::) OK I admit it is probably my fault. I've got S&D on my computer and been runnig fine with it for ages ... so yesterday deciding to be clever I've been playing around with the settings and now I cannot MSN gaming zone to work.

The pages load up ok but a couple of things on side bars don't ... I'm assuming that S&D is blocking them via the 'immunize' option.

If this is the cast, is there anyway I can unblock only what is needed for this particular site but leave others in place, if you get my drift ... can I select what i want to immunize? or is simply a case of having undo all of it if I want to continue using this site?

Hi castlegrice,

Did you try to disable the Immunize completely and thus check if that is indeed what is blocking you?

Regards,

Pieter

:-[ doh! ... don't i feel silly, I clicked 'undo' and its made no difference at all! back the drawing board on this one then I suppose :-\

Hi castlegrice,

There is a very popular hijack at the moment that redirects some msn sites using the hosts file.
You could check what is in there by using this program:
http://members.shaw.ca/techcd/VB_Projects/HostsFileReader.exe

Regards,

Pieter

That is just showing me a blank screen ... should I be worried ??? ;D

-{ Quote: " quoting: castlegrice link=board=34;threadid=14404;start=0#msg90903 date=1064919168]
That is just showing me a blank screen ... should I be worried ??? ;D
" }-

Even after you click "Read Hosts File" ?

No reason to worry though. We'll try something else.
Please go to http://www.tomcoyote.org/hjt/, and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log as a .txt file, and copy and paste its contents into your next post.

Most of what it lists will be harmless, so do not fix anything yet.

Regards,

Pieter

Yeah - I clicked on read host file and it shows me nothing ... don't ask me what I've done but ;D ;D I'll be honest here and say that most of my problems are down to user error :P I'm a bit of a pratt ...



Logfile of HijackThis v1.97.2
Scan saved at 12:03:58, on 30/09/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\qttask.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\PROGRA~1\McAfee.com\Agent\MCAGENT.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MSNGAM~1\zone.exe
C:\Documents and Settings\Lorraine Castledine\Local Settings\Temporary Internet Files\Content.IE5\JY87J1WD\HostsFileReader[1].exe
C:\Documents and Settings\Lorraine Castledine\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dixons.co.uk/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe" /EMBEDDING
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\MCAGENT.EXE
O4 - Startup: Update WinBMD.lnk = C:\Program Files\WinBMD\WiseUpdt.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dixons.co.uk/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4280/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

No complaints here. I like a clean log from time to time. :)

You could try to remove this one:
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

and reinstall the Zone software: http://zone.msn.com/services/install.asp

as described here: http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q241/2/00.asp&NoWebContent=1

Note: fixing the O16 line above with HijackThis has the same effect as the procedure "225041 Zone: How to Remove the Heartbeat ActiveX Control"

HTH,

Pieter

;D nice to see my log is clean for a change ;D

Thanks ... although I think its probably a case of a little knowledge in the wrong hands ... I bet I've cocked it up somehow ... now its just a matter of remebering what i've been doing ...

I'll have a go at the things you suggested and let you know what happens.

:( made no difference, when I click on a 'lobby' it tells me wait for the page to finish loading before clicking even though the page has finished ages ago, the little boxes with - action cancelled - are still on the side bar.

My host file reader is still showing nothing in it ... I'm guessing that is Ok seeing as my log is clean??

I shall go and trawl the MSN help pages see what I can find.

Thanks you for all your help Pieter :)

It could be that you don't have a hosts file.
You can check yourself, the path for XP is c:\windows\system32\drivers\etc\hosts
The file itself has no extension, but you can open it in notepad.

Regards,

Pieter

I just checked that and it I find two host files (one in back up) ... however, when I open it with note pad - that too is blank ... I must be empty

If it's empty, then nothing bad is hiding. :D

Sorry to keeo bugging you :-[ but .... seeing as its the advertisements that are failing to load on the page ... would be that S&D had removed the advertisement robots needed to run this site??

I have uninstalled and reinstalled the msn gaming zone and its stilll the same. I have also followed all their online help instructions re: security setting and unchecking 'read only' host files ... I don't know ... do you reckon I've spybotted an advert robot? can I get it back ... I assumed that a reinstallatin would have done that :-\

Reinstalling the program should have solved that.
I don't see any other adblockers except maybe your firewall.
Did you change any settings in there?

Regards,

Pieter

:D ;D :) :D ;D :) you're a genius .....

I'd blocked IP address 12.158.80.10 for some reason that I cannot remember, I've just unblocked that and its worked fine

Hey, you did that all by yourself, so guess who's the genius. :)

Nice to see you registered.

Regards,

Pieter

;) Found it!

I blocked two IP addresses (12.158.80.10 & 64.94.110.11) after reading last weeks spyware weekly newsletter, unblocking these seems to have solved the problem ....

so, seeing as it wasn't owt to do with the immunisation options on S&D ... should I take another shot at them??

What do you reckon?

Hi castlegrice,

Since we are using Javacool's forum, why not go for the real stuff (as recommended by Spybot): http://www.javacoolsoftware.com/spywareblaster.html

Regards,

Pieter

oops, sorry I didn't realise I was using the wrong forum!

Anyway, I'm off for a lie down this thing is giving me a headache ... my daughter has just come home from school and tried to go on the site and the same thing is happening!!! >:(

I swear it worked OK and hour or so ago :-[ I'll have to have a rethink later

bye

Ok - this thing is bugging me ... I shan't be able to sleep tonight if I leave it.

