Solved

Winsock error - xp pc

Posted on 2009-05-05
47
1,114 Views
Last Modified: 2013-11-22
I have a customers pc with winsock problem (I think). Problems startet when the owner had an outdated Norton Internet Security. She then downloaded and installed Norman AV that she got for free from her bank (SR-Bank) in norway. Norman was recommended, so she installed it. But she did not uninstall Norton first.

When she came to me, she was unable to connect to the internett. I startet uninstalling both AV applications. Used uninstall tools, an deleted some folders manually, an deletet som reg. keys manually. I ran ccleaner and. spybot, many times. I ran antivirus scans from MiniPE (Bart) cd.

I have now tried EVERYTHING to get connected to the internett, but no luck:
winsock fix
netsh winsock reset (several combinations with catalog), and reboots.
deletet reg key for winsock and winsock2 under current control set.......!
Deletet and installed new driver for the network card.

Now I'm about to give up.  Can you please help me? Is it some parts of Norton whitch prevents me from conecting? Or is it virus og adware/spyware?

I have booted with MiniPe cd, and connected to internet, so it's no HW failure.

I have fount one interesting thing: CLMLservice.exe used between 80 and 99%cpu nearly everytime I have booted the mashine, so I disabled the service and renamed the file. Thought may be the file was infectet or something.

I have turned off windows firewall. Checked that nox proxy is used. Tried with static ip.
I can then ping my router and dns. But not www.google.no
 Internett explorer troubleshooter tells me that I have a winsock problem. But after fix and reboot, it's the same.

Kirsti, Dataplan
0
Comment
Question by:Dataplan
  • 21
  • 13
  • 10
  • +2
47 Comments
 
LVL 2

Assisted Solution

by:FatManc
FatManc earned 240 total points
ID: 24307558
Try downloading and running LSPFix - this fixes
a lot of Winsock problems

Cheers,
John.
 
0
 

Author Comment

by:Dataplan
ID: 24307688
Forgot to mention, have tried that one to :-)
0
 
LVL 4

Assisted Solution

by:The_King
The_King earned 60 total points
ID: 24307761
you need to remove all networking components
including 'hidden' ones.

therefore try the following.

boot in safe mode without networking
open device manager
click view / show hidden devices
then remove all networking devices

reboot
reinstall network devices present and needed

This will ensure your network drivers are replenished and tcp/ip stacks are resest and re-installed.

another problem which can leave machines in this state is if the tcpip.sys file in the windows system folder is corrupted. Try replacing this file with another (windows version must match ... i.e win xp sp2). Best way to do this is using c:\autoexec.bat which unused now still runs before windows so can be used to copy a good file over before windows locks the file in use. dont forget to make a backup first!



could anything be messing with the winsock after you have fixed it? i.e malicious software?
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:Dataplan
ID: 24308422
Tried "The king" suggestion, but still no luck.
Was optimistic, because I fount several hidden devices (Norman Security Driver, Norman Firewall). Deleted them, along with my network device. But still nothing.

Now I just tried uninstalling AVG and reinstalling Norman. To see If norman could fix it selves. But NO !

Anyone else?
0
 
LVL 16

Assisted Solution

by:warturtle
warturtle earned 150 total points
ID: 24308439
Download MalwareBytes Anti-Malware (www.malwarebytes.org) and do a full scan in safe mode (without networking) with that. Let us know, how it goes.
0
 
LVL 4

Assisted Solution

by:The_King
The_King earned 60 total points
ID: 24308460
The other possibility is something could have messed with tcpip.sys system file.

If all else fails (as this can obviously be a bit risky)

Backup c:\windows\system32\drivers\tcpip.sys (autoexec.bat is the best way to replace protected OS files as although its redundant its still there and runs BEFORE anything to do with windows)

download a fresh tcpip.sys or copy from another machine Operating systems do need to match though.

I have Windows XP SP3 and my tcpip.sys file is as follows
350KB (359,040) bytes
File Version 5.1.2600.2505 (xpsp.040806-1825)
MD5 checksum = 4092c56967175f009dc8458dc434358e


edit or create an autoexec.bat file in your c:\ to delete the current one and copy the new one over.

after booting into windows dont forget to go and remove from autoexec.bat

for example
make a backup copy of tcpip.sys called something like tcpip.sys.bak
put the new one in windows\system32\drivers called something like tcpip.sys.new

in autoexec.bat put the following
del c:\windows\system32\drivers\tcpip.sys
copy c:\windows\system32\drivers\tcpip.sys.new c:\windows\system32\drivers\tcpip.sys

and to put backup in if needed change the .new to .bak

proceed with caution though as it could be tricky to put right if you get it wrong.


hope this helps
0
 
LVL 16

Assisted Solution

by:warturtle
warturtle earned 150 total points
ID: 24308461
Also, run the Norton Removal Tool to ensure that its removed completely;

http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

0
 
LVL 62

Assisted Solution

by:☠ MASQ ☠
☠ MASQ ☠ earned 50 total points
ID: 24308922
Given how much else has already been tried may also be time for an
sfc /scannow
as well :)
0
 

Author Comment

by:Dataplan
ID: 24309018
Tried all of this, still no luck.
0
 
LVL 2

Expert Comment

by:FatManc
ID: 24309064
Does it use DHCP or a static IP address? Do the
IPCONFIG /all entries match up with what should be there?

