Question

urgent: complete loss of internet connection, maybe a virus?

Asked by: aedolbey

Hello experts,

I have a toshiba satellite laptop running WinXP Pro, SP2.  I had been using Norton AntiVirus for quite a while, but eventually had problems with Norton recognizing that I had updated/renewed, a problem which lasted for several weeks (I've heard that this is a problem many Norton users have faced).  Two days ago, I completely lost internet connectivity.  I figured this might have something to do with the Norton problem.

Based on a previous Experts solution, I downloaded (via a different machine) Winsock Repair and ran it.  When the laptop restarted, I had full internet connection again.  I tried to start installing PC-cillin, but as soon as the install was done, I had lost internet connectivity again.  I ran Winsock Repair again, rebooted, and again got a connection.  But I then lost connection yet again just some minutes later.  I could probably go through this cycle forever.

The previous solution also recommended using HijackThis and posting the report it generates to this group for feedback.  That's what I'll do now.  If anybody has any idea what could be causing this, please let me know!!  Thanks.

Here's the report:

Logfile of HijackThis v1.99.1
Scan saved at 5:29:43 PM, on 9/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
c:\Program Files\DUnetVPN401-DUc\cvpnd.exe
C:\oracle\product\10.1.0\Db_1\bin\ocssd.exe
C:\oracle\product\10.1.0\Db_1\bin\isqlplussvc.exe
c:\oracle\product\10.1.0\db_1\bin\ORACLE.EXE
C:\oracle\product\10.1.0\Db_1\jdk\bin\java.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\oracle\product\10.1.0\Db_1\bin\ocssd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.du.edu/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [7BDBEF49] C:\DOCUME~1\Andrea\LOCALS~1\Temp\~144C.tmp.exe
O4 - HKLM\..\Run: [Video Lan Player] VideoLanPlayer.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\RunServices: [Video Lan Player] VideoLanPlayer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Video Lan Player] VideoLanPlayer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: University of Denver DUnetVPN401-DUc.lnk = C:\Program Files\DUnetVPN401-DUc\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\DUnetVPN401-DUc\cvpnd.exe
O23 - Service: dlcd_device -   - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: Video Lan Player (hub) - Unknown owner - C:\WINDOWS\System32\VideoLanPlayer.exe" -netsvcs (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OracleCSService - Unknown owner - C:\oracle\product\10.1.0\Db_1\bin\ocssd.exe
O23 - Service: OracleDBConsoleorcl - Oracle Corporation - C:\oracle\product\10.1.0\Db_1\bin\nmesrvc.exe
O23 - Service: OracleOraDb10g_home1iSQL*Plus - Oracle - C:\oracle\product\10.1.0\Db_1\bin\isqlplussvc.exe
O23 - Service: OracleOraDb10g_home1SNMPPeerEncapsulator - Unknown owner - C:\oracle\product\10.1.0\Db_1\BIN\ENCSVC.EXE
O23 - Service: OracleOraDb10g_home1SNMPPeerMasterAgent - Unknown owner - C:\oracle\product\10.1.0\Db_1\BIN\AGNTSVC.EXE
O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - C:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR.exe
O23 - Service: OracleServiceORCL - Oracle Corporation - c:\oracle\product\10.1.0\db_1\bin\ORACLE.EXE
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Andy

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2006-09-30 at 17:56:08ID22008771
Tags

connection

Topics

Windows XP Operating System

,

Winsock

Participating Experts
6
Points
0
Comments
54

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. HijackThis Log
    Need specific Removal instructions for this log: Logfile of HijackThis v1.99.1 Scan saved at 5:32:00 PM, on 03/23/2005 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system3...
  2. hijackthis file
    Can someone please look at this HIJACKTHIS FILE and let me know if there are some items that should be removed? It appears that for some reason, AOL will attempt to start up and it also appears that IE will be become corrupted in the process. This in turn causes the router ...
  3. HijackThis log
    Can someone tell me if anything from this hijackthis log needs to be removed? Even with firewall and anti-virus running I still got hit with adware and a virus. I already removed kernels32.exe from a previous hijackthis log and ran ad-aware in safe mode. But I'm still having ...
  4. HiJackThis Help
    Experts, My laptop has been running pretty sluggish lately, and last night I received the dreaded blue screen while using IE 7. I ran hijackthis, this morning, but don't know what the results mean. I am pasted the results, below, and if anyone can tell me whether something...
  5. HijackThis: smitfraud?
    rpggamergirl recently gave a solution to a fellow with a smitfraud problem that sounds just like mine. I was about to follow her instructions but thought I should post my own HijackThis log to be sure I'm not jumping to conclusions. I think the problem is in the Video Activ...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: younghvPosted on 2006-09-30 at 18:07:14ID: 17636529

I got a bunch of hits on the "videolanplayer" identifying it as malware.
This also is concern - as is any application running from a 'temp' folder:
O4 - HKLM\..\Run: [7BDBEF49] C:\DOCUME~1\Andrea\LOCALS~1\Temp\~144C.tmp.exe

Did you have any problems uninstalling Norton?
It is notorious for leaving residue in your registry.

Can't hurt to run this: http://symantec.netvision.net.il/Enterprise/Removal tools/  (download the newest version of "nonav.exe" you can find).

You should also run the "Issues" (registry cleaner) function of CCleaner (www.ccleaner.com). Run it 2-3 times, re-boot and run it again.


Good Luck,
Vic

 

by: aedolbeyPosted on 2006-09-30 at 22:45:20ID: 17636963

I followed all of the suggestions younghv made (getting rid of registry entries involving videolan, deleting the temp.tmp items in the local directory, running nonav.exe, and running ccleaner utility), but these did not resolve the problem.  The patches ruijietan suggested are not relevant to my machine since I'm running SP2 -- attempts to load these patches were rejected because they are older than SP2.

Sadly enough, the problem is still with me.  Hopefully I'll get more suggestions.

Thank you for trying, younghv and ruijuetan.

Andy

 

by: JonveePosted on 2006-10-01 at 00:07:02ID: 17637057

Below is a copy of your HijackThis analysis.  As younghv stated you have an issue with "videolanplayer" which requires 'fixing', but you could also take a look at the 18 "unknown" processes and see if you recognise their descriptions.  Then consider 'fixing' them.  See if that helps.
Ideally you should create a folder where you would like the HijackThis file to reside, and run it from there, not from the Desktop or a temp folder. It is important that you download this file to its own folder as this folder will be used when HijackThis makes backups. Temp folders get deleted, taking with them HJT's 'backups' of items that were 'fixed'.

http://www.hijackthis.de/logfiles/c3cf248040ad04ed480ff83a8a3f0f22.html

 

by: JonveePosted on 2006-10-01 at 00:21:24ID: 17637077

You can use the search function here to identify a particular "exe file".  Several of the unknown processes do appear harmless, but you may want to check them out yourself.  Investigating further:

http://www.processlibrary.com/directory/files/pmproxy/

 

by: JonveePosted on 2006-10-01 at 00:31:21ID: 17637087

If you haven't yet tried this Norton 'cleanup' >

"Using the Norton Removal Tool":
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=&seg=&seg=hm

Suggest you also download and run this free version of Ewido anti-malware.    
Update first, then scan in Safe mode:  
http://www.ewido.net/en/download/

 

by: aedolbeyPosted on 2006-10-01 at 02:04:15ID: 17637217

Status update, related to suggestions from Jonvee:

All of the videolan registry entries have been removed.  17 of the 18 unknown processes from the HijackThis report are accounted for (oracle db, network tools, print tools, sound utility, etc.).  The one that is not, the tmp.exe entry, has been removed.  I ran Ewido's full scan, but it didn't discover anything.  The Norton Removal Tool cannot be run, because it demands a network connection (which, of course, I do not have).

The machine still has no internet connectivity.  It's even worse now:  after a run of Winsock Repair and a reboot, now even that doesn't provide a brief moment of internet connection.

Thanks for your ideas, Jonvee, but alas, I am still unable to connect to the internet or other machines on my home network.  This is very frustrating.

Andy

 

by: JonveePosted on 2006-10-01 at 04:33:28ID: 17637381

Ok thanks.  Well Ewido is excellent and it's good you've got a clean report.  
However, *if* you get no further satisfactory comments, you may wish to consider a Repair Install.  
This is a particularly popular link for the repair. Please note the appropriate warnings, and if you do procceed with the repair install you will naturally have to redo all updates, etc..  
[Still considering other possible moves on your issue.]
 
"How to Perform a Windows XP Repair Install":
http://www.michaelstevenstech.com/XPrepairinstall.htm

 

by: JonveePosted on 2006-10-01 at 09:36:06ID: 17638442

Took another look at your problem & found this >
 
"No Internet Connectivity After Uninstalling Norton AntiVirus Software":

Fixing this requires editing the Registry to remove the dependency for DHCP start up.
 
Click Start > Run.
Type "regedit" in the Run box, click OK.
Locate the following keys in the registry:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesDHCP
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesNetBT
For each of the above, double-click the item DependOnService.
Delete any references to SYMTDI or NISDRV.
Click File and Exit to save the changes and close the Registry Editor.
 
The computer will need to be restarted before the changes will take effect.

Details >>   http://8help.osu.edu/1552.html

 

by: younghvPosted on 2006-10-01 at 10:16:12ID: 17638575

When you say 'winsock' repair, are you running the command:
netsh winsock reset (enter)
from Start --> Run or from a command line?

Also - the nonav.exe should have removed any reference to any Norton/Symantec product everywhere on you computer - including the Registry.

If you still have Registry residue, run the 'Issues' function in CCleaner (www.ccleaner.com).
You may have to run it 2-3 times, re-boot and run it again.
Very good product in the XP environment.

Keep at it, we'll get there.

Vic

 

by: JonveePosted on 2006-10-01 at 12:16:24ID: 17638904

Following Vic's entry querying 'winsock' repair, you may like to view this next link, there may be something we've missed >

"How to repair Winsocks":
http://www.alaynah.net/shehar/repair_winsock.htm

 

by: aedolbeyPosted on 2006-10-01 at 12:26:09ID: 17638948

The winsock repair I referred to is a utility called winsockxpfix.  I got it from a previous solution posting (for someone else's problem):

> Comment from SheharyaarSaahil
> Date: 09/01/2004 10:14AM MDT
>     Comment    
>
> Hello netadmin2004 =)
>
> Try running this Winsock Repair for XP:
> http://www.spychecker.com/program/winsockxpfix.html

It didn't solve my problem.  Nor did CCleaner, which I have run many times now.

I just tried the solution Jonvee suggested, but my registry has no references to SYMTDI or NISDRV at those keys.  While I was looking in the registry, I verified that there are no references to any keys that have 'norton' or 'nav' as names or values.  nonav appears to have done the job.  Unfortunately, the machine still has no internet connectivity.

Thanks for continued suggestions.  Hopefully we will get there!

Andy

 

by: younghvPosted on 2006-10-01 at 12:42:19ID: 17639007

From a command prompt, what do you get when you use the command "ipconfig /all" (enter)

If you're not getting an IP address ALMOST identical to your other computer, take a look at this advice:

http://www.petri.co.il/reinstall_tcp_ip_on_windows_xp.htm

All of your DNS and Default Gateway settings should be identical to your other computer(s).


Vic

 

by: aedolbeyPosted on 2006-10-01 at 13:58:04ID: 17639372

I get exactly the IP address the dlink router says it has assigned, which is a final .100 (while the desktop is a .102 -- otherwise all the digits are identical).  And the DNS and Gateway settings are identical, with one exception:  the laptop does not have this line, which the desktop PC does have:

   DNS Suffix Search List..................... : KOTONA

which is the name of my workgroup.  Could this be part of the problem??

 

by: aedolbeyPosted on 2006-10-01 at 14:00:57ID: 17639405

... by the way:  the laptop still lists its as part of the workgroup KOTONA.

 

by: aedolbeyPosted on 2006-10-01 at 14:02:47ID: 17639420

try this again:

... by the way:  the laptop still lists its workgroup as KOTONA.

 

by: younghvPosted on 2006-10-01 at 14:06:39ID: 17639446

I don't think that is a problem, but you can configure your TCP/IP properties to add the suffix.

Before that, have you tried the command:
(ipconfig /flushdns)
Then stopped/restarted the DNS client?

 

by: aedolbeyPosted on 2006-10-01 at 17:00:48ID: 17640164

try this again:

... by the way:  the laptop still lists its workgroup as KOTONA.

