1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Norton Internet Security

Discussion in 'All Other Software' started by sinsug, Sep 21, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. sinsug

    sinsug Thread Starter

    Joined:
    Sep 21, 2003
    Messages:
    63
    Hi,
    I have windows XP and I recently purchased Norton Internet Security 2003. For some reason, whenever I have it enabled, internet explorer always comes up with the error, page not found. I have a Weatherbug, which needs to connect to the internet to tell me the temperature and it is able to connect but nothing else like my msn messenger or internet explorer work. I have tried doing everything it says in the instruction book but I cannot get it to work. Any Ideas? This is my first time here so I don't know what additional (if any) information is needed. Thanks
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    33,391
    Hiya and welcome

    Lets do a general cleanup:

    Go to Tools | Internet Options. General tab. Under Delete Files, delete offline content. Also, clear the History.

    Content tab, under AutoComplete, clear Forms and Passwords.

    Advanced tab, under Browsing, look for Enable Insta on Demand. Untick.
    Under Security, look for Empty Tempory Internet... Tick.
    Apply and OK

    Go to Find Files and type in cookie. When found, open the folder, and delete all the cookies found.

    Go to Run and type MSINFO32
    On the left choose Software Enviroment, then Startup Programs. Copy/paste the list here.

    Download Spybot - Search & Destroy from http://security.kolla.de

    After installing, first press Online, and search for, put a check mark at, and install all updates.
    Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds.

    That ought to get rid of most of your spyware.

    When you've done all that, go to http://www.tomcoyote.org/hjt/ , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please copy & paste its contents to the forum.

    It will possibly show other issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.

    Reboot in between running spybot & Hijackthis

    Regards

    eddie
     
  3. BillC

    BillC

    Joined:
    May 28, 2003
    Messages:
    2,366
    In addition to Eddie's Spring cleaning, let me suggest that you check your firewall settings and make certain that you have put your DNS and DHCP in your "trusted" zone. It sounds to me like you have not configured the firewall properly.

    Also, turn off your XP firewall. Go to Start > Control Panel >Administrative Tools > Services >and disable "Application Layer Gateway Services" and see if that helps.
     
  4. sinsug

    sinsug Thread Starter

    Joined:
    Sep 21, 2003
    Messages:
    63
    I have done most of what eddie said to do except the hijack part which i am going to do in just a second. But I wanted to paste this part of what he asked me to before I run the Hijack program. Sorry if I sound stupid but I am not much of a computer person, but what is DNS and DHCP? I think the firewall is configured right but I am not sure. But even when I turn the firewall off of norton internet security, I still can't get online. The only way I can connect to the internet on IE is by restarting the computer without having it (Norton IS) start with the rest of the start up programs, and then if I try to turn it on after I have started the computer like this, none of the features work on it. It only works when starting on start up. I am sure I am a hopeless case, but I will paste my hijack results in a minute. Also, I already had the XP firewall disabled.

    Lexmark X125 Settings Utility c:\progra~1\lexmar~1\lex125su.exe All Users Common Startup
    Microsoft Office c:\progra~1\micros~4\office10\osa.exe -b -l All Users Common Startup
    Microsoft Works Update Detection c:\program files\microsoft works\wkdetect.exe SINSUG\Jackie Villarreal HKU\S-1-5-21-1454471165-1708537768-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    SpyStopper c:\program files\spystopper\spystopper.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Weather c:\program files\aws\weatherbug\weather.exe 1 SINSUG\Jackie Villarreal HKU\S-1-5-21-1454471165-1708537768-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ZoneAlarm c:\progra~1\zonela~1\zoneal~1\zoneal~1.exe All Users Common Startup
    desktop desktop.ini NT AUTHORITY\SYSTEM Startup
    desktop desktop.ini SINSUG\Jackie Villarreal Startup
    desktop desktop.ini .DEFAULT Startup
    desktop desktop.ini All Users Common Startup
    msnmsgr "c:\program files\msn messenger\msnmsgr.exe" /background SINSUG\Jackie Villarreal HKU\S-1-5-21-1454471165-1708537768-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    myNetWatchman c:\program files\mynetwatchman\nwclient.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
     