Can other machines on the network see the Internet?
0
 

Author Comment

by:Dataplan
ID: 24309113
Uses DHCP, does not receive an IP adress from router. Have triet several networks. They are all ok for other machines.
Have also tried static ip.¨Then I can ping my router.
All other machines can use internet.
It says "limited or no access....." on the network adapter.
0
 
LVL 2

Expert Comment

by:FatManc
ID: 24309289
I've seen this before on a vista pc and I had to reinstall!
I thought it quicker to do that than spend hours fixing.

It was a similar issue ie two firewalls installed and no matter
What was tried, the issue remained until I installed a clean
OS.  
0
 

Author Comment

by:Dataplan
ID: 24309312
Jippi
Now I receive IP from DHCP, I can also log into my router via IE7.
But still I have problem with dns, or something.
I started sfc /scannow.............not finished yet. Right after starting, i got an IP adress.
Now i kross my fingers........thanks for all your help som far. Im going to bed know. Hope to speak again in the morning :-)
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24309447
Did you just restart your PC??
0
 

Author Comment

by:Dataplan
ID: 24311899
Yes, I have restartet my computer. But still cant access www.google.no or anything else. But I can log into my router 192.168.225.1 with IE7.
Is is now an NDS issue? I can ping ip adresses but not "names".
Anyone?
0
 

Author Comment

by:Dataplan
ID: 24311939
Network diagnose from IE7 gives me the following (se attachment)

diagnose.txt
0
 

Author Comment

by:Dataplan
ID: 24311943
Sorry the file is in Norwegian.....:-)
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24312036
Open a command prompt and do:

nslookup www.hotmail.com

and see what you get. Also, have a look at this question:

http://www.experts-exchange.com/OS/Miscellaneous/Q_20932429.html

0
 

Author Comment

by:Dataplan
ID: 24312538
nslookup www.hotmail.com returns:
Server:  ns1.lyse.net
Address:  213.167.96.50

Navn:    origin.mail.live.com
Addresses:  64.4.20.184, 64.4.20.186, 64.4.20.169, 64.4.20.174
Aliases:  www.hotmail.com, mail.live.com
        toplevel.mail.live.com.akadns.net

I can connect to other computers in my network, I can browse network, and se the other computers.
0
 
LVL 2

Expert Comment

by:FatManc
ID: 24312622
Can you also list the output of IPCONFIG /all from the problem
PC and a working one?

Thanks
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24312672
Your DNS is working properly, it doesn't look like there is any problems there. I suggest running ComboFix, it can be downloaded from: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

and the instructions on usage are here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

I am still going to summarize them. Download the ComboFix.exe and save it with a different name like jabba.exe. Then reboot your PC in safe mode (without networking if possible) and then disable your antivirus+firewall temporarily and run ComboFix. After ComboFix is finished, it will create a log. Please send that log to us and re-enable your computer security programs (antivirus and firewall).
0
 

Author Comment

by:Dataplan
ID: 24312780
Now I tried to uninstall all drivers (also hidden ones) from safe mode. I also deletet the device driver files from windows\system32.
Rebootet, and now I'm back to:
I dont get IP adress from DHCP, so now I'm running sfc /scannow again to se if it will fix the problem.
Have downloaded Combofix, and will try that one as well.
This was a hard one to fix :-(
0
 
LVL 2

Expert Comment

by:FatManc
ID: 24312886
I know this may seem a silly idea, but do you have access to a second Network card?

If so, I'd disable the first one. Then shut down the PC, install the new card along with drivers and see if that makes any difference. Don't put the network cable in to the secondary card until you have installed the correct drivers.

I'm just trying to rule out any possible hardware issue and/or registry problem with the current card.

Thanks
John
0
 

Author Comment

by:Dataplan
ID: 24313998
ComboFix 09-05-05.03 - Administrator 06.05.2009 14:38.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.3.1252.47.1044.18.511.394 [GMT 2:00]
Kjører fra: C:\jabba.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
FW: Personlig brannmur *disabled*
.

(((((((((((((((((((((((((((   Filer Opprettet Fra 2009-04-06 til 2009-05-06  )))))))))))))))))))))))))))))))))
.

2009-05-06 09:54 . 2009-05-06 09:50      3012988      ----a-r      C:\jabba.exe
2009-05-06 09:52 . 2009-05-06 10:19      --------      d-----w      c:\windows\LastGood
2009-05-06 09:47 . 2009-03-25 12:29      130432      ----a-w      c:\windows\system32\drivers\Rtnicxp.sys
2009-05-06 09:47 . 2009-03-03 18:18      73728      ----a-w      c:\windows\system32\RtNicProp32.dll
2009-05-06 08:36 . 2008-04-14 16:22      116224      ----a-w      c:\windows\system32\dllcache\xrxwiadr.dll
2009-05-06 08:36 . 2001-10-06 12:02      23040      ----a-w      c:\windows\system32\dllcache\xrxwbtmp.dll
2009-05-06 08:36 . 2008-04-14 16:22      18944      ----a-w      c:\windows\system32\dllcache\xrxscnui.dll
2009-05-06 08:36 . 2001-10-06 12:03      27648      ----a-w      c:\windows\system32\dllcache\xrxftplt.exe
2009-05-06 08:36 . 2001-10-06 12:03      4608      ----a-w      c:\windows\system32\dllcache\xrxflnch.exe
2009-05-06 08:36 . 2001-08-18 04:37      99865      ----a-w      c:\windows\system32\dllcache\xlog.exe
2009-05-06 08:36 . 2001-08-17 18:11      16970      ----a-w      c:\windows\system32\dllcache\xem336n5.sys
2009-05-06 08:36 . 2004-08-03 20:29      19455      ----a-w      c:\windows\system32\dllcache\wvchntxx.sys
2009-05-06 08:36 . 2008-04-13 18:46      19200      ----a-w      c:\windows\system32\dllcache\wstcodec.sys
2009-05-06 08:36 . 2004-08-03 20:29      12063      ----a-w      c:\windows\system32\dllcache\wsiintxx.sys
2009-05-06 08:36 . 2008-04-14 16:22      8192      ----a-w      c:\windows\system32\dllcache\wshirda.dll
2009-05-06 08:34 . 2001-08-17 19:28      64605      ----a-w      c:\windows\system32\dllcache\vvoice.sys
2009-05-06 08:33 . 2008-04-13 18:45      60032      ----a-w      c:\windows\system32\dllcache\usbaudio.sys
2009-05-06 08:32 . 2001-10-06 12:02      440576      ----a-w      c:\windows\system32\dllcache\tridkb.dll
2009-05-06 08:31 . 2001-08-17 19:49      30464      ----a-w      c:\windows\system32\dllcache\tbatm155.sys
2009-05-06 08:30 . 2001-10-06 12:02      99328      ----a-w      c:\windows\system32\dllcache\srusd.dll
2009-05-06 08:29 . 2001-08-17 18:12      24576      ----a-w      c:\windows\system32\dllcache\smc8000n.sys
2009-05-06 08:28 . 2001-08-17 18:50      101760      ----a-w      c:\windows\system32\dllcache\sis300ip.sys
2009-05-06 08:27 . 2001-08-17 18:50      75392      ----a-w      c:\windows\system32\dllcache\s3savmxm.sys
2009-05-06 08:26 . 2001-08-17 18:19      3840      ----a-w      c:\windows\system32\dllcache\rpfun.sys
2009-05-06 08:25 . 2008-04-13 18:41      17664      ----a-w      c:\windows\system32\dllcache\ppa3.sys
2009-05-06 08:24 . 2001-10-06 12:01      41984      ----a-w      c:\windows\system32\dllcache\ovui2rc.dll
2009-05-06 08:23 . 2001-08-17 18:49      51552      ----a-w      c:\windows\system32\dllcache\ntgrip.sys
2009-05-06 08:22 . 2001-10-06 11:43      52255      ----a-w      c:\windows\system32\dllcache\n1000nt5.sys
2009-05-06 08:21 . 2001-10-06 11:35      320384      ----a-w      c:\windows\system32\dllcache\mgaum.sys
2009-05-06 08:20 . 2001-10-06 11:28      15744      ----a-w      c:\windows\system32\dllcache\lit220p.sys
2009-05-06 08:19 . 2001-10-06 12:02      62464      ----a-w      c:\windows\system32\dllcache\icam4ext.dll
2009-05-06 08:18 . 2001-08-17 19:28      289887      ----a-w      c:\windows\system32\dllcache\hsf_fall.sys
2009-05-06 08:17 . 2001-10-06 11:38      17408      ----a-w      c:\windows\system32\dllcache\gpr400.sys
2009-05-06 08:16 . 2004-08-04 13:00      45056      ----a-w      c:\windows\system32\dllcache\esunid.dll
2009-05-06 08:15 . 2001-08-17 18:11      77386      ----a-w      c:\windows\system32\dllcache\el656nd5.sys
2009-05-06 08:14 . 2001-10-06 12:02      131156      ----a-w      c:\windows\system32\dllcache\digidbp.dll
2009-05-06 08:13 . 2001-10-06 12:02      170880      ----a-w      c:\windows\system32\dllcache\cl546x.dll
2009-05-06 08:12 . 2001-08-17 18:19      36992      ----a-w      c:\windows\system32\dllcache\aztw2320.sys
2009-05-05 21:52 . 2009-05-05 21:52      --------      d-----w      c:\windows\AiOTemp
2009-05-05 21:51 . 2009-05-06 07:33      --------      d--h--r      d:\documents and settings\Kristine\Siste
2009-05-05 21:49 . 2009-05-05 21:49      10520      ----a-w      c:\windows\system32\avgrsstx.dll
2009-05-05 21:49 . 2009-05-05 21:49      107912      ----a-w      c:\windows\system32\drivers\avgtdix.sys
2009-05-05 21:49 . 2009-05-05 21:49      325640      ----a-w      c:\windows\system32\drivers\avgldx86.sys
2009-05-05 21:49 . 2009-05-05 21:49      --------      d-----w      c:\windows\system32\drivers\Avg
2009-05-05 20:16 . 2009-05-05 20:16      --------      d-----w      d:\documents and settings\Administrator\Programdata\Malwarebytes
2009-05-05 20:11 . 2009-05-05 20:11      --------      d-----w      d:\documents and settings\Kristine\Programdata\Malwarebytes
2009-05-05 20:11 . 2009-05-05 20:11      --------      d-----w      d:\documents and settings\All Users\Programdata\Malwarebytes
2009-05-05 19:45 . 2009-05-05 20:53      --------      d-----w      d:\documents and settings\All Users\Programdata\Lavasoft
2009-05-05 19:30 . 2009-05-05 20:50      --------      d-----w      c:\programfiler\Norman
2009-05-05 19:30 . 2009-05-05 19:30      --------      d-----w      d:\documents and settings\Kristine\Programdata\InstallShield
2009-05-05 10:51 . 2009-05-05 10:51      --------      d-----w      d:\documents and settings\All Users\Programdata\NortonInstaller
2009-05-05 07:59 . 2009-05-05 07:59      --------      d-----w      c:\programfiler\ACW
2009-05-05 07:35 . 2009-05-05 07:35      --------      d-----w      c:\programfiler\AVG
2009-05-05 07:35 . 2009-05-05 21:49      --------      d-----w      d:\documents and settings\All Users\Programdata\avg8
2009-04-30 12:43 . 2009-05-05 20:28      --------      d-----w      d:\documents and settings\Kristine\Programdata\Desktopicon
2009-04-30 12:43 . 2009-04-30 12:43      --------      d-----w      c:\programfiler\Unlocker
2009-04-30 10:56 . 2009-04-30 11:48      --------      d-----w      c:\windows\system32\data
2009-04-30 10:46 . 2009-04-30 10:46      --------      d-----w      c:\programfiler\CCleaner
2009-04-07 16:23 . 2009-04-07 16:23      --------      d-----w      d:\documents and settings\LocalService\Start-meny
2009-04-07 16:22 . 2008-04-16 10:57      42552      ----a-w      c:\windows\system32\drivers\ale_nf.sys
2009-04-07 16:22 . 2008-02-07 10:12      79752      ----a-w      c:\windows\system32\drivers\ndis_rd.sys
2009-04-07 16:22 . 2008-02-07 10:12      74624      ----a-w      c:\windows\system32\drivers\tdi_rd.sys
2009-04-07 16:22 . 2008-05-16 09:28      212024      ----a-w      c:\windows\system32\nscrnsav.scr