 

by: aedolbeyPosted on 2006-10-01 at 17:11:17ID: 17640186

Darn, I was wrong about something I last sent out!  Turns out that the IP address the laptop is getting has been changing to different routers.  My next door neighbors must also have routers that the laptop is able to pick up on.  It has apparently been shifting away from my own router to routers of neighbor(s).  Such activity has never happened before this most recent Norton fiasco.  I never asked to drop my own router and switch to a different one.  Now that I can see it happening I'm able to manually request a return to my own router.  This must be what had been happening when I rebooted after a winsock repair, got connectivity for a short bit, but then "lost" the connection again.  Losing the connection was probably just switcing the connection to a router across the street, one that caused connection problems for my own machine.

This is new behavior.  Any idea why this has been happening??

 

by: d_mayPosted on 2006-10-01 at 17:43:06ID: 17640266

I would set up the security for your router.  If questions remain, tech support is always available from the manufacturer of the router.

 

by: aedolbeyPosted on 2006-10-01 at 17:56:28ID: 17640316

But the router itself doesn't seem to be the problem.  The desktop and other two laptops in my home network have not had any problems at all during this one machine's crisis moments.  Seems like the problem is a single laptop going to other routers for dpcp ip assignment, and these other routers that are not in my house. Is there a way to *make* this one laptop look fora connection with only one specific router?  

Perhaps this should be posed as a new question.

Andy

 

by: younghvPosted on 2006-10-01 at 18:05:23ID: 17640344

Aha!
Wireless.
The only times I've set up wireless connections, I created a unique name for the connection to help sort through all of the various neighbor's open connections.
Don't you physically select which wireless connection you want to make?

 

by: aedolbeyPosted on 2006-10-01 at 20:49:15ID: 17640864

You can definitely manually select a connection.  You can even sort the available connections in a preference list.

Until this past week, the router that came up by default is the router in my home.  What's happening now is that even after manually selecting the home router, the laptop ends up dropping it and going over to a different router.  This is new behavior.  One guess is that the laptop would only do that if it's having trouble connecting to the router manually chosen.  If that's the case, then this new behavior could be due to new connection problems the laptop developed in the process of getting rid of Norton.

Any thoughts?

 

by: JonveePosted on 2006-10-02 at 00:08:40ID: 17641301

Andy
You could take another look at your router wireless settings.
Have you phyically repositioned the wireless router during troubleshooting so that it is somehow "seeing" a larger signal level from your neighbour's router?  
Can you easily reposition the router if so?   Even consider some form of extra RF shielding between your walls(& routers).  
Are conditions the same if you use your laptop in other parts of your house?
 
You could consider temporarily by-passing your router/home network, and connect the laptop direct, to confirm internet connection.

 

by: younghvPosted on 2006-10-02 at 04:24:36ID: 17642485

Hi Andy,
Any luck with the direct connection?
If that works, make sure you have any and all critical patches installed and check the Toshiba web site for any specific updates/patches for your notebook.
Vic

 

by: d_mayPosted on 2006-10-02 at 13:32:58ID: 17646665

There is a serial number on the bottom of the router.  This would prevent the behavior in which you describe connection problems the laptop devloped in the proccess of getting rid of Norton.  As younghy said in the above post "check with your manufacture's web site"  Check for firmware updates.
You can also call your router manufacture's support staff, they can walk you through set up of the router.

d_may

 

by: aedolbeyPosted on 2006-10-03 at 07:00:09ID: 17651481

I'll definitely see what DLink (the type of router I have) and/or Toshiba say about this sort of problem.

How would a serial number on the router help here?


Andy

 

by: JonveePosted on 2006-10-03 at 09:18:21ID: 17652629

The router *model* (or type) number may be of more use, perhaps thats what d_may is after, although you could also make a note of the serial number if it's visible.

Firmware updates can certainly be crucial to a router's operation.
   
You may well find sufficient re-setting up instructions if you logon to the router as "admin", on the associated "help page".

Then if you still have a problem and you can make that *direct* internet connection as suggested above, hopefully you could download and run the Norton removal tool mentioned earlier.

 

by: d_mayPosted on 2006-10-03 at 15:13:22ID: 17655204

I dare say if your neighbor had his  security set up on his router connection (WEP) then your computer would not be able to set it as a connection.  You can set the order or delete his connection.
You need a firmware update.  You need to set your security.  Then as mentioned above your could run the Norton removal tool.
start>run>"type" ipconfig           What do you see as an address?

 

by: JonveePosted on 2006-10-03 at 16:09:46ID: 17655490

A few more similar items to consider.   Is the laptop set to Automatically obtain an IP address?

Following on from the above suggestion you could also run the command "ipconfig /all" from a DOS prompt.  
Then run the same command on another computer, and compare the results.

What is the value for "DNS server" on the laptop?    

Can you see the Default Gateway IP?

 

by: aedolbeyPosted on 2006-10-04 at 16:18:55ID: 17664494

Sorry for the delay.  

As of last night, the connection via my router would work for a while, then out of nowhere the network connection would switch to some other router somewhere else and the ability to connect to the web with a browser disappeared.  When I rebooted the laptop, it would come back up and connect to my router.  Chances are it would've floated off again, though I was too tired to wait up and find out.

On booting up today, it connected to my router.  So I followed ealier advice while I could and went to Norton's site and used their removal tool, and rebooted again.  The network connection went to my router.

If the connection stays with my router for the rest of today, I'll go ahead and close this question.

Thanks for all the suggestions.

Andy

 

by: JonveePosted on 2006-10-05 at 00:12:27ID: 17666428

Good.  Thanks for the report it certainly sounds much better.    
*If* the problem did recurr, another suggestion is to download then install and run this cleanup tool:

http://ca.huji.ac.il/bf/mcafee/NoNav.exe

This will remove NAVCE and Symantec AV versions 4, 5, 7, 8, 9, SCF, SSC, and AMS from your file system and registry.   Reboot once again.

 

by: younghvPosted on 2006-10-05 at 02:41:20ID: 17666948

NoNav.exe has been a life saver for us.
Here is the actual link to the Symantec version (they don't publicize it's existence very well).

Check the dates of the files and grab the latest version:


(http://symantec.netvision.net.il/Enterprise/Removal tools/)


I am showing version NoNav2.48.exe

Vic

 

by: JonveePosted on 2006-10-05 at 06:22:12ID: 17668071

Vic
       http://symantec.netvision.net.il/Enterprise/Removal tools/

Couldn't access your link, but after inserting "%20" it now seems ok >

       http://symantec.netvision.net.il/Enterprise/Removal%20tools/

Jonvee

 

by: younghvPosted on 2006-10-05 at 07:47:42ID: 17669170

Jonvee,
Thanks - I guess the space between Removal and tools is dinking up my hyperlink.

Whatever that "%20" does, I now have it in my sample link.

Thanks for the assist.

Vic

 

by: aedolbeyPosted on 2006-10-05 at 12:43:26ID: 17671631

The problem continues.  Here's an update.

I had already run NoNav2.48 a few days ago.  But I went ahead and ran it again.  And I downloaded the tool from http://symantec.netvision.net.il/Enterprise/Removal%20tools/ and ran it too.  Earlier this morning I updated the firmware for my DLink router to the most recent firmware version.  And, of course, after each step, I rebooted the laptop where the problem are showing up.  Still, no luck.  The problem laptop has again left the home router and gone to a neighbor's.

A bit more background.  The laptop with this problem is my wife's.  The laptop that hasn't had this problem at all is mine.  They are both Toshiba Satellites, though hers is a slightly more recent model.  I've always had PC-cillin on my laptop.  My wife for a long time had Norton AntiVirus.  It was problems with Norton that started this whole router fiasco.

Our router's connection name is 'Jaeren'.  Here's what the IP, Gateway, and DNS info looks like for me (and for my wife, during those short-lived moments before her machine goes to a different router):

        IP Address. . . . . . . . . . . . : 192.168.0.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1
        DHCP Server . . . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 192.168.0.1

Here's what that same info looks like for my wife's machine once it heads out to some other router, a connection with a different name ('linksys', probably the brand name of the neighbor's router):

        IP Address. . . . . . . . . . . . : 192.168.1.101
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 192.168.1.1

The two sets of numbers are all just one digit away (except for the Subnet Mask):  

      ...0.101 / ...0.1
vs.
      ...1.101 / ...1.1


I truly don't understand why my wife's laptop is leaving our router to go to some neighbor's router.  The two machines are about 20 feet from each other.  The only difference I can think of is that she used to have Norton.  I manually deleted this neighbor network connection from the problem laptop, but the connection was re-acquired.  I don't know how to keep it from happening again.

Any ideas?

Andy

 

by: JonveePosted on 2006-10-06 at 05:55:17ID: 17675912

Still periodically investigating ...

On your wife's laptop you could check the router 'Basic Settings'.  
Presume the Internet IP address and DNS address are set to "Get dynamically from ISP" and "Get Automatically from ISP" respectively?

Has the router any mechanism to set the IP address to 192.168.0.1 *manually* in the hope that it's retained while you're accessing the internet?

Another suggestion is to change to a wireless channel that your neighbour is not using.  
If you can see that you are both using the same (or adjacent) channels, try resetting your router to a different channel, and see if this interaction still exists.  
You should be able to logon to the router as "admin", then check the menu for 'wireless settings' (or an equivalent), and hence find the channel selection facility.

 

by: JonveePosted on 2006-10-06 at 06:06:01ID: 17675997

Andy
Is your wife's laptop fully updated with MS updates, and are both your laptops identical in most other respects, eg, both running SP1 or SP2?

You could again consider temporarily by-passing your router and connect her laptop direct, to confirm internet connection.
Then run a series of checks including a check for viruses and Malware until you are happy with the laptop's health.

 

by: aedolbeyPosted on 2006-10-06 at 06:54:38ID: 17676345

That's a good question.  I should've said this before:  both laptops are running SP2, on XP Pro.  PC-cillin is now running on her laptop, and is showing no viruses or Malware.

There's no question that her laptop can connect to our router.  The problem is just that it very often wanders off to a different router (where there are apparently some DNS problems over there -- but that's not our problem, or, at least, it shouldn't be).  Her laptop can be manually forced back to our router, though.  In fact, a new twist started yesterday:  after the machine wandered off to a different router, it actually drifted back to our router with no manual intervention.  That was good to see, I suppose, but we'd like to see it stick with our router all the time.

This seems like a broader question.  Nonetheless, it's still striking that the "router wandering" never happened at all before the problems with Norton came up.  It seems like the only thing left to try is to do a full re-install of her OS, and never let Norton see the light of day on the machine.  A dreadfully painful tactic, but perhaps it's the only solution that would work.

Andy

 

by: younghvPosted on 2006-10-06 at 07:56:26ID: 17676900

Andy,
Have you tried setting "Static IP Addresses" on your computers.
I know that you shouldn't have to, but it would stop the 'wanderlust'.

Vic

 

by: aedolbeyPosted on 2006-10-06 at 08:20:10ID: 17677143

That's a good idea.  I'll give it a shot and report what the results are.

 

by: aedolbeyPosted on 2006-10-06 at 09:27:42ID: 17677735

Well, that strategy didn't work.  When ipconfig /all is run, the IP shows up with the correct, statically assigned number.  Nevertheless, the network connection itself still wandered over to a different router.  And, of course, internet connection is totally lost.

So the wanderlust is not ceased by statically assigning an IP address.  This surprises me.  Given this scenario, I don't really know what it means to have an XP "network connection" show up when there is no real IP, DNS, and/or Gateway linking done.  The little 'Wireless Network Connection' icon in the taskbar lights up and reports the name of the mystery router and a connection level (good, very good, excellent), but there isn't really a meaningful connection at all.

 

by: younghvPosted on 2006-10-06 at 09:32:40ID: 17677802

Arrg!
Are you statically assigning it to YOUR Default Gateway and DNS?

The real question is why in the world this happens on one and not the other?

Think I'll go mumble to myself awhile and hope I have a brainstorm.


Vic

 

by: JonveePosted on 2006-10-06 at 10:13:35ID: 17678355

It's certainly a mystery and not much to offer at this time in the way of a suggestion, apart from the "temporary" channel change idea.  
It depends upon the urgency of your situation, and if we *eventually* do come to an impass that between us we still can't resolve (and prior to considering reinstalling the OS), you could post a pointer question (worth 20 points) in the Network topic area, with a link to this thread number:
http://www.experts-exchange.com/Operating_Systems/WinXP/Q_22008771.html#17677802

Network TA > http://www.experts-exchange.com/Networking/Broadband/

This will give you input from experts active in that other area. You should get a quick response particularly as this thread is now a long way down the WinXP list.
Still contemplating!

 

by: aedolbeyPosted on 2006-10-06 at 10:17:18ID: 17678383

Yes, they were statically assigned to my router's addresses (DNS, Gateway, statically given IP).

I agree:  why is this going on with my wife's laptop but not mine?  The only difference I can think of is the Norton history on one but not the other.

Very frustrating.

Andy

 

by: d_mayPosted on 2006-10-06 at 15:46:35ID: 17680354

I had a brain storm of my own:
It could be a DNS cashe problem.  Clear your DNS cashe.  Go to start>Run> and type CMD and hit "OK".
At the command prompt, type ipconfig\flushdns and hit "OK". then test.

hope this helps,

d_may

 

by: d_mayPosted on 2006-10-06 at 15:49:13ID: 17680364

sorryyounhy I see that you already suggested that: I bad.

 

by: aedolbeyPosted on 2006-10-06 at 16:13:01ID: 17680449

I just flushed the DNS cache again, and manually disconnected and then re-connected the wireless network adapter.  It's connected to our router now, but I'll see where it is in a couple hours.

I'll try posting a pointer question to the Network topic area.  Some time this weekend I'll go ahead and close this question out and split the points between d_may and Jonvee.

Many thanks go to both of you for your suggestions.

Andy

 

by: younghvPosted on 2006-10-06 at 16:47:25ID: 17680619

d_may,
No bad - tons of posts on this one, but glad you noticed I threw out some ideas on this problem.
Apparently, that fact slipped past Andy :)


Vic

 

by: lrmoorePosted on 2006-10-06 at 16:53:16ID: 17680639

Have you tried disabling windows Wireless Zero Config service?
http://www.ifelix.co.uk/tech/2000.html

Good article reference WZC issues. Seems to relate to your situation
http://cws.internet.com/article/3115-.htm

 

by: aedolbeyPosted on 2006-10-09 at 10:31:31ID: 17692059

Yes, the article describes scenarios pretty similar to ours.  But, we have an SSID that is almost guaranteed to be different from any local neighbors' SSID (it's the name of an area where I lived overseas), so SSID name collision is not the problem.

Before disabling WZG, the article suggests obtaining replacement drivers/utilities to use in WZG's place.  The laptop that is experiencing problems is a Toshiba Satellite A15-S157.  Toshiba lists an Atheros WiFi client utility to use, but says that it requires an Atheros driver.  The specific driver listed is also available on Toshiba's site, but A15-S157 is *not* included in the list of "Applicable Models".  Here's the details on the two items, taken directly from Toshiba's site.

1) atheros_wpa_client.exe   Version:  2.4.2.18

Description: Requires Atheros WiFi driver v2.4.2.14 (atheros_wpa_driver.exe). You must uninstall your existing Atheros WiFi client utility (if present) before installing this version.

http://www.csd.toshiba.com/cgi-bin/tais/su/su_sc_dtlViewDL.jsp?soid=553445&moid=429789&BV_SessionID=@@@@2119399490.1160410184@@@@&BV_EngineID=ccccaddjdgjldehcgfkceghdgngdgnj.0&ct=DL


2) atheros_wpa_driver.exe   Version: 2.4.2.14

Description: Requires Atheros Client Utility v2.4.2.18 (atheros_wpa_client.exe)

http://www.csd.toshiba.com/cgi-bin/tais/su/su_sc_dtlViewDL.jsp?soid=553351&moid=160273&BV_SessionID=@@@@2119399490.1160410184@@@@&BV_EngineID=ccccaddjdgjldehcgfkceghdgngdgnj.0&ct=DL


I'm nervous about several things here:

- when the driver installation is initiated, the install window says to "See Atheros_Readme.txt' for detailed instructions."  But the driver does not come with anything other than the .exe file (no readme, no warning sheet, no nothing).

- as mentioned earlier, the page for downloading the driver does not list A15-S157 as an "Applicable Model", despite the fact that the client that is listed as *requiring* this driver is certainly listed as an "Applicable Model".

- the laptop itself was shipped with Intel Pro Network Adapters and Drivers.  These might be for the ethernet connection, not the wireless connection.  I don't know.  But I'm nervous that installing the Athenos driver could cause problems with the Intel driver(s).

Any thoughts?

Andy

 

by: aedolbeyPosted on 2006-11-10 at 09:27:07ID: 17916072

User 'Computer101' has volunteered to take care of handling this question.  Hopefully that will happen soon.

Sorry for the delay.


Ansy

 

by: Computer101Posted on 2006-11-12 at 14:51:15ID: 17926835

This question is PAQ'ed so that he can make another question, and use this as a reference (Pointer).  Points are refunded.

Computer101
EE Admin

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...