Solved

Winsock error - xp pc

Posted on 2009-05-05
47
1,109 Views
Last Modified: 2013-11-22
I have a customers pc with winsock problem (I think). Problems startet when the owner had an outdated Norton Internet Security. She then downloaded and installed Norman AV that she got for free from her bank (SR-Bank) in norway. Norman was recommended, so she installed it. But she did not uninstall Norton first.

When she came to me, she was unable to connect to the internett. I startet uninstalling both AV applications. Used uninstall tools, an deleted some folders manually, an deletet som reg. keys manually. I ran ccleaner and. spybot, many times. I ran antivirus scans from MiniPE (Bart) cd.

I have now tried EVERYTHING to get connected to the internett, but no luck:
winsock fix
netsh winsock reset (several combinations with catalog), and reboots.
deletet reg key for winsock and winsock2 under current control set.......!
Deletet and installed new driver for the network card.

Now I'm about to give up.  Can you please help me? Is it some parts of Norton whitch prevents me from conecting? Or is it virus og adware/spyware?

I have booted with MiniPe cd, and connected to internet, so it's no HW failure.

I have fount one interesting thing: CLMLservice.exe used between 80 and 99%cpu nearly everytime I have booted the mashine, so I disabled the service and renamed the file. Thought may be the file was infectet or something.

I have turned off windows firewall. Checked that nox proxy is used. Tried with static ip.
I can then ping my router and dns. But not www.google.no
 Internett explorer troubleshooter tells me that I have a winsock problem. But after fix and reboot, it's the same.

Kirsti, Dataplan
0
Comment
Question by:Dataplan
  • 21
  • 13
  • 10
  • +2
47 Comments
 
LVL 2

Assisted Solution

by:FatManc
FatManc earned 240 total points
Comment Utility
Try downloading and running LSPFix - this fixes
a lot of Winsock problems

Cheers,
John.
 
0
 

Author Comment

by:Dataplan
Comment Utility
Forgot to mention, have tried that one to :-)
0
 
LVL 4

Assisted Solution

by:The_King
The_King earned 60 total points
Comment Utility
you need to remove all networking components
including 'hidden' ones.

therefore try the following.

boot in safe mode without networking
open device manager
click view / show hidden devices
then remove all networking devices

reboot
reinstall network devices present and needed

This will ensure your network drivers are replenished and tcp/ip stacks are resest and re-installed.

another problem which can leave machines in this state is if the tcpip.sys file in the windows system folder is corrupted. Try replacing this file with another (windows version must match ... i.e win xp sp2). Best way to do this is using c:\autoexec.bat which unused now still runs before windows so can be used to copy a good file over before windows locks the file in use. dont forget to make a backup first!



could anything be messing with the winsock after you have fixed it? i.e malicious software?
0
 

Author Comment

by:Dataplan
Comment Utility
Tried "The king" suggestion, but still no luck.
Was optimistic, because I fount several hidden devices (Norman Security Driver, Norman Firewall). Deleted them, along with my network device. But still nothing.

Now I just tried uninstalling AVG and reinstalling Norman. To see If norman could fix it selves. But NO !

Anyone else?
0
 
LVL 16

Assisted Solution

by:warturtle
warturtle earned 150 total points
Comment Utility
Download MalwareBytes Anti-Malware (www.malwarebytes.org) and do a full scan in safe mode (without networking) with that. Let us know, how it goes.
0
 
LVL 4

Assisted Solution

by:The_King
The_King earned 60 total points
Comment Utility
The other possibility is something could have messed with tcpip.sys system file.

If all else fails (as this can obviously be a bit risky)

Backup c:\windows\system32\drivers\tcpip.sys (autoexec.bat is the best way to replace protected OS files as although its redundant its still there and runs BEFORE anything to do with windows)

download a fresh tcpip.sys or copy from another machine Operating systems do need to match though.

I have Windows XP SP3 and my tcpip.sys file is as follows
350KB (359,040) bytes
File Version 5.1.2600.2505 (xpsp.040806-1825)
MD5 checksum = 4092c56967175f009dc8458dc434358e


edit or create an autoexec.bat file in your c:\ to delete the current one and copy the new one over.

after booting into windows dont forget to go and remove from autoexec.bat

for example
make a backup copy of tcpip.sys called something like tcpip.sys.bak
put the new one in windows\system32\drivers called something like tcpip.sys.new

in autoexec.bat put the following
del c:\windows\system32\drivers\tcpip.sys
copy c:\windows\system32\drivers\tcpip.sys.new c:\windows\system32\drivers\tcpip.sys

and to put backup in if needed change the .new to .bak

proceed with caution though as it could be tricky to put right if you get it wrong.


hope this helps
0
 
LVL 16

Assisted Solution

by:warturtle
warturtle earned 150 total points
Comment Utility
Also, run the Norton Removal Tool to ensure that its removed completely;

http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

0
 
LVL 62

Assisted Solution

by:☠ MASQ ☠
☠ MASQ ☠ earned 50 total points
Comment Utility
Given how much else has already been tried may also be time for an
sfc /scannow
as well :)
0
 

Author Comment

by:Dataplan
Comment Utility
Tried all of this, still no luck.
0
 
LVL 2

Expert Comment

by:FatManc
Comment Utility
Does it use DHCP or a static IP address? Do the
IPCONFIG /all entries match up with what should be there?

Can other machines on the network see the Internet?
0
 

Author Comment

by:Dataplan
Comment Utility
Uses DHCP, does not receive an IP adress from router. Have triet several networks. They are all ok for other machines.
Have also tried static ip.¨Then I can ping my router.
All other machines can use internet.
It says "limited or no access....." on the network adapter.
0
 
LVL 2

Expert Comment

by:FatManc
Comment Utility
I've seen this before on a vista pc and I had to reinstall!
I thought it quicker to do that than spend hours fixing.

It was a similar issue ie two firewalls installed and no matter
What was tried, the issue remained until I installed a clean
OS.  
0
 

Author Comment

by:Dataplan
Comment Utility
Jippi
Now I receive IP from DHCP, I can also log into my router via IE7.
But still I have problem with dns, or something.
I started sfc /scannow.............not finished yet. Right after starting, i got an IP adress.
Now i kross my fingers........thanks for all your help som far. Im going to bed know. Hope to speak again in the morning :-)
0
 
LVL 16

Expert Comment

by:warturtle
Comment Utility
Did you just restart your PC??
0
 

Author Comment

by:Dataplan
Comment Utility
Yes, I have restartet my computer. But still cant access www.google.no or anything else. But I can log into my router 192.168.225.1 with IE7.
Is is now an NDS issue? I can ping ip adresses but not "names".
Anyone?
0
 

Author Comment

by:Dataplan
Comment Utility
Network diagnose from IE7 gives me the following (se attachment)

diagnose.txt
0
 

Author Comment

by:Dataplan
Comment Utility
Sorry the file is in Norwegian.....:-)
0
 
LVL 16

Expert Comment

by:warturtle
Comment Utility
Open a command prompt and do:

nslookup www.hotmail.com

and see what you get. Also, have a look at this question:

http://www.experts-exchange.com/OS/Miscellaneous/Q_20932429.html

0
 

Author Comment

by:Dataplan
Comment Utility
nslookup www.hotmail.com returns:
Server:  ns1.lyse.net
Address:  213.167.96.50

Navn:    origin.mail.live.com
Addresses:  64.4.20.184, 64.4.20.186, 64.4.20.169, 64.4.20.174
Aliases:  www.hotmail.com, mail.live.com
        toplevel.mail.live.com.akadns.net

I can connect to other computers in my network, I can browse network, and se the other computers.
0
 
LVL 2

Expert Comment

by:FatManc
Comment Utility
Can you also list the output of IPCONFIG /all from the problem
PC and a working one?

Thanks
0
 
LVL 16

Expert Comment

by:warturtle
Comment Utility
Your DNS is working properly, it doesn't look like there is any problems there. I suggest running ComboFix, it can be downloaded from: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

and the instructions on usage are here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

I am still going to summarize them. Download the ComboFix.exe and save it with a different name like jabba.exe. Then reboot your PC in safe mode (without networking if possible) and then disable your antivirus+firewall temporarily and run ComboFix. After ComboFix is finished, it will create a log. Please send that log to us and re-enable your computer security programs (antivirus and firewall).
0
 

Author Comment

by:Dataplan
Comment Utility
Now I tried to uninstall all drivers (also hidden ones) from safe mode. I also deletet the device driver files from windows\system32.
Rebootet, and now I'm back to:
I dont get IP adress from DHCP, so now I'm running sfc /scannow again to se if it will fix the problem.
Have downloaded Combofix, and will try that one as well.
This was a hard one to fix :-(
0
 
LVL 2

Expert Comment

by:FatManc
Comment Utility
I know this may seem a silly idea, but do you have access to a second Network card?

If so, I'd disable the first one. Then shut down the PC, install the new card along with drivers and see if that makes any difference. Don't put the network cable in to the secondary card until you have installed the correct drivers.

I'm just trying to rule out any possible hardware issue and/or registry problem with the current card.

Thanks
John
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:Dataplan
Comment Utility
ComboFix 09-05-05.03 - Administrator 06.05.2009 14:38.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.3.1252.47.1044.18.511.394 [GMT 2:00]
Kjører fra: C:\jabba.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
FW: Personlig brannmur *disabled*
.

(((((((((((((((((((((((((((   Filer Opprettet Fra 2009-04-06 til 2009-05-06  )))))))))))))))))))))))))))))))))
.

