Shared Internet Connection - svchost problem

[Guest]

I just set up a network at home with a Linksys WRT54G Wireless-G Router and
am having troubles with a shared Internet connection.

Dell DESKTOP is wired to router and running ‘up to date’ XP Home. DESKTOP is
set to get IP/DNS automatically from the router, and ends up as:
XXX.YYY.1.100 – IP Address
255.255.255.0 – Subnet Mask
XXX.YYY.1.1 - Default Gateway (the router).

Dell LAPTOP is wireless to router and running ‘up to date’ XP Home with
onboard Wireless-G. LAPTOP is set to static IP as:
XXX.YYY.1.101 – IP Address
255.255.255.0 – Subnet Mask
XXX.YYY.1.100 - Default Gateway (the DESKTOP).

Both PCS are in same ‘WWW’ workgroup.

DESKTOP has onboard modem used for dial-up Internet access. Works fine with
LAPTOP off.

I set up a shared directory on both PCs (C:\Temp) and shared a printer on
DESKTOP. DESKTOP and LAPTOP can share files and printers just fine.
LAPTOP lists DESKTOP as a connected ‘Internet Gateway’ via ‘Control
Panel/Network Connections’.

Via My ‘Network Places/Entire Network’, DESKTOP automatically displays
‘Microsoft Terminal Services’, ‘Microsoft Windows Network’ and ‘Web Client
Network’, and via ‘Microsoft Windows Network’, the DESKTOP can see DESKTOP
and LAPTOP and the DESKTOP can browse shared stuff on LAPTOP.

Via My Network Places, LAPTOP does not automatically display ‘Entire
Network’ as an item. I have to select ‘Look for Computers in Workgroup’ of
the menu, and then LAPTOP displays DESKTOP and LAPTOP. LAPTOP can browse
LAPTOP shared stuff, but cannot browse DESKTOP shared stuff (‘access denied’).

I can ping my ISP, Google, etc. from the LAPTOP.

However, if I start Internet Explorer on the LAPTOP, svchost.exe on the
DESKTOP goes to 100% CPU and the dial-up Internet connection throughput goes
to 45 to 50%, and Internet Explorer on the LAPTOP never ‘gets through’ to
display the target web page. The DESKTOP CPU stays at 100% CPU if I turn of
the LAPTOP, disconnect from the Internet, etc. - I have to turn off the
LAPTOP and reboot the DESKTOP to get back to ‘normal’.

Any clues?

 

[Chuck]

I just set up a network at home with a Linksys WRT54G Wireless-G Router and
am having troubles with a shared Internet connection.

Dell DESKTOP is wired to router and running ‘up to date’ XP Home. DESKTOP is
set to get IP/DNS automatically from the router, and ends up as:
XXX.YYY.1.100 – IP Address
255.255.255.0 – Subnet Mask
XXX.YYY.1.1 - Default Gateway (the router).

Dell LAPTOP is wireless to router and running ‘up to date’ XP Home with
onboard Wireless-G. LAPTOP is set to static IP as:
XXX.YYY.1.101 – IP Address
255.255.255.0 – Subnet Mask
XXX.YYY.1.100 - Default Gateway (the DESKTOP).

Both PCS are in same ‘WWW’ workgroup.

DESKTOP has onboard modem used for dial-up Internet access. Works fine with
LAPTOP off.

I set up a shared directory on both PCs (C:\Temp) and shared a printer on
DESKTOP. DESKTOP and LAPTOP can share files and printers just fine.
LAPTOP lists DESKTOP as a connected ‘Internet Gateway’ via ‘Control
Panel/Network Connections’.

Via My ‘Network Places/Entire Network’, DESKTOP automatically displays
‘Microsoft Terminal Services’, ‘Microsoft Windows Network’ and ‘Web Client
Network’, and via ‘Microsoft Windows Network’, the DESKTOP can see DESKTOP
and LAPTOP and the DESKTOP can browse shared stuff on LAPTOP.

Via My Network Places, LAPTOP does not automatically display ‘Entire
Network’ as an item. I have to select ‘Look for Computers in Workgroup’ of
the menu, and then LAPTOP displays DESKTOP and LAPTOP. LAPTOP can browse
LAPTOP shared stuff, but cannot browse DESKTOP shared stuff (‘access denied’).

I can ping my ISP, Google, etc. from the LAPTOP.

However, if I start Internet Explorer on the LAPTOP, svchost.exe on the
DESKTOP goes to 100% CPU and the dial-up Internet connection throughput goes
to 45 to 50%, and Internet Explorer on the LAPTOP never ‘gets through’ to
display the target web page. The DESKTOP CPU stays at 100% CPU if I turn of
the LAPTOP, disconnect from the Internet, etc. - I have to turn off the
LAPTOP and reboot the DESKTOP to get back to ‘normal’.

Any clues?

 

[Chuck]

I just set up a network at home with a Linksys WRT54G Wireless-G Router and
am having troubles with a shared Internet connection.

Dell DESKTOP is wired to router and running ‘up to date’ XP Home. DESKTOP is
set to get IP/DNS automatically from the router, and ends up as:
XXX.YYY.1.100 – IP Address
255.255.255.0 – Subnet Mask
XXX.YYY.1.1 - Default Gateway (the router).

Dell LAPTOP is wireless to router and running ‘up to date’ XP Home with
onboard Wireless-G. LAPTOP is set to static IP as:
XXX.YYY.1.101 – IP Address
255.255.255.0 – Subnet Mask
XXX.YYY.1.100 - Default Gateway (the DESKTOP).

Both PCS are in same ‘WWW’ workgroup.

DESKTOP has onboard modem used for dial-up Internet access. Works fine with
LAPTOP off.

I set up a shared directory on both PCs (C:\Temp) and shared a printer on
DESKTOP. DESKTOP and LAPTOP can share files and printers just fine.
LAPTOP lists DESKTOP as a connected ‘Internet Gateway’ via ‘Control
Panel/Network Connections’.

Via My ‘Network Places/Entire Network’, DESKTOP automatically displays
‘Microsoft Terminal Services’, ‘Microsoft Windows Network’ and ‘Web Client
Network’, and via ‘Microsoft Windows Network’, the DESKTOP can see DESKTOP
and LAPTOP and the DESKTOP can browse shared stuff on LAPTOP.

