MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 08-12-10, 21:06
TonyMinorGeek TonyMinorGeek is offline
Private E-2
 
Join Date: Apr 2008
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Internet connection (winsock) problems

Problems started a couple days ago when Firefox started being unable to load web pages. I tried IE and it had the same problem. Diagnose Connection Problems told me

Windows has detected a problem with the Winsock provider catalog on this computer...

I let IE do it's fix and rebooted. Firefox and IE worked for about a day. But problems came back.

Symptoms are: after a reboot, Firefox can load one or two web pages and then it seems Winsock is messed up again. IE always comes up with the same diagnosis (Winsock catalog problem).

I downloaded WinsockxpFix.exe and ran it. That worked for a few minutes, but not much longer. So I did a complete scan with Norton AV...of course, it found nothing. I also ran MBAM and it found nothing.

So I came here and started the detailed cleaning procedure. I did the Read & Run Me First. I then ran the five tools/scans. Four logs are attached. This is the RootRepeal log:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/08/12 20:00
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------



I also ran the SUPERAntiSpyware Repair broken Network Connection (WinSock LSP Chain)

Nothing seems to have been able to fix the Firefox/IE connection problems.

Do the logs indicate virus/malware/etc?
Attached Files
File Type: txt SASlog.txt (1.7 KB, 3 views)
File Type: txt mbam-log-2010-08-12 (00-20-47).txt (895 Bytes, 2 views)
File Type: txt combo log.txt (20.6 KB, 3 views)
File Type: zip MGlogs.zip (130.0 KB, 3 views)
Reply With Quote
Sponsored links
  #2  
Old 08-13-10, 09:12
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,257
Thanks: 875
Thanked 3,550 Times in 3,469 Posts
Default Re: Internet connection (winsock) problems

You should not have quite so many users with admin priveleges all on one machine!

Quote:
Users on this computer:
Is Admin? | Username
------------------


Yes | Jeremy
Yes | Jeremy2
Yes | Just School
Yes | Mary
Yes | Owner

Yes | Tony
Yes | Z

Hmmm, I am not seeing much to do.

Now we need to use ComboFix
  • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    • If it is not on your Desktop, the below will not work.
  • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
  • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
  • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
Code:
KILLALL::

DirLook::
C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
C:\WINDOWS\system32\drivers\etc\services
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File::
c:\windows\isRS-000.tmp
  • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
  • Now use your mouse to drag CFscript.txt on top of ComboFix.exe



  • Follow the prompts.
  • When it finishes, a log will be produced named c:\combofix.txt
  • I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Click Start, Run, and enter
Code:
 ipconfig /flushdns
and click OK!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

What happens when you boot into safe mode with networking? Same troubles or not?
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #3  
Old 08-13-10, 18:13
TonyMinorGeek TonyMinorGeek is offline
Private E-2
 
Join Date: Apr 2008
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Internet connection (winsock) problems

Quote:
Originally Posted by Kestrel13! View Post
You should not have quite so many users with admin priveleges all on one machine!

Hmmm, I am not seeing much to do.

What happens when you boot into safe mode with networking? Same troubles or not?
Yes, I agree about the admin stuff. But my wife/sons won the previous battle on that one. I removed admin for now except for my account.

Attached are the logs.

Unfortunately, the problem is not completely consistent. After applying all fixes last night, the problem persisted for me (on my account), even after reboot. After booting this morning though, my wife was able to use firefox all day successfully (on her account, Mary). And I am using Firefox right now on this computer to post this (my account). So it is essentially working properly at the moment. I will try a couple reboots, plus booting in safe mode and report back.

I noticed combofix cleaning up PriceGong files. Is this malware I should try to uninstall? There seems to be mixed comments on the net whether or not this is malware.

Many thanks so far for your help!
Attached Files
File Type: txt ComboFix.txt (24.9 KB, 5 views)
File Type: zip MGlogs.zip (131.2 KB, 2 views)
Reply With Quote
  #4  
Old 08-13-10, 18:50
TonyMinorGeek TonyMinorGeek is offline
Private E-2
 
Join Date: Apr 2008
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Internet connection (winsock) problems

OK, a half-hour of testing, rebooting, etc. and the internet connection seems to be stable for now. Rebooting in safe mode worked also. If I have winsock problems again, I'll try in safe mode and report any differences.

Do the logs look clean?

If the problem reappears, what logs should I run when I report?

Thanks again!
Reply With Quote
  #5  
Old 08-14-10, 06:55
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,257
Thanks: 875
Thanked 3,550 Times in 3,469 Posts
Default Re: Internet connection (winsock) problems

Quote:
I noticed combofix cleaning up PriceGong files. Is this malware I should try to uninstall?
It is not currently installed, what combofix took out was remnants. Was it something you installed yourself?
I see it was available at one time as a firefox add on but it not compatible with the latest version. I would say it's more just crap than malware but if you did not install it intentionally yourself then it's for the best it's been dealt with by CF.


Quote:
Do the logs look clean?
Yes.

Quote:
If the problem reappears, what logs should I run when I report?
Your best course of action would be to hit up the software forum if the issue arises again.

Safe surfing!

If you are not having any other malware problems, it is time to do our final steps:
  1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
  2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
    • "%userprofile%\Desktop\combofix" /uninstall
      • Notes: The space between the combofix" and the /uninstall, it must be there.
      • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
  3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
  4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
  5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
  6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
  7. Go to add/remove programs and uninstall HijackThis.
  8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
    related to MGtools and some other items from our cleaning procedures.
  9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning procedures pointed to by step 7 of the READ ME
      for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
  10. After doing the above, you should work thru the below link:
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
Sponsored links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
HELP...Internet connection problems, browser problems. HiJackThis and RSIT reports. neogreg Malware Removal 1 12-04-08 00:58
Internet connection problems paul leeds Software 3 06-19-06 13:13
No internet connection and other problems!! leebert Malware Removal 23 03-02-06 10:45
internet connection problems drummerjohn Software 2 10-27-05 14:13
new spyware disables internet via winsock oficespacegrl Hardware 8 09-20-04 14:39


All times are GMT -5. The time now is 06:35.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger