Winsock error - xp pc

Forgot to mention, have tried that one to :-)

Tried "The king" suggestion, but still no luck.
Was optimistic, because I fount several hidden devices (Norman Security Driver, Norman Firewall). Deleted them, along with my network device. But still nothing.

Now I just tried uninstalling AVG and reinstalling Norman. To see If norman could fix it selves. But NO !

Anyone else?

Tried all of this, still no luck.

Does it use DHCP or a static IP address? Do the
IPCONFIG /all entries match up with what should be there?

Can other machines on the network see the Internet?

Uses DHCP, does not receive an IP adress from router. Have triet several networks. They are all ok for other machines.
Have also tried static ip.¨Then I can ping my router.
All other machines can use internet.
It says "limited or no access....." on the network adapter.

I've seen this before on a vista pc and I had to reinstall!
I thought it quicker to do that than spend hours fixing.

It was a similar issue ie two firewalls installed and no matter
What was tried, the issue remained until I installed a clean
OS.  

Jippi
Now I receive IP from DHCP, I can also log into my router via IE7.
But still I have problem with dns, or something.
I started sfc /scannow.............not finished yet. Right after starting, i got an IP adress.
Now i kross my fingers........thanks for all your help som far. Im going to bed know. Hope to speak again in the morning :-)

Did you just restart your PC??

Yes, I have restartet my computer. But still cant access www.google.no or anything else. But I can log into my router 192.168.225.1 with IE7.
Is is now an NDS issue? I can ping ip adresses but not "names".
Anyone?

Network diagnose from IE7 gives me the following (se attachment)

diagnose.txt

Sorry the file is in Norwegian.....:-)

Open a command prompt and do:

nslookup www.hotmail.com

and see what you get. Also, have a look at this question:

https://www.experts-exchange.com/questions/20932429/Windows-DNS-does-not-work.html

nslookup www.hotmail.com returns:
Server:  ns1.lyse.net
Address:  213.167.96.50

Navn:    origin.mail.live.com
Addresses:  64.4.20.184, 64.4.20.186, 64.4.20.169, 64.4.20.174
Aliases:  www.hotmail.com, mail.live.com
        toplevel.mail.live.com.akadns.net

I can connect to other computers in my network, I can browse network, and se the other computers.

Can you also list the output of IPCONFIG /all from the problem
PC and a working one?

Thanks

Your DNS is working properly, it doesn't look like there is any problems there. I suggest running ComboFix, it can be downloaded from: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

and the instructions on usage are here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

I am still going to summarize them. Download the ComboFix.exe and save it with a different name like jabba.exe. Then reboot your PC in safe mode (without networking if possible) and then disable your antivirus+firewall temporarily and run ComboFix. After ComboFix is finished, it will create a log. Please send that log to us and re-enable your computer security programs (antivirus and firewall).

Now I tried to uninstall all drivers (also hidden ones) from safe mode. I also deletet the device driver files from windows\system32.
Rebootet, and now I'm back to:
I dont get IP adress from DHCP, so now I'm running sfc /scannow again to se if it will fix the problem.
Have downloaded Combofix, and will try that one as well.
This was a hard one to fix :-(

I know this may seem a silly idea, but do you have access to a second Network card?

If so, I'd disable the first one. Then shut down the PC, install the new card along with drivers and see if that makes any difference. Don't put the network cable in to the secondary card until you have installed the correct drivers.

I'm just trying to rule out any possible hardware issue and/or registry problem with the current card.

Thanks
John

ComboFix 09-05-05.03 - Administrator 06.05.2009 14:38.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.3.1252.47.1044.18.511.394 [GMT 2:00]
Kjører fra: C:\jabba.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
FW: Personlig brannmur *disabled*
.

(((((((((((((((((((((((((((   Filer Opprettet Fra 2009-04-06 til 2009-05-06  )))))))))))))))))))))))))))))))))
.

2009-05-06 09:54 . 2009-05-06 09:50      3012988      ----a-r      C:\jabba.exe
2009-05-06 09:52 . 2009-05-06 10:19      --------      d-----w      c:\windows\LastGood
2009-05-06 09:47 . 2009-03-25 12:29      130432      ----a-w      c:\windows\system32\drivers\Rtnicxp.sys
2009-05-06 09:47 . 2009-03-03 18:18      73728      ----a-w      c:\windows\system32\RtNicProp32.dll
2009-05-06 08:36 . 2008-04-14 16:22      116224      ----a-w      c:\windows\system32\dllcache\xrxwiadr.dll
2009-05-06 08:36 . 2001-10-06 12:02      23040      ----a-w      c:\windows\system32\dllcache\xrxwbtmp.dll
2009-05-06 08:36 . 2008-04-14 16:22      18944      ----a-w      c:\windows\system32\dllcache\xrxscnui.dll
2009-05-06 08:36 . 2001-10-06 12:03      27648      ----a-w      c:\windows\system32\dllcache\xrxftplt.exe
2009-05-06 08:36 . 2001-10-06 12:03      4608      ----a-w      c:\windows\system32\dllcache\xrxflnch.exe
2009-05-06 08:36 . 2001-08-18 04:37      99865      ----a-w      c:\windows\system32\dllcache\xlog.exe
2009-05-06 08:36 . 2001-08-17 18:11      16970      ----a-w      c:\windows\system32\dllcache\xem336n5.sys
2009-05-06 08:36 . 2004-08-03 20:29      19455      ----a-w      c:\windows\system32\dllcache\wvchntxx.sys
2009-05-06 08:36 . 2008-04-13 18:46      19200      ----a-w      c:\windows\system32\dllcache\wstcodec.sys
2009-05-06 08:36 . 2004-08-03 20:29      12063      ----a-w      c:\windows\system32\dllcache\wsiintxx.sys
2009-05-06 08:36 . 2008-04-14 16:22      8192      ----a-w      c:\windows\system32\dllcache\wshirda.dll
2009-05-06 08:34 . 2001-08-17 19:28      64605      ----a-w      c:\windows\system32\dllcache\vvoice.sys
2009-05-06 08:33 . 2008-04-13 18:45      60032      ----a-w      c:\windows\system32\dllcache\usbaudio.sys
2009-05-06 08:32 . 2001-10-06 12:02      440576      ----a-w      c:\windows\system32\dllcache\tridkb.dll
2009-05-06 08:31 . 2001-08-17 19:49      30464      ----a-w      c:\windows\system32\dllcache\tbatm155.sys
2009-05-06 08:30 . 2001-10-06 12:02      99328      ----a-w      c:\windows\system32\dllcache\srusd.dll
2009-05-06 08:29 . 2001-08-17 18:12      24576      ----a-w      c:\windows\system32\dllcache\smc8000n.sys
2009-05-06 08:28 . 2001-08-17 18:50      101760      ----a-w      c:\windows\system32\dllcache\sis300ip.sys
2009-05-06 08:27 . 2001-08-17 18:50      75392      ----a-w      c:\windows\system32\dllcache\s3savmxm.sys
2009-05-06 08:26 . 2001-08-17 18:19      3840      ----a-w      c:\windows\system32\dllcache\rpfun.sys
2009-05-06 08:25 . 2008-04-13 18:41      17664      ----a-w      c:\windows\system32\dllcache\ppa3.sys
2009-05-06 08:24 . 2001-10-06 12:01      41984      ----a-w      c:\windows\system32\dllcache\ovui2rc.dll
2009-05-06 08:23 . 2001-08-17 18:49      51552      ----a-w      c:\windows\system32\dllcache\ntgrip.sys
2009-05-06 08:22 . 2001-10-06 11:43      52255      ----a-w      c:\windows\system32\dllcache\n1000nt5.sys
2009-05-06 08:21 . 2001-10-06 11:35      320384      ----a-w      c:\windows\system32\dllcache\mgaum.sys
2009-05-06 08:20 . 2001-10-06 11:28      15744      ----a-w      c:\windows\system32\dllcache\lit220p.sys
2009-05-06 08:19 . 2001-10-06 12:02      62464      ----a-w      c:\windows\system32\dllcache\icam4ext.dll
2009-05-06 08:18 . 2001-08-17 19:28      289887      ----a-w      c:\windows\system32\dllcache\hsf_fall.sys
2009-05-06 08:17 . 2001-10-06 11:38      17408      ----a-w      c:\windows\system32\dllcache\gpr400.sys
2009-05-06 08:16 . 2004-08-04 13:00      45056      ----a-w      c:\windows\system32\dllcache\esunid.dll
2009-05-06 08:15 . 2001-08-17 18:11      77386      ----a-w      c:\windows\system32\dllcache\el656nd5.sys
2009-05-06 08:14 . 2001-10-06 12:02      131156      ----a-w      c:\windows\system32\dllcache\digidbp.dll
2009-05-06 08:13 . 2001-10-06 12:02      170880      ----a-w      c:\windows\system32\dllcache\cl546x.dll
2009-05-06 08:12 . 2001-08-17 18:19      36992      ----a-w      c:\windows\system32\dllcache\aztw2320.sys
2009-05-05 21:52 . 2009-05-05 21:52      --------      d-----w      c:\windows\AiOTemp
2009-05-05 21:51 . 2009-05-06 07:33      --------      d--h--r      d:\documents and settings\Kristine\Siste
2009-05-05 21:49 . 2009-05-05 21:49      10520      ----a-w      c:\windows\system32\avgrsstx.dll
2009-05-05 21:49 . 2009-05-05 21:49      107912      ----a-w      c:\windows\system32\drivers\avgtdix.sys
2009-05-05 21:49 . 2009-05-05 21:49      325640      ----a-w      c:\windows\system32\drivers\avgldx86.sys
2009-05-05 21:49 . 2009-05-05 21:49      --------      d-----w      c:\windows\system32\drivers\Avg
2009-05-05 20:16 . 2009-05-05 20:16      --------      d-----w      d:\documents and settings\Administrator\Programdata\Malwarebytes
2009-05-05 20:11 . 2009-05-05 20:11      --------      d-----w      d:\documents and settings\Kristine\Programdata\Malwarebytes
2009-05-05 20:11 . 2009-05-05 20:11      --------      d-----w      d:\documents and settings\All Users\Programdata\Malwarebytes
2009-05-05 19:45 . 2009-05-05 20:53      --------      d-----w      d:\documents and settings\All Users\Programdata\Lavasoft
2009-05-05 19:30 . 2009-05-05 20:50      --------      d-----w      c:\programfiler\Norman
2009-05-05 19:30 . 2009-05-05 19:30      --------      d-----w      d:\documents and settings\Kristine\Programdata\InstallShield
2009-05-05 10:51 . 2009-05-05 10:51      --------      d-----w      d:\documents and settings\All Users\Programdata\NortonInstaller
2009-05-05 07:59 . 2009-05-05 07:59      --------      d-----w      c:\programfiler\ACW
2009-05-05 07:35 . 2009-05-05 07:35      --------      d-----w      c:\programfiler\AVG
2009-05-05 07:35 . 2009-05-05 21:49      --------      d-----w      d:\documents and settings\All Users\Programdata\avg8
2009-04-30 12:43 . 2009-05-05 20:28      --------      d-----w      d:\documents and settings\Kristine\Programdata\Desktopicon
2009-04-30 12:43 . 2009-04-30 12:43      --------      d-----w      c:\programfiler\Unlocker
2009-04-30 10:56 . 2009-04-30 11:48      --------      d-----w      c:\windows\system32\data
2009-04-30 10:46 . 2009-04-30 10:46      --------      d-----w      c:\programfiler\CCleaner
2009-04-07 16:23 . 2009-04-07 16:23      --------      d-----w      d:\documents and settings\LocalService\Start-meny
2009-04-07 16:22 . 2008-04-16 10:57      42552      ----a-w      c:\windows\system32\drivers\ale_nf.sys
2009-04-07 16:22 . 2008-02-07 10:12      79752      ----a-w      c:\windows\system32\drivers\ndis_rd.sys
2009-04-07 16:22 . 2008-02-07 10:12      74624      ----a-w      c:\windows\system32\drivers\tdi_rd.sys
2009-04-07 16:22 . 2008-05-16 09:28      212024      ----a-w      c:\windows\system32\nscrnsav.scr

