smartboyalex Posted March 3, 2009 Share Posted March 3, 2009 (edited) Hi,I got a Dell Inspiron 9300 laptop from a customer today. The problem is that I can connect to the wireless network and can ping to external sites (mail,google,yahoo,etc.) but I have no internet access what so ever. No programs can access the Internet. I tried to telnet to google and it couldn't connect. I tried all of the above on my laptop and all works flawlessly. The laptop had Norten products on it and I removed all of them and installed AVG and Ad Aware. I ran ccleaner to clean up any leftover files. Still no luck.Here is the HiJack This logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:42:45 PM, on 3/2/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exeC:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exeC:\Documents and Settings\Steve\Application Data\U3\351233141E8122C0\LaunchPad.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.roaringfork.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.comO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllO3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dllO3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exeO4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Digital Line Detect.lnk = ?O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cabO16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exeO23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe--End of file - 11324 bytesI see that there are still symantec stuff I will take care of that.But in the mean time any ideas? Edited March 3, 2009 by smartboyalex Link to comment Share on other sites More sharing options...
Tripredacus Posted March 4, 2009 Share Posted March 4, 2009 I am worried about the Drive Letter Access BHO.You need to verify that everything is normal when connecting physically via ethernet. HTJ logs aren't much to me anymore. Link to comment Share on other sites More sharing options...
CoffeeFiend Posted March 4, 2009 Share Posted March 4, 2009 The laptop had Norten products on it and I removed all of themNorton junk isn't even able to get rid of itself properly, you usually have to use SymNRT. There's bits and pieces of it left:C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dllO3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dllO16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cabO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exeO23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeServices, startup processes, BHO's, toolbars, etc. It's still all over the place, and I'm sure there's plenty more of it scattered everywhere.So I'd try to truly eradicate it first. Then, if things still don't work, I'd try to reset the tcp/ip stack:netsh int ip reset c:\resetlog.txtThat often solves the problem. Link to comment Share on other sites More sharing options...
CETY31 Posted March 4, 2009 Share Posted March 4, 2009 Have you resolved the "sync no surf" issue yet? I had the same issue with sub last week. Tried everything under the sun until I install FireFox. The sub was using IE...after installing FireFox i was able to get online. However I still could not surf with IE.Questions:1) Your set up is wireless...did you try and connect with Rj45 cable?2) Can you surf with other PC(s)?3) Is that PC able to surf on different network?4) Did you turn off any firewalls that might be blocking access?5) How is the conectivity...(limited or good)? Link to comment Share on other sites More sharing options...
dadguy Posted March 8, 2009 Share Posted March 8, 2009 I have seen this a lot. When coming from a customer PC I find that many have set up a proxy for internet access to comply with company guidelines. This will block the internet access but not the ping.Give it a look; open Internet Explorer, Tools/Internet Options then go to Connections tab, select LAN Settings at the bottom and make sure the proxy is unchecked. Dadguy Link to comment Share on other sites More sharing options...
g00gle88 Posted March 10, 2009 Share Posted March 10, 2009 Try clearing your DNS cacheC:\> ipconfig /flushdnsYou can also try resetting your Winsock(For SP2 and SP3 and you need local admin rights)C:\> netsh winsock reset Link to comment Share on other sites More sharing options...
DigeratiPrime Posted March 11, 2009 Share Posted March 11, 2009 If you can ping external sites, then your "internet" is working. ping.exe on windows uses ICMP (and DNS to resolve domains), so if that works but you are unable to connect to webpages, then the problem is either with your web browser, HTTP, or TCP. Easiest thing to do is install Firefox, if that works then something is wrong with IE. Otherwise as CoffeeFiend pointed out there could be some Symantec service that is hooking HTTP requests. Link to comment Share on other sites More sharing options...
snowdog512 Posted July 23, 2009 Share Posted July 23, 2009 Try clearing your DNS cacheC:\> ipconfig /flushdnsYou can also try resetting your Winsock(For SP2 and SP3 and you need local admin rights)C:\> netsh winsock resetHallelujah!! I had this problem for 2 wks. I believe it was spy/malware related as it first occurred after AdAware performed a scan and notified me that I had to reboot to remove one of the problems. Upon restart, Spybot ran a scan and low and behold, no programs could access the internet. Neither Firefox or IE nor any programs that look for updates like (ironically?) AdAware and Spybot. No instant messaging either.I knew I did not have an issue with my provider since my Vonage phone still worked and my daughter's computer in the other room still worked. I checked to confirm and was able to successfully ping yahoo and google from a command window on the troubled PC.After trying to back out the last changes from AdAware/Spybot and some basic troubleshooting (really just an ipconfig stop/start and checking the hosts file) I started surfing for others with this problem. I found that there were *many* people that had encountered the same problem so started taking notes of things to try. While there may be different causes, the fix that worked for me was to reset the Winsock. I ran the command above and it notified me that I needed to reboot to complete the reset. When my PC came back up viola, I was online again.Thanks very much to everyone that posts to this board and others!!!!mike Link to comment Share on other sites More sharing options...
Tripredacus Posted July 23, 2009 Share Posted July 23, 2009 I've heard so many things that Spybot does to Windows, add this to the list.Winsock can get corrupted very easily, although I do not know how to stop that from happening. You'd think that Winsock components would be protected system files but I guess not. Link to comment Share on other sites More sharing options...
cluberti Posted July 23, 2009 Share Posted July 23, 2009 I've heard so many things that Spybot does to Windows, add this to the list.Winsock can get corrupted very easily, although I do not know how to stop that from happening. You'd think that Winsock components would be protected system files but I guess not.The problem isn't winsock files not being protected, the problem is spybot removes an LSP (which is malicious) but doesn't remove it *properly*. Resetting winsock also resets the list of LSPs, causing it to work again (winsock is then no longer trying to make sure an LSP that's no longer on the system gets a crack at every packet). Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now