View Full Version : winsock/ndetect error (WME)
firebird0273
08-20-2002, 09:31 AM
when i boot up, after i log on to my network, the blue screen comes up and says i have an error in winsock2(1) and after that i get an error message telling me ndetect has caused an error in kernel32.dll i have no i dea what could cause this, it worked fine until i unplugged everything and moved it. if anyone has any ideas please help.
TonyKlein
08-20-2002, 09:50 AM
Your Ndetect error probably relates either to a timing conflict implicating the Norton LiveUpdate server, or to ICQ.
Here's an article:
<a target="_blank" href=http://service2.symantec.com/SUPPORT/sharedtech.nsf/docid/2000100918055406>Error: "NDETECT (or AUPDATE or LUCOMSERVER, or CONNECT) caused an invalid page fault in KERNEL32.DLL" when you start Windows </a>
And what is the EXACT text of your winsock2 error?
Also please do this:
Download StartLog.com from this site: <a target="_blank" href=http://home.earthlink.net/~rmbox/Reticulated/Only_IE.html>http://home.earthlink.net/~rmbox/Reticulated/Only_IE.html</a>
Doubleclick it, and it will generate a text file on your desktop that will list all the applications that start in the many places when you start Windows.
We don't need to see StubPath.txt, just Startup.Log
Just go to 'Edit/select all', then copy, and paste the whole thing into your reply.
firebird0273
08-20-2002, 11:25 AM
I don't remember exactly what the error said, i'll post it as soon as it comes up again.
---------- C:\WINDOWS\desktop\StartUp.Log
Start-Ups checked at 08-20-2002 2:21:34.83p
__________________________________________________ ________________________
__________________________________________________ ________________________
StartUp Log for Windows 95/98 - Freeware by rmbox
__________________________________________________ ________________________
__________________________________________________ ________________________
Comments:
This is a log of all the programs on your computer that
are starting automatically every time you start Windows.
Using this log can be a quick way to spot trojans.
StartUp Log (version 1.56) - Release Date 3/11/2002
__________________________________________________ ________________________
__________________________________________________ ________________________
StartUp Log Index
1. HKLM Run
2. HKCU Run
3. HKLM RunOnce
4. HKCU RunOnce
5. HKLM RunServices
6. HKLM RunServicesOnce
7. WIN.INI file
8. SYSTEM.INI file
9. AUTOEXEC.BAT file
10. StartUp folder
11. All Users StartUp
12. Misc. StartUp Configurations
__________________________________________________ ________________________
__________________________________________________ ________________________
The following is a list of your current Start-Ups
__________________________________________________ ________________________
__________________________________________________ ________________________
1. HKLM Run - Registry
[RegPath]
"StartUp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s"
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"Hidserv"="Hidserv.exe run"
"CPQEASYACC"="C:\\Program Files\\Compaq\\Easy Access Button Support\\cpqeadm.exe"
"EACLEAN"="C:\\Program Files\\Compaq\\Easy Access Button Support\\eaclean.exe"
"CPQInet"="c:\\compaq\\CPQInet\\CpqInet.exe"
"Digital Dashboard"="C:\\Program Files\\Compaq\\Digital Dashboard\\DevGulp.exe"
"Service Connection"="c:\\cpqs\\bwtools\\sccenter.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"EM_EXEC"="C:\\PROGRA~1\\LOGITECH\\MOUSEW~1\\SYSTEM\\EM_EXEC. EXE"
"CpqBootPerfDb"="C:\\Cpqs\\Scom\\CpqBootPerfDb.exe"
"VortexTray"="C:\\WINDOWS\\au30setp.exe 3"
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\NORTON~1\\NAVAPW32.EXE"
"Adaptec DirectCD"="C:\\ADAPTEC\\DIRECTCD\\DIRECTCD.EXE"
"ComcastSUPPORT"="C:\\Program Files\\Support.com\\bin\\tgkill.exe /cleaneahtioga /start"
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"nwiz"="nwiz.exe /install"
"wcmdmgr"="C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -launch"
"AUXXTRAY"="au30setp.exe 3"
"MovieNetworks"="\"C:\\Program Files\\MovieNetworks\\MovieNetworks.exe\" /H"
"QD FastAndSafe"=""
"NPROTECT"="C:\\Program Files\\Norton SystemWorks\\Norton Utilities\\NPROTECT.EXE"
"Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"WinampAgent"="\"C:\\Winamp3\\winampa.exe\""
"DU Meter"="C:\\PROGRAM FILES\\DU METER\\DUMETER.EXE"
"IncrediMail"="C:\\INCRED~1\\bin\\IncrediMail.exe /c"
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime"
"CreateCD"="C:\\ADAPTEC\\EASYCD~1\\CREATECD\\CREATECD.EXE -r"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
================================================== ========================
__________________________________________________ ________________________
2. HKCU Run - Registry
[RegPath]
"StartUp"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"WindowBlinds"="C:\\Object Desktop\\WindowBlinds\\wbload.exe auto"
================================================== ========================
__________________________________________________ ________________________
3. HKLM RunOnce - Registry
[RegPath]
"StartUp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
================================================== ========================
__________________________________________________ ________________________
4. HKCU RunOnce - Registry
[RegPath]
"StartUp"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce]
"QRIA"=dword:00000000
================================================== ========================
__________________________________________________ ________________________
5. HKLM RunServices - Registry
[RegPath]
"StartUp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"SchedulingAgent"="mstask.exe"
"*StateMgr"="C:\\WINDOWS\\System\\Restore\\StateMgr.exe"
"ScriptBlocking"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Script Blocking\\SBServ.exe\" -reg"
"CSINJECT.EXE"="C:\\Program Files\\Norton SystemWorks\\Norton CleanSweep\\CSINJECT.EXE"
"SymTray - Norton SystemWorks"="C:\\Program Files\\Common Files\\Symantec Shared\\SymTray.exe \"Norton SystemWorks\""
================================================== ========================
__________________________________________________ ________________________
6. HKLM RunServicesOnce - Registry
[RegPath]
"StartUp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce]
================================================== ========================
__________________________________________________ ________________________
7. WIN.INI File - (c:\windows\win.ini)
Your win.ini run/load lines should look like run= and load= exclusively.
There should be nothing to the right of the equal signs.
These are the run and load lines in your WIN.INI file
run=
load=
================================================== ========================
__________________________________________________ ________________________
8. SYSTEM.INI File - (c:\windows\system.ini)
Your system.ini shell line should look like shell=Explorer.exe exclusively.
You should only see Explorer.exe following the equal sign.
This is the shell line in your SYSTEM.INI file
shell=Explorer.exe
================================================== ========================
__________________________________________________ ________________________
9. AUTOEXEC.BAT File - (c:\autoexec.bat)
(Some trojans have been known to start from this file)
These are your program startups and set paths in your autoexec.bat file
LH C:\WINDOWS\AU30DOS.COM
SET BLASTER = A220 I7 D3 T4
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP
================================================== ========================
__________________________________________________ ________________________
10. StartUp Folder - (c:\windows\start menu\programs\startup)
Shortcuts to any program will automatically start when placed here.
These are the shortcuts located in your StartUp folder
C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\Adobe Gamma Loader.exe.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\SHOUTcast DNAS (GUI).lnk
================================================== ========================
__________________________________________________ ________________________
11. All Users Folder - (c:\windows\all users\start menu\programs\startup)
Shortcuts to any program will automatically start when placed here.
These are the shortcuts located in your All Users StartUp folder
C:\WINDOWS\All Users\Start Menu\Programs\StartUp\Kontiki.lnk
================================================== ========================
__________________________________________________ ________________________
12. Miscellaneous StartUp Configurations
-============================-
Registry StartUp Directories
-============================-
Should show the Start Menu StartUp and All Users StartUp directories
.................................................. ...................
