Old 17th August 2005, 13:31   #41
abcd1234
Junior Member
 
abcd1234's Avatar
 
Join Date: Aug 2005
Location: Canada
Posts: 45
ok so i'm gonna delete SNDSrv.exe and O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.caband see what happens.
abcd1234 is offline   Reply With Quote
Old 17th August 2005, 13:49   #42
abcd1234
Junior Member
 
abcd1234's Avatar
 
Join Date: Aug 2005
Location: Canada
Posts: 45
tried removing those files but still doesn't work
i guess the only was is to install windows again
what do you guys think??
abcd1234 is offline   Reply With Quote
Old 17th August 2005, 13:51   #43
Evil Lu
Forum Maitresse
 
Evil Lu's Avatar
 
Join Date: Mar 2005
Location: I'm hiding under your bed
Posts: 2,974
No you don't have to go that far.
What I would do is go to add/remove programs and remove EVERYTHING that is internet and security related then go over to download.com and grab a free trial of regvac and clean up the computer.
You should use a firewall, a good configurable one is Sygate which is free and simple to use.
Also a free anti-virus program like AVG from www.grisoft.com (also free)
Evil Lu is offline   Reply With Quote
Old 17th August 2005, 14:29   #44
abcd1234
Junior Member
 
abcd1234's Avatar
 
Join Date: Aug 2005
Location: Canada
Posts: 45
ok i removed some software ...
here is how my add or remove programs looks like. (Pictures 1 and 2)

http://img182.imageshack.us/img182/8510/17nk.png

http://img182.imageshack.us/img182/7339/23vh.png
abcd1234 is offline   Reply With Quote
Old 17th August 2005, 14:34   #45
Evil Lu
Forum Maitresse
 
Evil Lu's Avatar
 
Join Date: Mar 2005
Location: I'm hiding under your bed
Posts: 2,974
Looks pretty healthy.
Grab regvac now and clean up any remaining evils that leave themselves behind and report back.
Evil Lu is offline   Reply With Quote
Old 17th August 2005, 15:23   #46
abcd1234
Junior Member
 
abcd1234's Avatar
 
Join Date: Aug 2005
Location: Canada
Posts: 45
Quote:
Originally posted by Evil Lu
Looks pretty healthy.
Grab regvac now and clean up any remaining evils that leave themselves behind and report back.
tried everything you said and still doesn't work
abcd1234 is offline   Reply With Quote
Old 17th August 2005, 15:27   #47
Evil Lu
Forum Maitresse
 
Evil Lu's Avatar
 
Join Date: Mar 2005
Location: I'm hiding under your bed
Posts: 2,974
You need to double triple double extra more check that XP firewall.
Click Start, Settings, Control Panel, double–click Network Connections, right-click the desired connection, Properties, Advanced tab, Under Internet Connection Firewall, uncheck or check the Protect my computer and network by limiting or preventing access to this computer from the Internet check box.
Evil Lu is offline   Reply With Quote
Old 17th August 2005, 15:41   #48
abcd1234
Junior Member
 
abcd1234's Avatar
 
Join Date: Aug 2005
Location: Canada
Posts: 45
Quote:
Originally posted by Evil Lu
You need to double triple double extra more check that XP firewall.
Click Start, Settings, Control Panel, double–click Network Connections, right-click the desired connection, Properties, Advanced tab, Under Internet Connection Firewall, uncheck or check the Protect my computer and network by limiting or preventing access to this computer from the Internet check box.
tried that before
abcd1234 is offline   Reply With Quote
Old 17th August 2005, 15:45   #49
Evil Lu
Forum Maitresse
 
Evil Lu's Avatar
 
Join Date: Mar 2005
Location: I'm hiding under your bed
Posts: 2,974
I am totally lost then. It should just work.
Evil Lu is offline   Reply With Quote
Old 17th August 2005, 16:35   #50
siebe83
Forum King
 
siebe83's Avatar
 
Join Date: Feb 2004
Posts: 9,222
I noticed some malware in your log. Although it might not be related to this problem, I'd recommend to get rid of it.

O23 - Service: System Out (SystemOutService) - Unknown owner - C:\WINDOWS\system32\systemout.exe

It's some sort of spyware...


Start > Run > services.msc
Look for the service System Out, right-click > Properties > set Startup type to Disabled. Click OK and close Services manager.

Then open Task manager and kill the process systemout.exe. If it doesn't let you kill it, you may have more luck with the process manager in HijackThis (open HijackThis > Misc tools).

You should then be able to open Windows Explorer and delete the following file:
C:\WINDOWS\system32\systemout.exe


Scan again with HijackThis, and check the following items only and click Fix Checked.

O2 - BHO: IMTHelper Class - {FA1A6CC3-BE63-4f7c-A455-417D35A67DA6} - (no file)

O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA

O21 - SSODL: SysTrayCheck - {BC737725-6D77-468a-BA40-DD6B7B861472} - (no file)

O23 - Service: System Out (SystemOutService) - Unknown owner - C:\WINDOWS\system32\systemout.exe
(if it still exists)



I would also check and fix all O16 entries of which you don't recognize the domain. Eg.