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 21:50 . 2005-12-09 11:35      59272      ----a-w      d:\documents and settings\Kristine\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2009-05-05 20:53 . 2005-12-09 19:23      --------      d-----w      c:\programfiler\Fellesfiler\Wise Installation Wizard
2009-05-05 19:30 . 2005-12-09 19:23      --------      d--h--w      c:\programfiler\InstallShield Installation Information
2009-05-05 11:16 . 2006-09-02 19:49      --------      d-----w      c:\programfiler\LimeWire
2009-05-05 08:21 . 2004-09-20 09:03      61500      ----a-w      c:\windows\system32\perfc014.dat
2009-05-05 08:21 . 2004-09-20 09:03      387742      ----a-w      c:\windows\system32\perfh014.dat
2009-02-09 14:08 . 2004-09-20 09:03      1846784      ----a-w      c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SunJavaUpdateSched"="c:\programfiler\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975]
"Ulead AutoDetector v2"="c:\programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2005-11-12 180269]
"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2005-11-12 98304]
"UnlockerAssistant"="c:\programfiler\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-05 1932568]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-01-20 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-05 21:49      10520      ----a-w      c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [05.05.2009 23:49 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [05.05.2009 23:49 107912]
S1 NGS;Norman General Security Driver;\??\c:\programfiler\norman\ngs\bin\ngs.sys --> c:\programfiler\norman\ngs\bin\ngs.sys [?]
S1 NPROSEC;Norman Security driver;\??\c:\programfiler\Norman\Ngs\Bin\nprosec.sys --> c:\programfiler\Norman\Ngs\Bin\nprosec.sys [?]
S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging; [x]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [05.05.2009 23:49 298264]
S3 S3chipid;S3chipid;\??\c:\docume~1\Eier\LOKALE~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys --> c:\docume~1\Eier\LOKALE~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys [?]
S4 NDIS_RD;Norman Firewall NDIS driver;c:\windows\system32\drivers\ndis_rd.sys [07.04.2009 18:22 79752]
S4 NPC;Norman Parental Control;"c:\programfiler\Norman\npc\bin\npcsvc32.exe" --> c:\programfiler\Norman\npc\bin\npcsvc32.exe [?]
S4 NPFSvc32;Norman Personal Firewall Service;"c:\programfiler\Norman\npf\bin\npfsvc32.exe" --> c:\programfiler\Norman\npf\bin\npfsvc32.exe [?]
S4 NPROSECSVC;Norman Security service;"c:\programfiler\Norman\Ngs\Bin\Nprosec.exe" --> c:\programfiler\Norman\Ngs\Bin\Nprosec.exe [?]
S4 NUAA;Norman User Activity Agent;"c:\programfiler\Norman\npc\bin\nuaa.exe" --> c:\programfiler\Norman\npc\bin\nuaa.exe [?]
S4 NVOY;Norman Resource Provider;"c:\programfiler\Norman\npm\bin\nvoy.exe" --> c:\programfiler\Norman\npm\bin\nvoy.exe [?]
S4 TDI_RD;Norman Firewall TDI driver;c:\windows\system32\drivers\tdi_rd.sys [07.04.2009 18:22 74624]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 14:39
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...  

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...  

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(208)
c:\windows\system32\Ati2evxx.dll
.
Tidspunkt ferdig: 2009-05-06 14:40
ComboFix-quarantined-files.txt  2009-05-06 12:40

Pre-Run: 22 744 543 232 byte ledig
Post-Run: 22 730 854 400 byte ledig

149      --- E O F ---      2009-03-20 18:34
0
 
LVL 2

Assisted Solution

by:FatManc
FatManc earned 240 total points
ID: 24314089
The Norman security product is still installed as per code snippet.

