Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TCP/IP NetBIOS Helper planned stop, disconnecting from internet


  • Please log in to reply
15 replies to this topic

#1 guy6

guy6

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 03 December 2013 - 09:29 PM

So, since you guys have provided the best fixes so far, and I can find lots of instances of this issue but no fixes, I am gonna throw this in and see if you guys have a good fix for this. Here is the event that is kicking me out, Log Name:      System
Source:        Service Control Manager
Date:          12/3/2013 5:41:40 PM
Event ID:      7042
Task Category: None
Level:         Information
Keywords:      Classic
User:          SYSTEM
Computer:      guy-PC
Description:
The TCP/IP NetBIOS Helper service was successfully sent a stop control.

 The reason specified was: 0x40030011 [Operating System: Network Connectivity (Planned)]

 Comment: None
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="16384">7042</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2013-12-03T23:41:40.313492900Z" />
    <EventRecordID>186241</EventRecordID>
    <Correlation />
    <Execution ProcessID="760" ThreadID="3096" />
    <Channel>System</Channel>
    <Computer>guy-PC</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="param1">TCP/IP NetBIOS Helper</Data>
    <Data Name="param2">stop</Data>
    <Data Name="param3">0x40030011</Data>
    <Data Name="param4">Operating System: Network Connectivity (Planned)</Data>
    <Data Name="param5">None</Data>
  </EventData>
</Event>

This event happens every 1hr and 18 sec exactly in every instance of occurence. Since I see everyone else doing it i will attach my getsysteminfo log. I hope you guys have a fix for this. I have tried to do most everything that is on the comp that I could find on the internet. I will say this if you guys can find a fix you will make alot of people really happy.

Attached Files


Edited by hamluis, 05 December 2013 - 10:52 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 guy6

guy6
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 04 December 2013 - 07:41 AM

Kaspersky has repaired a driver on thier side as of this morning, so that can be omitted from the logs.



#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,419 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:04 AM

Posted 04 December 2013 - 12:42 PM

Reference:  http://answers.microsoft.com/en-us/windows/forum/windows_7-networking/network-randomly-drops-the-tcpip-netbios-helper/a5e0a261-8344-45b2-af3a-75a45332a2ed

 

Louis



#4 guy6

guy6
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 04 December 2013 - 05:05 PM

Thanks for the info, I have done most everything suggested there except change the browser to automatic, which I did with a prayer that it works even though they said it didnt. How would I check and see if there is a driver for network 1 running. I dont run wireless, and have it disabled, but could there be a driver that activates or interupts the wired connection because it is network 2?


Edited by guy6, 04 December 2013 - 05:05 PM.


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,419 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:04 AM

Posted 04 December 2013 - 05:19 PM

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 

Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 
Louis



#6 guy6

guy6
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 05 December 2013 - 07:54 AM

Alright I have some new info. There happenes to be a new driver update for the network adapter from Dell, and guess what? I havent disconnected once in the last 8 hrs. Do i believe this is fixed? NO. Been there done that so here is the minitool box logs with existing errors as of this morning.

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by guy (administrator) on 05-12-2013 at 06:41:41
Running from "C:\Users\guy\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (12/04/2013 05:03:58 PM) (Source: Service Control Manager) (User: )
Description: The Alienware Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (12/04/2013 04:53:48 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147014847

Error: (12/04/2013 06:03:22 AM) (Source: Microsoft-Windows-Kernel-General) (User: guy-PC)
Description: 0x8000002a35\??\C:\Users\UpdatusUser\ntuser.dat

Error: (12/04/2013 06:03:22 AM) (Source: Microsoft-Windows-Kernel-General) (User: guy-PC)
Description: 0x8000002a35\??\C:\Users\UpdatusUser\ntuser.dat

Error: (12/04/2013 06:03:21 AM) (Source: Microsoft-Windows-Kernel-General) (User: guy-PC)
Description: 0x8000002a35\??\C:\Users\UpdatusUser\ntuser.dat

Error: (12/04/2013 06:02:50 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a35\??\C:\Users\UpdatusUser\ntuser.dat

Error: (12/04/2013 06:02:49 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a35\??\C:\Users\UpdatusUser\ntuser.dat

Error: (12/04/2013 06:02:48 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a35\??\C:\Users\UpdatusUser\ntuser.dat

Error: (12/04/2013 06:02:48 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a35\??\C:\Users\UpdatusUser\ntuser.dat

Error: (12/04/2013 06:02:47 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a35\??\C:\Users\UpdatusUser\ntuser.dat


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-12-04 06:16:28.003
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-04 06:16:27.956
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-04 06:16:27.925
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-04 06:16:27.925
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-03 16:20:35.955
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-03 16:20:35.955
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-03 16:20:35.955
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-03 16:20:35.940
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-03 16:20:35.940
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-03 16:20:35.940
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
AlienAutopsy (Version: 3.1.5907.16)
Alienware Command Center (Version: 2.8.9.0)
Alienware Digital Delivery (Version: 2.8.1000.0)
Atheros Driver Installation Program (Version: 9.2)
Calc_UT
CCleaner (Version: 3.27)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
CloudReading (Version: 1.0.27.1025)
Dell Wireless Driver Installation (Version: 9.0)
Foxit Reader (Version: 6.1.1.1031)
Google Talk Plugin (Version: 4.9.1.16010)
HP Deskjet 3510 series Basic Device Software (Version: 28.0.1315.0)
Intel Processor Diagnostic Tool 64Bit (Version: 17.0.0)
Intel® Management Engine Components (Version: 8.0.4.1441)
Intel® OpenCL CPU Runtime
Intel® Processor Graphics (Version: 9.17.10.2932)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
Java™ 6 Update 21 (64-bit) (Version: 6.0.210)
Kaspersky PURE 3.0 (Version: 13.0.2.558)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0)
MSI ODD Monitor (Version: 1.0.0.5)
NVIDIA 3D Vision Controller Driver 314.22 (Version: 314.22)
NVIDIA 3D Vision Driver 314.22 (Version: 314.22)
NVIDIA Control Panel 314.22 (Version: 314.22)
NVIDIA Graphics Driver 314.22 (Version: 314.22)
NVIDIA HD Audio Driver 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.133.889)
NVIDIA Optimus 1.12.12 (Version: 1.12.12)
NVIDIA PhysX (Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1422)
NVIDIA Update Components (Version: 1.12.12)
QualxServ Service Agreement (Version: 2.0.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6494)
Tweaking.com - Windows Repair (All in One) (Version: 2.0.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
World of Warcraft

========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 8085.21 MB
Available physical RAM: 6131.11 MB
Total Pagefile: 16168.61 MB
Available Pagefile: 14019.77 MB
Total Virtual: 4095.88 MB
Available Virtual: 3952.54 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:917.43 GB) (Free:855.43 GB) NTFS

========================= Users: ========================================

User accounts for \\GUY-PC

Administrator            Guest                    guy                      
UpdatusUser              


**** End of log ****

Here is the speccy  link http://speccy.piriform.com/results/vvxMgLhoTei5cBdjqpX4usz
 



#7 hamluis

hamluis

    Moderator


  • Moderator
  • 56,419 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:04 AM

Posted 05 December 2013 - 10:51 AM

C:\BVTBin

 

Hmmm...I see several references indicating that this may possibly be related to malware exploits.  Moving topic to Am I Infected forum, where the more knowledgeable can refute/affirm that possibility..

 

Louis



#8 guy6

guy6
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 05 December 2013 - 04:36 PM

Ok thank you for all your help. I have been reading about some pretty exotic exploits lately, and have been running comp scans daily to see if I could catch anything. Anyhow thanks agian for your help.



#9 technonymous

technonymous

  • Members
  • 2,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 AM

Posted 05 December 2013 - 06:58 PM

Turn off the idle power management for the nic card will probably stop that error. 

 

Disabling the power management for the network card:

Press Windows logo key+R key type in compmgmt.msc hit enter. Under computer management go to device manager. Open network adapters and click on the nic card to open the settings. Click on the power management tab and untick the the first box that says, "Allow this computer to turn off this device to save power". If you don't have other networked computers you could disable the TCP/IP Netbios service. Disabling TCP/IP Netbios typically will break file sharing, printer sharing, network browser. Sometimes you can still use network sharing because the share is mapped and the the machine's routing tables arp cached. Generally you  would have to specify by IP.



#10 guy6

guy6
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 05 December 2013 - 10:07 PM

Alright I already have everything on power management unclicked, I had never thought to look to see if the TCP/IP net bios helper was on or not. I am not on a network so i should know pretty quick if it works.



#11 guy6

guy6
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 06 December 2013 - 07:49 AM

So I have some good news, no errors in the last 12 hrs. The 2 things I did was Dell has a network adapter update out,( they also have a newer bios update that I installed but know it had nothing to do with the errors), and disabling the TCP/IP Netbios helper. I have been trying to fix this comp for about 2 months, since I got a urasy from a yahoo news vid, and now its back to some kind of normal. Kind of ironic the vid was about the best and worst antivirus software. Anyhow cant find the words to thank you guys enough, so THANK YOU will just have to do. While Im here in the "Am I infected" forum does anyone see any of the exploits that Louis pointed to?



#12 technonymous

technonymous

  • Members
  • 2,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 AM

Posted 07 December 2013 - 11:10 PM

I had a friend bring me his infected pc that had a malware FBI lockout type on it. Turns out he had a full retail copy of Kaspersky suite with a year subscription still in effect. It just goes to show you that virus scanners mean nothing unless they are updated with the latest definitions of what to look for and even then there is no guarantee as hybird's or variants of those viruses are constantly hitting the net.


Edited by technonymous, 07 December 2013 - 11:11 PM.


#13 guy6

guy6
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 08 December 2013 - 09:07 AM

Yep very true, I have noticed that you might have the best anti virus in the world and it doesnt matter if the right package comes along.



#14 technonymous

technonymous

  • Members
  • 2,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 AM

Posted 08 December 2013 - 04:39 PM

Farbar is a nice program a lot of the info is gathered from the same logs even viewer see's. If you type eventvwr.msc into run you can see all the logs of errors under custom view and administrator. Here's cool script to clear all these logs and that event viewer list so you have a clean slate to go by over a course of a day or two. If you are familiar with creating a batch file great if not, right click desktop make a new txt file and copy and paste the code into the text file and then go to the drop down menu and "save as" name the file ClearView.bat and click save to dekstop. To run the batch file right click the file and choose "run as administrator" Enjoy.

@echo off
FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin
for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
echo.
echo goto theEnd
:do_clear
echo clearing %1
wevtutil.exe cl %1
goto :eof
:noAdmin
exit

Edited by technonymous, 08 December 2013 - 04:39 PM.


#15 guy6

guy6
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 09 December 2013 - 07:21 AM

Woot thanks that is awesome. Im not to good with the scripting, it usually involves a ream of paper, printer, and a seperate comp to fix what Ive screwed up. I can build a house, build a car, build a comp, fix most anything if I got the tools, but outside of copy and paste scripting is outside my expertice. Since that script worked so well, I will give the comp a day to show errors and warnings. There are 2 that i will post when they pop back up tomorrow, I just want to make sure that the work arounds that have been put in place are not creating the errors.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users