SVCHOST crash firewall crashes and winsock needs reset

Posted on 2006-04-21
Last Modified: 2013-11-13
I've found bits relating to this question and temporary fixes but I need help!

Example Scenario (on continuous loop)

machine boots fine, windows networking is working, firewall is running, shares are working.
SVCHOST crashes. the component is nnushared40.dll (appears in event viewer)
I need to run "netsh winsock reset" (or winsockfix.exe)
start at the begining again

this is happening on a few of machines on our network....all HP machines (fix is here but this is only temporary)

I've seen posts that windows 2000 machines have a fix to stop the mblaster virus from crashing remote machines, but these are XP machines
I have seen no reference anywhere on the internet to the filename nnushared40.dll.

Any ideas?
Question by:oicur0t
    LVL 15

    Accepted Solution

    sounds like a virus I would delete that dll in safe mode and run scans i also see no reference to that dll file on the net.
    LVL 15

    Expert Comment

    The blaster virus also hit xp machines but usually causes an RPC error then crashs the machine.

    Author Comment

    The machine doesn't fully crash. Some network service fail, the ICS service, windows file sharing fails. Network connections may fail to appear when opened as well.
    LVL 15

    Expert Comment

    Have you tried running a hijack this log on the machines?

    Author Comment

    Logfile of HijackThis v1.99.1
    Scan saved at 15:14:19, on 21/04/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    C:\Program Files\Nortel Networks\Shared Files\NTSPInit.exe
    C:\Program Files\OpenOffice.org1.1.5\program\soffice.exe
    C:\Program Files\Outlook Express\msimn.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - Startup: 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe
    O4 - Global Startup: Shortcut to V7PosMaster.lnk = Midas\V7PosMaster.exe
    O4 - Global Startup: TSP Launcher.lnk = C:\Program Files\Nortel Networks\Shared Files\NTSPInit.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jackwills.local
    O17 - HKLM\Software\..\Telephony: DomainName = jackwills.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jackwills.local
    O20 - Winlogon Notify: igfxcui - igfxsrvc.dll (file missing)
    O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

    LVL 15

    Expert Comment

    well log looks clean how about software issue what is this V7PosMaster.exe linked to the POS for the buisness

    Author Comment

    v7pos master is apart of out till system which is run on this machine (none of the others experiencing this problem) it's clean.

    if I try to start windows firewall from "services" after a crash I get Error 5: access is denied.

    Author Comment

    From the event viewer

    "Faulting application svchost.exe, version 5.1.2600.2180, faulting module NnuShared40.dll, version, fault address 0x00003375."
    LVL 15

    Expert Comment

    dont see anything about maybe a master browser or computer browser error it cant really be software related if its happening on more than one machine unless it is a virus which i didnt see in the log
    LVL 15

    Expert Comment

    but you know i am starting to see a trend try disabling the NTSPInit.exe program alot of people are complaining of the same error and have that process running.

    Author Comment

    ok, I think I've found the culprit, should have traced this earlier....nnushared40.dll belongs to dialer software for our phone system to integrate with outlook. It will be installed on all machines. I bet the firewall interupts it then causes a crash.

    I'm going to give you the points venom, you've helped and taught me some good stuff!
    LVL 15

    Expert Comment

    Glad you found it and can clear up this messy situation.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Suggested Solutions

    Title # Comments Views Activity
    Drivers for PC, Windows XP Home 10 102
    no14 challenge 14 46
    matchUp  challenge 6 34
    SQL400 max size 5 33
    How to remove superseded packages in windows w60 or w61 installation media (.wim) or online system to prevent unnecessary space. w60 means Windows Vista or Windows Server 2008. w61 means Windows 7 or Windows Server 2008 R2. There are various …
    Whether you’re a college noob or a soon-to-be pro, these tips are sure to help you in your journey to becoming a programming ninja and stand out from the crowd.
    The viewer will learn how to implement Singleton Design Pattern in Java.
    The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now