Solved

corrupt Winsock on Windows 7 blocks Internet

Posted on 2011-09-15
20
1,133 Views
Last Modified: 2012-05-12
Following an automatic Windows update last week this Windows 7 computer no longer can access Internet.  The NIC interface works fine and the PC has full access to the LAN and the servers and devices on the LAN.  This has the look of a corrupt Winsock but my efforts to fix it so far have been unsuccessful.

Here's some details...

*All other PCs on the network access Internet successfully
*problem PC can ping network and network can ping PC.
*problem PC can reach mapped shares on the network.
*pinging www.microsoft.com, www.hotmail.com and www.yahoo.com from PC fails although the ping reports the correct IP address for the targets suggesting DNS is resolving
*have run Microsoft repair wizards for Internet and for Network Connection.  They report Network Connection good but Internet Access fails.  They do not fix the problem.
*Malwarebytes full scan reports NO infections
*Kaspersky root-kit scan reports NO infections
*The Windows update I believe caused this was ... KB2607712

*have run several NETSH commands which supposedly fix Winsock errors, such as ...

netsh int ip reset

... but no success.

*I have tried System Restores going back one week and two weeks.  However after the System Restores I could not log into the domain, getting "The trust relationship between this workstation and primary domain failed."  I then had to crack the local administrator password, log in as same, and return PC to current System Restore to fix the domain login.

At this point I can't think of anything but WINSOCK ERROR causing this problem but I can't get anywhere fixing that.  Before I wipe the drive and reinstall this users' complete system ... Any help?  Thanks!


0
Comment
Question by:dgower
  • 9
  • 6
  • 5
20 Comments
 
LVL 30

Expert Comment

by:ded9
ID: 36544362
Boot the computer in safe mode with networking...if you are able to browse website then the problem is caused by your antivirus software or bad group policies.

If safe mode with networking works then can uninstall security software ...reboot and check.





Ded9
0
 

Author Comment

by:dgower
ID: 36544403
I already tried Safe Mode with Networking and could not browse website.  

I uninstalled Trend Micro.

I will uninstall Malwarebytes as well and try again.

Thanks.
0
 
LVL 30

Expert Comment

by:ded9
ID: 36544410
Did try firefox....might be internet explorer issue.


Ded9
0
 

Author Comment

by:dgower
ID: 36544520
I did try firefox, that also won't browse websites.

However I just remoted to the PC and found that Trend Micro was still on it.  My bad.  I started process to uninstall it.  

However at that point I lost RDP access.  I think the Trend Micro uninstall turned the Windows Firewall back on because I can't ping the PC now.  

Unfortunately I'm not physically at that site and nobody can help me over there, so I'll have to drop by in person sometime today and see if uninstalling Trend Micro did the trick.

Let me know if you have other ideas.  Otherwise I'll let you know how it turned out when I know.  Thanks.
0
 
LVL 30

Expert Comment

by:ded9
ID: 36544543
After uninstalling trend you need to reboot the computer so that you can access internet.

Can also login locally and check whether u can browse website.


Last step is to create a new user account...user account might be corrupted.



Ded9
0
 

Author Comment

by:dgower
ID: 36544563
I tried logging in locally before and could not browse.  However trend was stil on the PC at that time.

I'll try your suggestions and get back when I can.  Thanks.
0
 
LVL 10

Expert Comment

by:Mohammed Rahman
ID: 36544992
If you suspect the KB2607712 has caused the issue. Try uninstall the update.
Try a different browser. Delete/rename the hosts file (C:\WINDOWS\system32\drivers\etc) and reboot.

Command to reset the Winsock: netsh winsock reset

Reset IE to defaults and check proxy is not checked in the LAN Settings under Tools-internet options-connections.

0
 
LVL 10

Expert Comment

by:Mohammed Rahman
ID: 36545163
Try uninstall the Trend using the Trend Uninstall Tool Kit from below.

http://esupport.trendmicro.com/solution/en-us/1037161.aspx

0
 

Author Comment

by:dgower
ID: 36545964
Tried all suggestions but did not work...

FAILS - After uninstalling trend you need to reboot the computer so that you can access internet.

FAILS  - Can also login locally and check whether u can browse website.

FAILS - Last step is to create a new user account...user account might be corrupted.

FAILS - Try uninstall the update.

FAILS - Command to reset the Winsock: netsh winsock reset

FAILS - Reset IE to defaults and check proxy is not checked in the LAN Settings under Tools-internet options-connections.