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 21:50 . 2005-12-09 11:35      59272      ----a-w      d:\documents and settings\Kristine\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2009-05-05 20:53 . 2005-12-09 19:23      --------      d-----w      c:\programfiler\Fellesfiler\Wise Installation Wizard
2009-05-05 19:30 . 2005-12-09 19:23      --------      d--h--w      c:\programfiler\InstallShield Installation Information
2009-05-05 11:16 . 2006-09-02 19:49      --------      d-----w      c:\programfiler\LimeWire
2009-05-05 08:21 . 2004-09-20 09:03      61500      ----a-w      c:\windows\system32\perfc014.dat
2009-05-05 08:21 . 2004-09-20 09:03      387742      ----a-w      c:\windows\system32\perfh014.dat
2009-02-09 14:08 . 2004-09-20 09:03      1846784      ----a-w      c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SunJavaUpdateSched"="c:\programfiler\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975]
"Ulead AutoDetector v2"="c:\programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2005-11-12 180269]
"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2005-11-12 98304]
"UnlockerAssistant"="c:\programfiler\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-05 1932568]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-01-20 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-05 21:49      10520      ----a-w      c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [05.05.2009 23:49 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [05.05.2009 23:49 107912]
S1 NGS;Norman General Security Driver;\??\c:\programfiler\norman\ngs\bin\ngs.sys --> c:\programfiler\norman\ngs\bin\ngs.sys [?]
S1 NPROSEC;Norman Security driver;\??\c:\programfiler\Norman\Ngs\Bin\nprosec.sys --> c:\programfiler\Norman\Ngs\Bin\nprosec.sys [?]
S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging; [x]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [05.05.2009 23:49 298264]
S3 S3chipid;S3chipid;\??\c:\docume~1\Eier\LOKALE~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys --> c:\docume~1\Eier\LOKALE~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys [?]
S4 NDIS_RD;Norman Firewall NDIS driver;c:\windows\system32\drivers\ndis_rd.sys [07.04.2009 18:22 79752]
S4 NPC;Norman Parental Control;"c:\programfiler\Norman\npc\bin\npcsvc32.exe" --> c:\programfiler\Norman\npc\bin\npcsvc32.exe [?]
S4 NPFSvc32;Norman Personal Firewall Service;"c:\programfiler\Norman\npf\bin\npfsvc32.exe" --> c:\programfiler\Norman\npf\bin\npfsvc32.exe [?]
S4 NPROSECSVC;Norman Security service;"c:\programfiler\Norman\Ngs\Bin\Nprosec.exe" --> c:\programfiler\Norman\Ngs\Bin\Nprosec.exe [?]
S4 NUAA;Norman User Activity Agent;"c:\programfiler\Norman\npc\bin\nuaa.exe" --> c:\programfiler\Norman\npc\bin\nuaa.exe [?]
S4 NVOY;Norman Resource Provider;"c:\programfiler\Norman\npm\bin\nvoy.exe" --> c:\programfiler\Norman\npm\bin\nvoy.exe [?]
S4 TDI_RD;Norman Firewall TDI driver;c:\windows\system32\drivers\tdi_rd.sys [07.04.2009 18:22 74624]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 14:39
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...  

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...  

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(208)
c:\windows\system32\Ati2evxx.dll
.
Tidspunkt ferdig: 2009-05-06 14:40
ComboFix-quarantined-files.txt  2009-05-06 12:40

Pre-Run: 22 744 543 232 byte ledig
Post-Run: 22 730 854 400 byte ledig

149      --- E O F ---      2009-03-20 18:34

ComboFix 09-05-05.03 - Administrator 06.05.2009 14:57.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.3.1252.47.1044.18.511.366 [GMT 2:00]
Kjører fra: C:\jabba.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
FW: Personlig brannmur *disabled*
.

(((((((((((((((((((((((((((   Filer Opprettet Fra 2009-04-06 til 2009-05-06  )))))))))))))))))))))))))))))))))
.

2009-05-06 09:54 . 2009-05-06 09:50      3012988      ----a-r      C:\jabba.exe
2009-05-06 09:52 . 2009-05-06 10:19      --------      d-----w      c:\windows\LastGood
2009-05-06 09:47 . 2009-03-25 12:29      130432      ----a-w      c:\windows\system32\drivers\Rtnicxp.sys
2009-05-06 09:47 . 2009-03-03 18:18      73728      ----a-w      c:\windows\system32\RtNicProp32.dll
2009-05-06 08:36 . 2008-04-14 16:22      116224      ----a-w      c:\windows\system32\dllcache\xrxwiadr.dll
2009-05-06 08:36 . 2001-10-06 12:02      23040      ----a-w      c:\windows\system32\dllcache\xrxwbtmp.dll
2009-05-06 08:36 . 2008-04-14 16:22      18944      ----a-w      c:\windows\system32\dllcache\xrxscnui.dll
2009-05-06 08:36 . 2001-10-06 12:03      27648      ----a-w      c:\windows\system32\dllcache\xrxftplt.exe
2009-05-06 08:36 . 2001-10-06 12:03      4608      ----a-w      c:\windows\system32\dllcache\xrxflnch.exe
2009-05-06 08:36 . 2001-08-18 04:37      99865      ----a-w      c:\windows\system32\dllcache\xlog.exe
2009-05-06 08:36 . 2001-08-17 18:11      16970      ----a-w      c:\windows\system32\dllcache\xem336n5.sys
2009-05-06 08:36 . 2004-08-03 20:29      19455      ----a-w      c:\windows\system32\dllcache\wvchntxx.sys
2009-05-06 08:36 . 2008-04-13 18:46      19200      ----a-w      c:\windows\system32\dllcache\wstcodec.sys
2009-05-06 08:36 . 2004-08-03 20:29      12063      ----a-w      c:\windows\system32\dllcache\wsiintxx.sys
2009-05-06 08:36 . 2008-04-14 16:22      8192      ----a-w      c:\windows\system32\dllcache\wshirda.dll
2009-05-06 08:34 . 2001-08-17 19:28      64605      ----a-w      c:\windows\system32\dllcache\vvoice.sys
2009-05-06 08:33 . 2008-04-13 18:45      60032      ----a-w      c:\windows\system32\dllcache\usbaudio.sys
2009-05-06 08:32 . 2001-10-06 12:02      440576      ----a-w      c:\windows\system32\dllcache\tridkb.dll
2009-05-06 08:31 . 2001-08-17 19:49      30464      ----a-w      c:\windows\system32\dllcache\tbatm155.sys
2009-05-06 08:30 . 2001-10-06 12:02      99328      ----a-w      c:\windows\system32\dllcache\srusd.dll
2009-05-06 08:29 . 2001-08-17 18:12      24576      ----a-w      c:\windows\system32\dllcache\smc8000n.sys
2009-05-06 08:28 . 2001-08-17 18:50      101760      ----a-w      c:\windows\system32\dllcache\sis300ip.sys
2009-05-06 08:27 . 2001-08-17 18:50      75392      ----a-w      c:\windows\system32\dllcache\s3savmxm.sys
2009-05-06 08:26 . 2001-08-17 18:19      3840      ----a-w      c:\windows\system32\dllcache\rpfun.sys
2009-05-06 08:25 . 2008-04-13 18:41      17664      ----a-w      c:\windows\system32\dllcache\ppa3.sys
2009-05-06 08:24 . 2001-10-06 12:01      41984      ----a-w      c:\windows\system32\dllcache\ovui2rc.dll
2009-05-06 08:23 . 2001-08-17 18:49      51552      ----a-w      c:\windows\system32\dllcache\ntgrip.sys
2009-05-06 08:22 . 2001-10-06 11:43      52255      ----a-w      c:\windows\system32\dllcache\n1000nt5.sys
