msn - gaming zone

Discussion in 'other firewalls' started by castlegrice, Sep 30, 2003.

Thread Status:
Not open for further replies.
  1. castlegrice

    castlegrice Guest

    :rolleyes: OK I admit it is probably my fault. I've got S&D on my computer and been runnig fine with it for ages ... so yesterday deciding to be clever I've been playing around with the settings and now I cannot MSN gaming zone to work.

    The pages load up ok but a couple of things on side bars don't ... I'm assuming that S&D is blocking them via the 'immunize' option.

    If this is the cast, is there anyway I can unblock only what is needed for this particular site but leave others in place, if you get my drift ... can I select what i want to immunize? or is simply a case of having undo all of it if I want to continue using this site?
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi castlegrice,

    Did you try to disable the Immunize completely and thus check if that is indeed what is blocking you?

    Regards,

    Pieter
     
  3. castlegrice

    castlegrice Guest

    :oops: doh! ... don't i feel silly, I clicked 'undo' and its made no difference at all! back the drawing board on this one then I suppose :doubt:
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi castlegrice,

    There is a very popular hijack at the moment that redirects some msn sites using the hosts file.
    You could check what is in there by using this program:
    http://members.shaw.ca/techcd/VB_Projects/HostsFileReader.exe

    Regards,

    Pieter
     
  5. castlegrice

    castlegrice Guest

    That is just showing me a blank screen ... should I be worried o_O :D
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Even after you click "Read Hosts File" ?

    No reason to worry though. We'll try something else.
    Please go to http://www.tomcoyote.org/hjt/, and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log as a .txt file, and copy and paste its contents into your next post.

    Most of what it lists will be harmless, so do not fix anything yet.

    Regards,

    Pieter
     
  7. castlegrice

    castlegrice Guest

    Yeah - I clicked on read host file and it shows me nothing ... don't ask me what I've done but :D :D I'll be honest here and say that most of my problems are down to user error :p I'm a bit of a pratt ...



    Logfile of HijackThis v1.97.2
    Scan saved at 12:03:58, on 30/09/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\qttask.exe
    C:\WINDOWS\SOINTGR.EXE
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\PROGRA~1\McAfee.com\Agent\MCAGENT.EXE
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\MSNGAM~1\zone.exe
    C:\Documents and Settings\Lorraine Castledine\Local Settings\Temporary Internet Files\Content.IE5\JY87J1WD\HostsFileReader[1].exe
    C:\Documents and Settings\Lorraine Castledine\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dixons.co.uk/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
    O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
    O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe" /EMBEDDING
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\MCAGENT.EXE
    O4 - Startup: Update WinBMD.lnk = C:\Program Files\WinBMD\WiseUpdt.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.dixons.co.uk/
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4280/mcfscan.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    No complaints here. I like a clean log from time to time. :)

    You could try to remove this one:
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

    and reinstall the Zone software: http://zone.msn.com/services/install.asp

    as described here: http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q241/2/00.asp&NoWebContent=1

    Note: fixing the O16 line above with HijackThis has the same effect as the procedure "225041 Zone: How to Remove the Heartbeat ActiveX Control"

    HTH,

    Pieter
     
  9. castlegrice

    castlegrice Guest

    :D nice to see my log is clean for a change :D

    Thanks ... although I think its probably a case of a little knowledge in the wrong hands ... I bet I've cocked it up somehow ... now its just a matter of remebering what i've been doing ...

    I'll have a go at the things you suggested and let you know what happens.
     
  10. castlegrice

    castlegrice Guest

    :( made no difference, when I click on a 'lobby' it tells me wait for the page to finish loading before clicking even though the page has finished ages ago, the little boxes with - action cancelled - are still on the side bar.

    My host file reader is still showing nothing in it ... I'm guessing that is Ok seeing as my log is clean??

    I shall go and trawl the MSN help pages see what I can find.

    Thanks you for all your help Pieter :)
     
  11. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    It could be that you don't have a hosts file.
    You can check yourself, the path for XP is c:\windows\system32\drivers\etc\hosts
    The file itself has no extension, but you can open it in notepad.

    Regards,

    Pieter
     
  12. castlegrice

    castlegrice Guest

    I just checked that and it I find two host files (one in back up) ... however, when I open it with note pad - that too is blank ... I must be empty
     
  13. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    If it's empty, then nothing bad is hiding. :D
     
  14. castlegrice

    castlegrice Guest

    Sorry to keeo bugging you :oops: but .... seeing as its the advertisements that are failing to load on the page ... would be that S&D had removed the advertisement robots needed to run this site??

    I have uninstalled and reinstalled the msn gaming zone and its stilll the same. I have also followed all their online help instructions re: security setting and unchecking 'read only' host files ... I don't know ... do you reckon I've spybotted an advert robot? can I get it back ... I assumed that a reinstallatin would have done that :doubt:
     
  15. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Reinstalling the program should have solved that.
    I don't see any other adblockers except maybe your firewall.
    Did you change any settings in there?

    Regards,

    Pieter
     
  16. castlegrice

    castlegrice Registered Member

    Joined:
    Sep 30, 2003
    Posts:
    14
    Location:
    Notts, UK
    :D :D :) :D :D :) you're a genius .....

    I'd blocked IP address 12.158.80.10 for some reason that I cannot remember, I've just unblocked that and its worked fine
     
  17. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hey, you did that all by yourself, so guess who's the genius. :)

    Nice to see you registered.

    Regards,

    Pieter
     
  18. castlegrice

    castlegrice Registered Member

    Joined:
    Sep 30, 2003
    Posts:
    14
    Location:
    Notts, UK
    ;) Found it!

    I blocked two IP addresses (12.158.80.10 & 64.94.110.11) after reading last weeks spyware weekly newsletter, unblocking these seems to have solved the problem ....

    so, seeing as it wasn't owt to do with the immunisation options on S&D ... should I take another shot at them??

    What do you reckon?
     
  19. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi castlegrice,

    Since we are using Javacool's forum, why not go for the real stuff (as recommended by Spybot): http://www.javacoolsoftware.com/spywareblaster.html

    Regards,

    Pieter
     
  20. castlegrice

    castlegrice Registered Member

    Joined:
    Sep 30, 2003
    Posts:
    14
    Location:
    Notts, UK
    oops, sorry I didn't realise I was using the wrong forum!

    Anyway, I'm off for a lie down this thing is giving me a headache ... my daughter has just come home from school and tried to go on the site and the same thing is happening!!! :mad:

    I swear it worked OK and hour or so ago :oops: I'll have to have a rethink later

    bye
     
  21. castlegrice

    castlegrice Registered Member

    Joined:
    Sep 30, 2003
    Posts:
    14
    Location:
    Notts, UK
    Ok - this thing is bugging me ... I shan't be able to sleep tonight if I leave it.

    I've uninstalled and reinstalled the 'msnzone' again. The first time I tried to get on afterwards I got this message 'a connection to the games server could not be established. a socket operation encountered a dead network'. :)

    Following that I have not been able to get on the page - its gone back to sayigng that I have to wait for the page to finish loading before I click on a lobby.

    The kids will not confess to going on anything untoward, but was wondering would the GRC 'DCOMbobulator' has shut down the very thing that this zone is looking for? 'cos I was looking at that last night :oops:

    BTW - hubby's been on ebay, it loads and browses OK but the adverts are not workign on there which is no bad thing but I'm assuming it is caused by the same problem as we're getting on MSNzone
     
  22. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi castlegrice,

    The fact that you were able to solve it by going through your firewall settings, makes me believe that yopur problem is related to your firewall settings, so I'm moving this thread there.
    There are some real wizards to be found there that may be able to help you out.

    Regards,

    Pieter
     
  23. castlegrice

    castlegrice Registered Member

    Joined:
    Sep 30, 2003
    Posts:
    14
    Location:
    Notts, UK
    Hello

    You must think Im seriously stupid! Ive just discovered that there is a s&d forum so Ive been hassling the wrong people all along ... Im so sorry, I don't know how I came to be in the wrong place ... did I ought to move my questions over there?

    Anyway I tried again this morning and the results were the same as before ... a couple adverts saying action cancelled therefore the page shows itself as not finished downloading.

    Anyhow, I don't know whether Ive done the right thing :oops: but here what Ive done. Ive ... disk cleaned, scan disked, set all my internet options in tool menu back to default, checked my firewall which is not blocking any IP addresses that I can see and Ive uninstalled S&D. rebooted and nothing has changed ...

    Any ideas?
     
  24. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi castlegrice,

    This is a bit of a long shot, but could you search your computer for the file called hosts. It could be in a different location then I expected.

    Regards,

    Pieter
     
  25. castlegrice

    castlegrice Registered Member

    Joined:
    Sep 30, 2003
    Posts:
    14
    Location:
    Notts, UK
    hosts - system32/drivers/etc 303kb - that the one? if I open it with notepad it shows a blank page
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.