2009-05-06 09:54 . 2009-05-06 09:50      3012988      ----a-r      C:\jabba.exe
2009-05-06 09:52 . 2009-05-06 10:19      --------      d-----w      c:\windows\LastGood
2009-05-06 09:47 . 2009-03-25 12:29      130432      ----a-w      c:\windows\system32\drivers\Rtnicxp.sys
2009-05-06 09:47 . 2009-03-03 18:18      73728      ----a-w      c:\windows\system32\RtNicProp32.dll
2009-05-06 08:36 . 2008-04-14 16:22      116224      ----a-w      c:\windows\system32\dllcache\xrxwiadr.dll
2009-05-06 08:36 . 2001-10-06 12:02      23040      ----a-w      c:\windows\system32\dllcache\xrxwbtmp.dll
2009-05-06 08:36 . 2008-04-14 16:22      18944      ----a-w      c:\windows\system32\dllcache\xrxscnui.dll
2009-05-06 08:36 . 2001-10-06 12:03      27648      ----a-w      c:\windows\system32\dllcache\xrxftplt.exe
2009-05-06 08:36 . 2001-10-06 12:03      4608      ----a-w      c:\windows\system32\dllcache\xrxflnch.exe
2009-05-06 08:36 . 2001-08-18 04:37      99865      ----a-w      c:\windows\system32\dllcache\xlog.exe
2009-05-06 08:36 . 2001-08-17 18:11      16970      ----a-w      c:\windows\system32\dllcache\xem336n5.sys
2009-05-06 08:36 . 2004-08-03 20:29      19455      ----a-w      c:\windows\system32\dllcache\wvchntxx.sys
2009-05-06 08:36 . 2008-04-13 18:46      19200      ----a-w      c:\windows\system32\dllcache\wstcodec.sys
2009-05-06 08:36 . 2004-08-03 20:29      12063      ----a-w      c:\windows\system32\dllcache\wsiintxx.sys
2009-05-06 08:36 . 2008-04-14 16:22      8192      ----a-w      c:\windows\system32\dllcache\wshirda.dll
2009-05-06 08:34 . 2001-08-17 19:28      64605      ----a-w      c:\windows\system32\dllcache\vvoice.sys
2009-05-06 08:33 . 2008-04-13 18:45      60032      ----a-w      c:\windows\system32\dllcache\usbaudio.sys
2009-05-06 08:32 . 2001-10-06 12:02      440576      ----a-w      c:\windows\system32\dllcache\tridkb.dll
2009-05-06 08:31 . 2001-08-17 19:49      30464      ----a-w      c:\windows\system32\dllcache\tbatm155.sys
2009-05-06 08:30 . 2001-10-06 12:02      99328      ----a-w      c:\windows\system32\dllcache\srusd.dll
2009-05-06 08:29 . 2001-08-17 18:12      24576      ----a-w      c:\windows\system32\dllcache\smc8000n.sys
2009-05-06 08:28 . 2001-08-17 18:50      101760      ----a-w      c:\windows\system32\dllcache\sis300ip.sys
2009-05-06 08:27 . 2001-08-17 18:50      75392      ----a-w      c:\windows\system32\dllcache\s3savmxm.sys
2009-05-06 08:26 . 2001-08-17 18:19      3840      ----a-w      c:\windows\system32\dllcache\rpfun.sys
2009-05-06 08:25 . 2008-04-13 18:41      17664      ----a-w      c:\windows\system32\dllcache\ppa3.sys
2009-05-06 08:24 . 2001-10-06 12:01      41984      ----a-w      c:\windows\system32\dllcache\ovui2rc.dll
2009-05-06 08:23 . 2001-08-17 18:49      51552      ----a-w      c:\windows\system32\dllcache\ntgrip.sys
2009-05-06 08:22 . 2001-10-06 11:43      52255      ----a-w      c:\windows\system32\dllcache\n1000nt5.sys
2009-05-06 08:21 . 2001-10-06 11:35      320384      ----a-w      c:\windows\system32\dllcache\mgaum.sys
2009-05-06 08:20 . 2001-10-06 11:28      15744      ----a-w      c:\windows\system32\dllcache\lit220p.sys
2009-05-06 08:19 . 2001-10-06 12:02      62464      ----a-w      c:\windows\system32\dllcache\icam4ext.dll
2009-05-06 08:18 . 2001-08-17 19:28      289887      ----a-w      c:\windows\system32\dllcache\hsf_fall.sys
2009-05-06 08:17 . 2001-10-06 11:38      17408      ----a-w      c:\windows\system32\dllcache\gpr400.sys
2009-05-06 08:16 . 2004-08-04 13:00      45056      ----a-w      c:\windows\system32\dllcache\esunid.dll
2009-05-06 08:15 . 2001-08-17 18:11      77386      ----a-w      c:\windows\system32\dllcache\el656nd5.sys
2009-05-06 08:14 . 2001-10-06 12:02      131156      ----a-w      c:\windows\system32\dllcache\digidbp.dll
2009-05-06 08:13 . 2001-10-06 12:02      170880      ----a-w      c:\windows\system32\dllcache\cl546x.dll
2009-05-06 08:12 . 2001-08-17 18:19      36992      ----a-w      c:\windows\system32\dllcache\aztw2320.sys
2009-05-05 21:52 . 2009-05-05 21:52      --------      d-----w      c:\windows\AiOTemp
2009-05-05 21:51 . 2009-05-06 07:33      --------      d--h--r      d:\documents and settings\Kristine\Siste
2009-05-05 21:49 . 2009-05-05 21:49      10520      ----a-w      c:\windows\system32\avgrsstx.dll
2009-05-05 21:49 . 2009-05-05 21:49      107912      ----a-w      c:\windows\system32\drivers\avgtdix.sys
2009-05-05 21:49 . 2009-05-05 21:49      325640      ----a-w      c:\windows\system32\drivers\avgldx86.sys
2009-05-05 21:49 . 2009-05-05 21:49      --------      d-----w      c:\windows\system32\drivers\Avg
2009-05-05 20:16 . 2009-05-05 20:16      --------      d-----w      d:\documents and settings\Administrator\Programdata\Malwarebytes
2009-05-05 20:11 . 2009-05-05 20:11      --------      d-----w      d:\documents and settings\Kristine\Programdata\Malwarebytes
2009-05-05 20:11 . 2009-05-05 20:11      --------      d-----w      d:\documents and settings\All Users\Programdata\Malwarebytes
2009-05-05 19:45 . 2009-05-05 20:53      --------      d-----w      d:\documents and settings\All Users\Programdata\Lavasoft
2009-05-05 19:30 . 2009-05-05 20:50      --------      d-----w      c:\programfiler\Norman
2009-05-05 19:30 . 2009-05-05 19:30      --------      d-----w      d:\documents and settings\Kristine\Programdata\InstallShield
2009-05-05 10:51 . 2009-05-05 10:51      --------      d-----w      d:\documents and settings\All Users\Programdata\NortonInstaller
2009-05-05 07:59 . 2009-05-05 07:59      --------      d-----w      c:\programfiler\ACW
2009-05-05 07:35 . 2009-05-05 07:35      --------      d-----w      c:\programfiler\AVG
2009-05-05 07:35 . 2009-05-05 21:49      --------      d-----w      d:\documents and settings\All Users\Programdata\avg8
2009-04-30 12:43 . 2009-05-05 20:28      --------      d-----w      d:\documents and settings\Kristine\Programdata\Desktopicon
2009-04-30 12:43 . 2009-04-30 12:43      --------      d-----w      c:\programfiler\Unlocker
2009-04-30 10:56 . 2009-04-30 11:48      --------      d-----w      c:\windows\system32\data
2009-04-30 10:46 . 2009-04-30 10:46      --------      d-----w      c:\programfiler\CCleaner
2009-04-07 16:23 . 2009-04-07 16:23      --------      d-----w      d:\documents and settings\LocalService\Start-meny
2009-04-07 16:22 . 2008-04-16 10:57      42552      ----a-w      c:\windows\system32\drivers\ale_nf.sys
2009-04-07 16:22 . 2008-02-07 10:12      79752      ----a-w      c:\windows\system32\drivers\ndis_rd.sys
2009-04-07 16:22 . 2008-02-07 10:12      74624      ----a-w      c:\windows\system32\drivers\tdi_rd.sys
2009-04-07 16:22 . 2008-05-16 09:28      212024      ----a-w      c:\windows\system32\nscrnsav.scr

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 21:50 . 2005-12-09 11:35      59272      ----a-w      d:\documents and settings\Kristine\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2009-05-05 20:53 . 2005-12-09 19:23      --------      d-----w      c:\programfiler\Fellesfiler\Wise Installation Wizard
2009-05-05 19:30 . 2005-12-09 19:23      --------      d--h--w      c:\programfiler\InstallShield Installation Information
2009-05-05 11:16 . 2006-09-02 19:49      --------      d-----w      c:\programfiler\LimeWire
2009-05-05 08:21 . 2004-09-20 09:03      61500      ----a-w      c:\windows\system32\perfc014.dat
2009-05-05 08:21 . 2004-09-20 09:03      387742      ----a-w      c:\windows\system32\perfh014.dat
2009-02-09 14:08 . 2004-09-20 09:03      1846784      ----a-w      c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SunJavaUpdateSched"="c:\programfiler\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975]
"Ulead AutoDetector v2"="c:\programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2005-11-12 180269]
"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2005-11-12 98304]
"UnlockerAssistant"="c:\programfiler\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-05 1932568]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-01-20 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-05 21:49      10520      ----a-w      c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [05.05.2009 23:49 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [05.05.2009 23:49 107912]
S1 NGS;Norman General Security Driver;\??\c:\programfiler\norman\ngs\bin\ngs.sys --> c:\programfiler\norman\ngs\bin\ngs.sys [?]
S1 NPROSEC;Norman Security driver;\??\c:\programfiler\Norman\Ngs\Bin\nprosec.sys --> c:\programfiler\Norman\Ngs\Bin\nprosec.sys [?]
S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging; [x]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [05.05.2009 23:49 298264]
S3 S3chipid;S3chipid;\??\c:\docume~1\Eier\LOKALE~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys --> c:\docume~1\Eier\LOKALE~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys [?]
S4 NDIS_RD;Norman Firewall NDIS driver;c:\windows\system32\drivers\ndis_rd.sys [07.04.2009 18:22 79752]
S4 NPC;Norman Parental Control;"c:\programfiler\Norman\npc\bin\npcsvc32.exe" --> c:\programfiler\Norman\npc\bin\npcsvc32.exe [?]
S4 NPFSvc32;Norman Personal Firewall Service;"c:\programfiler\Norman\npf\bin\npfsvc32.exe" --> c:\programfiler\Norman\npf\bin\npfsvc32.exe [?]
S4 NPROSECSVC;Norman Security service;"c:\programfiler\Norman\Ngs\Bin\Nprosec.exe" --> c:\programfiler\Norman\Ngs\Bin\Nprosec.exe [?]
S4 NUAA;Norman User Activity Agent;"c:\programfiler\Norman\npc\bin\nuaa.exe" --> c:\programfiler\Norman\npc\bin\nuaa.exe [?]
S4 NVOY;Norman Resource Provider;"c:\programfiler\Norman\npm\bin\nvoy.exe" --> c:\programfiler\Norman\npm\bin\nvoy.exe [?]
S4 TDI_RD;Norman Firewall TDI driver;c:\windows\system32\drivers\tdi_rd.sys [07.04.2009 18:22 74624]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 14:39
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...  

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...  

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(208)
c:\windows\system32\Ati2evxx.dll
.
Tidspunkt ferdig: 2009-05-06 14:40
ComboFix-quarantined-files.txt  2009-05-06 12:40

Pre-Run: 22 744 543 232 byte ledig
Post-Run: 22 730 854 400 byte ledig

149      --- E O F ---      2009-03-20 18:34
0
 
LVL 2

Assisted Solution

by:FatManc
FatManc earned 240 total points
Comment Utility
The Norman security product is still installed as per code snippet.