I've uninstalled and reinstalled the 'msnzone' again. The first time I tried to get on afterwards I got this message 'a connection to the games server could not be established. a socket operation encountered a dead network'. :)

Following that I have not been able to get on the page - its gone back to sayigng that I have to wait for the page to finish loading before I click on a lobby.

The kids will not confess to going on anything untoward, but was wondering would the GRC 'DCOMbobulator' has shut down the very thing that this zone is looking for? 'cos I was looking at that last night :-[

BTW - hubby's been on ebay, it loads and browses OK but the adverts are not workign on there which is no bad thing but I'm assuming it is caused by the same problem as we're getting on MSNzone

Hi castlegrice,

The fact that you were able to solve it by going through your firewall settings, makes me believe that yopur problem is related to your firewall settings, so I'm moving this thread there.
There are some real wizards to be found there that may be able to help you out.

Regards,

Pieter

Hello

You must think Im seriously stupid! Ive just discovered that there is a s&d forum so Ive been hassling the wrong people all along ... Im so sorry, I don't know how I came to be in the wrong place ... did I ought to move my questions over there?

Anyway I tried again this morning and the results were the same as before ... a couple adverts saying action cancelled therefore the page shows itself as not finished downloading.

Anyhow, I don't know whether Ive done the right thing :-[ but here what Ive done. Ive ... disk cleaned, scan disked, set all my internet options in tool menu back to default, checked my firewall which is not blocking any IP addresses that I can see and Ive uninstalled S&D. rebooted and nothing has changed ...

Any ideas?

Hi castlegrice,

This is a bit of a long shot, but could you search your computer for the file called hosts. It could be in a different location then I expected.

Regards,

Pieter

hosts - system32/drivers/etc 303kb - that the one? if I open it with notepad it shows a blank page

Like I said. A long shot. Yours is in the correct place.

Hang on. 303 kb and it's empty? No way. :o
Could you rename that file to hosts.backup and then try again?


Regards,

Pieter

there is one called - hosts.20030929-134715.backup size 1kb in the same place.#

opened with notepad it shows nothing also.



There is also host file in C:\windows\I386 size 1kb

OK - is this what you were looking for? found this inthe I386 file ....


# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

Hi castlegrice,

Yup, that's the original. Delete that funny empty one and put a copy of this one in it's place.

I was wondering. I'm not familiar with the McAfee firewall, but is there an option to "Allow all traffic" ?
Only for a very short period, so you can test if that is blocking anything.

Regards,

Pieter

OK - thanks ... I have 'allowed all traffic' with the firewall, but I'm embarrassed to say I have no idea how to copy the file in I386 over to the system32 ... do I copy and paste or do I need to drag it somehow ? ::)

Hi castlegrice,

I think copy & paste would be better, because you would have the original still in the I386 folder.
Rightclick the file in the I386 folder, choose copy, navigate to the etc folder, rightclick on an empty space there and choose paste.
If the old one is still there Windows will prompt you if it is OK to replace it.
In that case say it's OK.

Regards,

Pieter

done that - and Ive opened it with notepad and its all now in there too ... I'm guessing that this is good??
;)

Pieter

Been and tried out the website that was causign the problem and it seems to be working fine ... turned my firewall filter back on .. everything is still working fine.

So was this caused by the empty host file in system32? Do you know how I managed to empty it 'cos I'd rather not put you through all this messing again ;)

Yup. Stage 1 completed. :)

Any luck one the gaming zone?

Regards,

Pieter

yes sorry that's what I meant .. the gaming zone is now working ok - i've tried it half a dozen time in the last ten minutes and no problems what so ever ( eldest daughter will be very happy ::))

I'm just concerned as to why I'd got the problem in the first place ... obviously something had been messed up I just wondered what it was so I'd know not to touch it again!

Cricky - just got a synport attack this end as well ... good job I'd just turned firewall back on 8)

-{ Quote: " quoting: castlegrice link=board=23;threadid=14404;start=30#msg91140 date=1065007249]
So was this caused by the empty host file in system32? Do you know how I managed to empty it 'cos I'd rather not put you through all this messing again ;)
" }-

Sorry, our posts crossed. I'm glad it's working again. I hope it stays that way.
In Spybot S&D under Immunize there is a chckbox to make your hosts file read only.
Check that to avoid it being changed.

Do you still have a copy of that 303 kb empty hosts file? (The backup you made?)
If you could mail that to the email-address in my profile.
I'll see if I can find out what's wrong with it.

Regards,

Pieter

I think Ive just emailed you the right file ... but I think you realise how crap Iam at working my computer ;)

I shall tick the host files read only box and keep my fingers crossed 'cos that was one of the things I did before ...

Thank you so much for your patience ... if you lived a bit nearer I'd buy you a pint or three ;D ;D ;D ;D

-{ Quote: " quoting: castlegrice link=board=23;threadid=14404;start=30#msg91151 date=1065011259]
Thank you so much ...
" }-

You're welcome. :)

Ticked the box and everything is a.ok .... I don't what I had done but it seems to be alright now ... if I see anything that is concerning host files I shall leave well alone in future.

Thanks ... I tell you come and see RobinHood and I'll show you some great pubs ;)