[1] HKCU - Shell Folders
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Shell Folders
"Startup"="C:\\WINDOWS\\Start Menu\\Programs\\StartUp"
.................................................. ...................
[2] HKCU - User Shell Folders
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\User Shell Folders
.................................................. ...................
[3] HKLM - Shell Folders
HKLM\Software\Microsoft\Windows\CurrentVersion\exp lorer\Shell Folders
"Common Startup"="C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp"
.................................................. ...................
[4] HKLM - User Shell Folders
HKLM\Software\Microsoft\Windows\CurrentVersion\exp lorer\User Shell Folders
.................................................. ...................
-=======================-
Registry Shell Spawning
-=======================-
Open Commands for Executable File Types
@="\"%1\" %*"
(.exe file - RegPath = HKCR\exefile\shell\open\command)
@="\"%1\" %*"
(.com file - RegPath = HKCR\comfile\shell\open\command)
@="\"%1\" /S \"%3\""
(.scr file - RegPath = HKCR\scrfile\shell\open\command)
@="\"%1\" %*"
(.bat file - RegPath = HKCR\batfile\shell\open\command)
@="\"%1\" %*"
(.pif file - RegPath = HKCR\piffile\shell\open\command)
@="C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \"%1\" %*"
(.hta file - RegPath = HKCR\htafile\shell\open\command)
-=========================-
HKLM RunOnceEx - Registry
-=========================-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnceEx]
-=========================-
HKU (.Default) Run - Registry
-=========================-
[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Run]
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"WindowBlinds"="C:\\Object Desktop\\WindowBlinds\\wbload.exe auto"
-==============================-
HKU (.Default) RunOnce - Registry
-==============================-
[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"QRIA"=dword:00000000
-================================-
StubPaths - Registry (Partial Listing)
-================================-
(Please see the StubPath.txt on your desktop for complete listing)
HKLM\Software\Microsoft\Active Setup\Installed Components
"StubPath"="C:\\WINDOWS\\msnmgsr1.exe"
"StubPath"="C:\\WINDOWS\\COMMAND\\sulfnbk.exe /L"
"StubPath"=""
"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:WIN9X /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:WIN9X /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"StubPath"="C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl"
"StubPath"="C:\\WINDOWS\\SYSTEM\\ie4uinit.exe"
-=================-
WINSTART.BAT File - (c:\windows\winstart.bat)
-=================-
@C:\WINDOWS\tmpcpyis.bat
-=================-
DOSSTART.BAT File - (c:\windows\dosstart.bat)
-=================-
LH AU30DOS.COM
@echo off
-=================-
WININIT.BAK File - (c:\windows\wininit.bak)
(name) (type) (size)(modified)(time)
wininit bak 305 08-20-02 6:16a
-=================-
[rename]
C:\WINDOWS\APPLIC~1\SUPPORT.COM\PROFILES\DEFAULT\{ COMCA~1\LOGS\JOBS.LOG=C:\WINDOWS\APPLIC~1\SUPPORT. COM\PROFILES\DEFAULT\{COMCA~1\LOGS\_TUF032.TMP
C:\WINDOWS\APPLIC~1\SUPPORT.COM\PROFILES\DEFAULT\{ COMCA~1\LOGS\JOBS.LOG=C:\WINDOWS\APPLIC~1\SUPPORT. COM\PROFILES\DEFAULT\{COMCA~1\LOGS\_TU2F5.TMP
-=====================-
Screen Saver Settings (Possible system.ini start-up)
-=====================-
SCRNSAVE.EXE=C:\WINDOWS\LAVASA~1.SCR
================================================== ========================
__________________________________________________ ________________________
- Supplemental Environment Information -
BLASTER = A220 I7 D3 T4
COMSPEC=C:\WINDOWS\COMMAND.COM
PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
TEMP=C:\WINDOWS\TEMP
TMP=C:\WINDOWS\TEMP
winbootdir=C:\WINDOWS
windir=C:\WINDOWS
File - c:\windows\Wininit.bak
File - c:\windows\deletefi.ini
================================================== ========================
__________________________________________________ ________________________
- End -
TonyKlein
08-20-2002, 12:18 PM
Go to Start > Run > Msconfig, and uncheck the following items on the Startup tab:
Service Connection, CpqBootPerfDb, ComcastSUPPORT (also uninstall in Add-Remove Software), wcmdmgr, MovieNetworks (foistware), QuickTime Task, Adobe Gamma Loader.