Can you fully remove all security software and rerun combofix or post a HiJack this log?

Did you see my other comment about a 2nd network card?

Thanks
JOhn


S4 NDIS_RD;Norman Firewall NDIS driver;c:\windows\system32\drivers\ndis_rd.sys [07.04.2009 18:22 79752]

S4 NPC;Norman Parental Control;"c:\programfiler\Norman\npc\bin\npcsvc32.exe" --> c:\programfiler\Norman\npc\bin\npcsvc32.exe [?]

S4 NPFSvc32;Norman Personal Firewall Service;"c:\programfiler\Norman\npf\bin\npfsvc32.exe" --> c:\programfiler\Norman\npf\bin\npfsvc32.exe [?]

S4 NPROSECSVC;Norman Security service;"c:\programfiler\Norman\Ngs\Bin\Nprosec.exe" --> c:\programfiler\Norman\Ngs\Bin\Nprosec.exe [?]

S4 NUAA;Norman User Activity Agent;"c:\programfiler\Norman\npc\bin\nuaa.exe" --> c:\programfiler\Norman\npc\bin\nuaa.exe [?]

S4 NVOY;Norman Resource Provider;"c:\programfiler\Norman\npm\bin\nvoy.exe" --> c:\programfiler\Norman\npm\bin\nvoy.exe [?]

S4 TDI_RD;Norman Firewall TDI driver;c:\windows\system32\drivers\tdi_rd.sys [07.04.2009 18:22 74624]

.

Open in new window

0
 

Author Comment

by:Dataplan
Comment Utility
ComboFix 09-05-05.03 - Administrator 06.05.2009 14:57.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.3.1252.47.1044.18.511.366 [GMT 2:00]
Kjører fra: C:\jabba.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
FW: Personlig brannmur *disabled*
.

(((((((((((((((((((((((((((   Filer Opprettet Fra 2009-04-06 til 2009-05-06  )))))))))))))))))))))))))))))))))
.

2009-05-06 09:54 . 2009-05-06 09:50      3012988      ----a-r      C:\jabba.exe
2009-05-06 09:52 . 2009-05-06 10:19      --------      d-----w      c:\windows\LastGood
2009-05-06 09:47 . 2009-03-25 12:29      130432      ----a-w      c:\windows\system32\drivers\Rtnicxp.sys
2009-05-06 09:47 . 2009-03-03 18:18      73728      ----a-w      c:\windows\system32\RtNicProp32.dll
2009-05-06 08:36 . 2008-04-14 16:22      116224      ----a-w      c:\windows\system32\dllcache\xrxwiadr.dll
2009-05-06 08:36 . 2001-10-06 12:02      23040      ----a-w      c:\windows\system32\dllcache\xrxwbtmp.dll
2009-05-06 08:36 . 2008-04-14 16:22      18944      ----a-w      c:\windows\system32\dllcache\xrxscnui.dll
2009-05-06 08:36 . 2001-10-06 12:03      27648      ----a-w      c:\windows\system32\dllcache\xrxftplt.exe
2009-05-06 08:36 . 2001-10-06 12:03      4608      ----a-w      c:\windows\system32\dllcache\xrxflnch.exe
2009-05-06 08:36 . 2001-08-18 04:37      99865      ----a-w      c:\windows\system32\dllcache\xlog.exe
2009-05-06 08:36 . 2001-08-17 18:11      16970      ----a-w      c:\windows\system32\dllcache\xem336n5.sys
2009-05-06 08:36 . 2004-08-03 20:29      19455      ----a-w      c:\windows\system32\dllcache\wvchntxx.sys
2009-05-06 08:36 . 2008-04-13 18:46      19200      ----a-w      c:\windows\system32\dllcache\wstcodec.sys
2009-05-06 08:36 . 2004-08-03 20:29      12063      ----a-w      c:\windows\system32\dllcache\wsiintxx.sys
2009-05-06 08:36 . 2008-04-14 16:22      8192      ----a-w      c:\windows\system32\dllcache\wshirda.dll
2009-05-06 08:34 . 2001-08-17 19:28      64605      ----a-w      c:\windows\system32\dllcache\vvoice.sys
2009-05-06 08:33 . 2008-04-13 18:45      60032      ----a-w      c:\windows\system32\dllcache\usbaudio.sys
2009-05-06 08:32 . 2001-10-06 12:02      440576      ----a-w      c:\windows\system32\dllcache\tridkb.dll
2009-05-06 08:31 . 2001-08-17 19:49      30464      ----a-w      c:\windows\system32\dllcache\tbatm155.sys
2009-05-06 08:30 . 2001-10-06 12:02      99328      ----a-w      c:\windows\system32\dllcache\srusd.dll
2009-05-06 08:29 . 2001-08-17 18:12      24576      ----a-w      c:\windows\system32\dllcache\smc8000n.sys
2009-05-06 08:28 . 2001-08-17 18:50      101760      ----a-w      c:\windows\system32\dllcache\sis300ip.sys
2009-05-06 08:27 . 2001-08-17 18:50      75392      ----a-w      c:\windows\system32\dllcache\s3savmxm.sys
2009-05-06 08:26 . 2001-08-17 18:19      3840      ----a-w      c:\windows\system32\dllcache\rpfun.sys
2009-05-06 08:25 . 2008-04-13 18:41      17664      ----a-w      c:\windows\system32\dllcache\ppa3.sys
2009-05-06 08:24 . 2001-10-06 12:01      41984      ----a-w      c:\windows\system32\dllcache\ovui2rc.dll
2009-05-06 08:23 . 2001-08-17 18:49      51552      ----a-w      c:\windows\system32\dllcache\ntgrip.sys
2009-05-06 08:22 . 2001-10-06 11:43      52255      ----a-w      c:\windows\system32\dllcache\n1000nt5.sys
2009-05-06 08:21 . 2001-10-06 11:35      320384      ----a-w      c:\windows\system32\dllcache\mgaum.sys
2009-05-06 08:20 . 2001-10-06 11:28      15744      ----a-w      c:\windows\system32\dllcache\lit220p.sys
2009-05-06 08:19 . 2001-10-06 12:02      62464      ----a-w      c:\windows\system32\dllcache\icam4ext.dll
2009-05-06 08:18 . 2001-08-17 19:28      289887      ----a-w      c:\windows\system32\dllcache\hsf_fall.sys
2009-05-06 08:17 . 2001-10-06 11:38      17408      ----a-w      c:\windows\system32\dllcache\gpr400.sys
2009-05-06 08:16 . 2004-08-04 13:00      45056      ----a-w      c:\windows\system32\dllcache\esunid.dll
2009-05-06 08:15 . 2001-08-17 18:11      77386      ----a-w      c:\windows\system32\dllcache\el656nd5.sys
2009-05-06 08:14 . 2001-10-06 12:02      131156      ----a-w      c:\windows\system32\dllcache\digidbp.dll
2009-05-06 08:13 . 2001-10-06 12:02      170880      ----a-w      c:\windows\system32\dllcache\cl546x.dll
2009-05-06 08:12 . 2001-08-17 18:19      36992      ----a-w      c:\windows\system32\dllcache\aztw2320.sys
2009-05-05 21:52 . 2009-05-05 21:52      --------      d-----w      c:\windows\AiOTemp
2009-05-05 21:51 . 2009-05-06 07:33      --------      d--h--r      d:\documents and settings\Kristine\Siste
2009-05-05 21:49 . 2009-05-05 21:49      10520      ----a-w      c:\windows\system32\avgrsstx.dll
2009-05-05 21:49 . 2009-05-05 21:49      107912      ----a-w      c:\windows\system32\drivers\avgtdix.sys
2009-05-05 21:49 . 2009-05-05 21:49      325640      ----a-w      c:\windows\system32\drivers\avgldx86.sys
2009-05-05 21:49 . 2009-05-05 21:49      --------      d-----w      c:\windows\system32\drivers\Avg
2009-05-05 20:16 . 2009-05-05 20:16      --------      d-----w      d:\documents and settings\Administrator\Programdata\Malwarebytes
2009-05-05 20:11 . 2009-05-05 20:11      --------      d-----w      d:\documents and settings\Kristine\Programdata\Malwarebytes
2009-05-05 20:11 . 2009-05-05 20:11      --------      d-----w      d:\documents and settings\All Users\Programdata\Malwarebytes
2009-05-05 19:45 . 2009-05-05 20:53      --------      d-----w      d:\documents and settings\All Users\Programdata\Lavasoft
2009-05-05 19:30 . 2009-05-05 19:30      --------      d-----w      d:\documents and settings\Kristine\Programdata\InstallShield
2009-05-05 10:51 . 2009-05-05 10:51      --------      d-----w      d:\documents and settings\All Users\Programdata\NortonInstaller
2009-05-05 07:59 . 2009-05-05 07:59      --------      d-----w      c:\programfiler\ACW
2009-05-05 07:35 . 2009-05-05 07:35      --------      d-----w      c:\programfiler\AVG
2009-05-05 07:35 . 2009-05-05 21:49      --------      d-----w      d:\documents and settings\All Users\Programdata\avg8
2009-04-30 12:43 . 2009-05-05 20:28      --------      d-----w      d:\documents and settings\Kristine\Programdata\Desktopicon
2009-04-30 12:43 . 2009-04-30 12:43      --------      d-----w      c:\programfiler\Unlocker
2009-04-30 10:56 . 2009-04-30 11:48      --------      d-----w      c:\windows\system32\data
2009-04-30 10:46 . 2009-04-30 10:46      --------      d-----w      c:\programfiler\CCleaner
2009-04-07 16:23 . 2009-04-07 16:23      --------      d-----w      d:\documents and settings\LocalService\Start-meny
2009-04-07 16:22 . 2008-04-16 10:57      42552      ----a-w      c:\windows\system32\drivers\ale_nf.sys
2009-04-07 16:22 . 2008-02-07 10:12      79752      ----a-w      c:\windows\system32\drivers\ndis_rd.sys
2009-04-07 16:22 . 2008-02-07 10:12      74624      ----a-w      c:\windows\system32\drivers\tdi_rd.sys
2009-04-07 16:22 . 2008-05-16 09:28      212024      ----a-w      c:\windows\system32\nscrnsav.scr