2009-05-06 08:21 . 2001-10-06 11:35      320384      ----a-w      c:\windows\system32\dllcache\mgaum.sys
2009-05-06 08:20 . 2001-10-06 11:28      15744      ----a-w      c:\windows\system32\dllcache\lit220p.sys
2009-05-06 08:19 . 2001-10-06 12:02      62464      ----a-w      c:\windows\system32\dllcache\icam4ext.dll
2009-05-06 08:18 . 2001-08-17 19:28      289887      ----a-w      c:\windows\system32\dllcache\hsf_fall.sys
2009-05-06 08:17 . 2001-10-06 11:38      17408      ----a-w      c:\windows\system32\dllcache\gpr400.sys
2009-05-06 08:16 . 2004-08-04 13:00      45056      ----a-w      c:\windows\system32\dllcache\esunid.dll
2009-05-06 08:15 . 2001-08-17 18:11      77386      ----a-w      c:\windows\system32\dllcache\el656nd5.sys
2009-05-06 08:14 . 2001-10-06 12:02      131156      ----a-w      c:\windows\system32\dllcache\digidbp.dll
2009-05-06 08:13 . 2001-10-06 12:02      170880      ----a-w      c:\windows\system32\dllcache\cl546x.dll
2009-05-06 08:12 . 2001-08-17 18:19      36992      ----a-w      c:\windows\system32\dllcache\aztw2320.sys
2009-05-05 21:52 . 2009-05-05 21:52      --------      d-----w      c:\windows\AiOTemp
2009-05-05 21:51 . 2009-05-06 07:33      --------      d--h--r      d:\documents and settings\Kristine\Siste
2009-05-05 21:49 . 2009-05-05 21:49      10520      ----a-w      c:\windows\system32\avgrsstx.dll
2009-05-05 21:49 . 2009-05-05 21:49      107912      ----a-w      c:\windows\system32\drivers\avgtdix.sys
2009-05-05 21:49 . 2009-05-05 21:49      325640      ----a-w      c:\windows\system32\drivers\avgldx86.sys
2009-05-05 21:49 . 2009-05-05 21:49      --------      d-----w      c:\windows\system32\drivers\Avg
2009-05-05 20:16 . 2009-05-05 20:16      --------      d-----w      d:\documents and settings\Administrator\Programdata\Malwarebytes
2009-05-05 20:11 . 2009-05-05 20:11      --------      d-----w      d:\documents and settings\Kristine\Programdata\Malwarebytes
2009-05-05 20:11 . 2009-05-05 20:11      --------      d-----w      d:\documents and settings\All Users\Programdata\Malwarebytes
2009-05-05 19:45 . 2009-05-05 20:53      --------      d-----w      d:\documents and settings\All Users\Programdata\Lavasoft
2009-05-05 19:30 . 2009-05-05 19:30      --------      d-----w      d:\documents and settings\Kristine\Programdata\InstallShield
2009-05-05 10:51 . 2009-05-05 10:51      --------      d-----w      d:\documents and settings\All Users\Programdata\NortonInstaller
2009-05-05 07:59 . 2009-05-05 07:59      --------      d-----w      c:\programfiler\ACW
2009-05-05 07:35 . 2009-05-05 07:35      --------      d-----w      c:\programfiler\AVG
2009-05-05 07:35 . 2009-05-05 21:49      --------      d-----w      d:\documents and settings\All Users\Programdata\avg8
2009-04-30 12:43 . 2009-05-05 20:28      --------      d-----w      d:\documents and settings\Kristine\Programdata\Desktopicon
2009-04-30 12:43 . 2009-04-30 12:43      --------      d-----w      c:\programfiler\Unlocker
2009-04-30 10:56 . 2009-04-30 11:48      --------      d-----w      c:\windows\system32\data
2009-04-30 10:46 . 2009-04-30 10:46      --------      d-----w      c:\programfiler\CCleaner
2009-04-07 16:23 . 2009-04-07 16:23      --------      d-----w      d:\documents and settings\LocalService\Start-meny
2009-04-07 16:22 . 2008-04-16 10:57      42552      ----a-w      c:\windows\system32\drivers\ale_nf.sys
2009-04-07 16:22 . 2008-02-07 10:12      79752      ----a-w      c:\windows\system32\drivers\ndis_rd.sys
2009-04-07 16:22 . 2008-02-07 10:12      74624      ----a-w      c:\windows\system32\drivers\tdi_rd.sys
2009-04-07 16:22 . 2008-05-16 09:28      212024      ----a-w      c:\windows\system32\nscrnsav.scr

