Windows 7 - Corrupt TCP/IP Stack?

Asked By Kirrin Jones on 26-Dec-07 09:31 AM
Hello Board,

I have recently encountered a strange problem that I can't seem to sort
out here.

What's happening is that for me to browse the Internet, I have to do a
constant repair of the network connection by doing the right click and
choosing repair in XP. I do that and I can browse for about 3 minutes,
then I have to do it again, and again, and again.

I have reset the tcpip stack using netsh, no go. I have used a program
called Winsock and TCP Repair Utility, and still no go. I have flushed
the DNS and flushed the NetBIOS cache.

I have also checked for virus and spyware, all clean.

Does anyone have an idea what could be causing this and a possible solution.

VanguardLH replied on 26-Dec-07 05:24 PM
What happens when you reboot into Windows' safe mode?

Are you using DSL?  If so, did you enable the "keep alive" option in
your router for the PPPoE connection?
Kirrin Jones replied on 26-Dec-07 06:53 PM
Hi VanguardLH,

I have not rebooted in safe mode, will try that. Nothing has changed on
the router as it is configured by the ISP. I am using cable. Any other
suggestions? I was thinking of unchecking the TCP/IP protocol and then
recheck it after the reboot.
VanguardLH replied on 27-Dec-07 04:10 AM
ISPs cannot configure any router.  They can only send a provisioning
file to the cable modem (which is NOT a router).

Since you now identified that you have cable service, forget the
keep-alive option.  It only applies for PPPoE connections and those
are used for DSL connects.
Kirrin Jones replied on 27-Dec-07 10:38 AM
Okay, I tried the safe mode boot, got the same problem, unless I issue
the commands to clear the DNS, NetBIOS, ARP and all those other stuff,
the connection will not work. Any other suggestions that anyone can
offer to get this working. Would really appreciate it.

Kirrin Jones replied on 27-Dec-07 10:44 AM
I have notices EVENT ID 4226 in my Event Viewer - System. The text is
concurrent TCP connect attempts."

Hope this help you help me.

Thanks again!
VanguardLH replied on 27-Dec-07 03:50 PM
Not all anti-virus program do not load in Safe Mode; that is, some
will still load during Safe Mode.  That means they would still
interject their handler in the TCP stack to intercept that traffic.
Try uninstalling your anti-virus program (or other security software
that interrogates network traffic), to the Repair on the LAN
connectoid, reboot, and retest.

You can use Windows Defender and its Winsock Provider (under Tools) to
check what LSPs (layered service providers) have been added to the TCP
stack.  Spybot S&D can also shows LSPs.  The AV might use a driver
level interrogator so it might load even if you disable the e-mail
scanning feature so, again, you might have to uninstall and reinstall
but do a custom install to deselect the e-mail scanning function.

Are you using a software firewall that is running on your host?  If
so, tried disabling it yet?

What have you used so far to detect if you have any malware on your
Kirrin Jones replied on 28-Dec-07 02:42 PM
Hello Board,

Just to close this thread, I was able to figure out a solution for this
problem. What I did was just to remove the network card from within
Device Manager, reboot, and then update the drivers and I was good again.