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 21:50 . 2005-12-09 11:35      59272      ----a-w      d:\documents and settings\Kristine\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2009-05-05 20:53 . 2005-12-09 19:23      --------      d-----w      c:\programfiler\Fellesfiler\Wise Installation Wizard
2009-05-05 19:30 . 2005-12-09 19:23      --------      d--h--w      c:\programfiler\InstallShield Installation Information
2009-05-05 11:16 . 2006-09-02 19:49      --------      d-----w      c:\programfiler\LimeWire
2009-05-05 08:21 . 2004-09-20 09:03      61500      ----a-w      c:\windows\system32\perfc014.dat
2009-05-05 08:21 . 2004-09-20 09:03      387742      ----a-w      c:\windows\system32\perfh014.dat
2009-02-09 14:08 . 2004-09-20 09:03      1846784      ----a-w      c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SunJavaUpdateSched"="c:\programfiler\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975]
"Ulead AutoDetector v2"="c:\programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2005-11-12 180269]
"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2005-11-12 98304]
"UnlockerAssistant"="c:\programfiler\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-05 1932568]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-01-20 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-05 21:49      10520      ----a-w      c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [05.05.2009 23:49 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [05.05.2009 23:49 107912]
S1 NGS;NGS; [x]
S1 NPROSEC;NPROSEC; [x]
S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging; [x]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [05.05.2009 23:49 298264]
S3 S3chipid;S3chipid;\??\c:\docume~1\Eier\LOKALE~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys --> c:\docume~1\Eier\LOKALE~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys [?]
S4 NDIS_RD;NDIS_RD;c:\windows\system32\drivers\ndis_rd.sys [07.04.2009 18:22 79752]
S4 NPC;NPC; [x]
S4 NPFSvc32;NPFSvc32; [x]
S4 NPROSECSVC;NPROSECSVC; [x]
S4 NUAA;NUAA; [x]
S4 NVOY;NVOY; [x]
S4 TDI_RD;TDI_RD;c:\windows\system32\drivers\tdi_rd.sys [07.04.2009 18:22 74624]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 14:58
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...  

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...  

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(208)
c:\windows\system32\Ati2evxx.dll
.
Tidspunkt ferdig: 2009-05-06 14:59
ComboFix-quarantined-files.txt  2009-05-06 12:59
ComboFix2.txt  2009-05-06 12:40

Pre-Run: 22 738 702 336 byte ledig
Post-Run: 22 727 610 368 byte ledig

149      --- E O F ---      2009-03-20 18:34
0
 
LVL 2

Assisted Solution

by:FatManc
FatManc earned 240 total points
Comment Utility
There are still quite a few things hanging around from previous installs.

Please download and run

Norton Removal Tool
AVG Removal Tool

Reboot after removing both and then let me know if anything has improved

John
0
 

Author Comment

by:Dataplan
Comment Utility
Already done that, but can try again.
While running Combofix, I get a message that AVG is running. But i cant find it. I've looked at task bar, task mannager (prosesses), and in My computer-manage-services.

And then I get 3 messages saying: xecute prosesses remotely having problems, and need to close.

Sometimes I get a message, like the one I get when I get into Safe Mode..........you are running in safe mode, answare Yes to continue, og No to......restore point.
0
 
LVL 2

Accepted Solution

by:
FatManc earned 240 total points
Comment Utility
Are you using the AVG Removal tool from this location?

http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

0
 

Author Comment

by:Dataplan
Comment Utility
Done......! Still problems.
When I try to start Windows Firewall, i get a message: error 10047 and the rest in norwegian.
Tried to start manually from Services, but one of the dependent services didn't start.
Now I am googling on that problem :-)
I'm also running Microsoft Windows Tool for removing malicious (i think) software.
Have to try everything, because I don't want to reinstall, I want to understand and fix this !!!!
0
 
LVL 2

Expert Comment

by:FatManc
Comment Utility
have you tried the second network card option?

Also, can you send me the IPCONFIG /all from the problem machine and a working machine?

Use:
IPCONFIG /all > log.txt

And then copy and paste the log.txt file contents

0
 

Author Comment

by:Dataplan
Comment Utility
I have noe other NIC available, only Wireless.
Problem pc:
Windows IP-konfigurasjon
        Vertsnavn  . . . . . . . . . . . : KIRSTENS
        Primær DNS-suffiks . . . . . . . :
        Nodetype . . . . . . . . . . . . : Ukjent
        IP-ruting aktivert . . . . . . . : Nei
        WINS Proxy aktivert. . . . . . . : Nei

Ethernet-kort Lokal tilkobling 5:
        Tilkoblingsspesifikt DNS-suffiks :
        Beskrivelse  . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
        Fysisk adresse . . . . . . . . . : 00-14-85-B3-C8-73
        DHCP aktivert. . . . . . . . . . : Ja
        Automatisk konfigurasjon aktivert: Ja
        Automatisk konfigurasjon av IP-adresse. . . : 169.254.182.239
        Nettverksmaske . . . . . . . . . : 255.255.0.0
        IP-adresse . . . . . . . . . . . : fe80::214:85ff:feb3:c873%4
        Standard gateway . . . . . . . . :
        DNS-servere. . . . . . . . . . . : fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1
Tunnelkort Teredo Tunneling Pseudo-Interface:
        Tilkoblingsspesifikt DNS-suffiks :
        Beskrivelse  . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
        Fysisk adresse . . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
        DHCP aktivert. . . . . . . . . . : Nei
        IP-adresse . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
        Standard gateway . . . . . . . . :
        NetBIOS over TCP/IP. . . . . . . : Deaktivert

Working pc with static ip:
Windows IP-konfigurasjon
   Vertsnavn   . . . . . . . . . . . : Kirsti-Acer
   Primr DNS-suffiks  . . . . . . . :
   Nodetype  . . . . . . . . . . . . : Hybrid
   IP-ruting aktivert  . . . . . . . : Nei
   WINS Proxy aktivert . . . . . . . : Nei