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 21:50 . 2005-12-09 11:35      59272      ----a-w      d:\documents and settings\Kristine\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2009-05-05 20:53 . 2005-12-09 19:23      --------      d-----w      c:\programfiler\Fellesfiler\Wise Installation Wizard
2009-05-05 19:30 . 2005-12-09 19:23      --------      d--h--w      c:\programfiler\InstallShield Installation Information
2009-05-05 11:16 . 2006-09-02 19:49      --------      d-----w      c:\programfiler\LimeWire
2009-05-05 08:21 . 2004-09-20 09:03      61500      ----a-w      c:\windows\system32\perfc014.dat
2009-05-05 08:21 . 2004-09-20 09:03      387742      ----a-w      c:\windows\system32\perfh014.dat
2009-02-09 14:08 . 2004-09-20 09:03      1846784      ----a-w      c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SunJavaUpdateSched"="c:\programfiler\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975]
"Ulead AutoDetector v2"="c:\programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2005-11-12 180269]
"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2005-11-12 98304]
"UnlockerAssistant"="c:\programfiler\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-05 1932568]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-01-20 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-05 21:49      10520      ----a-w      c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [05.05.2009 23:49 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [05.05.2009 23:49 107912]
S1 NGS;NGS; [x]
S1 NPROSEC;NPROSEC; [x]
S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging; [x]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [05.05.2009 23:49 298264]
S3 S3chipid;S3chipid;\??\c:\docume~1\Eier\LOKALE~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys --> c:\docume~1\Eier\LOKALE~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys [?]
S4 NDIS_RD;NDIS_RD;c:\windows\system32\drivers\ndis_rd.sys [07.04.2009 18:22 79752]
S4 NPC;NPC; [x]
S4 NPFSvc32;NPFSvc32; [x]
S4 NPROSECSVC;NPROSECSVC; [x]
S4 NUAA;NUAA; [x]
S4 NVOY;NVOY; [x]
S4 TDI_RD;TDI_RD;c:\windows\system32\drivers\tdi_rd.sys [07.04.2009 18:22 74624]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 14:58
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...  

