SVCHOST crash firewall crashes and winsock needs reset

I've found bits relating to this question and temporary fixes but I need help!

Example Scenario (on continuous loop)

machine boots fine, windows networking is working, firewall is running, shares are working.
SVCHOST crashes. the component is nnushared40.dll (appears in event viewer)
I need to run "netsh winsock reset" (or winsockfix.exe)
reboot
start at the begining again

this is happening on a few of machines on our network....all HP machines (fix is here http://h10025.www1.hp.com/ewfrf/wc/genericDocument?cc=us&docname=c00291957&lc=en&jumpid=reg_R1002_USEN but this is only temporary)

I've seen posts that windows 2000 machines have a fix to stop the mblaster virus from crashing remote machines, but these are XP machines
I have seen no reference anywhere on the internet to the filename nnushared40.dll.

Any ideas?
oicur0tAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

venom96737Commented:
sounds like a virus I would delete that dll in safe mode and run scans i also see no reference to that dll file on the net.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
venom96737Commented:
The blaster virus also hit xp machines but usually causes an RPC error then crashs the machine.
oicur0tAuthor Commented:
The machine doesn't fully crash. Some network service fail, the ICS service, windows file sharing fails. Network connections may fail to appear when opened as well.
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

venom96737Commented:
Have you tried running a hijack this log on the machines?
oicur0tAuthor Commented:
Logfile of HijackThis v1.99.1
Scan saved at 15:14:19, on 21/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\RSS\Midas\V7PosMaster.exe
C:\Program Files\Nortel Networks\Shared Files\NTSPInit.exe
C:\Program Files\OpenOffice.org1.1.5\program\soffice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
Z:\IT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.jackwills.com/onlinestore/adminsql/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/0409/bl7.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Startup: OpenOffice.org 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe
O4 - Global Startup: Shortcut to V7PosMaster.lnk = Midas\V7PosMaster.exe
O4 - Global Startup: TSP Launcher.lnk = C:\Program Files\Nortel Networks\Shared Files\NTSPInit.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jackwills.local
O17 - HKLM\Software\..\Telephony: DomainName = jackwills.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jackwills.local
O20 - Winlogon Notify: igfxcui - igfxsrvc.dll (file missing)
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

venom96737Commented:
well log looks clean how about software issue what is this V7PosMaster.exe linked to the POS for the buisness
oicur0tAuthor Commented:
v7pos master is apart of out till system which is run on this machine (none of the others experiencing this problem) it's clean.

if I try to start windows firewall from "services" after a crash I get Error 5: access is denied.
oicur0tAuthor Commented:
From the event viewer

"Faulting application svchost.exe, version 5.1.2600.2180, faulting module NnuShared40.dll, version 0.0.0.0, fault address 0x00003375."
venom96737Commented:
dont see anything about maybe a master browser or computer browser error it cant really be software related if its happening on more than one machine unless it is a virus which i didnt see in the log
venom96737Commented:
but you know i am starting to see a trend try disabling the NTSPInit.exe program alot of people are complaining of the same error and have that process running.
oicur0tAuthor Commented:
ok, I think I've found the culprit, should have traced this earlier....nnushared40.dll belongs to dialer software for our phone system to integrate with outlook. It will be installed on all machines. I bet the firewall interupts it then causes a crash.

I'm going to give you the points venom, you've helped and taught me some good stuff!
venom96737Commented:
Glad you found it and can clear up this messy situation.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Programming Languages-Other

From novice to tech pro — start learning today.