Can you fully remove all security software and rerun combofix or post a HiJack this log?

Did you see my other comment about a 2nd network card?

Thanks
JOhn


S4 NDIS_RD;Norman Firewall NDIS driver;c:\windows\system32\drivers\ndis_rd.sys [07.04.2009 18:22 79752]
S4 NPC;Norman Parental Control;"c:\programfiler\Norman\npc\bin\npcsvc32.exe" --> c:\programfiler\Norman\npc\bin\npcsvc32.exe [?]
S4 NPFSvc32;Norman Personal Firewall Service;"c:\programfiler\Norman\npf\bin\npfsvc32.exe" --> c:\programfiler\Norman\npf\bin\npfsvc32.exe [?]
S4 NPROSECSVC;Norman Security service;"c:\programfiler\Norman\Ngs\Bin\Nprosec.exe" --> c:\programfiler\Norman\Ngs\Bin\Nprosec.exe [?]
S4 NUAA;Norman User Activity Agent;"c:\programfiler\Norman\npc\bin\nuaa.exe" --> c:\programfiler\Norman\npc\bin\nuaa.exe [?]
S4 NVOY;Norman Resource Provider;"c:\programfiler\Norman\npm\bin\nvoy.exe" --> c:\programfiler\Norman\npm\bin\nvoy.exe [?]
S4 TDI_RD;Norman Firewall TDI driver;c:\windows\system32\drivers\tdi_rd.sys [07.04.2009 18:22 74624]
.

Open in new window

0
 

Author Comment

by:Dataplan
ID: 24314534
ComboFix 09-05-05.03 - Administrator 06.05.2009 14:57.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.3.1252.47.1044.18.511.366 [GMT 2:00]
Kjører fra: C:\jabba.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
FW: Personlig brannmur *disabled*
.

(((((((((((((((((((((((((((   Filer Opprettet Fra 2009-04-06 til 2009-05-06  )))))))))))))))))))))))))))))))))
.