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...  

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(208)
c:\windows\system32\Ati2evxx.dll
.
Tidspunkt ferdig: 2009-05-06 14:59
ComboFix-quarantined-files.txt  2009-05-06 12:59
ComboFix2.txt  2009-05-06 12:40

Pre-Run: 22 738 702 336 byte ledig
Post-Run: 22 727 610 368 byte ledig

149      --- E O F ---      2009-03-20 18:34

Already done that, but can try again.
While running Combofix, I get a message that AVG is running. But i cant find it. I've looked at task bar, task mannager (prosesses), and in My computer-manage-services.

And then I get 3 messages saying: xecute prosesses remotely having problems, and need to close.

Sometimes I get a message, like the one I get when I get into Safe Mode..........you are running in safe mode, answare Yes to continue, og No to......restore point.

Done......! Still problems.
When I try to start Windows Firewall, i get a message: error 10047 and the rest in norwegian.
Tried to start manually from Services, but one of the dependent services didn't start.
Now I am googling on that problem :-)
I'm also running Microsoft Windows Tool for removing malicious (i think) software.
Have to try everything, because I don't want to reinstall, I want to understand and fix this !!!!

have you tried the second network card option?

Also, can you send me the IPCONFIG /all from the problem machine and a working machine?

Use:
IPCONFIG /all > log.txt

And then copy and paste the log.txt file contents

I have noe other NIC available, only Wireless.
Problem pc:
Windows IP-konfigurasjon
        Vertsnavn  . . . . . . . . . . . : KIRSTENS
        Primær DNS-suffiks . . . . . . . :
        Nodetype . . . . . . . . . . . . : Ukjent
        IP-ruting aktivert . . . . . . . : Nei
        WINS Proxy aktivert. . . . . . . : Nei

Ethernet-kort Lokal tilkobling 5:
        Tilkoblingsspesifikt DNS-suffiks :
        Beskrivelse  . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
        Fysisk adresse . . . . . . . . . : 00-14-85-B3-C8-73
        DHCP aktivert. . . . . . . . . . : Ja
        Automatisk konfigurasjon aktivert: Ja
        Automatisk konfigurasjon av IP-adresse. . . : 169.254.182.239
        Nettverksmaske . . . . . . . . . : 255.255.0.0
        IP-adresse . . . . . . . . . . . : fe80::214:85ff:feb3:c873%4
        Standard gateway . . . . . . . . :
        DNS-servere. . . . . . . . . . . : fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1
Tunnelkort Teredo Tunneling Pseudo-Interface:
        Tilkoblingsspesifikt DNS-suffiks :
        Beskrivelse  . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
        Fysisk adresse . . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
        DHCP aktivert. . . . . . . . . . : Nei
        IP-adresse . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
        Standard gateway . . . . . . . . :
        NetBIOS over TCP/IP. . . . . . . : Deaktivert

Working pc with static ip:
Windows IP-konfigurasjon
   Vertsnavn   . . . . . . . . . . . : Kirsti-Acer
   Primr DNS-suffiks  . . . . . . . :
   Nodetype  . . . . . . . . . . . . : Hybrid
   IP-ruting aktivert  . . . . . . . : Nei
   WINS Proxy aktivert . . . . . . . : Nei

Ethernet-kort Lokal tilkobling:
   Tilkoblingsspesifikt DNS-suffiks  :
   Beskrivelse   . . . . . . . . . . : Realtek RTL8168/8111 Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
   Fysisk adresse  . . . . . . . . . : 00-1F-E2-39-2B-D1
   DHCP aktivert . . . . . . . . . . : Nei
   Automatisk konfigurasjon aktivert : Ja
   Koblingslokal IPv6-adresse. . . . : fe80::419a:3398:ff20:71ed%10(Foretrukket)
   IPv4-adresse. . . . . . . . . . . : 192.168.225.99(Foretrukket)
   Nettverksmaske . . . . . . . . . .: 255.255.255.0
   Standard gateway . . . . . . . . .: 192.168.225.1
   DNS-servere . . . . . . . . . . . : 81.167.36.3
                                       81.167.36.11
   NetBIOS over Tcpip. . . . . . . . : Aktivert

Tunnelkort Lokal tilkobling*:
   Medietilstand . . . . . . . . . . : Medium frakoblet
   Tilkoblingsspesifikt DNS-suffiks  :
   Beskrivelse   . . . . . . . . . . : isatap.{A26CB3DC-165D-46F4-9CD3-DFA61218BEC1}
   Fysisk adresse  . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktivert . . . . . . . . . . : Nei
   Automatisk konfigurasjon aktivert : Ja

Tunnelkort Lokal tilkobling* 6:

   Medietilstand . . . . . . . . . . : Medium frakoblet
   Tilkoblingsspesifikt DNS-suffiks  :
   Beskrivelse   . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Fysisk adresse  . . . . . . . . . : 02-00-54-55-4E-01
   DHCP aktivert . . . . . . . . . . : Nei
   Automatisk konfigurasjon aktivert : Ja

Can you try disabling IPv6 protocol on the non-working machine? Untick the option from network connection properties and then reboot.

Thanks

But how can I remove the rest of Norman?
Now I try recovering to the day that norman was installed. It fails.
Now I try recovering to one month before norman................!

Didn't work out. I'm about to give up. Is there more to try?

As mentioned yesterday I had exactly the same issue as this and the only fix was to reinstall. There's an inherent problem with Vista's network implementation that gets corrupted easily.

Sorry I couldn't be of assistance but it really does look like the reinstall is the easiest option.

JOhn

Try the Norman Removal Tool again. Looks like AVG is out now. It should be able to get rid of Norman now. Make sure to download another antivirus and install after all antiviruses are out of your PC.

The only Norman removal took I can find is:
Delnvc5
And it says: Cannot find Norman Virus Control installed

Dataplan - I think you've made a valiant effort to resolve this issue but I honestly think a rebuild is your only choice now.

What do fellow Experts feel?

Thanks
John

I find som keys in regestry with Norman inside. Unable to remove them. How can I ?

Try using the browsers to surf the internet and see if it works ok now.

I have tried, but no :-(
I cant even get an IP adress from DHCP. The windows Firewall won't start.
Last resort. I now try booting from MiniPe CD (bart), and try to delete norman from registry.
Anyone else?

You could also try a Windows repair instead of a full re-install (requires that you have a windows xp cd with you):

http://www.informationweek.com/news/windows/showArticle.jhtml?articleID=189400897&cid=ref-true

Halleluja !!!!
My computer now works. I dont know what did the trick, but i tried all this things one more time AFTER I had deletet all of Norman from MiniPE cd.
The last thing i did once more, was WinsocXPfix, not winsockFix. After reboot, I now have IP adress, and I can surf on the net again.
Thanks to all of you. Couldn't have done thise without you :-)

"Its good to see that it wasn't viruses that were the problem, it was multiple antiviruses this time" .. hahaha

Great!

Well done and great determination!