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://216.218.200.233/talk.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab

O16 - DPF: {F551F1D7-53FA-416B-8B25-58A85D8F97A0} (GrabMailAddresses Class) - http://www.gazzag.com/imp/grabmail.cab


Post a new log when done.

As said, I'm not sure if this will fix your problem, but spyware often does have many bad side-effects.

I'd suspect LimeWire of introducing some nasty stuff on your system. See here for more info (scroll down a bit till LimeWire). But it can be caused by something else as well, dunno...

Apart from that, use Firefox (or another browser) instead of IE

Good Winamp plugins by Joonas, DrO and shaneh.
If you're bored go here or, if the boredom is more serious, here.
siebe83 is offline   Reply With Quote
Old 17th August 2005, 22:45   #51
abcd1234
Junior Member
 
abcd1234's Avatar
 
Join Date: Aug 2005
Location: Canada
Posts: 45
ok here is the new log after deleting those files. by the way shoutcast is still not working and also i wasn't able to delete the systemout.exe from drive C.


Here is the new log


---------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 6:45:11 PM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by -=-Amir-=-
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121580813671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1123399872343
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
abcd1234 is offline   Reply With Quote
Old 17th August 2005, 22:58   #52
dotme
Moderator
 
dotme's Avatar
 
Join Date: Feb 2005
Location: USA
Posts: 4,024
Wow - this is getting crazy - I've never seen anybody have to take steps this drastic to run shoutcast on their PC.

Let's restart the DNAS and could you post the logfile? You run Winamp and the Shoutcast DSP on the same PC, right?
dotme is offline   Reply With Quote
Old 17th August 2005, 23:04   #53
abcd1234
Junior Member
 
abcd1234's Avatar
 
Join Date: Aug 2005
Location: Canada
Posts: 45
Quote:
Originally posted by dotme
Wow - this is getting crazy - I've never seen anybody have to take steps this drastic to run shoutcast on their PC.

Let's restart the DNAS and could you post the logfile? You run Winamp and the Shoutcast DSP on the same PC, right?
yes, i'm runing Winamp and DSP on the same computer and here is the log.
i guess i have to install windows again.



*******************************************************************************
** SHOUTcast Distributed Network Audio Server
** Copyright (C) 1998-2004 Nullsoft, Inc. All Rights Reserved.
** Use "sc_serv filename.ini" to specify an ini file.
*******************************************************************************

Event log:
<08/17/05@19:03:50> [SHOUTcast] DNAS/win32 v1.9.5 (Dec 27 2004) starting up...
<08/17/05@19:03:50> [main] loaded config from C:\Program Files\SHOUTcast\sc_serv
.ini
<08/17/05@19:03:50> [main] initializing (usermax:32 portbase:8000)...
<08/17/05@19:03:50> [main] No ban file found (sc_serv.ban)
<08/17/05@19:03:50> [main] No rip file found (sc_serv.rip)
<08/17/05@19:03:50> [main] opening source socket
<08/17/05@19:03:50> [main] source thread starting
<08/17/05@19:03:50> [main] opening client socket
<08/17/05@19:03:50> [source] listening for connection on port 8001
<08/17/05@19:03:50> [main] Client Stream thread [0] starting
<08/17/05@19:03:50> [main] client main thread starting
<08/17/05@19:03:56> [source] connected from 127.0.0.1
<08/17/05@19:03:56> [source] icy-name:AH Radio ; icy-genre:Mix
<08/17/05@19:03:56> [source] icy-pub:1 ; icy-br:24 ; icy-url:http://www.shoutcas
t.com
<08/17/05@19:03:56> [source] icy-irc:#shoutcast ; icy-icq:0 ; icy-aim:N/A
<08/17/05@19:04:07> [yp_add] yp.shoutcast.com gave error (nak)
<08/17/05@19:04:07> [yp_add] yp.shoutcast.com gave extended error (404 Cannot se
e your station/computer from the Internet, disable Internet Sharing/NAT/firewall
/ISP cache)
<08/17/05@19:04:13> [active] 0 listeners (0 unique)
abcd1234 is offline   Reply With Quote
Old 17th August 2005, 23:17   #54
dotme
Moderator
 
dotme's Avatar
 
Join Date: Feb 2005
Location: USA
Posts: 4,024
There's an IP missing from that log - If you're uncomfortable posting it here, can you send it to me in a PM?

http://www.whatismyip.com

Go there also, and see if the IP shoutcast gave in the error is the same as the one you see on the above site?
dotme is offline   Reply With Quote
Old 17th August 2005, 23:21   #55
dotme
Moderator
 
dotme's Avatar
 
Join Date: Feb 2005
Location: USA
Posts: 4,024
One more thing...

What do you see when you click the link below?

http://127.0.0.1:8000

Do you see the DNAS status page?
dotme is offline   Reply With Quote
Old 17th August 2005, 23:36   #56
abcd1234
Junior Member
 
abcd1234's Avatar
 
Join Date: Aug 2005
Location: Canada
Posts: 45
Quote:
Originally posted by dotme
One more thing...

What do you see when you click the link below?

http://127.0.0.1:8000

Do you see the DNAS status page?
yes..
abcd1234 is offline   Reply With Quote
Old 17th August 2005, 23:38   #57
abcd1234
Junior Member
 
abcd1234's Avatar
 
Join Date: Aug 2005
Location: Canada
Posts: 45
Quote:
Originally posted by dotme
There's an IP missing from that log - If you're uncomfortable posting it here, can you send it to me in a PM?

http://www.whatismyip.com

Go there also, and see if the IP shoutcast gave in the error is the same as the one you see on the above site?
i copied the exact log and i didn't change anything. there is no ip address in the log
abcd1234 is offline   Reply With Quote
Old 17th August 2005, 23:45   #58
dotme
Moderator
 
dotme's Avatar
 
Join Date: Feb 2005
Location: USA
Posts: 4,024
Okay - you see the DNAS status page. Good.

We're going to eliminate this stuff step by step. Next step:

The IP you sent me - when you go to http://www.whatismyip.com - do you see the same address?
dotme is offline   Reply With Quote
Old 18th August 2005, 01:09   #59
abcd1234
Junior Member
 
abcd1234's Avatar
 
Join Date: Aug 2005
Location: Canada
Posts: 45
Quote:
Originally posted by dotme
Okay - you see the DNAS status page. Good.

We're going to eliminate this stuff step by step. Next step:

The IP you sent me - when you go to http://www.whatismyip.com - do you see the same address?
yes
abcd1234 is offline   Reply With Quote
Old 18th August 2005, 07:50   #60
siebe83
Forum King
 
siebe83's Avatar
 
Join Date: Feb 2004
Posts: 9,222
You still have a Norton service running...

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Start > Run > services.msc
Look for the service Symantec Network Drivers Service, right-click > Properties > set Startup type to Disabled > OK
right-click again > Stop
Close Services manager.

Then open Task manager to make sure the process SNDSrvc.exe is no longer running.


If that doesn't help, could you do what dotme asked here?
i.e.
Start > Run > cmd > ipconfig
The IP you see there, is that the same one you see at http://www.whatismyip.com/ ?


If it is, then I don't have a clue what's happening for you...

Good Winamp plugins by Joonas, DrO and shaneh.
If you're bored go here or, if the boredom is more serious, here.
siebe83 is offline   Reply With Quote
Old 18th August 2005, 12:57   #61
dotme
Moderator
 
dotme's Avatar
 
Join Date: Feb 2005
Location: USA
Posts: 4,024
Just an update (It's morning here) on what happened last night.

abcd1234 confirmed that his public IP (which is bound to his ethernet adapter) matches the IP address at http://www.whatismyip.com

Let's say it was ww.xx.yy.zz

Again, that's a public IP and it *is* what he sees on an ipconfig, so he's not firewalled. I could ping his public IP. Nothing from here on port 8000 though.

He can see his DNAS status page at 127.0.0.1:8000, but not at ww.xx.yy.zz:8000

I hope it's Norton, because I am out of ideas. Either his ISP is blocking ports yet allowing pings, or he has a firewall still running on the PC. But if the ISP was blocking ports, then this user should still be able to hit his own ethernet card with the public IP...

I assume 127.0.0.1 bypasses software-based firewalls? Can anyone confirm? Because I'm surprised that works if there is a PC firewall.
dotme is offline   Reply With Quote
Old 19th August 2005, 05:10   #62
abcd1234
Junior Member
 
abcd1234's Avatar
 
Join Date: Aug 2005
Location: Canada
Posts: 45
thanks everyone for the helping

i changed my windows and its working perfectly

special thanks to Evil Lu,dotme,siebe83 for helping..
abcd1234 is offline   Reply With Quote
Old 19th August 2005, 12:40   #63
dotme
Moderator
 
dotme's Avatar
 
Join Date: Feb 2005
Location: USA
Posts: 4,024
Wow - a reinstall of the OS? You *are* dedicated to being a shoutcaster!

Glad you got it all up and running.
dotme is offline   Reply With Quote
Old 19th August 2005, 16:34   #64
abcd1234
Junior Member
 
abcd1234's Avatar
 
Join Date: Aug 2005
Location: Canada
Posts: 45
Quote:
Originally posted by dotme
Wow - a reinstall of the OS? You *are* dedicated to being a shoutcaster!

Glad you got it all up and running.
yea

i'm also buying a server from http://fast-serv.com/ ..
i heard they have a good service and the server is very good. but still not sure if i should try this or another company.

anyways thanks for all the help dotme
abcd1234 is offline   Reply With Quote
Old 19th August 2005, 17:28   #65
dotme
Moderator
 
dotme's Avatar
 
Join Date: Feb 2005
Location: USA
Posts: 4,024
I have no experience with them. I'm very happy with my stream host, but I don't want to plug any specific host here because I don't have knowledge of how all the others stack up to them. I'll PM you the one I use, in case you want to do some comparisons.

Best wishes
dotme is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Shoutcast > Shoutcast Technical Support

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump