Riddle me this, part 2

[slate_leeper]

In answer to your questions:

1) I am using SP2 because I have downloaded SP3 from Microsoft twice,
installed it three times apparently successfully, and each time the
system will no longer reboot after installation.

2) I have DNS Client service turned off because I have a large hosts
file (MVPS plus my own additions), and many - including some on this
news group - have recommended turning it off under those
circumstances.

3) I posted the question in this news group because something turned
DNS Client service back on. Not me. I thought the cause might be a
trojan or virus that someone here might be familiar with,

Sorry to have bothered you.

-dan z-





--
Protect your civil rights!
Let the politicians know how you feel.
Join or donate to the NRA today!
http://membership.nrahq.org/default....ignid=XR014887

The true measure of a people's freedom is whether they are armed or not. - Aristotle
http://www.davekopel.com/2a/Foreign/...the-greeks.htm

[David H. Lipman]

From: "slate_leeper" <bycy-r0bj@spamex.com>

> In answer to your questions:
>
> 1) I am using SP2 because I have downloaded SP3 from Microsoft twice,
> installed it three times apparently successfully, and each time the
> system will no longer reboot after installation.
>
> 2) I have DNS Client service turned off because I have a large hosts
> file (MVPS plus my own additions), and many - including some on this
> news group - have recommended turning it off under those
> circumstances.
>
> 3) I posted the question in this news group because something turned
> DNS Client service back on. Not me. I thought the cause might be a
> trojan or virus that someone here might be familiar with,
>
> Sorry to have bothered you.
>
> -dan z-
>
>
>

You should have replied in your original thread posted 2/18, not create a new one!


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

[VanguardLH]

slate_leeper wrote:

> In answer to your questions:

What questions? You started a whole NEW thread. You did not reply to
your original thread. Your new thread disconnects itself from all the
replies in your old thread.

Hit the Reply button/key when you want to reply to an existing thread.
http://www.forteinc.com/agent/faq.ph...257033005EA3B0

For now, and because you started a NEW thread, I'll flag your old thread
as ignored (and hidden) and just watch this one.

> 1) I am using SP2 because I have downloaded SP3 from Microsoft twice,
> installed it three times apparently successfully, and each time the
> system will no longer reboot after installation.

You're starting from an unknown polluted state. With all the additional
drivers and software you've installed in your SP-2 setup, there is
conflict with the SP-3 update. Perhaps it won't reboot in normal mode
but you don't state that it won't reboot in Safe Mode (and then go look
at the Event Viewer to see what errored).

I bet if you flattened your computer to start with a fresh install of
whatever original legit version of Windows XP, used the latest (and
appropriate) drivers for your hardware, and then followed with ONLY the
SP-2 and SP-3 and then with Windows Updates that it would all work okay.

I might've suggested rebooting into Windows' Safe Mode (with networking)
to see if enabling the DNS Client service would still result in blocked
networking; however, I suspect Safe Mode with it disabling non-critical
services (along with disabling most startup items) would mean the DNS
Client service wouldn't be running under Safe Mode even if you had
enabled it.

> 2) I have DNS Client service turned off because I have a large hosts
> file (MVPS plus my own additions), and many - including some on this
> news group - have recommended turning it off under those
> circumstances.

The recommendation of disabling the DNS Client service is because the
MVPs 'hosts' file is so huge (over 16,000 lines). That in itself
results in a delay for the DNS lookup procedure. Turning off the DNS
client eliminate another local delay simply not to add the delay already
incurred with a huge 'hosts' file. The lookup from the 'hosts' file is
linear: starts from top and goes to bottom of the list and even has to
scan past comment lines. It isn't a database of records that can be
search in a binary algorithm. The longer the list the longer it takes
to scan through it.

Disabling the DNS Client service is to compensate for the delay in using
a huge 'hosts' file. "in most cases a large HOSTS file (over 135 kb)
tends to slow down the machine" (http://winhelp2002.mvps.org/hosts.htm).
The MVPs 'hosts' file is now at 610KB in size: 4.5 times what the
authors say is a big 'hosts' file.

