system 32 & dhcp... values?

Since upgrading to the new version I get a range of alerts from hd\winnt\system32... all wanting to delete a key: hklm\system\controlset001\... and then affecting the following values:

• dhcpnameserver
• dhcpdomain
• dhcpsubnetmaskopt
• dhcpdomain
• dhcpdefaultgateway
• dhcpnameserver

and so on, seemingly repeating.

I am using RD as is without any rulesets - what should I do? Just blocking it does not seem to work, as it appears back at least upon reboot irrespective of the always button ticked.

 

Hi Beethoven,
can you tell us what app is trying to delete the values?

 

Sorry, services.exe

 

I'm not sure if you should allow it or not,What ver. of windows you running? In WinXP, svchost.exe deletes them (and i think adds them back). So yours could be legit,if your systems clean of malware etc.then i personally would allow it and see what happens (do a backup of your registry/or HD first though just in case).

That's just my opinion though so you might want to wait for someone to give you a definate answer.

 

This particular PC is running W2K - I noticed on another PC running XP that similar requests are coming from Svchost.exe?

 

Beethoven, I see the exact same behavior with my 2 XP computers here on the home LAN, by chance are your computers on a network? On my systems the entry times coincide with the IP address renewal from the DHCP server in the router. Could it be that you are seeing the same thing?

Followup:
I am now not so sure about what I said above. Looking at the RD log there are now entries for almost each hour of the day. So I am as confused as everyone else, why is svchost deleting/setting values to these keys on such a regular basis.

 

disciple - you are right, it's a LAN network. Right now I am only using one XP pc (the others are sleeping - it's weekend in Sydney
On this one I have allowed svchost.exe to do its work, so I don't get any alerts (though I am really not sure whether it is the right decision)

The other pc running the new RD is W2K and for this one services.exe will be asking once I start the pc. It usually goes through a cycle of alerts which I block and eventually falls silent. Can't say that I get the same alert during the day again.

Hopefully Jason or someone else has a bit more insight