Via My Network Places, LAPTOP does not automatically display ‘Entire
Network’ as an item. I have to select ‘Look for Computers in Workgroup’ of
the menu, and then LAPTOP displays DESKTOP and LAPTOP. LAPTOP can browse
LAPTOP shared stuff, but cannot browse DESKTOP shared stuff (‘access denied’).

I can ping my ISP, Google, etc. from the LAPTOP.

However, if I start Internet Explorer on the LAPTOP, svchost.exe on the
DESKTOP goes to 100% CPU and the dial-up Internet connection throughput goes
to 45 to 50%, and Internet Explorer on the LAPTOP never ‘gets through’ to
display the target web page. The DESKTOP CPU stays at 100% CPU if I turn of
the LAPTOP, disconnect from the Internet, etc. - I have to turn off the
LAPTOP and reboot the DESKTOP to get back to ‘normal’.

Any clues?

Start by looking at the asymmetrical visibility problem - ("LAPTOP can browse
LAPTOP shared stuff, but cannot browse DESKTOP shared stuff (‘access denied’).")
One of the most known problem would be a misconfigured or overlooked personal
firewall, or other security component. There are several other possibilities
too, and any might be the cause of your problem. Read this article with an open
mind.
<http://nitecruzr.blogspot.com/2005/10/irregularities-in-workgroup-visibility.html>
http://nitecruzr.blogspot.com/2005/10/irregularities-in-workgroup-visibility.html

For more simple help, provide "browstat status" and "ipconfig /all" from each
computer, so we can diagnose the problem. Read this article, and linked
articles, and follow instructions precisely (download browstat!):
<http://nitecruzr.blogspot.com/2005/05/troubleshooting-network-neighborhood.html#AskingForHelp>
http://nitecruzr.blogspot.com/2005/05/troubleshooting-network-neighborhood.html#AskingForHelp

 

[Guest]

Here you go:

From LAPTOP:

Windows IP Configuration

Host Name . . . . . . . . . . . . : Delboy
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1470 Dual Band
WLAN Mini-PCI Card
Physical Address. . . . . . . . . : 00-14-A5-4B-A8-78
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.100
DNS Servers . . . . . . . . . . . : 192.168.1.100

Status for domain HUNTS on transport
\Device\NetBT_Tcpip_{54AECA94-1407-4CE6-B19C-381AA11519F5}
Browsing is active on domain.
Master browser name is: SPONGEBOB
Could not connect to registry, error = 53 Unable to determine build
of browser master: 53
Unable to determine server information for browser master: 5
1 backup servers retrieved from master SPONGEBOB
\\SPONGEBOB
There are 2 servers in domain HUNTS on transport
\Device\NetBT_Tcpip_{54AECA94-1407-4CE6-B19C-381AA11519F5}
There are 1 domains in domain HUNTS on transport
\Device\NetBT_Tcpip_{54AECA94-1407-4CE6-B19C-381AA11519F5}

Calling NetServerEnum to enumerate WFW servers.
0 WFW servers returned. 0 total.
There are WFW servers with an active Browser.

From DESKTOP:

Windows IP Configuration

Host Name . . . . . . . . . . . . : SpongeBob
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated
Controller
Physical Address. . . . . . . . . : 00-0B-DB-B5-94-CE
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Lease Obtained. . . . . . . . . . : Monday, April 17, 2006 5:00:12 PM
Lease Expires . . . . . . . . . . : Tuesday, April 18, 2006 5:00:12 PM

Status for domain HUNTS on transport
\Device\NetBT_Tcpip_{4A3C76CD-31A7-4560-9D0F-A9C56B300BD7}
Browsing is active on domain.
Master browser name is: SPONGEBOB
Master browser is running build 2600
1 backup servers retrieved from master SPONGEBOB
\\SPONGEBOB
There are 2 servers in domain HUNTS on transport
\Device\NetBT_Tcpip_{4A3C76CD-31A7-4560-9D0F-A9C56B300BD7}
There are 1 domains in domain HUNTS on transport
\Device\NetBT_Tcpip_{4A3C76CD-31A7-4560-9D0F-A9C56B300BD7}

Calling NetServerEnum to enumerate WFW servers.
0 WFW servers returned. 0 total.
There are WFW servers with an active Browser.

 

[Chuck]

Here you go:

OK, nothing interesting yet.
# IP configurations are clean - same subnet, node type Hybrid is good.
# Browstats are clean - same workgroup, both computers visible from each other.
# No gratuitous protocols or transports identified.

Let's look at some more diagnostics. First, let's see what "net config" tells
us.
<http://nitecruzr.blogspot.com/2006/04/network-diagnostics-using-net-config.html>

Next, let's enumerate the critical network services.
<http://nitecruzr.blogspot.com/2006/04/cpsserv-comprehensive-psservice-source.html>

Now, just because (if) no problem is identified by the diagnostics, you could
still have problems accessing shared resources, if Windows Networking isn't
setup properly. With XP Home, make sure that the Guest account is activated for
network use, on both computers.
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Activate>

 

[Guest]

SPONGEBOB = DESKTOP.
DELBOY = LAPTOP.

I verified that the GUEST account is ‘on’ and ran ‘NET USER GUEST
/ACTIVE:YES’ on both PCs first.

From SPONGEBOB/DESKTOP:

Server Name \\SPONGEBOB
Server Comment Sponge Bob

Software version Windows 2002
Server is active on
NetbiosSmb (000000000000)
NetBT_Tcpip_{4A3C76CD-31A7-4560-9D0F-A9C56B300BD7} (000bdbb594ce)


Server hidden No
Maximum Logged On Users 5
Maximum open files per session 16384

Idle session time (min) 15
The command completed successfully.

Computer name \\SPONGEBOB
Full Computer name SpongeBob
User name Manager

Workstation active on
NetbiosSmb (000000000000)
NetBT_Tcpip_{4A3C76CD-31A7-4560-9D0F-A9C56B300BD7} (000BDBB594CE)

Software version Windows 2002

Workstation domain HUNTS
Workstation Domain DNS Name (null)
Logon domain SPONGEBOB

COM Open Timeout (sec) 0
COM Send Count (byte) 16
COM Send Timeout (msec) 250
The command completed successfully.

From DELBOY/LAPTOP:

Server Name \\DELBOY
Server Comment Mine. All Mine!

Software version Windows 2002
Server is active on
NetbiosSmb (000000000000)
NetBT_Tcpip_{54AECA94-1407-4CE6-B19C-381AA11519F5} (0014a54ba878)


Server hidden No
Maximum Logged On Users 5
Maximum open files per session 16384

Idle session time (min) 15
The command completed successfully.

Computer name \\DELBOY
Full Computer name Delboy
User name Julie Hunt

Workstation active on
NetbiosSmb (000000000000)
NetBT_Tcpip_{54AECA94-1407-4CE6-B19C-381AA11519F5} (0014A54BA878)

Software version Windows 2002

Workstation domain HUNTS
Workstation Domain DNS Name (null)
Logon domain DELBOY

COM Open Timeout (sec) 0
COM Send Count (byte) 16
COM Send Timeout (msec) 250
The command completed successfully.


From SPONGEBOB/DESKTOP:

Start CPSServ V1.02 - SPONGEBOB

Find Computer Browser ("browser")
Checking \\DELBOY...Unable to open Service Control Manager database on
\\\DELBOY:
Checking \\SPONGEBOB...Found browser on:
\\SPONGEBOB


Find TCP/IP NetBIOS Helper ("lmhosts")
Checking \\DELBOY...Unable to open Service Control Manager database on
\\\DELBOY:
Checking \\SPONGEBOB...Found lmhosts on:
\\SPONGEBOB


Find Remote Registry ("remoteregistry")
Checking \\DELBOY...Unable to open Service Control Manager database on
\\\DELBOY:
Checking \\SPONGEBOB... No active service named remoteregistry found.


Find Server ("server")
Checking \\DELBOY...Unable to open Service Control Manager database on
\\\DELBOY:
Checking \\SPONGEBOB...Found server on:
\\SPONGEBOB


Find WF / ICS ("sharedaccess")
Checking \\DELBOY...Unable to open Service Control Manager database on
\\\DELBOY:
Checking \\SPONGEBOB...Found sharedaccess on:
\\SPONGEBOB


Find Workstation ("workstation")
Checking \\DELBOY...Unable to open Service Control Manager database on
\\\DELBOY:
Checking \\SPONGEBOB...Found workstation on:
\\SPONGEBOB

End CPSServ V1.02 - SPONGEBOB


From DELBOY/LAPTOP:

Start CPSServ V1.02 - DELBOY

Find Computer Browser ("browser")
Checking \\DELBOY...Found browser on:
\\DELBOY
Checking \\SPONGEBOB...Unable to open Service Control Manager database on
\\\SPONGEBOB:


Find TCP/IP NetBIOS Helper ("lmhosts")
Checking \\DELBOY...Found lmhosts on:
\\DELBOY
Checking \\SPONGEBOB...Unable to open Service Control Manager database on
\\\SPONGEBOB:


Find Remote Registry ("remoteregistry")
Checking \\DELBOY...Checking \\SPONGEBOB...Unable to open Service Control
Manager database on \\\SPONGEBOB:
No active service named remoteregistry found.


Find Server ("server")
Checking \\DELBOY...Found server on:
\\DELBOY
Checking \\SPONGEBOB...Unable to open Service Control Manager database on
\\\SPONGEBOB:


Find WF / ICS ("sharedaccess")
Checking \\DELBOY...Found sharedaccess on:
\\DELBOY
Checking \\SPONGEBOB...Unable to open Service Control Manager database on
\\\SPONGEBOB:


Find Workstation ("workstation")
Checking \\DELBOY...Found workstation on:
\\DELBOY
Checking \\SPONGEBOB...Unable to open Service Control Manager database on
\\\SPONGEBOB:

End CPSServ V1.02 - DELBOY


Thanks for your continued interest and assistance.

 

[Guest]

Update:

Changed restrictanonymous on DESKTOP - can now browse shares on DESKTOP from
LAPTOP.

Re-ran all diags - output follows:

From LAPTOP/DELBOY:

Calling NetServerEnum to enumerate WFW servers.
0 WFW servers returned. 0 total.
There are WFW servers with an active Browser.


Status for domain HUNTS on transport
\Device\NetBT_Tcpip_{54AECA94-1407-4CE6-B19C-381AA11519F5}
Browsing is active on domain.
Master browser name is: SPONGEBOB
Could not connect to registry, error = 53 Unable to determine build
of browser master: 53
\\\\SPONGEBOB . Version:05.01 Flags: 71203 NT POTENTIAL BACKUP
MASTER
1 backup servers retrieved from master SPONGEBOB
\\SPONGEBOB
There are 2 servers in domain HUNTS on transport
\Device\NetBT_Tcpip_{54AECA94-1407-4CE6-B19C-381AA11519F5}
There are 1 domains in domain HUNTS on transport
\Device\NetBT_Tcpip_{54AECA94-1407-4CE6-B19C-381AA11519F5}
CDiagnosis V1.40
Start diagnosis for DELBOY
Full Targets SPONGEBOB 192.168.1.100 DELBOY 192.168.1.101 127.0.0.1
192.168.1.1
Ping Targets www.yahoo.com

Over All Analysis

Enumerate Shares


Share name Resource Remark

-------------------------------------------------------------------------------
print$ C:\WINDOWS\system32\spool\drivers
Printer Drivers

IPC$ Remote IPC

Delboy Utility
C:\Utility
Temp C:\Temp
Printer OLFModem Spooled Print to this device to send a
fax
Printer2 LPT1: Spooled Intuit Internal Printer

The command completed successfully.


Adhoc Browser View

Server Name Remark

-------------------------------------------------------------------------------
\\DELBOY Mine. All Mine!

\\SPONGEBOB Sponge Bob

The command completed successfully.


Full Targets Analysis SPONGEBOB 192.168.1.100 DELBOY 192.168.1.101
127.0.0.1 192.168.1.1

Target SPONGEBOB

"DELBOY ping SPONGEBOB"


Pinging SPONGEBOB [192.168.1.100] with 32 bytes of data:

Reply from 192.168.1.100: bytes=32 time=6ms TTL=64
Reply from 192.168.1.100: bytes=32 time=3ms TTL=64
Reply from 192.168.1.100: bytes=32 time=3ms TTL=64
Reply from 192.168.1.100: bytes=32 time=3ms TTL=64

Ping statistics for 192.168.1.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 6ms, Average = 3ms

"DELBOY net view SPONGEBOB"

Shared resources at SPONGEBOB

Sponge Bob

Share name Type Used as Comment

-------------------------------------------------------------------------------
Basement Printer Print hp deskjet 845c
Spongebob Utility Disk
Temp Disk Z:
The command completed successfully.


Target 192.168.1.100

"DELBOY ping 192.168.1.100"


Pinging 192.168.1.100 with 32 bytes of data:

Reply from 192.168.1.100: bytes=32 time=1ms TTL=64
Reply from 192.168.1.100: bytes=32 time=5ms TTL=64
Reply from 192.168.1.100: bytes=32 time=6ms TTL=64
Reply from 192.168.1.100: bytes=32 time=1ms TTL=64

Ping statistics for 192.168.1.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 6ms, Average = 3ms

"DELBOY net view 192.168.1.100"

Shared resources at 192.168.1.100

Sponge Bob

Share name Type Used as Comment

-------------------------------------------------------------------------------
Basement Printer Print hp deskjet 845c
Spongebob Utility Disk
Temp Disk
The command completed successfully.


Target DELBOY

"DELBOY ping DELBOY"


Pinging Delboy [192.168.1.101] with 32 bytes of data:

Reply from 192.168.1.101: bytes=32 time<1ms TTL=128
Reply from 192.168.1.101: bytes=32 time<1ms TTL=128
Reply from 192.168.1.101: bytes=32 time<1ms TTL=128
Reply from 192.168.1.101: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.1.101:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

"DELBOY net view DELBOY"

Shared resources at DELBOY

Mine. All Mine!

Share name Type Used as Comment

-------------------------------------------------------------------------------
Delboy Utility Disk
Printer Print Print to this device to send a fax.
Printer2 Print Intuit Internal Printer
Temp Disk
The command completed successfully.


Target 192.168.1.101

"DELBOY ping 192.168.1.101"


Pinging 192.168.1.101 with 32 bytes of data:

Reply from 192.168.1.101: bytes=32 time<1ms TTL=128
Reply from 192.168.1.101: bytes=32 time<1ms TTL=128
Reply from 192.168.1.101: bytes=32 time<1ms TTL=128
Reply from 192.168.1.101: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.1.101:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

"DELBOY net view 192.168.1.101"

Shared resources at 192.168.1.101

Mine. All Mine!

Share name Type Used as Comment

-------------------------------------------------------------------------------
Delboy Utility Disk
Printer Print Print to this device to send a fax.
Printer2 Print Intuit Internal Printer
Temp Disk
The command completed successfully.


Target 127.0.0.1

"DELBOY ping 127.0.0.1"


Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

"DELBOY net view 127.0.0.1"

Shared resources at 127.0.0.1

Mine. All Mine!

Share name Type Used as Comment

-------------------------------------------------------------------------------
Delboy Utility Disk
Printer Print Print to this device to send a fax.
Printer2 Print Intuit Internal Printer
Temp Disk
The command completed successfully.


Target 192.168.1.1

"DELBOY ping 192.168.1.1"


Pinging 192.168.1.1 with 32 bytes of data:

Reply from 192.168.1.1: bytes=32 time=5ms TTL=64
Reply from 192.168.1.1: bytes=32 time=4ms TTL=64
Reply from 192.168.1.1: bytes=32 time=9ms TTL=64
Reply from 192.168.1.1: bytes=32 time=2ms TTL=64

Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 9ms, Average = 5ms

"DELBOY net view 192.168.1.1"


Ping Targets Analysis www.yahoo.com

Target www.yahoo.com

"DELBOY ping www.yahoo.com"

Ping request could not find host www.yahoo.com. Please check the name and
try again.

End diagnosis for DELBOY
Start CPSServ V1.02 - DELBOY

Find Computer Browser ("browser")
Checking \\DELBOY...Found browser on:
\\DELBOY
Checking \\SPONGEBOB...Unable to open Service Control Manager database on
\\\SPONGEBOB:


Find TCP/IP NetBIOS Helper ("lmhosts")
Checking \\DELBOY...Found lmhosts on:
\\DELBOY
Checking \\SPONGEBOB...Unable to open Service Control Manager database on
\\\SPONGEBOB:


Find Remote Registry ("remoteregistry")
Checking \\DELBOY...Checking \\SPONGEBOB...Unable to open Service Control
Manager database on \\\SPONGEBOB:
No active service named remoteregistry found.


Find Server ("server")
Checking \\DELBOY...Found server on:
\\DELBOY
Checking \\SPONGEBOB...Unable to open Service Control Manager database on
\\\SPONGEBOB:


Find WF / ICS ("sharedaccess")
Checking \\DELBOY...Found sharedaccess on:
\\DELBOY
Checking \\SPONGEBOB...Unable to open Service Control Manager database on
\\\SPONGEBOB:


Find Workstation ("workstation")
Checking \\DELBOY...Found workstation on:
\\DELBOY
Checking \\SPONGEBOB...Unable to open Service Control Manager database on
\\\SPONGEBOB:

End CPSServ V1.02 - DELBOY

Windows IP Configuration

Host Name . . . . . . . . . . . . : Delboy
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1470 Dual Band
WLAN Mini-PCI Card
Physical Address. . . . . . . . . : 00-14-A5-4B-A8-78
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.100
DNS Servers . . . . . . . . . . . : 192.168.1.100

Server Name \\DELBOY
Server Comment Mine. All Mine!

Software version Windows 2002
Server is active on
NetbiosSmb (000000000000)
NetBT_Tcpip_{54AECA94-1407-4CE6-B19C-381AA11519F5} (0014a54ba878)


Server hidden No
Maximum Logged On Users 5
Maximum open files per session 16384

Idle session time (min) 15
The command completed successfully.

Computer name \\DELBOY
Full Computer name Delboy
User name Julie Hunt

Workstation active on
NetbiosSmb (000000000000)
NetBT_Tcpip_{54AECA94-1407-4CE6-B19C-381AA11519F5} (0014A54BA878)

Software version Windows 2002

Workstation domain HUNTS
Workstation Domain DNS Name (null)
Logon domain DELBOY

COM Open Timeout (sec) 0
COM Send Count (byte) 16
COM Send Timeout (msec) 250
The command completed successfully.

From DESKTOP/SPONGEBOB:

Calling NetServerEnum to enumerate WFW servers.
0 WFW servers returned. 0 total.
There are WFW servers with an active Browser.


Status for domain HUNTS on transport
\Device\NetBT_Tcpip_{4A3C76CD-31A7-4560-9D0F-A9C56B300BD7}
Browsing is active on domain.
Master browser name is: SPONGEBOB
Master browser is running build 2600
1 backup servers retrieved from master SPONGEBOB
\\SPONGEBOB
There are 2 servers in domain HUNTS on transport
\Device\NetBT_Tcpip_{4A3C76CD-31A7-4560-9D0F-A9C56B300BD7}
There are 1 domains in domain HUNTS on transport
\Device\NetBT_Tcpip_{4A3C76CD-31A7-4560-9D0F-A9C56B300BD7}


Status for domain HUNTS on transport
\Device\NetBT_Tcpip_{EFEE3D0F-E3D8-4C31-9C84-77D4DD1FC7B3}
Browsing is NOT active on domain.
Master name cannot be determined from GetAdapterStatus.
CDiagnosis V1.40
Start diagnosis for SPONGEBOB
Full Targets SPONGEBOB 192.168.1.100 DELBOY 192.168.1.101 127.0.0.1
192.168.1.1
Ping Targets www.yahoo.com

Over All Analysis

Enumerate Shares


Share name Resource Remark

-------------------------------------------------------------------------------
print$ C:\WINDOWS\System32\spool\drivers
Printer Drivers

IPC$ Remote IPC

Spongebob Utility
C:\Utility
Temp C:\Temp
Basement Printer
USB002 Spooled hp deskjet 845c

The command completed successfully.


Adhoc Browser View

Server Name Remark

-------------------------------------------------------------------------------
\\DELBOY Mine. All Mine!

\\SPONGEBOB Sponge Bob

The command completed successfully.


Full Targets Analysis SPONGEBOB 192.168.1.100 DELBOY 192.168.1.101
127.0.0.1 192.168.1.1

Target SPONGEBOB

"SPONGEBOB ping SPONGEBOB"


Pinging SpongeBob [192.168.1.100] with 32 bytes of data:

Reply from 192.168.1.100: bytes=32 time<1ms TTL=64
Reply from 192.168.1.100: bytes=32 time<1ms TTL=64
Reply from 192.168.1.100: bytes=32 time<1ms TTL=64
Reply from 192.168.1.100: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.1.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

"SPONGEBOB net view SPONGEBOB"

Shared resources at SPONGEBOB

Sponge Bob

Share name Type Used as Comment

-------------------------------------------------------------------------------
Basement Printer Print hp deskjet 845c
Spongebob Utility Disk
Temp Disk
The command completed successfully.


Target 192.168.1.100

"SPONGEBOB ping 192.168.1.100"


Pinging 192.168.1.100 with 32 bytes of data:

Reply from 192.168.1.100: bytes=32 time<1ms TTL=64
Reply from 192.168.1.100: bytes=32 time<1ms TTL=64
Reply from 192.168.1.100: bytes=32 time<1ms TTL=64
Reply from 192.168.1.100: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.1.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

"SPONGEBOB net view 192.168.1.100"

Shared resources at 192.168.1.100

Sponge Bob

Share name Type Used as Comment

-------------------------------------------------------------------------------
Basement Printer Print hp deskjet 845c
Spongebob Utility Disk
Temp Disk
The command completed successfully.


Target DELBOY

"SPONGEBOB ping DELBOY"


Pinging DELBOY [192.168.1.101] with 32 bytes of data:

Reply from 192.168.1.101: bytes=32 time=64ms TTL=128
Reply from 192.168.1.101: bytes=32 time=101ms TTL=128
Reply from 192.168.1.101: bytes=32 time=31ms TTL=128
Reply from 192.168.1.101: bytes=32 time=28ms TTL=128

Ping statistics for 192.168.1.101:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 28ms, Maximum = 101ms, Average = 56ms

"SPONGEBOB net view DELBOY"

Shared resources at DELBOY

Mine. All Mine!

Share name Type Used as Comment

-------------------------------------------------------------------------------
Delboy Utility Disk
Printer Print Print to this device to send a fax.
Printer2 Print Intuit Internal Printer
Temp Disk
The command completed successfully.


Target 192.168.1.101

"SPONGEBOB ping 192.168.1.101"


Pinging 192.168.1.101 with 32 bytes of data:

Reply from 192.168.1.101: bytes=32 time<1ms TTL=128
Reply from 192.168.1.101: bytes=32 time=24ms TTL=128
Reply from 192.168.1.101: bytes=32 time=24ms TTL=128
Reply from 192.168.1.101: bytes=32 time=22ms TTL=128

Ping statistics for 192.168.1.101:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 24ms, Average = 17ms

"SPONGEBOB net view 192.168.1.101"

Shared resources at 192.168.1.101

Mine. All Mine!

Share name Type Used as Comment

-------------------------------------------------------------------------------
Delboy Utility Disk
Printer Print Print to this device to send a fax.
Printer2 Print Intuit Internal Printer
Temp Disk
The command completed successfully.


Target 127.0.0.1

"SPONGEBOB ping 127.0.0.1"


Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

"SPONGEBOB net view 127.0.0.1"

Shared resources at 127.0.0.1

Sponge Bob

Share name Type Used as Comment

-------------------------------------------------------------------------------
Basement Printer Print hp deskjet 845c
Spongebob Utility Disk
Temp Disk
The command completed successfully.


Target 192.168.1.1

"SPONGEBOB ping 192.168.1.1"


Pinging 192.168.1.1 with 32 bytes of data:

Reply from 192.168.1.1: bytes=32 time=1ms TTL=64
Reply from 192.168.1.1: bytes=32 time=1ms TTL=64
Reply from 192.168.1.1: bytes=32 time=2ms TTL=64
Reply from 192.168.1.1: bytes=32 time=1ms TTL=64

Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms

"SPONGEBOB net view 192.168.1.1"


Ping Targets Analysis www.yahoo.com

Target www.yahoo.com

"SPONGEBOB ping www.yahoo.com"

Ping request could not find host www.yahoo.com. Please check the name and
try again.

End diagnosis for SPONGEBOB
Start CPSServ V1.02 - SPONGEBOB

Find Computer Browser ("browser")
Checking \\DELBOY...Unable to open Service Control Manager database on
\\\DELBOY:
Checking \\SPONGEBOB...Found browser on:
\\SPONGEBOB


Find TCP/IP NetBIOS Helper ("lmhosts")
Checking \\DELBOY...Unable to open Service Control Manager database on
\\\DELBOY:
Checking \\SPONGEBOB...Found lmhosts on:
\\SPONGEBOB


Find Remote Registry ("remoteregistry")
Checking \\DELBOY...Unable to open Service Control Manager database on
\\\DELBOY:
Checking \\SPONGEBOB... No active service named remoteregistry found.


Find Server ("server")
Checking \\DELBOY...Unable to open Service Control Manager database on
\\\DELBOY:
Checking \\SPONGEBOB...Found server on:
\\SPONGEBOB


Find WF / ICS ("sharedaccess")
Checking \\DELBOY...Unable to open Service Control Manager database on
\\\DELBOY:
Checking \\SPONGEBOB...Found sharedaccess on:
\\SPONGEBOB


Find Workstation ("workstation")
Checking \\DELBOY...Unable to open Service Control Manager database on
\\\DELBOY:
Checking \\SPONGEBOB...Found workstation on:
\\SPONGEBOB

End CPSServ V1.02 - SPONGEBOB

Windows IP Configuration

Host Name . . . . . . . . . . . . : SpongeBob
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated
Controller
Physical Address. . . . . . . . . : 00-0B-DB-B5-94-CE
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Lease Obtained. . . . . . . . . . : Wednesday, April 19, 2006
6:57:52 PM
Lease Expires . . . . . . . . . . : Thursday, April 20, 2006 6:57:52
PM

PPP adapter EarthLink (e-mail address removed):

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 63.156.210.116
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 63.156.210.116
DNS Servers . . . . . . . . . . . : 207.69.188.185
207.69.188.186

Server Name \\SPONGEBOB
Server Comment Sponge Bob

Software version Windows 2002
Server is active on
NetbiosSmb (000000000000)
NetBT_Tcpip_{4A3C76CD-31A7-4560-9D0F-A9C56B300BD7} (000bdbb594ce)
NetBT_Tcpip_{EFEE3D0F-E3D8-4C31-9C84-77D4DD1FC7B3} (005345000000)


Server hidden No
Maximum Logged On Users 5
Maximum open files per session 16384

Idle session time (min) 15
The command completed successfully.

Computer name \\SPONGEBOB
Full Computer name SpongeBob
User name Manager

Workstation active on
NetbiosSmb (000000000000)
NetBT_Tcpip_{4A3C76CD-31A7-4560-9D0F-A9C56B300BD7} (000BDBB594CE)
NetBT_Tcpip_{EFEE3D0F-E3D8-4C31-9C84-77D4DD1FC7B3} (005345000000)

Software version Windows 2002

Workstation domain HUNTS
Workstation Domain DNS Name (null)
Logon domain SPONGEBOB

COM Open Timeout (sec) 0
COM Send Count (byte) 16
COM Send Timeout (msec) 250
The command completed successfully.

 

[Chuck]

Update:

Changed restrictanonymous on DESKTOP - can now browse shares on DESKTOP from
LAPTOP.

Re-ran all diags - output follows:

<Big SNIP>

Well, restrictanonymous was the most likely problem, so I'm glad you found that.
The CDiags look normal, WRT file sharing. Don't know about your DNS problem
("could not find host www.yahoo.com") - let's look at "ipconfig /all" for that.
Do you have any other observed problems now?

 

[Guest]

svchost still goes to 100% CPU on the desktop (SPONGEBOB) when the dial-up
connection to the Internet is connected. Maybe the cause of "could not find
host www.yahoo.com" on the laptop (DELBOY). I can ping the outside world
sometimes from the laptop, usually only 3 of 4 (75%) successful though.

It takes a long time for the shared Internet connection to show up as
'connected' on the laptop (via control panel/network connections) - I assume
that this is because of the CPU situation on the desktop.

Still don't automatically get 'Entire Network’', ‘Microsoft Terminal
Services’, ‘Microsoft Windows Network’ and ‘Web Client Network’ displayed via
on 'My Network Places' on the laptop.

By the way, the 'Could not connect to registry, error = 53 - Unable to
determine build of browser master: 53 - Unable to determine server
information for browser master: 5' and 'Unable to open Service Control
Manager database on' messages are nothing to worry about?

Thank you for your help thus far.

 

[Chuck]

svchost still goes to 100% CPU on the desktop (SPONGEBOB) when the dial-up
connection to the Internet is connected. Maybe the cause of "could not find
host www.yahoo.com" on the laptop (DELBOY). I can ping the outside world
sometimes from the laptop, usually only 3 of 4 (75%) successful though.

It takes a long time for the shared Internet connection to show up as
'connected' on the laptop (via control panel/network connections) - I assume
that this is because of the CPU situation on the desktop.

Still don't automatically get 'Entire Network’', ‘Microsoft Terminal
Services’, ‘Microsoft Windows Network’ and ‘Web Client Network’ displayed via
on 'My Network Places' on the laptop.

By the way, the 'Could not connect to registry, error = 53 - Unable to
determine build of browser master: 53 - Unable to determine server
information for browser master: 5' and 'Unable to open Service Control
Manager database on' messages are nothing to worry about?

Thank you for your help thus far.

Glad to help - this is a learning experience for me too.

To start from the last, both the "Unable to determine server information for
browser master: 53" and "Unable to open Service Control Manager database" are
consequences of using a Windows XP Home computer as a server. The first is from
XP Home not providing remote registry access, the second is from XP Home not
providing networked administrative access. Both are annoying, but neither is
anything to worry about.

Now the lack of administrative access does prevent us from using CPSServ for
relational analysis, but CDiag did that one quite well, and congrats on setting
that up perfectly, seeing it eliminated a few possibilities.

The next step is to find out what svchost.exe is using up the CPU. Get Process
Explorer (free) from SysInternals, and run it.
<http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#ProcessExplorer>
http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#ProcessExplorer

Configure Process Explorer. Under View - Select Columns, on the Process
Performance tab, select CPU History and CPU Usage. You can click on any column
heading in the PE display to sort by that column. This will make it easy to
observe which process (which instance of svchost.exe) is hogging the CPU.

When you find the hog, right click on it and select Properties. On the Services
tab, you'll have a list. You can't copy and paste from the display , so
just type the names, in the Service column, here please.

 

[Guest]

Here is the services list for the svchost.exe CPU hog:

AudioSrv
Browser
CryptSvc
Dhcp
ERSrv
EventSystem
helpsvc
lanmanserver
lanmanworkstation
Netman
Nla
RasAuto
RasMan
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
srservice
Tapisrv
Themes
TrlWks
W32time
Winmgmt
Wscsvc
WZCSVC

 

[Chuck]

Here is the services list for the svchost.exe CPU hog:

AudioSrv
Browser
CryptSvc
Dhcp
ERSrv
EventSystem
helpsvc
lanmanserver
lanmanworkstation
Netman
Nla
RasAuto
RasMan
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
srservice
Tapisrv
Themes
TrlWks
W32time
Winmgmt
Wscsvc
WZCSVC

Of course it would be the instance with the most services. Simple probability
theory would say that.

Look at the Threads tab, right next to Services. See what Start Address is the
CPU hog. The .dll name should match up to a .dll in the Services list. Should
give us the problem service, and that will be a good start.

 

[Guest]

Look at the Threads tab, right next to Services. See what Start Address is
the

CPU hog. The .dll name should match up to a .dll in the Services list. Should
give us the problem service, and that will be a good start.

It pretty much alternates between something like this:

17% ntdll.dll!RtlQueueWorkItem+0x2b5
14% ntdll.dll!wcsncpy+0x3b
10% ntdll.dll!RtlAllocateHeap+0x18c
10% ntdll.dll!RtlAllocateHeap+0x18c
10% ntdll.dll!RtlAllocateHeap+0x18c
10% ntdll.dll!RtlAllocateHeap+0x18c
8% ntdll.dll!RtlAllocateHeap+0x18c
6% ntdll.dll!RtlAllocateHeap+0x18c
6% ntdll.dll!RtlAllocateHeap+0x18c
5% ntdll.dll!wcsncpy+0x3b

and something like this:

19% ntdll.dll!RtlAllocateHeap+0x18c
17% ntdll.dll!RtlAllocateHeap+0x18c
12% ntdll.dll!RtlAllocateHeap+0x18c
10% ntdll.dll!RtlQueueWorkItem+0x2b5
8% ntdll.dll!wcsncpy+0x3b
7% ntdll.dll!wcsncpy+0x3b
6% ntdll.dll!RtlAllocateHeap+0x18c

 

[Chuck]

It pretty much alternates between something like this:

17% ntdll.dll!RtlQueueWorkItem+0x2b5
14% ntdll.dll!wcsncpy+0x3b
10% ntdll.dll!RtlAllocateHeap+0x18c
10% ntdll.dll!RtlAllocateHeap+0x18c
10% ntdll.dll!RtlAllocateHeap+0x18c
10% ntdll.dll!RtlAllocateHeap+0x18c
8% ntdll.dll!RtlAllocateHeap+0x18c
6% ntdll.dll!RtlAllocateHeap+0x18c
6% ntdll.dll!RtlAllocateHeap+0x18c
5% ntdll.dll!wcsncpy+0x3b

and something like this:

19% ntdll.dll!RtlAllocateHeap+0x18c
17% ntdll.dll!RtlAllocateHeap+0x18c
12% ntdll.dll!RtlAllocateHeap+0x18c
10% ntdll.dll!RtlQueueWorkItem+0x2b5
8% ntdll.dll!wcsncpy+0x3b
7% ntdll.dll!wcsncpy+0x3b
6% ntdll.dll!RtlAllocateHeap+0x18c

OK, RtlAllocateHeap+0x18c seems to be a symptom. One of the processes there
probably has a memory leak. Let's see if we can find out anything useful here;
if not, I'll refer you to malware analysis.

Back to Process Explorer. Add columns Private Bytes and Working Set Size under
tab Process Memory. Sort by Private Bytes, and see what shows up at the top.

And just for background, if you look at System Information, what are the 5
metrics under Commit Charge, and the 3 under Physical Memory?

Just for curiosity, did you type the thread CPU information by hand, or is there
a hidden copy and paste in Process Explorer that I haven't found?

 

[Guest]

Back to Process Explorer. Add columns Private Bytes and Working Set Size
under

tab Process Memory. Sort by Private Bytes, and see what shows up at the top.

Surprise, its svchost with 20.908 k private bytes and 30.428 working set size.

And just for background, if you look at System Information, what are the 5
metrics under Commit Charge, and the 3 under Physical Memory?

Commit Charge
Current: 216,680
Limit: 2,469,052
Peak: 584,244
Peak/Limit: 23.66%
Current/Limit: 8.74%

Physical Memory
Total: 1,308,672
Available: 913,100
System Cache: 734,532

Just for curiosity, did you type the thread CPU information by hand, or is there
a hidden copy and paste in Process Explorer that I haven't found?

Print Screen, paste into Paint, type into Notepad. Sorry.

Chuck, I sure appreciate your sticking with me on this. The laptop was a
triple
resent for the wife - 24th anniversary, birthday, and Mother's Day - poor
girl is dissapointed that she can't surf the web upstairs.

 

[Chuck]

Surprise, its svchost with 20.908 k private bytes and 30.428 working set size.


Commit Charge
Current: 216,680
Limit: 2,469,052
Peak: 584,244
Peak/Limit: 23.66%
Current/Limit: 8.74%

Physical Memory
Total: 1,308,672
Available: 913,100
System Cache: 734,532


Print Screen, paste into Paint, type into Notepad. Sorry.

Chuck, I sure appreciate your sticking with me on this. The laptop was a
triple
resent for the wife - 24th anniversary, birthday, and Mother's Day - poor
girl is dissapointed that she can't surf the web upstairs.

Well, let's keep at it then. I'm learning as I do this, my pleasure.

So svchost.exe is the memory hog at 21K?? On a 1.3G system, 21K is a drop in
the bucket. My system is 786M, and I generally don't notice any problems til
Firefox (my memory hog) goes over 150K private bytes. Right now FF is at 73K /
83K, and everything is humming.

Your commit limit (physical + virtual memory) is 2.5G. You're at 217M, 9%.
IOW, nowhere. My system runs 10 - 15% just on auto loaded software.

So why is your system flapping on allocating memory?

How long has the system been up? How long do you typically go between restarts?

Let's go back to the "ipconfig /all" logs. Why is DHCP disabled on Delboy, and
why is it using SpongeBob as default gateway? Enable DHCP please.

From LAPTOP:

Windows IP Configuration

Host Name . . . . . . . . . . . . : Delboy
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1470 Dual Band
WLAN Mini-PCI Card
Physical Address. . . . . . . . . : 00-14-A5-4B-A8-78
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.100
DNS Servers . . . . . . . . . . . : 192.168.1.100

From DESKTOP:

Windows IP Configuration

Host Name . . . . . . . . . . . . : SpongeBob
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated
Controller
Physical Address. . . . . . . . . : 00-0B-DB-B5-94-CE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Lease Obtained. . . . . . . . . . : Monday, April 17, 2006 5:00:12 PM
Lease Expires . . . . . . . . . . : Tuesday, April 18, 2006 5:00:12 PM

If we don't start heading somewhere useful from the above reasonings, we have to
start looking at malware. What antivirus / anti spyware do you use? Does it
get updated regularly? Do you scan regularly?
<http://nitecruzr.blogspot.com/2005/05/dealing-with-malware-adware-spyware.html>
http://nitecruzr.blogspot.com/2005/05/dealing-with-malware-adware-spyware.html

When you get to HijackThis and the HJT log analysis, I'd like you to post in the
DSLR Security Analysis forum. Read the FAQs, and do initial cleanup before
posting.
<http://www.dslreports.com/forum/cleanup>
http://www.dslreports.com/forum/cleanup

I'd like to get to the bottom of this almost as much as you, so keep at it.

 

[Guest]

I use Spybot S&D on both PCs. Updated at least once per week. Full scan
nightly. Also run the S&D Resident Tea Timer.

I also run Symantec Anitvirus corporate on both PCs (our license at work
allows us to use it at home). Updated at least once per week. Full scan
nightly.

Should I try a scan with the 100% CPU problem 'on'?

I went ahead and changed Delboy back to DHCP like you asked, but now Delboy
can't 'see' the shared Internet connection on Spongebob. Pretty much
eliminates the problem because Delboy can't even try to connect to the
Internet - that's why i had Spongebob set up as Delboy's gateway.

If I'm slow responding for a day or two its because a cut my phone line with
the post hole digger on my tractor yesterday.

Regards,
Jordan

 

[Chuck]

I use Spybot S&D on both PCs. Updated at least once per week. Full scan
nightly. Also run the S&D Resident Tea Timer.

I also run Symantec Anitvirus corporate on both PCs (our license at work
allows us to use it at home). Updated at least once per week. Full scan
nightly.

Should I try a scan with the 100% CPU problem 'on'?

I went ahead and changed Delboy back to DHCP like you asked, but now Delboy
can't 'see' the shared Internet connection on Spongebob. Pretty much
eliminates the problem because Delboy can't even try to connect to the
Internet - that's why i had Spongebob set up as Delboy's gateway.

If I'm slow responding for a day or two its because a cut my phone line with
the post hole digger on my tractor yesterday.

Regards,
Jordan

Jordan,

I hate to be pessimistic and vague here, but there are some security discussions
about new malware that will attack you, and neither NAV / SAV nor Spybot / Tea
Timer will protect you against. And Microsoft has started advising "flatten and
pave" for some infestations.

The bad guys are VERY well paid, and they are getting smarter.

I'm against "flatten and pave" as a standard policy though. Rhetorical
questions here.
# If you "flatten and pave" without investigation, how are you going to learn
from your mistakes?
# How are you going to figure out which computer is the problem? Do you intend
to "flatten and pave" the whole LAN?

Don't you just hate it when real life interferes with virtual life?

Put Delboy on DHCP, and let's do some investigation from there. Specifying
SpongeBob ("192.168.1.101") as the default gateway isn't going to work. The
default gateway has to be a router. I'm actually a little bummed that I didn't
spot THAT back on 4/18.

OK, nothing interesting yet.
# IP configurations are clean - same subnet, node type Hybrid is good.
# Browstats are clean - same workgroup, both computers visible from each other.
# No gratuitous protocols or transports identified.

You have to start from a standard point, and work from there. DHCP is a
standard starting point. If SpongeBob gets DHCP and can work, figure out why
Delboy won't. Workarounds (like using static assignments) just confuse the
issue. Let's fix the problems.

 

[Guest]

OK, I'll make sure both Spongebob and Delboy are set for 'auto IP' and 'auto
DNS'.

Question - should the router be configured to be the DHCP Server or should I
turn this feature off?

If I do, where will the PCs get addresses?

 

[Chuck]

OK, I'll make sure both Spongebob and Delboy are set for 'auto IP' and 'auto
DNS'.

Question - should the router be configured to be the DHCP Server or should I
turn this feature off?

If I do, where will the PCs get addresses?

If the router is connected to the Internet, it's the default gateway. Having it
provide DHCP makes sense, though it's not necessary. The router is the default
gateway, DHCP server, and DNS server for SpongeBob, so if you set Delboy to use
DHCP, it should get DHCP from the router too. Just make sure that there's only
1 DHCP server on the LAN.