for pinging that site, you may want to discuss this situation with your ISP.

Ok will call my isp later on.

Thanks for spending your time in helping me.

Thank you