Winsock

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hey guys lil help here??

Recently my pc has started to play up again...

I cannot get logged in to msn messenger.. When i click troubleshoot, it 1st says invallid IP, when click fix it then comes up with Key ports blocked by firewall etc etc. Also, some web pages (such as this forum and hotmail accounts) come up with page cannot be found DNS errors and time out. Other pages load fine no problems. Disabling the firewall does nothing to fix this (zone alram used). How ever i can access hotmail and other pages if i use firefox.

I have been told that this is related to a winsock problem and that the only fix is a full reinstall of windows. So anyone got any other suggestions?

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

All the usual stuff done? AV, Spyware, etc?

 

twizzle,

Question:
1) Which operating system are you running?

 

Oops sorry fergot to say its xp pro.

I have tried antivirus checks and spyware/malware but nothing unusual found.

 

The usual reason for this fault is a trojan on your PC.

You don't say what AV and anti-spyware you used - some are better than others at detecting this.

One possibility is a hijacked hosts file, another is a rogue Browser Helper Object.

Start by following the instructions here - it may be long-winded but offers an excelent chance of defeating such nasties.

At the very lease use Ewido and Adaware.

Harry.

 

twizzle,

Who's your ISP?

 

twizzle,

Try this:
1) Go to Start->All Programs->Accessories->Command Prompt
2) Type "ipconfig /all"
3) Reply to this thread with the following information:
a) IP Address
b) Subnet Mask
c) Default Gateway
d) DNS Servers

 

OK to answer some questions...

Firstly my isp is freedom2surf.
Im using Nod32 and avg antivirus aswell as adaware and seek and destroy for spyware. My firewall is zonealarm.

Output from ipconfig is....

Windows IP Configuration

Host Name . . . . . . . . . . . . : twizz
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 5:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce MCP Networking Controller
Physical Address. . . . . . . . . : 00-0E-A6-15-11-02
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1


The problem only occurs with IE6 and not with Firefox. I have tried ipconfig /release, ipconfig /renew to no luck.

Like i said MSN Messenger wont log in, Certforums and another forum i use wont load in IE6 and i can not get to my inboxes in hotmail (tho i can get to the login page and enter my details it just will not load the inbox etc etc afterwards.)

 

I would try AJs Winsock patch, I have used that Winsock repair utility a few times now but I have to say that I would have expected a Winsock problem to affect Firefox as well.

As you are getting DNS errors, why not try putting the IP address of reliable DNS servers into your TCP/IP properties instead of your routers IP?

 

reliable dns addresses??? which ones can do u suggest i use?...
The thing is i have 2 pc's connected to the router and only one has this problem tho both are configured the same.. same XP, same antivirus and spyware progs and same msn.....

 

twizzle,

Questions:
1) In the Command Prompt, can you "ping 192.168.1.1?"
2) In the Command Prompt, can you type "ping www.certforums.co.uk"?
3) In the Command Prompt, can you "telnet www.certforums.co.uk 80"? If you get something like "Connecting to www.certforums.co.uk...Could not open a connection to host on port 80 : Connection failed" then something is blocking traffic. If on the other hand all you get is a Command Prompt window that may be titled "telnet www.certforums.co.uk 80" that just sits there, then that means you should be able to connect to CertForums. Just close the window when confirmed.
4) What kind of networking device has the IP address 192.168.1.1?

Statements:
1) Since I read "Dhcp Enabled. . . . . . . . . . . : No", that means your IP dialog box in Windows is _NOT_ set to ( * ) Obtain IP Address Automatically. That means when you type "ipconfig /renew", the NIC won't be configured by the DHCP server that may or may not respond.

 

Well that depends on where you live but personally I don't use my ISPs (BigPond) DNS servers as they are slow and tend to time out all the time. Due to the vast number of users that are hitting them.

I use my local university's DNS servers. I am sure a bit of research on your part would come up with an alternative to try out.

 

Hm - as rh.lee says - ipconfig /release and /renew won't do anything.

Even though NOD32 has a fantastic reputation I'd still feel that there is a BHO there somewhere. HijackThis should reveal it.

Edit - also check that you haven't set a proxy by accident.

Harry.

 

twizzle,

Just curiously, but did you install "MSN Messenger" onto your Windows XP computers?

 

I really hope you meant Spyware SEARCH and Destroy. There are a lot of copy cat programs that actually ARE spyware.

That said, the current state of Spyware has left the free Antispyware aps in the dust. Try Trend Micro's Housecall to scan, and that same link is where you can get the CWShredder if you need it.

Down below there were questions about MSN Messenger. There is now malware that can attack via IM too.

One other freebe that you might want to try is WinPatrol, which is a kind of IPS. It can give you more control over startup programs, more info on those arcane files that are running, cookies, etc. The free version is great, and the Plus version is a onetime fee that is very reasonable and is well worth it.

Be aware that the rootkits that are going around are not being found by the free AntiSpyware apps, so do try the free scans from the commercial AS. Good luck!

 

R.H,

I can ping all the above and telnet connects fine no problems.
The Net device is a US Robotics router, which im sure is working ok as the other pc that is connected to it works fine on all the problems the other pc has.
MSN MEssenger was intsalled from msn.com ages ago and has been working ok until the other day when all the problems started.

Harry here is the output from hijackthis... i cant see a BHO for NOD32 in there..

Logfile of HijackThis v1.99.1
Scan saved at 23:00:37, on 23/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} - https://myaccount.gateway.gov.uk/ClientObjects/SignatureControlInstaller.CAB
O16 - DPF: {02E09B2E-2A03-4572-9291-69900C068564} (LCSim Control) - http://www.learnitcorp.com/cabs/lcsim.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136813298998
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136826328890
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3FD4101-AED3-44CF-B0DA-A443F6AB942B}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

All the problems did seem to start after i turn windows automatic updates on!! but i cant find any updates listed in add/remove software in control panel.. and all the old critical updates that were listed in there seem to have disappeared so wondering if an update has caused this. Unfortunatley i have no way of rolling back to before the updates.
When i get the winsock fix from AJ i'll try that then post any results here.

 

Hm - I can't see anything obvious there either.

A couple of points - I wouldn't normally suggest that running two AVs is a good idea - you have AVG and NOD32 both running. IMHO NOD32 outclasses AVG. And I see that Messenger has missing files. Perhaps you need to uninstall it and re-install.

You might - as a possibility - post that log on the forums at CastleCops - they have people far more expert than I who can comment on it.

Harry.

 

I agree with Harry, but I would go a bit further and say that running two anti-virus apps on the same PC is a very bad idea.

Have you allowed Zone Alarm to disable the built in Windows firewall or are they both running?

 

As far as im aware the built in windows one is disabled.
I have also reinstalled messenger but still cant log in with it.
Also it seems that its on pages that have a login script of some form that i cannot access in internet explorer.