Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 524
  • Last Modified:

Netsh.exe trouble

Hi Everyone

I have a XP SP1 box with a pritty new installation.

The problem is when i shut down the pc i get a OK box with memory read error 0xfffffff, also i noticed that in process Netsh.exe starts and stops.
This is what is written in the windows application log >
Application Failure  netsh.exe 5.1.2600.0 in netsh.exe 5.1.2600.0 at offset 00003843

Any good ideas


Logfile of HijackThis v1.98.2
Scan saved at 20:55:20, on 10.09.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRAMFILER\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Programfiler\Norman\Nvc\BIN\Zanda.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRAMFILER\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\PROGRAMFILER\NORMAN\Nvc\BIN\nvcoas.exe
C:\PROGRAMFILER\NORMAN\Nvc\BIN\nipsvc.exe
C:\PROGRAMFILER\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\PROGRAMFILER\NORMAN\Nvc\BIN\ZLH.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRAMFILER\NORMAN\Nvc\BIN\NYMSE.EXE
C:\Programfiler\Messenger\msmsgs.exe
C:\PROGRAMFILER\NORMAN\Nvc\BIN\NIP.EXE
C:\PROGRAMFILER\NORMAN\Nvc\BIN\cclaw.exe
C:\PROGRAMFILER\NORMAN\Nvc\BIN\npfmsg2.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Documents and Settings\Paal\Skrivebord\HijackThis.exe
C:\WINDOWS\System32\netsh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\PROGRAMFILER\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094833812390
0
maraas
Asked:
maraas
  • 15
  • 14
  • 14
2 Solutions
 
SheharyaarSaahilCommented:
Hello maraas =)

>> C:\WINDOWS\System32\netsh.exe

Well this is a Command line tool, why its running in ur background as a process ??
How to Use the Netsh.exe Tool and Command-Line Switches
http://support.microsoft.com/default.aspx?kbid=242468

there is no startup entry present in Log either !!
0
 
maraasAuthor Commented:
Hi SheharyaarSaahil

Is it possible to start this program from a remote pc on the network??

This is a strange one!!
0
 
maraasAuthor Commented:
What i am thinking just now is to remove this file??
Do you know if it is needed by the OS.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
SheharyaarSaahilCommented:
is ur system on network..... and when u boot into safemode, can u see this netsh.exe running in task manager... and not dont remove this file, its a system file and is not harmful, but just behaving abnormally.... we have to trace out the reason just :)
0
 
maraasAuthor Commented:
Hi again.-

My system is not on a network but is connected to the internett through a cable modem. The reason why i am wondering about this is a i am constantly bothered with a pop up from Norman Firewall that a incomming ip address wants access.
"and when u boot into safemode, can u see this netsh.exe running in task manager" NO!
I did remove it and the memory read error 0xfffffff was repaired. It is now back and the problen is also back.
0
 
SheharyaarSaahilCommented:
ok ttry this now....
in Normal Mode goto Start>Run>msconfig>Startup
click on Disable All
restart and DONT connect to internet
just have a look in task manager, if its running or not
if NO then re-eanble each application at a time and check what's initiating it

if YES then goto Start>Run>msconfig>Services
clcik on Disable All
reboot and DONT do anything else, just have a look at task manager
its running or not ??
Enable All services and applications again now and restart
come here and tell me the results

i want to know if its initiating by a startup application or a service ??
Also except Norman, have u ever run any onlien virus scan to verify if it comes as clean ??
if no then try this one >> http://housecall.trendmicro.com/

post back :)
0
 
Fatal_ExceptionCommented:
You definitely do not want to delete this file.  It is used for scripting networking configurations both locally and in a network.  You also do not want to allow this command to be executed without your permission.  I would suggest that you are not protected with a firewall, or a NAT enabled device (router), and you need to turn on your XP firewall, along with possibly stopping the Messenger Service from running...

FE
0
 
maraasAuthor Commented:
Hi Fatal Excption, SheharyaarSaahil

Thanks for the quick reply. Im Back again - it just got too late yesterday...
I do have a firewall - Norman, but its a real pain, i am getting Norman popups all the time that "135" ip address ***.***.***.*** wants access to my pc. (Ip address changing now and then.) and what do i want to do about it "Allow" yes or no.
The PC is 3 day old, no I haven't tried any other virus pgms, but will do.
I will post back any descoveries made :)

Fatal Excption, If i stop Messenger Service from running will MSN Messenger continue to work?

Ill be back in a few hours...
0
 
Fatal_ExceptionCommented:
Yes..  they are not the same.  

Disabling Messenger Service in Windows XP

http://www.microsoft.com/windowsxp/using/security/learnmore/stopspam.mspx

Note Although the name of the service is similar, Messenger Service in Windows XP is not related to instant messaging programs such as Windows Messenger and MSN Messenger. Disabling instant messaging programs is not necessary and not recommended. Disabling instant messaging programs will not prevent Messenger Service spam on your computer.
0
 
Fatal_ExceptionCommented:
And no, you do not want to allow netsh to be run from an outside source, UNLESS you know or are running it yourself from a LAN connected system..

FE
0
 
SheharyaarSaahilCommented:
well the Normal alerts dont look ABNORMAL to me..... coz i have installed Mcafee personal Firewall.... and it does the Same ditto thing,,,, so what i do to keep it "Shutup" is it has an option,,,,, Block all acceesses and Dont Tell Me Abt Alerts
i keep it turned on,,,, and it do its jobs silently and dont disturb me,,,,, but still i can see all the Event Logs and they are full from these blocked accessing attempts =\

same is true for my sister's laptop, and for all others where i have installed this firewall..... so ... :-?
But one thing is confirmed,,,, it does block all accesses and keep my system safe from all threats,,,, and this i can check from this thing,,, that if i dont allow my sis's system IP addresss anually,,,, it blocks its access also and thus no Networking or ICS !!  :)

But like u, i have never faced this netsh.exe problem..... so i "think" that those Norman alerts has nothing to do with this netsh.exe, coz if Norman is blocking all the accesses, then they cannot be able to do any BAD plays on ur system..... right ;)

what do u say Fatal.... :)
0
 
Fatal_ExceptionCommented:
Yes..  but I am concerned about netsh...  this command is used to configure network protocols, etc., as you know.  Admins use it for remotely administering systems.  I just wonder where they are coming from..  ???

FE
0
 
SheharyaarSaahilCommented:
u mean a remote system can initiate this command on one's system thru.... ??
hehe.... u know im not good at networking 8-)
0
 
Fatal_ExceptionCommented:
Ha..  yes..  Actually, that is how it is usually used by admins..  Brian Posey writes a lot about this and scripting:

http://www.brienposey.com/kb/netsh_scripting.asp
0
 
SheharyaarSaahilCommented:
yakh !! these networking type thingies are so complicated and boring..... how do u manage to "digest" all those scripts & commands =(
0
 
Fatal_ExceptionCommented:
:)  I am with you on that one.  I just know how to execute them and what they are supposed to do, I don't write them...  My partner does all that..  He is really good with database and .NET programming, but I think I need to learn.  The things you can do with vb.net are amazing...
0
 
maraasAuthor Commented:
Hi guys
Ive been busy working on my house... Pcs are not the only problems i have :(, haven't had time to finish checking the solutions given. I will do it tomarrow. Just an up date at where i am on this :~)
Again many thanks sooooo far!

R. Maraas
0
 
SheharyaarSaahilCommented:
>> Ive been busy working on my house... Pcs are not the only problems i have :(

looks like u are married !!! =\  ......  hehe dont mind just kidding ;-)
0
 
Fatal_ExceptionCommented:
I know how those homey chores go.  Never ends.

Take your time, we will be around..

FE
0
 
maraasAuthor Commented:
Cool, yah wife, 2 kids, 2 rabbits, 66 mustang FB just back from the paint shop, lots of bills......... oh yah and a PC ;-)

RM
0
 
SheharyaarSaahilCommented:
never mind dude... atleast we can support u in the PC issue ;-D
0
 
Fatal_ExceptionCommented:
I used to have a 66 mustang convertible...  If you need someone to take that fastback off your hands, I will be more than happy to oblige you..!!  :)
0
 
SheharyaarSaahilCommented:
hehehe... <8)
0
 
maraasAuthor Commented:
OK ok
Ii found the service that is causing Netsh.exe to misbehave... The service is called "Norman Type-R" witch from what i can tell... is connected to Norman firewall. Has anyone seen this before??

RM
0
 
maraasAuthor Commented:
Oh yah Online virus program is running just now... back in a few with results.
0
 
SheharyaarSaahilCommented:
wow.... a firewall itself is doing suspisious things here..... is there any particualr reason u are using Norman :-\
0
 
Fatal_ExceptionCommented:
I am not familiar with Norman, so I am clueless to this behavior...  Let us know what you find there..

FE
0
 
maraasAuthor Commented:
No viruses... OK guess it is time for tech support at the manufacture :(. ill get back with the results.

Thanks for all the help.

RM
0
 
SheharyaarSaahilCommented:
hmmmmmmm.... im looking forward for the results .... !!
0
 
maraasAuthor Commented:
>>is there any particualr reason u are using Norman :-\
No not really, it just came free with the PC with 3 years update. And free is allways nice. But after this I am not so sure Norman is for me...
I use Norton on my other PCs and haven't been botherd at all. ;) And expecially NO POPUPS that take 1/4 of my screen.....
0
 
Fatal_ExceptionCommented:
Yea...  I really did not want to suggest that you uninstall your Firewall, but Norman does not seem to be a mainstream product (at least here in the USA) or certainly I would know about it....   I use Norton also (not the firewall) and the AV works just fine on my consumer machines..

FE
0
 
maraasAuthor Commented:
Yep i agree with u FE (here in Norway), but ill give the techies at the manufacturer 2 hours to straiten things out. If no result then BY BY Norman. Some people say Norton is a bit Resource hungry, what do you guys think, any suggestions??
0
 
SheharyaarSaahilCommented:
>> Some people say Norton is a bit Resource hungry

atleast im among them,,,, but can be the reason that i have always used NAV with Firewall... and may be Fatal has some good tricks on this issue :)
0
 
Fatal_ExceptionCommented:
Ha..  my response to anyone that installs a software firewall is to be aware that they are ALL resource hungry (with the exception of the XP firewall, which only stops incoming traffic and not traffic outbound)...  I always advise my clients to go with a Hardware firewall with SPI (Stateful Packet Inspection).  Consumer grade devices are so cheap (inexpensive) these days, it just does not make sense to not go out and get one.  They also provide much better protection to your LAN, as they sit on the perimeter of the LAN and keep everything out.  

FE
0
 
maraasAuthor Commented:
Still no joy, the manufacture said install Microsoft update 12345678. It didn't work...
Ill try them again tomarrow...

Cya  RM
0
 
Fatal_ExceptionCommented:
What version of Norman are you running?  I took this straight from Norman's site:

Norman Personal Firewall (NPF)
One of the applications that will not work satisfactory with Service Pack 2 is older versions of the Norman Personal Firewall. Affected versions are: NPF 1.0, 1.1, 1.2, 1.3 and 1.4.

If you are running one of these versions you should upgrade to the latest version (p.t. ver. 1.41) as soon as possible.

0
 
maraasAuthor Commented:
Hi FE.-

Service pack 2 is not installed yet... Waiting for the Norwegian version. It should be here soon.
As i have 3 years of program / virus updates from Norman and its free, I will wait for SP2 and see if it does the trick. If not i think i will purchase a wireless router with a built in firewall and use Norman virus protection.

Do you have any good experiences with a particular brand router?

RM
0
 
SheharyaarSaahilCommented:
>> Do you have any good experiences with a particular brand router?

aham aham,,, Fatal ur turn !!  8-)
0
 
Fatal_ExceptionCommented:
A router, eh?  That is definitely the best way  to configure a SOHO network.  I recommend it even if you are only running one system off it.

For a consumer grade router, I always recommend Linksys for the money.   This being said, if you want a little more protection, I would go with a Netgear router with an SPI firewall  (Stateful Packet Inspection)...  You can pick up a decent one for under $100 US...

Something like this:

http://www.amazon.com/exec/obidos/ASIN/B00006B9HP/ref%3Dnosim/theshoppinguidea/102-7923332-1450504
0
 
Fatal_ExceptionCommented:
And thanks...  

FE
0
 
maraasAuthor Commented:
Hi Fatal Excption, SheharyaarSaahil

This was a tough one, trying to be fair with the points, I gave the Accepted answer to SheharyaarSaahil as he gave the answer that helped me find the exact place where problem the occurred. But at the same time i also received some really valuable info from FE. Sooo 50/50 split.

Thanks a bunch, you guys saved me from those pesky grey hairs :) I bow to you!

Cya

RuneM
0
 
SheharyaarSaahilCommented:
not at all a problem,,,,, infact Fatal was more helpful here and i was just throwing my one\two words from behind his back !!  ;-)
Cheets to Him ^_^

Happy Computing !!
0
 
Fatal_ExceptionCommented:
you are welcome, Rune..  and happy computing..!!

FE
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 15
  • 14
  • 14
Tackle projects and never again get stuck behind a technical roadblock.
Join Now