Internet/spyware problem

[b3llj6]

I am having issues with my internet, I'm unable to access certain webpages, such as google.com, windows.com and my system is running slow.

My Norton antivirus doesn't detect anything, neither does Ewido.

I have scanned my system using free scan bit defender and panda, these also found nothing suspicious.

Attached is my HJT log, if anyone can help.

Thanks

 

[altheman]

your hjt log is not attached. but anyway, Howard would tell you to do the following, go to this page https://www.techspot.com/vb/topic47014.html and follow the instructions, and then post a new hjt log.

 

[b3llj6]

I have attached my recent HJT log, after doing the following:
Smitfraudfix
Vundofix
Look2me
Aboutbuster
CWShredder
Adware
Spybot
Ewido
Only Adware found something which was Regdata vunerability
HKey-classes-root 'regfile\shell\open\command\""(notepad.exe%1)

I'm still having the same problem!

 

[Spike]

the registry entry HKey-classes-root 'regfile\shell\open\command\""(notepad.exe%1)
is perfectly fine - all it's there for is to provide you with a context menu option to "open in notepad" or similar.

You're using far to many AV's. One is all you should ever use. Uninstall Norton AV and Mcafee. Leave AVG on your system.

Run HJT and fix the following...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
All 016 entries
All 017 entries, unless you know them from your ISP.

I say again, you've REALLY overdone it on the security software. Norton Ghost is OK I guess, but everything else on your machine from Symantec, (including Norton Firewall) is rubbish and should be uninstalled completely. For a free alternative firewall, use Zone Alarm or Sunbelt Kerio Personal Firewall.

Once you've done that, post a fresh HJT log and we'll double check that it's clean.

 

[b3llj6]

Thanks for helping us out on this one.
I have uninstalled Norton system works/antivirus.
I am now using AVG, and my firewall is Mcafee.
I fixed the mentioned in HJT.
When fixing 017 enties one of them stopped me gettin a connection to the internet, I don't know whether they are my ISP.
I am still getting the same problem though, unable to connect to microsft, google. etc.
Here is my recent HJT log

 

[DelJo63]

Norton Ghost is OK I guess, but everything else on your machine from Symantec, (including Norton Firewall) is rubbish and should be uninstalled completely. For a free alternative firewall, use Zone Alarm or Sunbelt Kerio Personal Firewall.

I believe we should clearly differentiate between personal OPINON and real FACTS. I know this board is heavy handed re Norton products but that is not the cause of this problem nor a reason to recommend it from being uninstalled.
Yea, I know bloat-ware when I see it too, but I still move the question.

Point number two: you can NEVER have too much AV. The reality is that none
of them are all inclusive and one frequently needs multiple tools to get the job done.

consider: when all you have is a hammer, everything else must be nails :haha:

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your HJT log is clean.

However, there are still Symantec entries in your log.

You need to completely uninstall Symantec/Norton crapware from your computer.

If you haven`t already done so, you should restore the 017 entry.

The way to do this is as follows.

Run HJT and click on the config button, followed by the backups button. Place a tick in the little box next to the entry you wish to restore and click on the restore button. You will be prompted "Restore this file?" Click yes and reboot your computer.

The facts are, there is nothing wrong with having more than one antivirus programme, just as long as they are not active at the same time.

This is because all antivirus programmes use software drivers and if more than one antivirus programme is active, this can and does produce conflicts.

The amount of problems that Symantec/Norton security software causes is staggering. You only have to do a search of these forums to see that.

If Symantec/Norton made a good reliable programme that A. did a good job and B. didn`t hog so many system resources, then I for one would support it whole heartedly. Unfortunately This is not the case.

McAfee is almost as bad as well.

I`m only giving you my opinion based on the problems I see.

Anyway, that`s enough ranting from me for one day lol.

Regards Howard :wave: :wave:

 

[b3llj6]

Although I have a clean HJT log now, i'm still having the original problem of not being able to access specific websites like Microsoft.com and anything related to Google, which is very frustrating.

Is this something to do with my set up or has something been changed in the background/registry which is inabling me to connect to these sites.

When i try and connect it tries to load the pages but nothing appears.

 

[altheman]

try this:

go to "C:\Windows\System32\Drivers\etc", and open the hosts file with notepad.
there should be only one entry that reads "127.0.0.1 -> local host" (ignore entries with # next to them.) if you have anymore then that, then post the host file here.

 

[b3llj6]

My host file reads 127.0.0.1

 

[altheman]

ok, nothing dodgy in the host file. worth checking though.

 

[DelJo63]

get a command prompt
enter nslookup google.com
I get

Name: google.com
Addresses: 64.233.167.99, 64.233.187.99, 72.14.207.99​

yours should be similar. if you get not reachable or timeout
then there's a network problem above you, ie: from the ISP or beyond.
if you get an address link, then enter ping google.com; you should see

Pinging google.com [72.14.207.99] with 32 bytes of data:
Reply from 72.14.207.99: bytes=32 time=84ms TTL=235...
...​

once you know you can ping by name as above, just substitute the site you
want access to but can't reach.

 

[b3llj6]

when in CMD and typing the following nslookup google.com, i get the following:

Can't find server name for address , non existent domain, default server are not available.

non authoritative answer

Name: google.com
Addresses: 64.233.187.99, 72.14.207.99, 64.233.167.99,

when pingin
reply from 64.233.187.99 bytes 32 time 123 ttl 224
64.233.187.99 bytes 32 time 123 ttl 224
64.233.187.99 bytes 32 time 123 ttl 224
request timed out.

not sure what this means, can you advise

 

[DelJo63]

your DNS server is unreliable :-(

my ipconfig shows

IP Address. . . . . . . . . . . . : 192.168.0.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 67.21.15.2
........................................: 67.21.15.18​

notice the pair. when one fails, the other is automatically tried.

you can attempt to find a DNS server that's a) more reliable and b) reasonablly close to you.

First, see if the network is ok and the problem is the DNS;
ping google.com 67.21.15.18
the 2nd parm is the DNS to be used for the lookup.
[67.21.15.18] is adelphia.net

if this works w/o timeout or 'Cant find server name for address', then
you can use tracert 67.21.15.18 to see how many hops it takes to get to the
DNS server.

if you see something like

6 27 ms 11 ms * dnscache2.losaca.adelphia.net [67.21.15.18]
7 13 ms 12 ms * dnscache2.losaca.adelphia.net [67.21.15.18]
8 12 ms 11 ms * dnscache2.losaca.adelphia.net [67.21.15.18]​

you consider it as six hops away. [adelphia.net dns has a recursive problem for pings, so just ignore everything after the address sought.

once you find one that is reliable, just go to your TCP/IP config
and manually set the DNS address.

 

[b3llj6]

Thanks for your response, my apologies i am new to DNS and pinging!!

my ipconfig shows
connection specific DNS suffix
IP Address. . . . . . . . . . . . : 10.0.04
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . : 10.0.0.2

when i type in ping google.com

i get 72.14.207.99, when i put this in my browser

i keep gettin server not responding errors

 

[DelJo63]

i get 72.14.207.99, when i put this in my browser
i keep gettin server not responding errors

for me, http://72.14.207.99/ gets the Google.com home page.
your problem is DNS or routing. if Default Gateway ... 10.0.0.2 is true
the http://10.0.0.2/ should put you onto your router admin page.

go there, login, and post back whatever is show in the WAN config.
it will have a public address (xxx this out!), a gateway, and DNS address

 

[b3llj6]

Sorry for not gettin back sooner.
http://72.14.207.99/ in my browser just doesn't connect, it thinks about it but nothing happens.
My Wan Config shows:
static ip:255.255.255.0
gateway:0.0.0.0

my dns config just says dns proxy enabled, auto discovery.
dns server disabled.

 

[b3llj6]

whilst on the internet using firefox now, i keep gettin an alert message reading

'server was reset'

 

[DelJo63]

My Wan Config shows:
static ip:255.255.255.0
gateway:0.0.0.0

my dns config just says dns proxy enabled, auto discovery.
dns server disabled.

now you're getting somewhere!
you need a real gateway and the IP is bogus
the STATIC ip suggests you need DHCP enabled, the result should look something like

Internet Port
MAC Address ......
IP Address 70.x.y.x
DHCP Client
IP Subnet Mask 255.255.254.0
Domain Name Server 67.21.15.2
.................. 67.21.15.18​

set DHCP for both IP + DNS, save the settings, and then reboot the device