Network adapter issue...
Howard Woodard
The only thing that I have been able to figure out [I think] so far is that the sites I am having trouble with seem to be being re-directed. In the case of www.jcpenney.com, when I enter www.jcpenney.com the machines that are working properly actually end up on ww1.jcpenney.com. On the machine I'm having trouble with I can access www1.jcpenney.com ok but when I type in www.jcpenney.com I get a "We can't find www.jcpenney.com/" error. In the case of of www.hpshopping.com, the machines that are working properly end up on www.shopping.hp.com. However, when I type the latter URL into this machine I get an error "Unable to find www.shopping.hp.com/cgi-bin/hpdirect/shopping/scripts/product_detail/product_detail_view.jsp?product_code=Q2114A%23ABA&AOID=85&c" so the problem is related to something more than just being re-directed or the latter URL is also being redirected.
Can you help me figure this out?
Chuck
wrote:
Howard,
I've read your previous posts (and replies) and still suspect a dns /
hosts hijack.
Some spyware / viruses are known to add their own hosts file in a
different folder, others to intercept and redirect dns requests, or to
change your dns settings.
1) Search your entire hard drive, including all hidden and system
folders, for "hosts".
2) Run "ipconfig /all" from the problem computer, and from one other
computer, and post the results here.
3) Have your HijackThis log interpreted by experts, such as SWI
Forums. Make sure you have the latest version too. Instructions
here:
http://forums.spywareinfo.com/index.php?showtopic=5187
Cheers,
Chuck
I hate spam - PLEASE get rid of the spam before emailing me!
Paranoia comes from experience - and is not necessarily a bad thing.
Howard Woodard
Windows 98 IP Configuration -- Everything Works Perfectly
 DNS Servers . . . . . . . . : 206.81.192.1
                              205.171.3.65
 Node Type . . . . . . . . . : Broadcast
 NetBIOS Scope ID. . . . . . :
 IP Routing Enabled. . . . . : No
 WINS Proxy Enabled. . . . . : No
 NetBIOS Resolution Uses DNS : No
 Physical Address. . . . . . : 44-45-53-54-00-00
 DHCP Enabled. . . . . . . . : Yes
 IP Address. . . . . . . . . : 0.0.0.0
 Subnet Mask . . . . . . . . : 0.0.0.0
 Default Gateway . . . . . . :
 DHCP Server . . . . . . . . : 255.255.255.255
 Primary WINS Server . . . . :
 Secondary WINS Server . . . :
 Lease Obtained. . . . . . . :
 Lease Expires . . . . . . . :
 Physical Address. . . . . . : 00-03-47-DF-68-1D
 DHCP Enabled. . . . . . . . : Yes
 IP Address. . . . . . . . . : 192.168.1.100
 Subnet Mask . . . . . . . . : 255.255.255.0
 Default Gateway . . . . . . : 192.168.1.1
 DHCP Server . . . . . . . . : 192.168.1.1
 Primary WINS Server . . . . :
 Secondary WINS Server . . . :
 Lease Obtained. . . . . . . : 12 24 03 2:05:06 PM
 Lease Expires . . . . . . . : 12 25 03 2:05:06 PM
       Primary Dns Suffix . . . . . . . :
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
       Physical Address. . . . . . . . . : 00-E0-18-A9-E8-67
       Dhcp Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       IP Address. . . . . . . . . . . . : 192.168.1.102
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       IP Address. . . . . . . . . . . . : fe80::2e0:18ff:fea9:e867%4
       Default Gateway . . . . . . . . . : 192.168.1.1
       DHCP Server . . . . . . . . . . . : 192.168.1.1
       DNS Servers . . . . . . . . . . . : 206.81.192.1
                                           205.171.3.65
                                           fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1
       Lease Obtained. . . . . . . . . . : Wednesday, December 24, 2003 2:45:12 PM
       Lease Expires . . . . . . . . . . : Thursday, December 25, 2003 2:45:12 PM
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
       Dhcp Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : fe80::5445:5245:444f%5
       Default Gateway . . . . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Disabled
       Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
       Dhcp Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.102%2
       Default Gateway . . . . . . . . . :
       DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1
       NetBIOS over Tcpip. . . . . . . . : Disabled
Chuck
wrote:
>Hi Chuck. Here is the output from ipconfig /all. The first is from a Win98SE machine (LINDA) on my home network that works perfectly. The second is from the XP machine (OFFICE) that is having the problem.
>
>There's lots of differences that I wouldn't know enough to explain. There is one difference however that simply doesn't make sense. In the OFFICE machine it shows that NetBIOS over TCP/IP is disabled yet it shows up as being enabled when I look at the TCP/IP properties under the WINS tab.