Ethernet-kort Lokal tilkobling:
   Tilkoblingsspesifikt DNS-suffiks  :
   Beskrivelse   . . . . . . . . . . : Realtek RTL8168/8111 Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
   Fysisk adresse  . . . . . . . . . : 00-1F-E2-39-2B-D1
   DHCP aktivert . . . . . . . . . . : Nei
   Automatisk konfigurasjon aktivert : Ja
   Koblingslokal IPv6-adresse. . . . : fe80::419a:3398:ff20:71ed%10(Foretrukket)
   IPv4-adresse. . . . . . . . . . . : 192.168.225.99(Foretrukket)
   Nettverksmaske . . . . . . . . . .: 255.255.255.0
   Standard gateway . . . . . . . . .: 192.168.225.1
   DNS-servere . . . . . . . . . . . : 81.167.36.3
                                       81.167.36.11
   NetBIOS over Tcpip. . . . . . . . : Aktivert

Tunnelkort Lokal tilkobling*:
   Medietilstand . . . . . . . . . . : Medium frakoblet
   Tilkoblingsspesifikt DNS-suffiks  :
   Beskrivelse   . . . . . . . . . . : isatap.{A26CB3DC-165D-46F4-9CD3-DFA61218BEC1}
   Fysisk adresse  . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktivert . . . . . . . . . . : Nei
   Automatisk konfigurasjon aktivert : Ja

Tunnelkort Lokal tilkobling* 6:

   Medietilstand . . . . . . . . . . : Medium frakoblet
   Tilkoblingsspesifikt DNS-suffiks  :
   Beskrivelse   . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Fysisk adresse  . . . . . . . . . : 02-00-54-55-4E-01
   DHCP aktivert . . . . . . . . . . : Nei
   Automatisk konfigurasjon aktivert : Ja
0
 
LVL 2

Expert Comment

by:FatManc
Comment Utility
Can you try disabling IPv6 protocol on the non-working machine? Untick the option from network connection properties and then reboot.

Thanks
0
 
LVL 16

Assisted Solution

by:warturtle
warturtle earned 150 total points
Comment Utility
Yes, you still have files from Norman Security on your PC (this is after analysis of the last ComboFix log). I believe that those 3 computer security programs were fighting for resources and everytime you opened a webpage all 3 of them were monitoring the PC in real-time - AVG, Norman and Norton.

0
 

Author Comment

by:Dataplan
Comment Utility
But how can I remove the rest of Norman?
Now I try recovering to the day that norman was installed. It fails.
Now I try recovering to one month before norman................!
0
 

Author Comment

by:Dataplan
Comment Utility
Didn't work out. I'm about to give up. Is there more to try?
0
 
LVL 2

Expert Comment

by:FatManc
Comment Utility
As mentioned yesterday I had exactly the same issue as this and the only fix was to reinstall. There's an inherent problem with Vista's network implementation that gets corrupted easily.

Sorry I couldn't be of assistance but it really does look like the reinstall is the easiest option.

JOhn
0
 
LVL 16

Expert Comment

by:warturtle
Comment Utility
Try the Norman Removal Tool again. Looks like AVG is out now. It should be able to get rid of Norman now. Make sure to download another antivirus and install after all antiviruses are out of your PC.
0
 

Author Comment

by:Dataplan
Comment Utility
The only Norman removal took I can find is:
Delnvc5
And it says: Cannot find Norman Virus Control installed
0
 
LVL 2

Expert Comment

by:FatManc
Comment Utility
Dataplan - I think you've made a valiant effort to resolve this issue but I honestly think a rebuild is your only choice now.

What do fellow Experts feel?

Thanks
John
0
 

Author Comment

by:Dataplan
Comment Utility
I find som keys in regestry with Norman inside. Unable to remove them. How can I ?
0
 
LVL 16

Expert Comment

by:warturtle
Comment Utility
Try using the browsers to surf the internet and see if it works ok now.
0
 

Author Comment

by:Dataplan
Comment Utility
I have tried, but no :-(
I cant even get an IP adress from DHCP. The windows Firewall won't start.
Last resort. I now try booting from MiniPe CD (bart), and try to delete norman from registry.
Anyone else?
0
 
LVL 16

Expert Comment

by:warturtle
Comment Utility
You could also try a Windows repair instead of a full re-install (requires that you have a windows xp cd with you):

http://www.informationweek.com/news/windows/showArticle.jhtml?articleID=189400897&cid=ref-true

0
 

Author Comment

by:Dataplan
Comment Utility
Halleluja !!!!
My computer now works. I dont know what did the trick, but i tried all this things one more time AFTER I had deletet all of Norman from MiniPE cd.
The last thing i did once more, was WinsocXPfix, not winsockFix. After reboot, I now have IP adress, and I can surf on the net again.
Thanks to all of you. Couldn't have done thise without you :-)
0
 
LVL 16

Expert Comment

by:warturtle
Comment Utility
"Its good to see that it wasn't viruses that were the problem, it was multiple antiviruses this time" .. hahaha

Great!
0
 
LVL 2

Expert Comment

by:FatManc
Comment Utility
Well done and great determination!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

I had to do a bit of research to find the answer to this question so I thought I'd share my results.  Due to our outdated mainframe systems, we need to downgrade IE9 to IE8 in order to stay compatible.  We also needed to downgrade Java.  In order to…
I recently found myself in a Corporate Situation where the client had requested blocking access to any and all websites except his own Domain? Easy? I am sure this would be your answer but their requirement was, this has to be done without using…
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now