2009-05-06 09:54 . 2009-05-06 09:50      3012988      ----a-r      C:\jabba.exe
2009-05-06 09:52 . 2009-05-06 10:19      --------      d-----w      c:\windows\LastGood
2009-05-06 09:47 . 2009-03-25 12:29      130432      ----a-w      c:\windows\system32\drivers\Rtnicxp.sys
2009-05-06 09:47 . 2009-03-03 18:18      73728      ----a-w      c:\windows\system32\RtNicProp32.dll
2009-05-06 08:36 . 2008-04-14 16:22      116224      ----a-w      c:\windows\system32\dllcache\xrxwiadr.dll
2009-05-06 08:36 . 2001-10-06 12:02      23040      ----a-w      c:\windows\system32\dllcache\xrxwbtmp.dll
2009-05-06 08:36 . 2008-04-14 16:22      18944      ----a-w      c:\windows\system32\dllcache\xrxscnui.dll
2009-05-06 08:36 . 2001-10-06 12:03      27648      ----a-w      c:\windows\system32\dllcache\xrxftplt.exe
2009-05-06 08:36 . 2001-10-06 12:03      4608      ----a-w      c:\windows\system32\dllcache\xrxflnch.exe
2009-05-06 08:36 . 2001-08-18 04:37      99865      ----a-w      c:\windows\system32\dllcache\xlog.exe
2009-05-06 08:36 . 2001-08-17 18:11      16970      ----a-w      c:\windows\system32\dllcache\xem336n5.sys
2009-05-06 08:36 . 2004-08-03 20:29      19455      ----a-w      c:\windows\system32\dllcache\wvchntxx.sys
2009-05-06 08:36 . 2008-04-13 18:46      19200      ----a-w      c:\windows\system32\dllcache\wstcodec.sys
2009-05-06 08:36 . 2004-08-03 20:29      12063      ----a-w      c:\windows\system32\dllcache\wsiintxx.sys
2009-05-06 08:36 . 2008-04-14 16:22      8192      ----a-w      c:\windows\system32\dllcache\wshirda.dll
2009-05-06 08:34 . 2001-08-17 19:28      64605      ----a-w      c:\windows\system32\dllcache\vvoice.sys
2009-05-06 08:33 . 2008-04-13 18:45      60032      ----a-w      c:\windows\system32\dllcache\usbaudio.sys
2009-05-06 08:32 . 2001-10-06 12:02      440576      ----a-w      c:\windows\system32\dllcache\tridkb.dll
2009-05-06 08:31 . 2001-08-17 19:49      30464      ----a-w      c:\windows\system32\dllcache\tbatm155.sys
2009-05-06 08:30 . 2001-10-06 12:02      99328      ----a-w      c:\windows\system32\dllcache\srusd.dll
2009-05-06 08:29 . 2001-08-17 18:12      24576      ----a-w      c:\windows\system32\dllcache\smc8000n.sys
2009-05-06 08:28 . 2001-08-17 18:50      101760      ----a-w      c:\windows\system32\dllcache\sis300ip.sys
2009-05-06 08:27 . 2001-08-17 18:50      75392      ----a-w      c:\windows\system32\dllcache\s3savmxm.sys
2009-05-06 08:26 . 2001-08-17 18:19      3840      ----a-w      c:\windows\system32\dllcache\rpfun.sys
2009-05-06 08:25 . 2008-04-13 18:41      17664      ----a-w      c:\windows\system32\dllcache\ppa3.sys
2009-05-06 08:24 . 2001-10-06 12:01      41984      ----a-w      c:\windows\system32\dllcache\ovui2rc.dll
2009-05-06 08:23 . 2001-08-17 18:49      51552      ----a-w      c:\windows\system32\dllcache\ntgrip.sys
2009-05-06 08:22 . 2001-10-06 11:43      52255      ----a-w      c:\windows\system32\dllcache\n1000nt5.sys
2009-05-06 08:21 . 2001-10-06 11:35      320384      ----a-w      c:\windows\system32\dllcache\mgaum.sys
2009-05-06 08:20 . 2001-10-06 11:28      15744      ----a-w      c:\windows\system32\dllcache\lit220p.sys
2009-05-06 08:19 . 2001-10-06 12:02      62464      ----a-w      c:\windows\system32\dllcache\icam4ext.dll
2009-05-06 08:18 . 2001-08-17 19:28      289887      ----a-w      c:\windows\system32\dllcache\hsf_fall.sys
2009-05-06 08:17 . 2001-10-06 11:38      17408      ----a-w      c:\windows\system32\dllcache\gpr400.sys
2009-05-06 08:16 . 2004-08-04 13:00      45056      ----a-w      c:\windows\system32\dllcache\esunid.dll
2009-05-06 08:15 . 2001-08-17 18:11      77386      ----a-w      c:\windows\system32\dllcache\el656nd5.sys
2009-05-06 08:14 . 2001-10-06 12:02      131156      ----a-w      c:\windows\system32\dllcache\digidbp.dll
2009-05-06 08:13 . 2001-10-06 12:02      170880      ----a-w      c:\windows\system32\dllcache\cl546x.dll
2009-05-06 08:12 . 2001-08-17 18:19      36992      ----a-w      c:\windows\system32\dllcache\aztw2320.sys
2009-05-05 21:52 . 2009-05-05 21:52      --------      d-----w      c:\windows\AiOTemp
2009-05-05 21:51 . 2009-05-06 07:33      --------      d--h--r      d:\documents and settings\Kristine\Siste
2009-05-05 21:49 . 2009-05-05 21:49      10520      ----a-w      c:\windows\system32\avgrsstx.dll
2009-05-05 21:49 . 2009-05-05 21:49      107912      ----a-w      c:\windows\system32\drivers\avgtdix.sys
2009-05-05 21:49 . 2009-05-05 21:49      325640      ----a-w      c:\windows\system32\drivers\avgldx86.sys
2009-05-05 21:49 . 2009-05-05 21:49      --------      d-----w      c:\windows\system32\drivers\Avg
2009-05-05 20:16 . 2009-05-05 20:16      --------      d-----w      d:\documents and settings\Administrator\Programdata\Malwarebytes
2009-05-05 20:11 . 2009-05-05 20:11      --------      d-----w      d:\documents and settings\Kristine\Programdata\Malwarebytes
2009-05-05 20:11 . 2009-05-05 20:11      --------      d-----w      d:\documents and settings\All Users\Programdata\Malwarebytes
2009-05-05 19:45 . 2009-05-05 20:53      --------      d-----w      d:\documents and settings\All Users\Programdata\Lavasoft
2009-05-05 19:30 . 2009-05-05 19:30      --------      d-----w      d:\documents and settings\Kristine\Programdata\InstallShield
2009-05-05 10:51 . 2009-05-05 10:51      --------      d-----w      d:\documents and settings\All Users\Programdata\NortonInstaller
2009-05-05 07:59 . 2009-05-05 07:59      --------      d-----w      c:\programfiler\ACW
2009-05-05 07:35 . 2009-05-05 07:35      --------      d-----w      c:\programfiler\AVG
2009-05-05 07:35 . 2009-05-05 21:49      --------      d-----w      d:\documents and settings\All Users\Programdata\avg8
2009-04-30 12:43 . 2009-05-05 20:28      --------      d-----w      d:\documents and settings\Kristine\Programdata\Desktopicon
2009-04-30 12:43 . 2009-04-30 12:43      --------      d-----w      c:\programfiler\Unlocker
2009-04-30 10:56 . 2009-04-30 11:48      --------      d-----w      c:\windows\system32\data
2009-04-30 10:46 . 2009-04-30 10:46      --------      d-----w      c:\programfiler\CCleaner
2009-04-07 16:23 . 2009-04-07 16:23      --------      d-----w      d:\documents and settings\LocalService\Start-meny
2009-04-07 16:22 . 2008-04-16 10:57      42552      ----a-w      c:\windows\system32\drivers\ale_nf.sys
2009-04-07 16:22 . 2008-02-07 10:12      79752      ----a-w      c:\windows\system32\drivers\ndis_rd.sys
2009-04-07 16:22 . 2008-02-07 10:12      74624      ----a-w      c:\windows\system32\drivers\tdi_rd.sys
2009-04-07 16:22 . 2008-05-16 09:28      212024      ----a-w      c:\windows\system32\nscrnsav.scr

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 21:50 . 2005-12-09 11:35      59272      ----a-w      d:\documents and settings\Kristine\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2009-05-05 20:53 . 2005-12-09 19:23      --------      d-----w      c:\programfiler\Fellesfiler\Wise Installation Wizard
2009-05-05 19:30 . 2005-12-09 19:23      --------      d--h--w      c:\programfiler\InstallShield Installation Information
2009-05-05 11:16 . 2006-09-02 19:49      --------      d-----w      c:\programfiler\LimeWire
2009-05-05 08:21 . 2004-09-20 09:03      61500      ----a-w      c:\windows\system32\perfc014.dat
2009-05-05 08:21 . 2004-09-20 09:03      387742      ----a-w      c:\windows\system32\perfh014.dat
2009-02-09 14:08 . 2004-09-20 09:03      1846784      ----a-w      c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SunJavaUpdateSched"="c:\programfiler\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975]
"Ulead AutoDetector v2"="c:\programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2005-11-12 180269]
"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2005-11-12 98304]
"UnlockerAssistant"="c:\programfiler\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-05 1932568]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-01-20 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-05 21:49      10520      ----a-w      c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [05.05.2009 23:49 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [05.05.2009 23:49 107912]
S1 NGS;NGS; [x]
S1 NPROSEC;NPROSEC; [x]
S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging; [x]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [05.05.2009 23:49 298264]
S3 S3chipid;S3chipid;\??\c:\docume~1\Eier\LOKALE~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys --> c:\docume~1\Eier\LOKALE~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys [?]
S4 NDIS_RD;NDIS_RD;c:\windows\system32\drivers\ndis_rd.sys [07.04.2009 18:22 79752]
S4 NPC;NPC; [x]
S4 NPFSvc32;NPFSvc32; [x]
S4 NPROSECSVC;NPROSECSVC; [x]
S4 NUAA;NUAA; [x]
S4 NVOY;NVOY; [x]
S4 TDI_RD;TDI_RD;c:\windows\system32\drivers\tdi_rd.sys [07.04.2009 18:22 74624]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 14:58
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...  

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...  

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(208)
c:\windows\system32\Ati2evxx.dll
.
Tidspunkt ferdig: 2009-05-06 14:59
ComboFix-quarantined-files.txt  2009-05-06 12:59
ComboFix2.txt  2009-05-06 12:40

Pre-Run: 22 738 702 336 byte ledig
Post-Run: 22 727 610 368 byte ledig

149      --- E O F ---      2009-03-20 18:34
0
 
LVL 2

Assisted Solution

by:FatManc
FatManc earned 240 total points
ID: 24314789
There are still quite a few things hanging around from previous installs.

Please download and run

Norton Removal Tool
AVG Removal Tool

Reboot after removing both and then let me know if anything has improved

John
0
 

Author Comment

by:Dataplan
ID: 24315243
Already done that, but can try again.
While running Combofix, I get a message that AVG is running. But i cant find it. I've looked at task bar, task mannager (prosesses), and in My computer-manage-services.

And then I get 3 messages saying: xecute prosesses remotely having problems, and need to close.

Sometimes I get a message, like the one I get when I get into Safe Mode..........you are running in safe mode, answare Yes to continue, og No to......restore point.
0
 
LVL 2

Accepted Solution

by:
FatManc earned 240 total points
ID: 24315349
Are you using the AVG Removal tool from this location?

http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

0
 

Author Comment

by:Dataplan
ID: 24316254
Done......! Still problems.
When I try to start Windows Firewall, i get a message: error 10047 and the rest in norwegian.
Tried to start manually from Services, but one of the dependent services didn't start.
Now I am googling on that problem :-)
I'm also running Microsoft Windows Tool for removing malicious (i think) software.
Have to try everything, because I don't want to reinstall, I want to understand and fix this !!!!
0
 
LVL 2

Expert Comment

by:FatManc
ID: 24316323
have you tried the second network card option?

Also, can you send me the IPCONFIG /all from the problem machine and a working machine?

Use:
IPCONFIG /all > log.txt

And then copy and paste the log.txt file contents

0
 

Author Comment

by:Dataplan
ID: 24316423
I have noe other NIC available, only Wireless.
Problem pc:
Windows IP-konfigurasjon
        Vertsnavn  . . . . . . . . . . . : KIRSTENS
        Primær DNS-suffiks . . . . . . . :
        Nodetype . . . . . . . . . . . . : Ukjent
        IP-ruting aktivert . . . . . . . : Nei
        WINS Proxy aktivert. . . . . . . : Nei

Ethernet-kort Lokal tilkobling 5:
        Tilkoblingsspesifikt DNS-suffiks :
        Beskrivelse  . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
        Fysisk adresse . . . . . . . . . : 00-14-85-B3-C8-73
        DHCP aktivert. . . . . . . . . . : Ja
        Automatisk konfigurasjon aktivert: Ja
        Automatisk konfigurasjon av IP-adresse. . . : 169.254.182.239
        Nettverksmaske . . . . . . . . . : 255.255.0.0
        IP-adresse . . . . . . . . . . . : fe80::214:85ff:feb3:c873%4
        Standard gateway . . . . . . . . :
        DNS-servere. . . . . . . . . . . : fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1
Tunnelkort Teredo Tunneling Pseudo-Interface:
        Tilkoblingsspesifikt DNS-suffiks :
        Beskrivelse  . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
        Fysisk adresse . . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
        DHCP aktivert. . . . . . . . . . : Nei
        IP-adresse . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
        Standard gateway . . . . . . . . :
        NetBIOS over TCP/IP. . . . . . . : Deaktivert

Working pc with static ip:
Windows IP-konfigurasjon
   Vertsnavn   . . . . . . . . . . . : Kirsti-Acer
   Primr DNS-suffiks  . . . . . . . :
   Nodetype  . . . . . . . . . . . . : Hybrid
   IP-ruting aktivert  . . . . . . . : Nei
   WINS Proxy aktivert . . . . . . . : Nei

Ethernet-kort Lokal tilkobling:
   Tilkoblingsspesifikt DNS-suffiks  :
   Beskrivelse   . . . . . . . . . . : Realtek RTL8168/8111 Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
   Fysisk adresse  . . . . . . . . . : 00-1F-E2-39-2B-D1
   DHCP aktivert . . . . . . . . . . : Nei
   Automatisk konfigurasjon aktivert : Ja
   Koblingslokal IPv6-adresse. . . . : fe80::419a:3398:ff20:71ed%10(Foretrukket)
   IPv4-adresse. . . . . . . . . . . : 192.168.225.99(Foretrukket)
   Nettverksmaske . . . . . . . . . .: 255.255.255.0
   Standard gateway . . . . . . . . .: 192.168.225.1
   DNS-servere . . . . . . . . . . . : 81.167.36.3
                                       81.167.36.11
   NetBIOS over Tcpip. . . . . . . . : Aktivert

Tunnelkort Lokal tilkobling*:
   Medietilstand . . . . . . . . . . : Medium frakoblet
   Tilkoblingsspesifikt DNS-suffiks  :
   Beskrivelse   . . . . . . . . . . : isatap.{A26CB3DC-165D-46F4-9CD3-DFA61218BEC1}
   Fysisk adresse  . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktivert . . . . . . . . . . : Nei
   Automatisk konfigurasjon aktivert : Ja

Tunnelkort Lokal tilkobling* 6:

   Medietilstand . . . . . . . . . . : Medium frakoblet
   Tilkoblingsspesifikt DNS-suffiks  :
   Beskrivelse   . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Fysisk adresse  . . . . . . . . . : 02-00-54-55-4E-01
   DHCP aktivert . . . . . . . . . . : Nei
   Automatisk konfigurasjon aktivert : Ja
0
 
LVL 2

Expert Comment

by:FatManc
ID: 24316681
Can you try disabling IPv6 protocol on the non-working machine? Untick the option from network connection properties and then reboot.

Thanks
0
 
LVL 16

Assisted Solution

by:warturtle
warturtle earned 150 total points
ID: 24316780
Yes, you still have files from Norman Security on your PC (this is after analysis of the last ComboFix log). I believe that those 3 computer security programs were fighting for resources and everytime you opened a webpage all 3 of them were monitoring the PC in real-time - AVG, Norman and Norton.

0
 

Author Comment

by:Dataplan
ID: 24316941
But how can I remove the rest of Norman?
Now I try recovering to the day that norman was installed. It fails.
Now I try recovering to one month before norman................!
0
 

Author Comment

by:Dataplan
ID: 24317132
Didn't work out. I'm about to give up. Is there more to try?
0
 
LVL 2

Expert Comment

by:FatManc
ID: 24317153
As mentioned yesterday I had exactly the same issue as this and the only fix was to reinstall. There's an inherent problem with Vista's network implementation that gets corrupted easily.

Sorry I couldn't be of assistance but it really does look like the reinstall is the easiest option.

JOhn
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24317194
Try the Norman Removal Tool again. Looks like AVG is out now. It should be able to get rid of Norman now. Make sure to download another antivirus and install after all antiviruses are out of your PC.
0
 

Author Comment

by:Dataplan
ID: 24317540
The only Norman removal took I can find is:
Delnvc5
And it says: Cannot find Norman Virus Control installed
0
 
LVL 2

Expert Comment

by:FatManc
ID: 24317609
Dataplan - I think you've made a valiant effort to resolve this issue but I honestly think a rebuild is your only choice now.

What do fellow Experts feel?

Thanks
John
0
 

Author Comment

by:Dataplan
ID: 24317622
I find som keys in regestry with Norman inside. Unable to remove them. How can I ?
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24317628
Try using the browsers to surf the internet and see if it works ok now.
0
 

Author Comment

by:Dataplan
ID: 24317694
I have tried, but no :-(
I cant even get an IP adress from DHCP. The windows Firewall won't start.
Last resort. I now try booting from MiniPe CD (bart), and try to delete norman from registry.
Anyone else?
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24317732
You could also try a Windows repair instead of a full re-install (requires that you have a windows xp cd with you):

http://www.informationweek.com/news/windows/showArticle.jhtml?articleID=189400897&cid=ref-true

0
 

Author Comment

by:Dataplan
ID: 24318247
Halleluja !!!!
My computer now works. I dont know what did the trick, but i tried all this things one more time AFTER I had deletet all of Norman from MiniPE cd.
The last thing i did once more, was WinsocXPfix, not winsockFix. After reboot, I now have IP adress, and I can surf on the net again.
Thanks to all of you. Couldn't have done thise without you :-)
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24319068
"Its good to see that it wasn't viruses that were the problem, it was multiple antiviruses this time" .. hahaha

Great!
0
 
LVL 2

Expert Comment

by:FatManc
ID: 24320255
Well done and great determination!
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question