  5. sinsug

    sinsug Thread Starter

    Joined:
    Sep 21, 2003
    Messages:
    63
    Here are the results of Hijack This

    Logfile of HijackThis v1.97.2
    Scan saved at 6:47:49 PM, on 9/23/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\Lexmark X125\LEX125SU.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Norton Internet Security\ccPxySvc.exe
    C:\Program Files\ICRAfilter\data\ICRASrv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Jackie Villarreal\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.fastwebfinder.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fastwebfinder.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.fastwebfinder.com/sp.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fastwebfinder.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.fastwebfinder.com/hp.php
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_1.dll
    O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF} - C:\DOCUME~1\JACKIE~1\LOCALS~1\Temp\msldnp.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [myNetWatchman] C:\Program Files\myNetWatchman\NWClient.exe
    O4 - HKLM\..\Run: [SpyStopper] C:\Program Files\SpyStopper\spystopper.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: WeatherBug (HKCU)
    O10 - Broken Internet access because of LSP provider 'icralsp.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt0_x.cab
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab
    O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
    O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt0_x.cab
    O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt1_x.cab
    O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst0_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
    O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/games/clients/y/tvt0_x.cab
    O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1410/ftp.coupons.com/v7/brix6ie.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/20884ce31a94c4c1bd00/netzip/RdxIE2.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37648.5913888889
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v49/swapit/swapit.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C6B086D2-146B-47A4-A218-B82DCAF2D872} (cpbrxpie Control) - http://ftp.coupons.com/r3120/cpbrxpie.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com/components/ocx/autopricer/autopricer.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_1.cab
     
  6. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    33,391
    Okay, lets look at the startup list first.....

    Lexmark X125 Settings Utility: Leave for now.

    Microsoft Office: Resource hog that launches common MS Office components to help speed up the launch of Office programs. Some users claim there's no difference with or without it but it isn't required anyway.

    Microsoft Works Update Detection: Checks for updates to MS Works. Not needed.

    SpyStopper: SpyStopper - blocks intrusive spyware, Web bugs, worms, scripts, advertisements, and cookies. Protects you from being profiled and tracked. Up to you.

    Weather: Weatherbug provides current outdoor temperature in the System Tray, also weather alerts. Available via Start -> Programs. Not needed.

    ZoneAlarm: Firewall program from Zonelabs - free version. Keep

    msnmsgr: MSN Messenger utility. If you don't use MSN Messenger, this can be annoying. Available via Start -> Programs. Go to MS Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts". Not needed.

    myNetWatchman: Sends your firewall alerts to a website , which then filters them and forwards details of suspicious activities to the host ISP they originated from. Only needs to be running when your firewall is running. Up to you.


    Okay, go to Run and type MSCONFIg, startup tab. Uncheck the ones you don't want, apply and restart.



    Now, the HT list......


    Re-run HT, and make sure no IE windows are open when you fix the selected items.

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.fastwebfinder.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fastwebfinder.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.fastwebfinder.com/sp.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fastwebfinder.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.fastwebfinder.com/hp.php


    Can you tell I'm still learning with these list :)



    Regards

    eddie
     
  7. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Add these to the list to have HJT remove.

    O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF} - C:\DOCUME~1\JACKIE~1\LOCALS~1\Temp\msldnp.dll

    O10 - Broken Internet access because of LSP provider 'icralsp.dll' missing

    O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1.../v7/brix6ie.cab

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/20884ce31a94c4...tzip/RdxIE2.cab

    O16 - DPF: {C6B086D2-146B-47A4-A218-B82DCAF2D872} (cpbrxpie Control) - http://ftp.coupons.com/r3120/cpbrxpie.cab

    Restart your computer.

    Go here http://www.cexx.org/lspfix.htm and download LSP fix and run it.
     
  8. sinsug

    sinsug Thread Starter

    Joined:
    Sep 21, 2003
    Messages:
    63
    Thank you so much for all your help Eddie. It's much appreciated! I'll get to doing all that right now.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Norton Internet Security
  1. Dukane
    Replies:
    3
    Views:
    232
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/166504

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice