"you-name-it.com" not found w any browser

[rburtnick]

No matter which browser is used (MSIE, Firefox, or Netscape) no web page can be accessed.

My wife's Compaq notebook with a history of spyware problems and numerous purchased and free solutions tried prior to this development.

So far since the communication stopped I have done the following:
1. Run HJT and removed a number of threats advised elsewhere.
2. Deleted hidden files suggested elsewhere.
3. Run Adaware SE Plus build 1.0.5 fullscan in-depth.
4. Re-run HJT and got a clean bill of health elsewhere.
5. Run LSPfix w "I know what I'm doing" switch, then finish.

Things should be pretty clean but I still cannot access the internet. Here's the latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:51:49 PM, on 5/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Wireless LAN Utility\WlanUtility.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5 Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ALICE BURTNICK\Application Data\Mozilla\Profiles\default\p0865vtq.slt\prefs.j s)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless Lan Utility.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Advisor - {126D9184-71E9-42D0-9DE5-DEA8508E6ABF} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/game.../y/mjst4_x.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\ALICEB~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Any suggestions will be greatly appreciated (including "take this to a different thread")

[Gnome]

Hi,
Just a thought have you done a windows update? Y on my PC's after installing update
KB891711 i couldn't get on to the internet so i went in to msconfig and disabled it +
please check your security setings in control panel/internet options/security & privacy


Food for thought - FISH

Don't look too deep to start with it could be under your nose

[rburtnick]

updated regularly ... haven't ventured into finding kb891711 in msconfig to disable

[AnnMarie]

Hi rburtnick, the log looks OK. Try this. Close IE and go to Start > Run and run the following commands one after the other, each line followed by 'enter':

regsvr32 shdocvw.dll
regsvr32 urlmon.dll
regsvr32 comcat.dll
regsvr32 actxprxy.dll
regsvr32 Shell32.dll
regsvr32 Oleaut32.dll
regsvr32 Mshtml.dll
regsvr32 jscript.dll

Run each line individually. After each run, you should see a short message stating the command was successful. Now reboot.

If you still have a problem, go here and download and run WinsockFix. Reboot afterwards.

Let us know how you get on and post what you see (errors) if the problem persists.

[rburtnick]

Thanks for your response. Here is the outcome:

1. Each regsvr32 load was successful.
2. After the reboot the situation was exactly the same.
3. Btw www.tacktech.com did not have winsockfix.zip.
4. Searched for winsockfix.zip, downloaded it, extracted it, and ran it.
5. Rebooted.

Situation is exactly the same. No matter which site I try, the message is "<sitename> not found."

[AnnMarie]

How long has Norton been installed on this PC rburtnick and what version do you have?

[rburtnick]

Norton AV 2005. Originally NAV 2003.

(Have you ever tried to get support from Symantec?)

I purchased the Compaq Presario 2100 for my wife in August 2003. It had Norton installed as part of the promo pre-installed suite. I am pretty sure I purchased standard updates but may have let them lapse. Then when wife really started living on-line (and playing loads of interactive majong) and the pop ups and slow downs started to really be a big problem, I purchased Norton AntiVirus 2005. It is version 11.0.2.4. Of course, it has been screaming for an update since the inability to get online began.

I also purchased Adaware SE Plus (build 1.05), I suppose Ad-Watch SE came with that upgrade(?). (Ad-Watch just reported a warning that an attempt to alter a protected object has been detected concurrent with the Webroot Spy Sweeper scan that I just started. I copy/pasted 2 of the three warnings I received into a word doc. All three are listed as registry modifications. Let me know if you wish to see those or have me transcribe them.)

As you have noticed I also purchased Webroot Spysweeper v 3.5.0 (build 189).

[AnnMarie]

Ok, well it might well be Norton that is causing your problem.

Try uninstalling it and then run the SymNRT and Rnav2003.exe utilities. Reinstall Norton when you have rebooted. Do you still have a problem?

[rburtnick]

Uninstalled NAV and all Norton products found. Tried Browser: same error. Ran SymNRT. Tried Browser: same error. Ran RNAV2003. Tried Browser: same error.

Stuck trying to get NAV software back. I have Product key, customer ID, free sku, paid sku, part number, and account ID. They won't do anything without order number. Really sick of Symantec. Maybe I shouldn't bother (hundreds of dollars later)?

[AnnMarie]

Oh for goodness sake, what is wrong with these people? If they refuse to provide you with another copy, demand a refund. Norton is known for causing these problems.

In the meantime, if your other PC has a burner, download the free version of AVG from here.

Does this PC use a router? If so have you tried resetting it?

Also try this, go to Start > Run and type:

cmd

and OK. Type:

ipconfig /flushdns

then hit enter. Type exit and hit enter again. Reboot. Did this help?

[rburtnick]

I just received a response from Symantec. It's as dumb as an auto-reply but does not say it is auto-reply. I gave them all the numbers I have, and they asked for, guess what, my order number!!

I didn't get the AVG software yet but burning CDs is how I get anything into that PC.

This all started back when I used to reset the router multiple times a day to keep working with any computer. (I believe I posted those issues elsewhere.) I have purchased a new router since then, I suppose that is a restart. I will admit that I haven't restarted the router for any of the steps you have suggested these last few instructions.

ipconfig /flushdns (and reboot) didn't fix it either.

[AnnMarie]

Are you able to bypass the router and connect via dialup? That might help pinpoint the problem.

[Paracomp]

Not sure why all the focus on anti-virus. I probbly am missing earlier messages but first i would check all the netwoking.
1) IPCONFIG /ALL
-Make sure the system has received a valid IP, DNS, Gateway
2) Ping 127.0.0.1
-This checks only that IP is functioning on itself
3) Ping the IP address asigned to the system'
4) Ping the gateway
- This checks that IP is connecting to the gateway
5) Ping a known IP address that will return a ping (not all will)
- Try 209.23.126.194
6) Make sure tyhe web browser will load a page on your local computer.
- Could be any file to be sure bowser functions
7) try FTP using browser
- Any valid ftp site using example: ftp://ftp.redhat.com
- If does not work problm is basic connectivty. If does work then problem is limited to port 80, probably a firewall issue

[rburtnick]

My wife's computer has not been able to communicate all year. Since about January 2005. I tried everything everyone here suggested. Nothing worked. Now I will move on.

I am a teacher. I was unable to clear my schedule or my brain sufficiently to attack this problem until school was out at the end of June. Then I was determined to fix the problem or get it fixed. I was prepared to pay for the Geek Squad. (I was once considered Geek Squad but those were simpler CMP/DOS/token ring days.)

One last review of the issues, set everything up and try it. Oh maybe a call to the ISP support people (I do pay them $60 a month). OK Try this ... hmmm why does the Network Bridge Properties have the wireless card checked but not the wired NIC. Don't I recall seeing something about the Network Bridge from one of my millions of searches? Try Google again. Oh yes here it is: http://www.cmu.edu/computing/documen.../bridging.html

I'm not quite sure when the heck I would ever need to use the Network Bridge but it seems like a problem that should have hit this forum (and the others I checked) a bunch of times. It was a big enough issue that they addressed it at Carnegie Mellon. I can't help but wonder. Was it too obvious? OK no recriminations. For future reference, add "Check Network Bridging" to your trouble shooting steps.

Thanks for all the good intentioned suggestion. I hope my result is useful for another member.

Now off to find out where I should post my question asking whether I can just delete the damn Network Bridging icon. Maybe someday I'll think of a positive use for it.

[AnnMarie]

Quote:

I'm not quite sure when the heck I would ever need to use the Network Bridge but it seems like a problem that should have hit this forum (and the others I checked) a bunch of times.

Hi rburtnick, yes I am sure it has but not in the Cyber Safety Forum. Each of us has our speciality area (no-one knows it all) but if you check our Networking Forum, I am sure you will find numerous mentions of it.