FAILS - Try uninstall the Trend using the Trend Uninstall Tool Kit from below.

Any other ideas?  Otherwise I guess it's time to face the facts and reinstall Win7 and apps.
0
 
LVL 10

Expert Comment

by:Mohammed Rahman
ID: 36546080
Check the Duplex setting of the network adapter and try to set it to 10 full or 10 half or 100 full or 100 half and check.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:dgower
ID: 36546271
Nope, didn't work. ... I went into Device Manager.  NIC was set to Auto.  I switched it to all 4 full and half settings and tried to ping www.microsoft.com.  Each time only got "request timed out".
0
 
LVL 10

Expert Comment

by:Mohammed Rahman
ID: 36546897
Try rename or delete the hosts file under : c:\wndows\system32\drivers\etc

Try Export the TCPIP, Winsock and Winsock2 KEY from the registy path below...on a good computer to a flash drive and then Import all the 3 keys into registry on the computer causing trouble.

HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Services

Right click on ech key and export.

Wish you luck.
0
 
LVL 30

Expert Comment

by:ded9
ID: 36547451
Launch device manager..click on show hidden devices on the top...now under non plug and plau..check for trend or any other security software or yellow exclamation marks...uninstall reboot and check.

If nothing works then do a repair install

Boot to desktop...insert the windows 7 disc...launch setup...click upgrade option....this will repair your windows install... complete the repair install.

You will not loose any data or programs during the repair install process



Ded9
0
 

Author Comment

by:dgower
ID: 36549761
Hi.

Renamed Host file to HostOLD

Imported TCPIP, Winsock and Winsock2 KEYs from another working Win7 computer.

Examined hidden plug and play drivers in Device Manager.  (See screenshot attached.  I didn't see any obvious antivirus software left over.  Can you peruse list and see if you spot anything?  Note there is a service called Ancillary Function Driver for Winsock listed.)

NOTE - After doing above I rebooted box.  Now logon fails with the message "The trust relationship between this workstation and the primary domain failed. "  I'm assuming that might have been caused by importing the keys from another Win7 box?  Anyway, the same thing happened before when I tried to roll back the machine to earlier restore points.  I doubt that has anything directly to do with winsock but does point at o/s corruption?

I am not physically at the site now so I can't proceed with the win7 upgrade/repair right now.  I'll try that later and get back.

Thanks for all your help.
Jeff-PC-Plug-n-Play-Drivers-scre.doc
0
 
LVL 30

Expert Comment

by:ded9
ID: 36549853
Try uninstalling this driver.

logmein kernel information provider


Reboot and check ...might work..



Ded9

0
 

Author Comment

by:dgower
ID: 36550963
Ded9:  I'll try uninstalling the driver you mention.  Can't get to the site until Monday so you won't hear from me until next week.  

0
 
LVL 10

Accepted Solution

by:
Mohammed Rahman earned 500 total points
ID: 36563678
You have done almost everything that you could... (Appretiate your efforts)

Try Delete those two keys (winsock and winsock2) and restart. The system should re create the new keys and hope that will help.
0
 

Author Comment

by:dgower
ID: 36563697
mody2579:

Thanks!  I will be at the site tomorrow and will try yours and Ded9's final suggestions.  After that, I will just reinstall win7.

0
 

Author Closing Comment

by:dgower
ID: 36568212
Wish I could award you both points.  Thanks for all the help.  As it turns out deleting winsock and winsock2 did the trick.  Actually the exact steps were...

*export winsock and winsock2 keys
*delete winsock and winsock2 keys and reboot
*test ping www.yahoo.com (fails)
*import winsock and winsock2 keys back and reboot
*test ping www.yahoo.com (SUCCEEDS)

For some reason this maneuver allowed o/s to accept winsock keys again.  No idea why?  Do you?

Anyway this level of troubleshooting went way beyond the practical but I was really frustrated by this kind of pointless Windows glitch and wanted to find an answer for my own satisfaction.  Thank you for helping!
0
 
LVL 10

Expert Comment

by:Mohammed Rahman
ID: 36569958
Huhhhhh :) Really no IDEA as to what was the reason behind this... I though the system will re create Winsock and Winsock2 upon restart.

I would really like to appreciate troubleshoot your ENDLESS efforts :) and also an extra step that you carried out to re-import the same files. (which actually did the trick).
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now