>
>Anything jump out at you?
>
>Howard
Hi Howard,
Lots of things jump out at me. But no answers yet - just questions.
LINDA and OFFICE both have the same DNS servers specified. But what
are the extra entries for OFFICE?
What are all the entries for OFFICE like "fec0:0:0:ffff::1%1"? What
is Teredo Tunneling? Do you have a VPN client or something on OFFICE?
You say that using the internal modem on OFFICE bypasses the symptoms.
Why don't I see a PPP Adapter listed for OFFICE like I do for LINDA?
Looking at the redirects, I loaded both "www.jcpenney.com" and
"www.hpshopping.com". The former redirects thru Akamai, the latter
appears to use something called Webcriteria. Akamai is edge
technology, Webcriteria may be something like that. Edge technology
needs your browser to allow its servers to send you to one website or
domain after you request a different one (www.hpshopping.com to
www.shopping.hp.com").
There are security settings in Internet Explorer which may affect edge
technology. Under Internet Options - Security - Custom Level -
Miscellaneous, there are two settings that may refer to redirection by
your browser: "Access data sources across domains" and "Navigate
sub-frames across different domains". These settings vary by Content
Zone ("Internet" thru "Restricted"). Whether this is relevant, you
will only find by examining, and playing with, your settings.
I'm still wondering whether you have spyware or a hosts hijack. Have
you checked your hard drive for "hosts"? Have you checked your HJT
log with experts?
All these questions I ask are things I would be doing, or researching,
if I was in front of your computer. I'm not, so you have to do them.
At least until we see a clue that leads us to a solution.
Howard Woodard
I have no idea what the extra entries are or what they or for. I don't have
a VPN client, at least not that I'm aware of -- of course that's the big
question isn't it -- and I don't know what Teredo tunneling is but tunneling
is usually associated with VPNs. As for the PPP adapter question, I don't
know. My Vaio has an Agere Systems AC'97 internal modem and it works just
fine. My MSN connector uses it if I don't have a broadband connection.
I looked all over my system, including hidden files, and found only two
instances of HOSTS -- one on c:\windows\i386 and one on
c:\windows\system32\drivers\etc, both dated 8/18/2001 and 1KB in length (see
below).
I've gone through and lowered my security on everything, enabled everything,
nothing seems to make any difference. I'm now back to the defaults.
I ran HJT and looked at the output. I didn't see anything that looked wrong
but I'm clearly not an expert. When you say have it looked at by experts,
how do I do that?
Merry Christmas.
Howard
------------------
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
============================================================================
=====
"Chuck" <cacroll...@yahoo.com> wrote in message
news:pkikuv0pqvjatms62...@4ax.com...
Howard Woodard
http://www.tek-tips.com/gviewthread.cfm/lev2/5/lev3/34/pid/586/qid/687673
Howatd
==========================================
"Chuck" <cacroll...@yahoo.com> wrote in message
news:pkikuv0pqvjatms62...@4ax.com...
Chuck
wrote:
>Thanks Chuck -- for your help and your patience.
>
>I have no idea what the extra entries are or what they or for. I don't have
>a VPN client, at least not that I'm aware of -- of course that's the big
>question isn't it -- and I don't know what Teredo tunneling is but tunneling
>is usually associated with VPNs. As for the PPP adapter question, I don't
>know. My Vaio has an Agere Systems AC'97 internal modem and it works just
>fine. My MSN connector uses it if I don't have a broadband connection.
>
>I looked all over my system, including hidden files, and found only two
>instances of HOSTS -- one on c:\windows\i386 and one on
>c:\windows\system32\drivers\etc, both dated 8/18/2001 and 1KB in length (see
>below).
OK, not a hosts hijack. That was the simplest possibility - and the
easiest to fix. :(
>I've gone through and lowered my security on everything, enabled everything,
>nothing seems to make any difference. I'm now back to the defaults.
>
>I ran HJT and looked at the output. I didn't see anything that looked wrong
>but I'm clearly not an expert. When you say have it looked at by experts,
>how do I do that?
This article contains all the instructions, including how to get help
at SWI Forums:
http://forums.spywareinfo.com/index.php?showtopic=5187
>Btw, here's one guy's answer to the "Teredo Tunneling" question:
>http://www.tek-tips.com/gviewthread.cfm/lev2/5/lev3/34/pid/586/qid/687673
The referenced article refers to "the last Peer to Peer workstation
support package, including support for IP VI". What Operating System
is this computer running?
Maybe Aida will give somebody a clue what the problem is - or at least
a patch list. Get Aida here, and run a complete report (it's free and
just takes a couple minutes):
http://www.aida32.hu/aida32.php
You say you don't know when this problem started. Can you compare it
in any way to when you set the computer up - was it sometime after, or
long after, you started using the computer?
I'm still looking, the more you can provide the better chance somebody
will have an answer. With determination, patience, and persistence,
the answer is there.
Howard Woodard
and the maximum file they will let you attach is 100K. I asked them for
help anyway.
I run Win XP Pro SP1.
I ran the Aida prgram. It produces a ton of info. Is there something in
particular that I should look at or that you would like to see? As for
patches, I religously keep my software updated. I have the critical updates
downloaded and applied automatically and I check for other updates once a
week.
I got this computer (Sony Vaio PCV-RX891 Media Studio -- has a ton of
multimedia software on it) last December. I know that I accessed the
hpshopping site back in the summer. I registered on the site, ordered some
ink cartridges, and bookmarked the site then. I needed a new cartridge
recently and that's when I noticed that I couldn't acess it anymore.
I also run Ad-Aware 6.0 once a week. It has only ever found some tracking
cookies.
I've got the "determination, patience, and persistence" part down -- I just
don't have the smart part worked out yet.
Best regards,
Howard
================================================
"Chuck" <cacroll...@yahoo.com> wrote in message
news:ieskuvkui8r2q289j...@4ax.com...
> On Wed, 24 Dec 2003 19:39:10 -0800, "Howard Woodard" <woo...@msn.com>
> wrote:
> >
> OK, not a hosts hijack. That was the simplest possibility - and the
> easiest to fix. :(
>
> >I ran HJT and looked at the output. I didn't see anything that looked
wrong
> >but I'm clearly not an expert. When you say have it looked at by
experts,
> >how do I do that?
>
> This article contains all the instructions, including how to get help
> at SWI Forums:
> http://forums.spywareinfo.com/index.php?showtopic=5187
>
anon...@discussions.microsoft.com
hurts to check and it's always the easiest fix.
So that guy says the Teredo thing comes from a windows
update package and that you can remove it...have you
tried that? If you go to "network" in the Control Panel
do you have a Teredo Client tunnel connection? I've
never found it necessary to use this stuff so I really
don't know about it.
This page outlines the "Advanced Networking Pack for
Windows XP": http://support.microsoft.com/default.aspx?
scid=kb;en;817778#9
Lynksys BEFW11S4 v1 is listed under compatible NAT
devices. Seems like V2 would also work but I guess
there's something to look at. Maybe something in the line
you're taking to get to the internet is not compatible?
If you could do without the Advanced Network Pack maybe
just remove it. You could always reinstall the Ad
Network Pack if it is not the problem. The steps are
simply outlined in that support article.
Now I have seen browser problems that also behave
similar. I agree with Chuck that it could be spyware.
First I would look in Add/Remove programs for something
called "Search Bar" or something like that and remove it
if it's there. Another one I've seen cause problems is
called something like "Web tools for Internet Explorer"
and requires you to go through all this hassle and remove
it through a website...really annoying - but it needs to
be removed. I support a lot of web developers so I get
to see a lot of this stuff when they call me complaining
that the website they are developing won't load. Another
thing I would do is run: Start-->Run-->msinfo32 which
has a section called Internet Settings which
expands...then Internet Explorer. Under this section
there is a nice capability to look at files IE uses and
see if you can pick up on the problem there. For
instance, had someone with a problem loading web pages
with javascript, looked in there, found a file called
jsscript.dll or something that was missing version
information, search Google for what package I could
download and install to get that file reinstalled...a
quick reinstall of Windows Scripting Host to reinstall
the file and problem fixed. Might work for you too.
One more thing...I have also seen Java do this to
systems. If you go to Tools-->Internet Options--
>Advanced tab and see if there is a "Sun Java Virtual
Machine"...I think unchecking it would suffice if that is
the problem...this is unlikely, I've only seen that
problem on a couple machines. Good luck.
Chuck
<*deleted*@msn.com> wrote:
>I tried to send my HijackThis output file to SWI but it is just over 300K
>and the maximum file they will let you attach is 100K. I asked them for
>help anyway.
WOW. My largest is 10K. WTH is in your log? Care to attach it here?
Or email to me (be sure to get rid of the spam first).
>I run Win XP Pro SP1.
I'm wondering why you have IP6 and I don't. I would guess that it's
one of the optional M$ Updates that I never applied. I only apply the
critical updates. M$ updates are notorious for causing problems - you
have to apply them with a critical eye.
I don't use Windows Update in real time, but from the website. And I
try to read each update description before applying.
>
>I ran the Aida prgram. It produces a ton of info. Is there something in
>particular that I should look at or that you would like to see? As for
>patches, I religously keep my software updated. I have the critical updates
>downloaded and applied automatically and I check for other updates once a
>week.
I'm curious about your patch log (Windows Update section). Event Logs
might help too.
I want to look at any patches that affect network performance.
>
>I got this computer (Sony Vaio PCV-RX891 Media Studio -- has a ton of
>multimedia software on it) last December. I know that I accessed the
>hpshopping site back in the summer. I registered on the site, ordered some
>ink cartridges, and bookmarked the site then. I needed a new cartridge
>recently and that's when I noticed that I couldn't acess it anymore.
That's a start. The patch log from Aida might give us a clue. Do you
keep any sort of update log for changes you make yourself?
>
>I also run Ad-Aware 6.0 once a week. It has only ever found some tracking
>cookies.
>
>I've got the "determination, patience, and persistence" part down -- I just
>don't have the smart part worked out yet.
Smart comes from experience. We'll both get experience from analysing
(and hopefully solving) this problem.
OK, taking everything you say at face value, here's where we are. As
we continue, the next section will hopefully get larger.
*******
The computer worked fine when it was new. Something changed since
then, and now it has a problem, processing redirected websites.
The problem is not caused by spyware or viruses. The problem does not
appear to be caused by a network setting.
*******
Are there any other websites which are symptomatic of this problem?
Are there any other redirected websites which don't have the problem?
What browser are you using? If just IE, can you try Netscape/Mozilla,
Opera, others?
I want to see if I can experience this myself, if I can figure out
which M$ Update applies IPV6. See if IPV6 is related (Probably a long
shot but...).
BTW, posting your email address in plain text is not a good idea.
http://www.mailmsg.com/SPAM_munging.htm
http://members.aol.com/emailfaq/mungfaq.html
Howard Woodard
"unable to access some sites". I've been working on this for a week,
deleting HOSTS files, running Spyware, reconfiguring my hardware, etc., etc.
Now, to respond to your message:
No, I don't have any Teredo clients. Do you think I should have?
Your reference to the Advanced Networking Pack for Windows XP is what lead
me to what I think the original problem was/is. See
http://support.microsoft.com/default.aspx?scid=kb;EN-US;815768.
Who know, this may even be the reason that my HP Officejet (JetDirect
connection) and the Lynksys devices haven't been showing up on any of my
network places, connections or workgroup computers. There has been a couple
of unidentified entries in my Lynksys IP table list named "UU" and they may
actually be the Teredo clients. We'll see.
I'll remove the Advanced Networking Pack -- don't know what functionality I
will lose -- and let you know what happens.
Merry Christmas!
Howard
===========================================================
<anon...@discussions.microsoft.com> wrote in message
news:060d01c3cadf$d8e83440$a301...@phx.gbl...
Billy
(extended length) addressing. Here is a MS article with a good
explanation and a section for disabling it. Looking at the DNS addresses
they are not able to resolve the sites names.
http://support.microsoft.com/default.aspx?scid=kb;en-us;817778&Product=winxp
"Howard Woodard" <woo...@msn.com> wrote in message
news:uswDMlpy...@TK2MSFTNGP12.phx.gbl...
Chuck
OK, Howard,
I installed 817778 on my XP SP1 computer, and enabled Advanced Peer to
Peer, and I can now reproduce your problem. I get the problem with
both "www.jcpenney.com" and "www.hpshopping.com".
See if you can get rid of the problem:
To disable the Windows XP Peer-to-Peer Networking Component:
1. Click Start, and then click Control Panel.
2. Click Add or Remove Programs.
3. Click Add/Remove Windows Components. The Windows Components
wizard starts.
4. Click Networking Services (but do not click to clear the check
box), and then click Details.
5. Click to clear the Peer-to-Peer check box, and then click OK.
6. Click Next.
7. Follow the instructions on the remaining pages of the wizard to
remove the component from the computer.
Chuck
wrote:
>I tried to send my HijackThis output file to SWI but it is just over 300K
>and the maximum file they will let you attach is 100K. I asked them for
>help anyway.
>
>I run Win XP Pro SP1.
>
>I ran the Aida prgram. It produces a ton of info. Is there something in
>particular that I should look at or that you would like to see? As for
>patches, I religously keep my software updated. I have the critical updates
>downloaded and applied automatically and I check for other updates once a
>week.
>
>I got this computer (Sony Vaio PCV-RX891 Media Studio -- has a ton of
>multimedia software on it) last December. I know that I accessed the
>hpshopping site back in the summer. I registered on the site, ordered some
>ink cartridges, and bookmarked the site then. I needed a new cartridge
>recently and that's when I noticed that I couldn't acess it anymore.
>
>I also run Ad-Aware 6.0 once a week. It has only ever found some tracking
>cookies.
>
>I've got the "determination, patience, and persistence" part down -- I just
>don't have the smart part worked out yet.
Howard,
Forget all that I said in my previous reply to this post. Just
disable Peer To Peer Networking, remove Advanced Networking Pack, and
restart your computer. I had to do all of that to get my test
computer back.
Now to find out why IPv6 is incompatible with these DNS addresses.
To disable the Windows XP Peer-to-Peer Networking Component:
1. Click Start, and then click Control Panel.
2. Click Add or Remove Programs.
3. Click Add/Remove Windows Components. The Windows Components
wizard starts.
4. Click Networking Services (but do not click to clear the check
box), and then click Details.
5. Click to clear the Peer-to-Peer check box, and then click OK.
6. Click Next.
To remove the Advanced Networking Pack for Windows XP:
1. Click Start, and then click Control Panel.
2. Click Add or Remove Programs.
3. In the list of currently installed programs, click Advanced
Networking Pack for Windows XP, and then click Remove.
4. Follow the instructions on the screen to remove the Advanced
Networking Pack for Windows XP from your computer.
5. After the removal is complete, restart the computer.
Howard Woodard
step-by-step troubleshooting -- I would probably have gotten smarter for
doing so -- and now it looks like this might actually be the
problem/solution. I disabled peer-to-peer and removed Advanced Network
Pack. I can now access JC Penney just fine. How's this for timing though?
When I tried hpshopping.com I still couldn't access it but the google cache
showed that the site was down for maintenance. I'll have to wait until they
bring it back up to be sure that this fixes it.
I'm encouraged that Chuck could replicate the problem so I'm pretty sure
this will fix it.
Whew...
Billy, I appreciate your willingness to help and Chuck, your thoughtful
approach to this problem and your great patience with me was terrific, a
learning experience for me, and truly appreciated.
Thanks again and I'll confirm the "fix" as soon as the hpshopping site comes
back up.
Best regards,
Howard
Bellevue, WA
===================================
"Chuck" <cacroll...@yahoo.com> wrote in message
news:42pmuvsgup5m2s4se...@4ax.com...
> On Thu, 25 Dec 2003 19:36:59 GMT, "Billy" <No...@home.spamnet> wrote:
>
> >Basically the Advanced peer-peer has kicked in. This includes IPv6
> >(extended length) addressing. Here is a MS article with a good
> >explanation and a section for disabling it. Looking at the DNS addresses
> >they are not able to resolve the sites names.
>
>http://support.microsoft.com/default.aspx?scid=kb;en-us;817778&Product=winx
p
> >
> >"Howard Woodard" <woo...@msn.com> wrote in message
> >news:uswDMlpy...@TK2MSFTNGP12.phx.gbl...
> >> Btw, here's one guy's answer to the "Teredo Tunneling" question:
> >>
> >http://www.tek-tips.com/gviewthread.cfm/lev2/5/lev3/34/pid/586/qid/687673
> >>
> >> Howard
Howard Woodard
it is -- and it looks like there may be something more to the site than
meets the eye. Either that or the remove of ANP didn't go cleanly. I
removed the windows component first and then removed the ANP. Maybe that's
the wrong order and it left the registry in a strange state. Here's where I
am:
(1) The jcpenney site is working perfectly -- that's a concrete change.
(2) The hpshopping.com site is [slightly] different but still doesn't work.
The first time I type in "hpshopping.com" I get the "The page cannot be
displayed" page. If I hit "Go" again (immediately) the page blanks, the
little windows icon starts to "undulate" like its busy and the cursor
changes to an hour glass whenever it is over the menu section of the
browser. But it never completes and clicking the "Stop" button doesn't stop
it. I can hit the back arrow and it will go back correctly.
Geez...
Chuck, you were able to reproduce the problem by installing ANP. Were you
able to fix the problem by removing it?
Howard
========================================================================
"Howard Woodard" <woo...@msn.com> wrote in message
news:%23$9ioh3yD...@TK2MSFTNGP09.phx.gbl...
Howard Woodard
C:\>nslookup hpshopping.com
Server: tuk-dns-01.inet.qwest.net
Address: 206.81.192.1
Non-authoritative answer:
Name: hpshopping.com
Addresses: 216.240.206.10, 216.240.204.10