Disabling the DNS Client service /might/ speed up the DNS lookup process
(by eliminating having to do the lookup in the local cache). Of course,
if the hostname being looked up isn't in the hosts file (which gets
linearly searched first) and the local cache isn't used to find it (it
could be there) then your computer has to perform the longer DNS lookup
process by issuing a request on port 53 to an external host for the DNS
server (and may fail the lookup and have to push the request further up
the chain, maybe all the way up to the nameserver for the domain).
Rather than disable the DNS Client service, better is to tweak its
settings so positive cached entries aren't stored for so long and
negative cached entries (failed lookups) don't sit around too long which
could mislead you into thinking a site isn't available. MS KB article
318803 notes the registry settings for the DNS client's positive and
negative caching settings.

The defaults for TTL (time to live) for the DNS Client are:
- Positive cached results (DNS lookup succeeded), MaxCacheTTL:
86,400 seconds (1 day).
- Negative cached results (DNS lookup failed), MaxNegativeCacheTTL:
900 seconds (15 minutes)

These are way too long. When visiting, revisiting, and navigating
around a site, it is highly unlikely that you'll be there constantly for
an entire 24 hours. On a failed lookup, it will continue to fail for
that 15 minute default period even if the DNS server has been updated
since then (you keep seeing the DNS failure although an entry now exists
at the server). I changed mine to:

MaxCacheTTL = 900 seconds
MaxNegativeCacheTTL = 300 seconds

I know some wizards that set MaxNegativeCacheTTL to zero. I don't
usually spend more than 15 minutes at a web site and, if I do, the time
for another DNS lookup to then cache that domain again is pretty short
for 1 lookup for another 15 minutes. Make it 1800 seconds (30 minutes)
if you daddle at web sites for longer.

However, it appears that enabling the DNS Client generates a conflict
with something else you are running and even short TTLs on the positive
and negative caching limits would probably still cause problems. Have
you tried using msconfig.exe to disable all startup items (and perhaps
any unnecessary services that are currently set to Automatic mode)?
You'll have to ensure any 3rd party firewall, 3rd party anti-virus, and
any other 3rd party security programs will be disabled on reloading
Windows to test if DNS Client still causes blockage of network access.

Some security products will actually disable the DNS Client. See
http://support.kaspersky.com/faq/?qid=208279773 for an example. If this
option is not enabled (to disable the DNS Client) then the DNS Client
will be running. So that a state change occurred for the DNS Client
service could be the result of how you configured some security program.
Since the installs of some security programs resume their defaults, an
update or new install of them will change back to their defaults and
again modify the prior setup.

> 3) I posted the question in this news group because something turned
> DNS Client service back on. Not me. I thought the cause might be a
> trojan or virus that someone here might be familiar with,

Not saying this is the cause but an update that touches the files or
service for DNS Client might've turned it on. After all, every time
there is an Office update that touches the Outlook component then you
get stuck with a shortcut to Outlook getting put back in the QuickLaunch
toolbar.

Also, you don't mention the environ in which your host is operating. Is
it in a corporate network? If so, and if your host is part of their
domain, then they can push policies onto your host and that can include
the state of services on your host. Their policies can override your
configuration of services on your host. Policies are settings stored in
the registry. Policies are pushed when you logon. As long as you stay
logged on then any registry changes you made (which requires local admin
privileges on your host), like disabling a service, will remain in
effect. When you logoff and log back on then policies get pushed onto
your host again.

[Stephen Wolstenholme]

On Mon, 27 Feb 2012 09:43:35 -0600, VanguardLH <V@nguard.LH> wrote:

>
>For now, and because you started a NEW thread, I'll flag your old thread
>as ignored (and hidden) and just watch this one.

Many people won't watch either threads.

Steve

--
Neural network software applications, help and support.

Neural Network Software. http://www.npsl1.com
EasyNN-plus. Neural Networks plus. http://www.easynn.com
SwingNN. Forecast with Neural Networks. http://www.swingnn.com
JustNN. Just Neural Networks. http://www.justnn.com

[VanguardLH]

Stephen Wolstenholme wrote:

> Many people won't watch either threads.

Especially when using a deliberately vague Subject header.

> --
> Neural network software applications, help and support.
<snipped rest of spam signature>

Please don't spam.

[Stephen Wolstenholme]

On Mon, 27 Feb 2012 14:04:32 -0600, VanguardLH <V@nguard.LH> wrote:

>Stephen Wolstenholme wrote:
>
>> Many people won't watch either threads.
>
>Especially when using a deliberately vague Subject header.
>
>> --
>> Neural network software applications, help and support.
><snipped rest of spam signature>
>
>Please don't spam.

It's within my signature and my signature conforms with "standards"
available when I started on Usenet about 25 years ago. I'm not going
to change now!

Steve

--
Neural network software applications, help and support.

Neural Network Software. http://www.npsl1.com
EasyNN-plus. Neural Networks plus. http://www.easynn.com
SwingNN. Forecast with Neural Networks. http://www.swingnn.com
JustNN. Just Neural Networks. http://www.justnn.com

[David H. Lipman]

From: "Stephen Wolstenholme" <steve@npsl1.com>

> On Mon, 27 Feb 2012 14:04:32 -0600, VanguardLH <V@nguard.LH> wrote:
>
>> Stephen Wolstenholme wrote:
>>
>>> Many people won't watch either threads.
>>
>> Especially when using a deliberately vague Subject header.
>>
>>> --
>>> Neural network software applications, help and support.
>> <snipped rest of spam signature>
>>
>> Please don't spam.
>
> It's within my signature and my signature conforms with "standards"
> available when I started on Usenet about 25 years ago. I'm not going
> to change now!
>
> Steve
>
Actually I believe the "standards" are for 4 lines or less. However I am
not one to quibble about two extra lines. I have certainly seen worse and
VanguardLH is a wee bit overzealous on this subject matter.

OTH: I can't believe OpalTelecom/TalkTalk. They have a spammer known for
spamming bigbertha.com and they say it's not spam because the "spammer" says
its his signature. Too bad that so-called signature is his entire post and
doesn't even use a signature delimeter. { sigh }


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

[FromTheRafters]

slate_leeper wrote:
> In answer to your questions:
>
> 1) I am using SP2 because I have downloaded SP3 from Microsoft twice,
> installed it three times apparently successfully, and each time the
> system will no longer reboot after installation.

That could be caused by an Alureon infection IIRC.

[David H. Lipman]

From: "FromTheRafters" <erratic@nomail.afraid.org>

> slate_leeper wrote:
>> In answer to your questions:
>>
>> 1) I am using SP2 because I have downloaded SP3 from Microsoft twice,
>> installed it three times apparently successfully, and each time the
>> system will no longer reboot after installation.
>
> That could be caused by an Alureon infection IIRC.

It is conceivable if it was the 300+MB WinXP SP3 EXE file.
If it was through the Windows Update site, no. He would not have have been able to run
Windows Update and it would have failed with an error message thus he would not have
downloaded anything.


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

[Dustin]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:jih0gf016pv@news1.newsguy.com:

> From: "FromTheRafters" <erratic@nomail.afraid.org>
>
>> slate_leeper wrote:
>>> In answer to your questions:
>>>
>>> 1) I am using SP2 because I have downloaded SP3 from Microsoft
>>> twice, installed it three times apparently successfully, and each
>>> time the system will no longer reboot after installation.
>>
>> That could be caused by an Alureon infection IIRC.
>
> It is conceivable if it was the 300+MB WinXP SP3 EXE file.
> If it was through the Windows Update site, no. He would not have
> have been able to run Windows Update and it would have failed with an
> error message thus he would not have downloaded anything.
>
>

Could also be an intel/amd cpu issue. Without more details, have no real
way to help.


--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts