TechSpot

Internet/spyware problem

By b3llj6
May 22, 2006
  1. I am having issues with my internet, I'm unable to access certain webpages, such as google.com, windows.com and my system is running slow.

    My Norton antivirus doesn't detect anything, neither does Ewido.

    I have scanned my system using free scan bit defender and panda, these also found nothing suspicious.

    Attached is my HJT log, if anyone can help.

    Thanks
     
  2. altheman

    altheman TS Rookie Posts: 425

  3. b3llj6

    b3llj6 TS Rookie Topic Starter

    I have attached my recent HJT log, after doing the following:
    Smitfraudfix
    Vundofix
    Look2me
    Aboutbuster
    CWShredder
    Adware
    Spybot
    Ewido
    Only Adware found something which was Regdata vunerability
    HKey-classes-root 'regfile\shell\open\command\""(notepad.exe%1)

    I'm still having the same problem!
     
  4. Spike

    Spike TS Evangelist Posts: 2,168

    the registry entry HKey-classes-root 'regfile\shell\open\command\""(notepad.exe%1)
    is perfectly fine - all it's there for is to provide you with a context menu option to "open in notepad" or similar.

    You're using far to many AV's. One is all you should ever use. Uninstall Norton AV and Mcafee. Leave AVG on your system.

    Run HJT and fix the following...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    All 016 entries
    All 017 entries, unless you know them from your ISP.

    I say again, you've REALLY overdone it on the security software. Norton Ghost is OK I guess, but everything else on your machine from Symantec, (including Norton Firewall) is rubbish and should be uninstalled completely. For a free alternative firewall, use Zone Alarm or Sunbelt Kerio Personal Firewall.

    Once you've done that, post a fresh HJT log and we'll double check that it's clean.
     
  5. b3llj6

    b3llj6 TS Rookie Topic Starter

    Thanks for helping us out on this one.
    I have uninstalled Norton system works/antivirus.
    I am now using AVG, and my firewall is Mcafee.
    I fixed the mentioned in HJT.
    When fixing 017 enties one of them stopped me gettin a connection to the internet, i don't know whether they are my ISP.
    I am still getting the same problem though, unable to connect to microsft, google. etc.
    Here is my recent HJT log
     

    Attached Files:

  6. jobeard

    jobeard TS Ambassador Posts: 9,311   +617

    I believe we should clearly differentiate between personal OPINON and real FACTS. I know this board is heavy handed re Norton products but that is not the cause of this problem nor a reason to recommend it from being uninstalled.
    Yea, I know bloat-ware when I see it too, but I still move the question.

    Point number two: you can NEVER have too much AV. The reality is that none
    of them are all inclusive and one frequently needs multiple tools to get the job done.

    consider: when all you have is a hammer, everything else must be nails :haha:
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your HJT log is clean.

    However, there are still Symantec entries in your log.

    You need to completely uninstall Symantec/Norton crapware from your computer.

    If you haven`t already done so, you should restore the 017 entry.

    The way to do this is as follows.

    Run HJT and click on the config button, followed by the backups button. Place a tick in the little box next to the entry you wish to restore and click on the restore button. You will be prompted "Restore this file?" Click yes and reboot your computer.

    The facts are, there is nothing wrong with having more than one antivirus programme, just as long as they are not active at the same time.

    This is because all antivirus programmes use software drivers and if more than one antivirus programme is active, this can and does produce conflicts.

    The amount of problems that Symantec/Norton security software causes is staggering. You only have to do a search of these forums to see that.

    If Symantec/Norton made a good reliable programme that A. did a good job and B. didn`t hog so many system resources, then I for one would support it whole heartedly. Unfortunately This is not the case.

    McAfee is almost as bad as well.

    I`m only giving you my opinion based on the problems I see.

    Anyway, that`s enough ranting from me for one day lol.

    Regards Howard :wave: :wave:
     
  8. b3llj6

    b3llj6 TS Rookie Topic Starter

    Although I have a clean HJT log now, i'm still having the original problem of not being able to access specific websites like Microsoft.com and anything related to Google, which is very frustrating.

    Is this something to do with my set up or has something been changed in the background/registry which is inabling me to connect to these sites.

    When i try and connect it tries to load the pages but nothing appears.
     
  9. altheman

    altheman TS Rookie Posts: 425

    try this:

    go to "C:\Windows\System32\Drivers\etc", and open the hosts file with notepad.
    there should be only one entry that reads "127.0.0.1 -> local host" (ignore entries with # next to them.) if you have anymore then that, then post the host file here.
     
  10. b3llj6

    b3llj6 TS Rookie Topic Starter

    My host file reads 127.0.0.1
     
  11. altheman

    altheman TS Rookie Posts: 425

    ok, nothing dodgy in the host file. worth checking though.
     
  12. jobeard

    jobeard TS Ambassador Posts: 9,311   +617

    get a command prompt
    enter nslookup google.com
    I get
    Name: google.com
    Addresses: 64.233.167.99, 64.233.187.99, 72.14.207.99​
    yours should be similar. if you get not reachable or timeout
    then there's a network problem above you, ie: from the ISP or beyond.
    if you get an address link, then enter ping google.com; you should see
    Pinging google.com [72.14.207.99] with 32 bytes of data:
    Reply from 72.14.207.99: bytes=32 time=84ms TTL=235...
    ...​
    once you know you can ping by name as above, just substitute the site you
    want access to but can't reach.
     
  13. b3llj6

    b3llj6 TS Rookie Topic Starter

    when in CMD and typing the following nslookup google.com, i get the following:

    Can't find server name for address , non existent domain, default server are not available.

    non authoritative answer

    Name: google.com
    Addresses: 64.233.187.99, 72.14.207.99, 64.233.167.99,

    when pingin
    reply from 64.233.187.99 bytes 32 time 123 ttl 224
    64.233.187.99 bytes 32 time 123 ttl 224
    64.233.187.99 bytes 32 time 123 ttl 224
    request timed out.

    not sure what this means, can you advise
     
  14. jobeard

    jobeard TS Ambassador Posts: 9,311   +617

    your DNS server is unreliable :-(

    my ipconfig shows
    IP Address. . . . . . . . . . . . : 192.168.0.4
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.0.1
    DHCP Server . . . . . . . . . . . : 192.168.0.1
    DNS Servers . . . . . . . . . . . : 67.21.15.2
    ........................................: 67.21.15.18
    notice the pair. when one fails, the other is automatically tried.

    you can attempt to find a DNS server that's a) more reliable and b) reasonablly close to you.

    First, see if the network is ok and the problem is the DNS;
    ping google.com 67.21.15.18
    the 2nd parm is the DNS to be used for the lookup.
    [67.21.15.18] is adelphia.net

    if this works w/o timeout or 'Cant find server name for address', then
    you can use tracert 67.21.15.18 to see how many hops it takes to get to the
    DNS server.

    if you see something like
    6 27 ms 11 ms * dnscache2.losaca.adelphia.net [67.21.15.18]
    7 13 ms 12 ms * dnscache2.losaca.adelphia.net [67.21.15.18]
    8 12 ms 11 ms * dnscache2.losaca.adelphia.net [67.21.15.18]​
    you consider it as six hops away. [adelphia.net dns has a recursive problem for pings, so just ignore everything after the address sought.

    once you find one that is reliable, just go to your TCP/IP config
    and manually set the DNS address.
     
  15. b3llj6

    b3llj6 TS Rookie Topic Starter

    Thanks for your response, my apologies i am new to DNS and pinging!!

    my ipconfig shows
    connection specific DNS suffix
    IP Address. . . . . . . . . . . . : 10.0.04
    Subnet Mask . . . . . . . . . . . : 255.0.0.0
    Default Gateway . . . . . . . . . : 10.0.0.2

    when i type in ping google.com

    i get 72.14.207.99, when i put this in my browser

    i keep gettin server not responding errors
     
  16. jobeard

    jobeard TS Ambassador Posts: 9,311   +617

    for me, http://72.14.207.99/ gets the Google.com home page.
    your problem is DNS or routing. if Default Gateway ... 10.0.0.2 is true
    the http://10.0.0.2/ should put you onto your router admin page.

    go there, login, and post back whatever is show in the WAN config.
    it will have a public address (xxx this out!), a gateway, and DNS address
     
  17. b3llj6

    b3llj6 TS Rookie Topic Starter

    Sorry for not gettin back sooner.
    http://72.14.207.99/ in my browser just doesn't connect, it thinks about it but nothing happens.
    My Wan Config shows:
    static ip:255.255.255.0
    gateway:0.0.0.0

    my dns config just says dns proxy enabled, auto discovery.
    dns server disabled.
     
  18. b3llj6

    b3llj6 TS Rookie Topic Starter

    whilst on the internet using firefox now, i keep gettin an alert message reading

    'server was reset'
     
  19. jobeard

    jobeard TS Ambassador Posts: 9,311   +617

    now you're getting somewhere!
    you need a real gateway and the IP is bogus:(
    the STATIC ip suggests you need DHCP enabled, the result should look something like
    Internet Port
    MAC Address ......
    IP Address 70.x.y.x
    DHCP Client
    IP Subnet Mask 255.255.254.0
    Domain Name Server 67.21.15.2
    .................. 67.21.15.18​

    set DHCP for both IP + DNS, save the settings, and then reboot the device
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...