What IP address is reported if you open a cmd.exe window (Start/Run cmd.exe), and type

nslookup www.grainger.com

I'm seeing 170.224.36.5. If you don't receive that IP address, type

ipconfig /flushdns

and try the "nslookup" again.

What error is reported by the browser?

Jim

I did as suggested and received back:

Server:  dhcp67.srv.hcvlny.cv.net

Address:  167.206.3.152

 

Non-authoritative answer:

Name    www.grainger.com

Address:  170.224.36.5

 

 

I then typed:

ipconfig /flushdns

and received back:

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

 

I did the nslookup again and received the same results as before.  What next?

 

I did the nslookup again and received the same results as before. What next?

What error message did you receive from the browser? The IP address reported agrees with what I'm receiving.

Attempting to "tracert" to www.grainger.net stops short of the target:

c:\>tracert www.grainger.com

Tracing route to www.grainger.com [170.224.36.5]
over a maximum of 30 hops:

[...]
  6    70 ms    80 ms    81 ms  so-1-0-0.mpls1.Raleigh1.Level3.net [209.247.11.17]
  7    70 ms    80 ms    80 ms  so-10-0.hsa1.Raleigh1.Level3.net [4.68.114.222]
  8    80 ms    80 ms    80 ms  unknown.Level3.net [64.158.236.6]
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.
 11     *        *        *     Request timed out.
 12

The first ones, which I didn't show, are associated with our ISP and how it's connected to the Internet backbone. But does your "tracert" output reach "unknown.Level3.net [64.158.236.6]"? If it doesn't, post the last two or three hops that don't result in timeouts.

I'm thinking that this is a routing issue external to your system. It may not be, but we need to rule out that possibility, given that the site's reachable from other places on the Internet.

Jim

from a command prompt I ran:

tracert www.grainger.com

and got back:

Unable to resolve target system name www.grainger.com

As such, I do believe it is internal to my computer.  (Again, remember others on the home network can access the site.)  what next? What is also unexplained is that I have yet to discover any other sites for which I have the problem.  I also tried going to 170.224.36.5 (What we determined is www.grainger.com) and was unable to get there, so it is not just a question of resovling the ip address.

Message Edited by blheaps on 06-30-2004 08:07 AM

this might apply:

http://www.mvps.org/winhelp2002/delcache.htm

look at your "hosts" file (C:\WINDOWS\system32\drivers\etc)..i don't know much about working with the hosts file, but i have heard others recommend looking at the hosts file to solve problems like yours.. if there is a problem with the hosts file, i do not know how people resolve it.. (i guess that you could delete some of the data in it, opening it with notepad) i have a copy of it backed up so i can just replace it if a problem arises.. (i actually have the hosts file locked, using spybot, supposedly making it "read only") this is what the content of my hosts file looks like:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

 

 

 

Message Edited by redwolfe_98 on 06-30-2004 09:14 AM

blheaps,

"redwolfe_98"'s suggestion to check the hosts file is a good one. I don't think that's the problem in this case, because that would result in an incorrect IP address for www.grainger.com, rather than no IP address.

Am I correct that you tried tracert 170.224.36.5 and didn't get results similar to mine? Can you reach the site via its IP address with your Web browser, like this: http://170.224.36.5?

There's a possibility that some form of malware is causing this problem. I've seen bizarre cases involving failure to resolve host names to IP addresses caused by malicious "layered service provider" software that interferes with the system's ability to resolve names. Some have involved only a few sites.

There's a program called  "lspfix" that might resolve the problem, but it's unfortunately common that malware takes many forms, and requires an investigation of the state of the operating system to uncover the source of the problem. Fortunately, there are tools available to do that, and people available to help interpret the results.

Download, install, update and run Ad-Aware and Spybot as described in this article. If you continue to experience problems, the next step is to download and install HijackThis, a malware analysis and removal tool, as described here, and submit a log to the expert volunteers in the Virus Information and Removal board for review. Be sure to post the log in a new message, and describe the problem you're experiencing.

Jim

Getting nowhere.....slowly

did everything suggested by you and redwolfe_98.  (incidently same problem for other users on this machine).I run ad-aware regularly and no problems.  ran hijack this.  what follows is the log it created:

Logfile of HijackThis v1.97.7
Scan saved at 3:14:09 PM, on 6/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\inetsrv\DavCData.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\Program Files\Belkin Bulldog Plus\MUPS.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Brian Heaps\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O15 - Trusted Zone: www.grainger.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {186E51E5-96A2-4BC5-8858-581932C15F82} (CardPrintStub Class) - http://www.hpphoto.com/downloads/cardprint.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12992a5eb767e728b105/netzip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37996.7771296296
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab

 

HELP!!!!!!!

I see there's a copy of the log in the Virus Information and Removal board - good! There are more problems than volunteer experts to analyze them, but they're very good. Hopefully they'll spot something, but expect about a two-day delay before they get to yours.

Jim

I know there was a long holiday weekend, but I still have not gotten a response to my posting and it has been over a week.  Suggestions? or sit tight?

The experts in the virus forum do miss a log now and then. Reply to your own post in that forum with a simple comment that you are still waiting. That will bring it back to the attention of the experts.

I'm not an expert, but I see nothing in the log that I would expect to create your problem. Both Kontiki and Weatherbug are considered malware by the experts, but I doubt these are your problem. Also, you do have a Netster infection, but again, that shouldn't prevent you from reaching a single site.

I'm not an expert, but I see nothing in the log that I would expect to create your problem.

Nor am I, but I don't see what I was hoping would be there - an unknown "layered service provider".

blheaps, did you try accessing Grainger using its IP address (http://170.224.36.5)?

Jim

yup - i tried the ip address with no luck

Apparently my attempt to "bump" the thread in the Virus Information and Removal board hasn't yielded any results yet. They're very short-handed, but clearly your post got missed.

In case they want output from the latest version of HijackThis, could you download the latest version (1.98.0) here? When you install it, you should create a directory (folder) in the root level of your C: drive named HJT. Unzip HijackThis.zip into the newly created directory, and then run HijackThis.exe from the new directory. The current log shows that it's in a temporary directory, and since HijackThis makes backups of things that it removed, it's best if it be installed in a permanent directory. After you get the new log, post it as a reply in the thread in the Virus Info board. Here's a link to the old log - it's becoming hard to find because of all the other posts!

I spent some time this afternoon reviewing the entire thread as well as the HijackThis log. There's an anomalous result - "nslookup" was able to resolve www.grainger.com, but "tracert" was not. I don't know what that means, but it points to problems that aren't just browser related. You might want to try tracert 170.224.36.5, and see what that produces.

I'm not a HijackThis expert, I didn't spot anything like a "smoking gun" in your HijackThis log. I note you have Internet Information Server installed, which is unusual for an XP system, but by no means a problem as long as it's kept up to date via Microsoft Windows Update. You do have "Weatherbug" installed, which some people consider a problem, but it surely can't produce a symptom like this. I've checked access to Grainger from both Internet Explorer 6 and Mozilla Firefox, and have no difficulty with either browser.

Jim

done as requested. results posted to other forum.