Click OK, close Msconfig, and reboot.
Next, download and install Refupdate Utility (http://www.wyvernworks.com/Lavasoft/aaw.exe>Ad-Aware</a>).
This utility searches for, downloads and automatically installs the latest AAW reffile (the spyware definitions, so to speak).
Run the refupdate.exe installation file, and once installed, go to Start Menu>Programs, find the Lavasoft Refupdate entry and run it.
Click connect; it will open a connection to the internet to check and update the current signature file.
When that's completed open Ad-aware, look at the bottom left corner, it should now say "Signature file in use: "038-16.08.2002".
Then have your drives and registry scanned for spyware, check all found files and reg keys, hit 'backup', then click continue, and have them all removed.
Reboot one last time.
Good luck, Tony
TonyKlein
08-20-2002, 12:23 PM
And the Nprotect error turns out to relate to Norton Antivirus,
So please follow the advice in the Symantec KB article I posted.
firebird0273
08-20-2002, 01:38 PM
thank you so much tony, that fixed my problem completely. couldn't have done it without your help.
TonyKlein
08-20-2002, 01:43 PM
Great! :) That went even more smoothly than expected.
Must've been one of these applications we disabled trying to phone out at Startup.
Glad to hear everything's well now.
Hally
08-20-2002, 04:42 PM
Good One Tony! I like the sound of the diagnostic utility <font color=blue>"Startlog.com"</font color=blue> that you advised Firebird0273 to download & I'm going to DL it myself, it sounds like a very good utility to have. Thank You Tony!
<font color=purple>>>Hally<<
>>>/images/forums/icons/laugh.gif<<<</font color=purple>
TonyKlein
08-20-2002, 08:34 PM
Yep, it's very practical if you want to see what's going on on your or anyone else's machine.
Too bad it only works on Win 95, 98, and ME.
Hopefully there will soon be a version covering NT, 2000 and XP as well.
Hally
08-20-2002, 11:27 PM
Hi Tony! sorry to bother you I just DL the startlog.com & when I double click it nothing happens. . . zilch. . . any idea whats wrong ?. . . Thanks mate
<font color=purple>>>Hally<<
>>>/images/forums/icons/laugh.gif<<<</font color=purple>
TonyKlein
08-20-2002, 11:48 PM
Are you running either Win 95, 98, or ME?
If so, it should work.
Hally
08-20-2002, 11:55 PM
I'm running 98SE it should be ok I'll re-down load it & try again. . Thanks Tony /images/forums/icons/smile.gif
<font color=purple>>>Hally<<
>>>/images/forums/icons/laugh.gif<<<</font color=purple>
Hally
08-21-2002, 02:32 PM
Howdy Tony a major breakthrough that you may or may be aware of after downloading the Startlog.com it won't work, so I was thinking it should be an executable file I changed it to Startlog.exe then it chaged to a proper icon I just knew that it would work & presto /images/forums/icons/smile.gif it did. There is no mention that you have to change its extention from *.com to *.exe but thats exactly what is needed or else it won't work as I found out. I'm excited that I fixed it myself, I'm learning!
Thanks for letting us know about that great utility Tony!
<font color=purple>>>Hally<<
>>>/images/forums/icons/laugh.gif<<<</font color=purple>
TonyKlein
08-21-2002, 02:43 PM
Good thinking, Hally.
However, doubleclicking the *.comfile ought to have exactly the same effect, which in turn means that your *.comfile associations might be slightly mixed up.
Could you export HKEY_CLASSES_ROOT\comfile, and show us what it looks like, please?
Hally
08-21-2002, 02:53 PM
Good one Tony! I didn't know about this extention. Here's my comfile registry entry, thanks so much for finding this little problem
-------------------------------------------------------------
<font color=blue>REGEDIT4
[HKEY_CLASSES_ROOT\comfile]
@="MS-DOS Application"
"EditFlags"=hex:d8,07,00,00
[HKEY_CLASSES_ROOT\comfile\shellex]
[HKEY_CLASSES_ROOT\comfile\shellex\PropertySheetHan dlers]
[HKEY_CLASSES_ROOT\comfile\shellex\PropertySheetHan dlers\{86F19A00-42A0-1069-A2E9-08002B30309D}]
@=""
[HKEY_CLASSES_ROOT\comfile\shellex\ContextMenuHandl ers]
[HKEY_CLASSES_ROOT\comfile\DefaultIcon]
@="C:\\WINDOWS\\SYSTEM\\shell32.dll,2"
</font color=blue>
-------------------------------------------------------------------
<font color=purple>>>Hally<<
>>>/images/forums/icons/laugh.gif<<<</font color=purple>
TonyKlein
08-21-2002, 03:04 PM
Hally',
You seem to be missing the Shell subkey.
Import this one; it ought to be there:
REGEDIT4
[HKEY_CLASSES_ROOT\comfile\shell]
@=""
[HKEY_CLASSES_ROOT\comfile\shell\open]
@=""
"EditFlags"=hex:00,00,00,00
[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"
Save as Com.reg, doubleclick to enter into the Registry, and reboot.
See whether Startlog.com will now work.
Hally
08-21-2002, 03:35 PM
Hi Tony! you've done it yippee! I did your save as Comfile.reg then double clicked it to merge into registry, then I changed the *.exe extention back to *.com to test it out. Then I D\Clicked it & <font color=blue>Presto</font color=blue> Tony it opened as it should of the first time. I'm happy /images/forums/icons/wink.gif about that. . . now it's fixed & a huge thanks to you mate
<font color=purple>>>Hally<<
>>>/images/forums/icons/laugh.gif<<<</font color=purple>
TonyKlein
08-21-2002, 03:40 PM
Pleasure! /images/forums/icons/laugh.gif
Tony & Hally,
This afternoon I've been reading to catch up on everything I missed while I was away. I like to read every thread to check for information which might apply to my own system. After I read these postings between the two of you, I checked my own registry.
Most of my entries are identical to yours, Hally, but this one is missing:
[HKEY_CLASSES_ROOT\comfile\shellex\ContextMenuHandl ers]
In addition, there's an extra entry in mine that I don't see in yours:
[HKEY_CLASSES_ROOT\comfile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"
Does anything need to be added/removed/changed in my registry?
TIA for your help.
Nana /images/forums/icons/smile.gif
TonyKlein
08-22-2002, 10:57 AM
Nana,
The Shell subkey is essential, because it contains the Open\Command subkey, which determines what happens when you doubleclick a file of that type.
Other than that, there are always differences.
For example, I have the ContextMenuHandlers subkey as well, but it is empty, and on the other hand I don't have Shellex\dropHandler.
As a matter of fact I don't have the {86C86720-42A0-1069-A2E8-08002B30309D} CLSID at all.
I wouldn't worry too much about it.
Tony,
Thanks for the information. I will leave well enough alone.
Nana /images/forums/icons/smile.gif
Powered by vBulletin™ Version 4.1.0 Copyright © 2012 vBulletin Solutions, Inc. All rights reserved.