whats this file ..

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

BAM

Thread Starter
Joined
Jun 25, 2003
Messages
135
any body knows what the netsh.exe file recently it started to start and shut down in my the process list (it jumps out and thne jumps in)
 

BAM

Thread Starter
Joined
Jun 25, 2003
Messages
135
okay thx but why is it restarting all the time (it eats up some cpu when it does it so its pretty annoying ..)
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
I think Netsh has something to do with your Network Adapter...

Are you using a LAN?
What version of Windows are you using? 2000? XP?
 

BAM

Thread Starter
Joined
Jun 25, 2003
Messages
135
XP i have a LAN Connection witha D-LINK 604 Router wich i have used for 3 years now and this started to happen yesterday
 

BAM

Thread Starter
Joined
Jun 25, 2003
Messages
135
btw maybee you could chekc my HTJ log:
Logfile of HijackThis v1.98.0
Scan saved at 19:48:22, on 2004-09-06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\npfmsg2.exe
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Users\HemPC\Mina dokument\Program\HijackThis.exe
C:\WINDOWS\System32\netsh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
 

BAM

Thread Starter
Joined
Jun 25, 2003
Messages
135
i shutted down all the processesin my process list and when i got to the svchost.exe files and shutted thme down the netsh.exe progrma stopped to start and close this means that its something wrong with svchost.exe wth shall i do ???
 
Joined
Feb 15, 2004
Messages
826
Joined
Dec 9, 2000
Messages
45,855
I don't see any reason for it to be starting, probably as a "service" since there is no obvious startup for it.

First, find the file, right click on it and check Properties > Version. It should have a Microsoft copyright and be about 81 kb in length.

download the "getservice.zip" file: http://forums.techguy.org/attachment.php?attachmentid=38367


... unzip it and run "getservice.bat". Upload the text file it produces as an attachment here.

Also get the latest version of HijackThis, 1.98.2 and post the results of that too.

http://www.net-integration.net/tools/hijackthis.html
 

BAM

Thread Starter
Joined
Jun 25, 2003
Messages
135
okay here it is and btw i have uploaded the userinit and it says its clean and i have runned house call and Panda to .. and here is the hjt with the 1.98.2
Logfile of HijackThis v1.98.2
Scan saved at 13:27:45, on 2004-09-07
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\npfmsg2.exe
C:\NORMAN\Nvc\BIN\cclaw.exe
D:\Users\HemPC\Mina dokument\Program\HijackThis.exe
C:\WINDOWS\System32\netsh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
 

Attachments

Joined
Dec 9, 2000
Messages
45,855
I don't see any "direct" startup for it. However one of your service startups from MS, not by any means a "default" startup is:

aspnet_state.exe associated with Microsoft.net:

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe

Now from what I gather this is installed as part of a web host server management application on a network. (I really know nothing of this stuff).

http://builder.com.com/5100-6387-1049585.html

Quite possibly it is is utilizing netsh.exe as part of its routines.

Have you installed Microsoft.net\Frmework recently? And just how is this system being used?
 

BAM

Thread Starter
Joined
Jun 25, 2003
Messages
135
yes i have Net Framework but it was installed from start (when i got the computer) and i use this computer for playing games ..
 

BAM

Thread Starter
Joined
Jun 25, 2003
Messages
135
okay i think i have found out were the problem is i tried to shut down my AV program (since it have caused problems before..) and thne the netsh.exe file stopped to restart and dissapered from the task list .. so its probally my AV program (Norman AV very ****** AV program that i got with the computer) thats making trouble ...
 
Joined
Dec 9, 2000
Messages
45,855
I've been running a "trial" version of Norman AV (expired now) and have most of the processes running that you have except npfmsg2.exe. I don't know what that does, in fact it isn't even on the system.

One thing you might check in the configuration editor for "on demand" and "on access" scanning is whether you have the scan "files on networked drives" option enabled/excluded in the two interfaces. Could be that netsh.exe is doing something with that enabled.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top