Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

netsh (network command shell) keeps spawning


  • Please log in to reply
13 replies to this topic

#1 rppgaty

rppgaty

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 AM

Posted 05 November 2012 - 03:39 PM

on a client's computer.
the process netsh.exe keeps spawning. in fact it just keeps starting up over and over again. bringing the entire computer to a crawl. although I can prevent from happening if I kill explorer.exe. so far, I've tried to run sfc /scannow and that doesn't work, it tells me...There is a system repair pending which requires a reboot to complete. Restart windows and try sfc again.

I'm not sure what the pending repair is, but rebooting doesn't seem to solve the problem. I've also already run combofix and HiJackThis. So just in case anyone wants to see those, let me know.

additional information:
safe mode with networking, networking doesn't work.
networking also doesn't work regularly...uTorrent reports an error something to do with WinSock.
I also cannot check anything in event viewer. something about event log...the same thing happens in safe mode with it.

Edited by rppgaty, 05 November 2012 - 05:03 PM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:14 AM

Posted 06 November 2012 - 09:55 AM

Re the sfc /scannow scenario...

See comments under Answers at http://social.technet.microsoft.com/Forums/zh/w7itprogeneral/thread/48d20da9-0535-462f-b177-f30f48992203 .

Louis

#3 rppgaty

rppgaty
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 AM

Posted 06 November 2012 - 10:37 AM

when I run that command, it tells me that there's no dism.exe
and attempting to delete pending.xml from windows tells me access is denied.
however I removed pending.xml via ubuntu. however I'm still running into the same issue. I cannot run sfc /scannow.

Edited by rppgaty, 06 November 2012 - 10:56 AM.


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:14 AM

Posted 06 November 2012 - 11:43 AM

I can't tell you any more than what I posted, sorry.

Have you tried to run chkdsk /r , to check your files/partition?

Louis

#5 rppgaty

rppgaty
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 AM

Posted 06 November 2012 - 12:05 PM

no. I haven't done that. but I will now. thank you.

okay. I've run it now. the problem still persists.

Edited by rppgaty, 06 November 2012 - 01:22 PM.


#6 hamluis

hamluis

    Moderator


  • Moderator
  • 56,302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:14 AM

Posted 06 November 2012 - 01:41 PM

Data collection time :).

Please download MiniToolBox , save it to your desktop and run it.

Checkmark the following checkboxes:
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size.

Click Go and paste the content into your next post.

Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 .

Louis

#7 rppgaty

rppgaty
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 AM

Posted 06 November 2012 - 03:12 PM

here are the files you requested.
Mod Edit: Pasted log content into post, deleted attachments - Hamluis.

MiniToolBox by Farbar Version: 06-11-2012
Ran by admin (administrator) on 06-11-2012 at 12:50:11
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ================================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

System error 1747 has occurred.

The authentication service is unknown.


=========================== Installed Programs ============================

µTorrent (Version: 3.2.0)
7-Zip 9.17 beta
AAC Decoder (Version: 7.1.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe AIR (Version: 1.5.1.8210)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Reader X (10.0.1) (Version: 10.0.1)
Adobe Shockwave Player 11.5 (Version: 11.5)
AIM 7
AOL Toolbar
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ARO 2012 (Version: 8.0)
Ask Toolbar (Version: 1.13.2.0)
ASPCA Tri Reminder by We-Care.com v4.0.7.5 (Version: 4.0.7.5)
Audiosurf (Version: 1.00.0000)
Audiosurf (Version: 33)
AutoUpdate (Version: 1.1)
Bandisoft MPEG-1 Decoder
BlackBerry Desktop Software 4.2.1 (Version: 4.2.1.8)
Bonjour (Version: 3.0.0.2)
BufferChm (Version: 100.0.170.000)
Canon PowerShot A4000 IS and A3400 IS and A2400 IS and A2300 and A1300 and A810 Camera User Guide (Version: 1.0.0.7)
Canon Utilities CameraWindow DC 8 (Version: 8.7.0.11)
Canon Utilities ImageBrowser EX (Version: 1.0.2.32)
Canon Utilities PhotoStitch (Version: 3.1.23.47)
Carbonite Online Backup Setup (Version: 3.7.3)
CCleaner (Version: 2.33)
CCScore (Version: 6.02.1001.0001)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CustomerResearchQFolder (Version: 1.00.0000)
CyberLink DVD Suite Deluxe (Version: 6.0.2111)
D1500 (Version: 100.0.206.000)
D1500_Help (Version: 100.0.206.000)
DeviceDiscovery (Version: 100.0.190.000)
DeviceManagementQFolder (Version: 1.00.0000)
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Version Checker (Version: 7.1.0.2)
DivX Web Player (Version: 1.5.0)
DJ_SF_03_D1500_ProductContext (Version: 100.0.215.000)
DJ_SF_03_D1500_Software (Version: 100.0.206.000)
DJ_SF_03_D1500_Software_Min (Version: 100.0.206.000)
Download Updater (AOL LLC)
DragonNest
EASEUS Partition Master 6.1.1 Home Edition
ESET Smart Security (Version: 4.0.424.0)
ESSBrwr (Version: 6.02.0001.0001)
ESSCDBK (Version: 6.02.0001.0001)
ESScore (Version: 6.02.1002.0001)
ESSgui (Version: 6.02.1002.0001)
ESSini (Version: 6.02.1001.0001)
ESSPCD (Version: 6.02.1001.0001)
ESSPDock (Version: 6.02.0001.0002)
ESSSONIC (Version: 6.2.0001.0001)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 6.02.1001.0001)
eSupportQFolder (Version: 1.00.0000)
fflink (Version: 6.02.1001.0001)
FrostWire 4.21.8 (Version: 4.21.8.0)
FrostWire 5.3.6 (Version: 5.3.6.0)
GPBaseService (Version: 100.0.187.000)
H.264 Decoder (Version: 1.1.0)
Hardware Diagnostic Tools (Version: 5.1.4976.17)
HP Active Support Library (Version: 3.1.9.1)
HP Customer Experience Enhancements (Version: 5.7.0.2784)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Demo (Version: 1.00.0000)
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Recovery Manager RSS (Version: 91.0.0.10)
HP Smart Web Printing (Version: 3.5)
HP Solution Center 10.0 (Version: 10.0)
HP Total Care Setup (Version: 1.1.1983.2818)
HP Update (Version: 4.000.012.001)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
HPProductAssistant (Version: 100.0.170.000)
HPSSupply (Version: 100.0.170.000)
iLivid (Version: 1.92)
iTunes (Version: 10.4.0.80)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 25 (Version: 6.0.250)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Juno Preloader (Version: 1.0.0)
kgcbaby (Version: 5.03.0000.0002)
kgcbase (Version: 5.03.0000.0004)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 5.03.0000.0002)
kgcmove (Version: 5.03.0000.0003)
kgcvday (Version: 5.03.0000.0002)
Kodak EasyShare software
KODAK Share Button App (Version: 3.01.0000.0000)
KSU (Version: 632.62.0004.0001)
KVIrc
LabelPrint (Version: 2.5.0904)
LightScribe System Software 1.14.25.1 (Version: 1.14.25.1)
LightScribe Template Labeler (Version: 1.14.25.1)
LimeWire 5.5.8 (Version: 5.5.8)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
MarketResearch (Version: 100.0.170.000)
Mavis Beacon Teaches Typing 17
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Live Search Toolbar (Version: 3.0.541.0)
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Minecraft Cracked
MKV Splitter (Version: 1.0.1)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MpcStar 4.2 (Version: 4.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee Reveal (Version: 7.0.35.7315)
My HP Games (Version: 1.0.0.62)
netbrdg (Version: 6.02.1002.0001)
NetZero For Riverdeep (Version: 1.0.0)
NetZero Preloader (Version: 1.0.0)
Nexon Game Manager
Notifier (Version: 6.02.0001.0001)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
OfotoXMI (Version: 6.02.0001.0001)
OpenOffice.org 3.2 (Version: 3.2.9502)
Opera 11.62 (Version: 11.62.1347)
PacketiX VPN Client (English) (Version: 2.20.5351)
Pando Media Booster (Version: 2.3.6.0)
PictureMover (Version: 3.3.1.7)
PlaySushi
Power2Go (Version: 6.0.2112)
PowerDirector (Version: 7.0.2202)
PSSWCORE (Version: 2.02.0000)
Python 2.5.2 (Version: 2.5.2150)
QuickTime (Version: 7.70.80.34)
Realtek High Definition Audio Driver (Version: 6.0.1.5789)
RocketDock 1.3.5
Searchqu Toolbar (Version: 4.1.0.3028)
SFR (Version: 6.02.0001.0001)
SHASTA (Version: 6.02.0001.0001)
Shop for HP Supplies (Version: 10.0)
SKIN0001 (Version: 6.02.1001.0001)
SKINXSDK (Version: 6.02.1001.0001)
SmartWebPrintingOC (Version: 100.0.189.000)
Soft Data Fax Modem with SmartCP (Version: 7.80.0.0)
SolutionCenter (Version: 100.0.175.000)
SPORE Creature Creator Trial Edition (Version: 1.00.0000)
staticcr (Version: 5.03.0000.0001)
Status (Version: 100.0.175.000)
System Requirements Lab
System Requirements Lab CYRI (Version: 4.3.1.0)
The Weather Channel Desktop 6
TNod User & Password Finder 1.4.0
Toolbox (Version: 100.0.170.000)
tooltips (Version: 6.02.0001.0001)
TrayApp (Version: 100.0.170.000)
Uninstall KkMenu docklet for Stardock Object Dock
UnloadSupport (Version: 10.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
VideoToolkit01 (Version: 100.0.128.000)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VPRINTOL (Version: 6.02.0001.0001)
WebReg (Version: 100.0.170.000)
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (Version: 01/29/2010 1.4.1.0)
WIRELESS (Version: 6.02.0001.0001)
Xilisoft Video Converter Ultimate (Version: 5.1.39.0409)
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 2941.76 MB
Available physical RAM: 2001.66 MB
Total Pagefile: 6091.97 MB
Available Pagefile: 5238.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1964.18 MB

========================= Partitions: =====================================

1 Drive c: (COMPAQ) (Fixed) (Total:155.15 GB) (Free:37.86 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.25 GB) (Free:1.09 GB) NTFS
4 Drive f: () (Removable) (Total:14.83 GB) (Free:1.16 GB) FAT32

========================= Users: ========================================

User accounts for \\KITTY-PC

Abe admin Administrator
Guest kitty Mcx1
UpdatusUser


**** End of log ****

Edited by hamluis, 06 November 2012 - 05:22 PM.


#8 hamluis

hamluis

    Moderator


  • Moderator
  • 56,302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:14 AM

Posted 06 November 2012 - 05:23 PM

If you follow the instructions for Publishing A Snapshot...there is no attachment to be made, you should only post a link that will reflect pertinent system data. Please follow the instructions :).

Louis

#9 rppgaty

rppgaty
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 AM

Posted 07 November 2012 - 03:20 PM

I cannot publish a snapshot. Speccy says..."the TCP/IP protocol is not installed properly.

Edited by rppgaty, 07 November 2012 - 03:21 PM.


#10 hamluis

hamluis

    Moderator


  • Moderator
  • 56,302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:14 AM

Posted 07 November 2012 - 03:29 PM

I'd try the FixIt at http://support.microsoft.com/kb/299357 .

Louis

#11 rppgaty

rppgaty
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 AM

Posted 07 November 2012 - 03:34 PM

I've something similar. from this: http://www.sevenforums.com/network-sharing/130159-dependency-service-group-failed-start.html
number 4.

just give me a couple of minutes, and I'll have that snapshot up.
oh. I've created another administrator account. netsh doesn't spawn when I log into this account.

Edited by rppgaty, 07 November 2012 - 03:40 PM.


#12 rppgaty

rppgaty
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 AM

Posted 07 November 2012 - 04:03 PM

here.
http://speccy.piriform.com/results/12oXAa1Wnij8Iv1v3EJSkuY

well. after resetting WinSock...I log into the other account.
netsh spawns. event viewer works. sfc /scannow still doesn't work.

Edited by rppgaty, 08 November 2012 - 09:56 AM.


#13 hamluis

hamluis

    Moderator


  • Moderator
  • 56,302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:14 AM

Posted 08 November 2012 - 10:47 AM

I see that the MS Malicious Software Tool has not run since August. IMO, that is somewhat suspicious and I would be concerned about the possibility of malware. The fact that uTorrent and Frostwire is installed/used increases the possibility, IMO.

It appears that several of the programs installed...may be illegal versions. Example: Minecraft Cracked. Illegal downloads/installations increase the possibility of infection, in my amateurish opinion.

I would suggest that this topic be moved to Am I Infected, with your consent.

You might try the repair suggested at http://www.mydigitallife.info/repair-and-reset-windows-vista-tcpip-winsock-catalog-corruption/ .

Louis

#14 rppgaty

rppgaty
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 AM

Posted 09 November 2012 - 09:28 AM

It's quite alright. I've solved it.

I upgraded the computer to Windows 7, and removed the illegal software.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users