Winsock

Discussion in 'Internet, Connectivity and Communications' started by twizzle, May 23, 2006.

  1. twizzle

    twizzle Gigabyte Poster

    1,842
    43
    104
    Hey guys lil help here??

    Recently my pc has started to play up again...

    I cannot get logged in to msn messenger.. When i click troubleshoot, it 1st says invallid IP, when click fix it then comes up with Key ports blocked by firewall etc etc. Also, some web pages (such as this forum and hotmail accounts) come up with page cannot be found DNS errors and time out. Other pages load fine no problems. Disabling the firewall does nothing to fix this (zone alram used). How ever i can access hotmail and other pages if i use firefox.

    I have been told that this is related to a winsock problem and that the only fix is a full reinstall of windows. So anyone got any other suggestions?
     
    Certifications: Comptia A+, N+, MS 70-271, 70-272
    WIP: Being a BILB,
  2. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,205
    136
    199
    All the usual stuff done? AV, Spyware, etc? :blink
     
  3. r.h.lee

    r.h.lee Gigabyte Poster

    1,011
    52
    105
    twizzle,

    Question:
    1) Which operating system are you running?
     
    Certifications: MCSE, MCP+I, MCP, CCNA, A+
    WIP: CCDA
  4. twizzle

    twizzle Gigabyte Poster

    1,842
    43
    104
    Oops sorry fergot to say its xp pro.

    I have tried antivirus checks and spyware/malware but nothing unusual found.
     
    Certifications: Comptia A+, N+, MS 70-271, 70-272
    WIP: Being a BILB,
  5. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,624
    117
    224
    The usual reason for this fault is a trojan on your PC.

    You don't say what AV and anti-spyware you used - some are better than others at detecting this.

    One possibility is a hijacked hosts file, another is a rogue Browser Helper Object.

    Start by following the instructions here - it may be long-winded but offers an excelent chance of defeating such nasties.

    At the very lease use Ewido and Adaware.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  6. wizard

    wizard Petabyte Poster

    5,767
    42
    174
    twizzle,

    Who's your ISP?
     
    Certifications: SIA DS Licence
    WIP: A+ 2009
  7. AJ

    AJ 01000001 01100100 01101101 01101001 01101110 Administrator

    6,902
    185
    221
    There is a Winsock patch which I carry around for this very reason. PM me you email addy and I'll send it to you. It may or may not work :dry
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Breathing in and out, but not out and in, that's just wrong
  8. r.h.lee

    r.h.lee Gigabyte Poster

    1,011
    52
    105
    twizzle,

    Try this:
    1) Go to Start->All Programs->Accessories->Command Prompt
    2) Type "ipconfig /all"
    3) Reply to this thread with the following information:
    a) IP Address
    b) Subnet Mask
    c) Default Gateway
    d) DNS Servers
     
    Certifications: MCSE, MCP+I, MCP, CCNA, A+
    WIP: CCDA
  9. twizzle

    twizzle Gigabyte Poster

    1,842
    43
    104
    OK to answer some questions...

    Firstly my isp is freedom2surf.
    Im using Nod32 and avg antivirus aswell as adaware and seek and destroy for spyware. My firewall is zonealarm.

    Output from ipconfig is....

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : twizz
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection 5:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : NVIDIA nForce MCP Networking Controller
    Physical Address. . . . . . . . . : 00-0E-A6-15-11-02
    Dhcp Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.1.3
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    DNS Servers . . . . . . . . . . . : 192.168.1.1


    The problem only occurs with IE6 and not with Firefox. I have tried ipconfig /release, ipconfig /renew to no luck.

    Like i said MSN Messenger wont log in, Certforums and another forum i use wont load in IE6 and i can not get to my inboxes in hotmail (tho i can get to the login page and enter my details it just will not load the inbox etc etc afterwards.)
     
    Certifications: Comptia A+, N+, MS 70-271, 70-272
    WIP: Being a BILB,
  10. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,878
    181
    256
    I would try AJs Winsock patch, I have used that Winsock repair utility a few times now but I have to say that I would have expected a Winsock problem to affect Firefox as well.

    As you are getting DNS errors, why not try putting the IP address of reliable DNS servers into your TCP/IP properties instead of your routers IP?
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  11. twizzle

    twizzle Gigabyte Poster

    1,842
    43
    104
    reliable dns addresses??? which ones can do u suggest i use?...
    The thing is i have 2 pc's connected to the router and only one has this problem tho both are configured the same.. same XP, same antivirus and spyware progs and same msn.....
     
    Certifications: Comptia A+, N+, MS 70-271, 70-272
    WIP: Being a BILB,
  12. r.h.lee

    r.h.lee Gigabyte Poster

    1,011
    52
    105
    twizzle,

    Questions:
    1) In the Command Prompt, can you "ping 192.168.1.1?"
    2) In the Command Prompt, can you type "ping www.certforums.co.uk"?
    3) In the Command Prompt, can you "telnet www.certforums.co.uk 80"? If you get something like "Connecting to www.certforums.co.uk...Could not open a connection to host on port 80 : Connection failed" then something is blocking traffic. If on the other hand all you get is a Command Prompt window that may be titled "telnet www.certforums.co.uk 80" that just sits there, then that means you should be able to connect to CertForums. Just close the window when confirmed.
    4) What kind of networking device has the IP address 192.168.1.1?

