Networking Issues - 'Resolving host' & Genera

April 6, 2010 at 05:50:42
Specs: Windows XP
Hi,

This is a bit of a last resort. I'm running
Windows XP SP3 on a fairly old computer from
around 2006 (3.2ghz, upgraded to 4gb RAM
etc.) I use a Belkin 802.11g wireless card,
connecting to a Linksys WRT54G wireless
router.

A few months ago, I started having odd
connection issues. Nothing new was
installed/uninstalled. Previously, the last thing
uninstalled was a Steam version of M&M:Dark
Messiah, but that was about a week previous.
What would happen is that whilst browsing the
internet (Chrome) the browser would not
connect, saying 'Resolving Host'. When this
was happening, no other browser would work
(they'd just be 'loading'). Other programs would
work (so, League of Legends would work
except for the 'browser' bits such as news,
Google Talk would work). I would have full
signal, packets being sent, and I could always
connect to the router config utility. I looked
around, read a load of stuff about DNS
problems, tried the fixes, with no luck.
Eventually I stumbled across someone who
recommended I turn off UPnP function of my
router. I did so, and things miraculously
worked. No problems at all.

Until last week. Despite the UPnP function
being off, and despite not changing anything
(to my knowledge) my internet has gone crazy
again. It's worse than before. Posting this was
an exercise in frustration - more 'resolving host'
problems. Interestingly, the problem has
spread to other programs - AdAware can't
connect to the server and thus can't run,
apparently; other scanners show no
malware/spyware. Connecting to League of
Legends is much slower - although once I am
in the game, it runs entirely properly - as low a
ping as ever. I've searched around and entirely
failed to find a solution that works. On Chrome
I disabled DNS-pre fetching, and that seemed
to help, for about 2 minutes. Then back to
normal.

I have had ZoneAlarm installed in the past, and
have Avast! running. I recently reinstalled ZA
after the problems restarted to see if that
would change anything, but nothing so far.

Any help? I'm more than willing to provide
extra information - not entirely sure what would
be relevant.

Thanks a lot!


See More: Networking Issues - Resolving host & Genera

Report •


#1
April 6, 2010 at 05:59:55
If you haven't tried anti malware from malwarebytes.org try that first.

If that is clean, run hijack this & post the log.

How do you know when a politician is lying? His mouth is moving.


Report •

#2
April 6, 2010 at 06:00:53
Hi,
Here's the HiJackThis logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55:40, on 06/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program
Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card
Configuration Utility\Belkinwcui.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common
Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Documents and Settings\David\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\David\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-
FA578C2EBDC3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for
Internet Explorer - {3049C3E9-B461-4BC5-8870-
4C09146192CA} - C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-
2D53-2644-206D7942484F} - C:\Program Files\Spybot -
Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-
90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-
4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-
4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-
435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-
BC86-EABFE594F69C} - C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [wltray.exe]
C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program
Files\Common Files\InstallShield\UpdateService\issch.exe" -
start
O4 - HKLM\..\Run: [ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM
.exe -startup
O4 - HKLM\..\Run: [googletalk] C:\Program
Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
/SYNC
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
/SYNC
O4 - HKLM\..\Run: [PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
/IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISW] "C:\Program
Files\CheckPoint\ZAForceField\ForceField.exe"
/icon="hidden"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and
Settings\David\Local Settings\Application
Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless Utility.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program
Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-
8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-
7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-
00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-
58CAB36FD2A2} - C:\Program Files\Spybot - Search &
Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy
Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-
f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP:
c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.directsong.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
(Facebook Photo Uploader 5) -
http://upload.facebook.com/controls...
5.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429}
(ScorchPlugin Class) -
http://www.sibelius.com/download/so...
cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6}
(SimCityX Control) -
http://simcity.ea.com/play/classic/...
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679}
(CRLDownloadWrapper Class) -
http://drmlicense.one.microsoft.com...
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-
C2A9-2B7C-45D29BCE68FB} - C:\Program
Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel
Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} -
C:\Program Files\Stardock\Object
Desktop\DeskScapes\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController -
{EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program
Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) -
ALWIL Software - C:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Audio Engine Licensing Service -
Creative Labs - C:\Program Files\Common Files\Creative Labs
Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative
Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) -
Google Inc. - C:\Program
Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google -
C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) -
NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rapport Management Service
(RapportMgmtService) - Trusteer Ltd. - C:\Program
Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Remote Packet Capture Protocol v.0
(experimental) (rpcapd) - CACE Technologies - C:\Program
Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC
Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check
Point Software Technologies LTD -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service
(wltrysvc) - Unknown owner -
C:\WINDOWS\System32\wltrysvc.exe

---

Any ideas? Thanks!


Report •

#3
April 6, 2010 at 07:54:02
Let me explain what I think is happening. I believe that your PC is infected with a worm that has attatched itself to the C:\windows\ime path. The ime folder is legit but I don't think anything starting with \TINT after it, is valid. Look at the site below. I would delete the entries that I have listed. If for some reason, you don't agree with my assessment, then don't delete them & try combo fix.


http://www.prevx.com/filenames/8987...

C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
/SYNC

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-
90988571CECB} - (no file)

O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
/SYNC

O4 - HKLM\..\Run: [PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
/IMEName

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-
00C0F0318AFE} - (no file)

How do you know when a politician is lying? His mouth is moving.


Report •

Related Solutions

#4
April 6, 2010 at 08:05:25
Or it could be as simple as a dns configuration issue.

Post the results of an ipconfig /all for review


Report •

#5
April 6, 2010 at 09:00:13
Windows IP Configuration

Host Name . . . . . . . . . . . . : DeepThought
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : cable.virginmedia.net

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . : cable.virginmedia.net
Description . . . . . . . . . . . : Belkin 802.11g Network
Adapter
Physical Address. . . . . . . . . : 00-30-BD-9E-6B-E2
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 194.168.4.100
194.168.8.100
Lease Obtained. . . . . . . . . . : 06 April 2010 14:37:06
Lease Expires . . . . . . . . . . : 07 April 2010 14:37:06


Report •

#6
April 6, 2010 at 09:30:40
Your listed dns servers don't look right.

Your dns entry should either be the same as the gateway entry or you should list the isp provided dns servers.

This also appears to be incorrect
cable.virginmedia.net

If I do a ping or nslookup it says domain does not exist.

Both of these entries are coming from your routers dhcp server which appears to be incorrectly configured.

Now if I do a nslookup of virginmedia.com I get
Non-authoritative answer:
Name: virginmedia.com
Address: 212.250.162.12

I would suggest you call your provider and get the correct domain name as well as their dns servers and update your routers dhcp server accordingly.

Though I have found posts listing those dns ips as being virgincable's you have listed. Yet I can not ping them [not surprising since that is private not public ip]

Might try Verizon's dns server at 4.2.2.3
instead.

Another method to detect the correct settings is connect a pc direct to the modem then do a ipconfig /all to note the settings.


Report •

#7
April 6, 2010 at 09:47:14
;; ADDITIONAL SECTION:
ns1.virginmedia.net. 82737 IN A 62.253.162.237
ns2.virginmedia.net. 82744 IN A 194.168.4.237
ns3.virginmedia.net. 82748 IN A 62.253.162.37
ns4.virginmedia.net. 82743 IN A 194.168.4.33

How do you know when a politician is lying? His mouth is moving.


Report •


Ask Question