    Statements:
    1) Since I read "Dhcp Enabled. . . . . . . . . . . : No", that means your IP dialog box in Windows is _NOT_ set to ( * ) Obtain IP Address Automatically. That means when you type "ipconfig /renew", the NIC won't be configured by the DHCP server that may or may not respond.
     
    Certifications: MCSE, MCP+I, MCP, CCNA, A+
    WIP: CCDA
  13. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,878
    181
    256
    Well that depends on where you live but personally I don't use my ISPs (BigPond) DNS servers as they are slow and tend to time out all the time. Due to the vast number of users that are hitting them.

    I use my local university's DNS servers. I am sure a bit of research on your part would come up with an alternative to try out.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  14. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,624
    117
    224
    Hm - as rh.lee says - ipconfig /release and /renew won't do anything.

    Even though NOD32 has a fantastic reputation I'd still feel that there is a BHO there somewhere. HijackThis should reveal it.

    Edit - also check that you haven't set a proxy by accident.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  15. r.h.lee

    r.h.lee Gigabyte Poster

    1,011
    52
    105
    twizzle,

    Just curiously, but did you install "MSN Messenger" onto your Windows XP computers?
     
    Certifications: MCSE, MCP+I, MCP, CCNA, A+
    WIP: CCDA
  16. mrobinson52

    mrobinson52 Security Maven Gold Member

    194
    9
    74

    I really hope you meant Spyware SEARCH and Destroy. There are a lot of copy cat programs that actually ARE spyware.

    That said, the current state of Spyware has left the free Antispyware aps in the dust. Try Trend Micro's Housecall to scan, and that same link is where you can get the CWShredder if you need it.

    Down below there were questions about MSN Messenger. There is now malware that can attack via IM too.

    One other freebe that you might want to try is WinPatrol, which is a kind of IPS. It can give you more control over startup programs, more info on those arcane files that are running, cookies, etc. The free version is great, and the Plus version is a onetime fee that is very reasonable and is well worth it.

    Be aware that the rootkits that are going around are not being found by the free AntiSpyware apps, so do try the free scans from the commercial AS. Good luck!
     
    Certifications: A+, Network+, MCSA:Security, Security+
    WIP: CISSP
  17. twizzle

    twizzle Gigabyte Poster

    1,842
    43
    104
    R.H,

    I can ping all the above and telnet connects fine no problems.
    The Net device is a US Robotics router, which im sure is working ok as the other pc that is connected to it works fine on all the problems the other pc has.
    MSN MEssenger was intsalled from msn.com ages ago and has been working ok until the other day when all the problems started.

    Harry here is the output from hijackthis... i cant see a BHO for NOD32 in there..

    Logfile of HijackThis v1.99.1
    Scan saved at 23:00:37, on 23/05/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\sstray.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} - https://myaccount.gateway.gov.uk/ClientObjects/SignatureControlInstaller.CAB
    O16 - DPF: {02E09B2E-2A03-4572-9291-69900C068564} (LCSim Control) - http://www.learnitcorp.com/cabs/lcsim.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136813298998
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136826328890
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D3FD4101-AED3-44CF-B0DA-A443F6AB942B}: NameServer = 192.168.1.1
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    All the problems did seem to start after i turn windows automatic updates on!! but i cant find any updates listed in add/remove software in control panel.. and all the old critical updates that were listed in there seem to have disappeared so wondering if an update has caused this. Unfortunatley i have no way of rolling back to before the updates.
    When i get the winsock fix from AJ i'll try that then post any results here.
     
    Certifications: Comptia A+, N+, MS 70-271, 70-272
    WIP: Being a BILB,
  18. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,624
    117
    224
    Hm - I can't see anything obvious there either.

    A couple of points - I wouldn't normally suggest that running two AVs is a good idea - you have AVG and NOD32 both running. IMHO NOD32 outclasses AVG. And I see that Messenger has missing files. Perhaps you need to uninstall it and re-install.

    You might - as a possibility - post that log on the forums at CastleCops - they have people far more expert than I who can comment on it.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  19. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,878
    181
    256
    I agree with Harry, but I would go a bit further and say that running two anti-virus apps on the same PC is a very bad idea.

    Have you allowed Zone Alarm to disable the built in Windows firewall or are they both running?
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  20. twizzle

    twizzle Gigabyte Poster

    1,842
    43
    104
    As far as im aware the built in windows one is disabled.
    I have also reinstalled messenger but still cant log in with it.
    Also it seems that its on pages that have a login script of some form that i cannot access in internet explorer.
     
    Certifications: Comptia A+, N+, MS 70-271, 70-272
    WIP: Being a BILB,

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.