Results 1 to 7 of 7

Thread: Problems with windows firewall and safemode

  1. #1
    Junior Member
    Join Date
    Nov 2006
    Posts
    2

    Default Problems with windows firewall and safemode

    I have had problems with safemode for a long time. When I try to start my computer in safemode it reboots when it's supposed to enter the desktop (after the drivers are loaded).

    Recently I have had some problems with Windows firewall. I can't access its settings. When I open the firewall settings in the controll panel I just get the message "Due to an unindentified problem, Windows cannot display Windows firewall settings.". When i try to activate the firewall from Microsoft security center, i get the message "(...)go to Windows firewall in in Controll panel.(...)".

    I have had a lot of trojans lately, and find new ones almost every time i scan.
    I suspect that I may be infected with some kind of downloader and that this might be somehow related to the problems with safemode and Windows firewall.


    Logfile of HijackThis v1.99.1
    Scan saved at 23:00:05, on 03.11.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Motherboard Monitor 5\MBM5.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Billionton\Bluetooth-programvare\bin\btwdins.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Leo\Desktop\HijackThis\HjT.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = ?
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Avgntrmtaw - GRISOFT, s.r.o. - (no file)
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth-programvare\bin\btwdins.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    Last edited by tashi; 2006-11-04 at 01:20. Reason: Please do not post in other member's topics, thanks.

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello and sorry for the wait.

    If you have not resolved the problem, we do have this sticky topic:

    If you have waited four days for advice post here.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi

    Post a report from one or better yet both of these free online scanners


    Please run the F-Secure Online Scanner
    Note: This Scanner is for Internet Explorer Only!
    • Follow the Instruction Here for installation.
    • Accept the License Agreement.
    • Once the ActiveX installs,Click Full System Scan
    • Once the download completes,the scan will begin automatically.
    • The scan will take some time to finish,so please be patient.
    • When the scan completes, click the Automatic cleaning (recommended) button.
    • Click the Show Report button and Copy&Paste the entire report in your next reply.


    Panda ActiveScan-Free online scanner,
    http://www.pandasoftware.com/products/activescan.htm
    Do a full scan > Click the my computer button
    After the scan click see report then Save the report and post it back here please.
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

  4. #4
    Junior Member
    Join Date
    Nov 2006
    Posts
    2

    Default

    Here are the log from F-Secure Online Scanner.

    Scanning Report
    Monday, November 13, 2006 17:26:19 - 17:54:22

    Computer name: BEIST
    Scanning type: Scan system for viruses, rootkits, spyware
    Target: C:\ D:\
    Result: 0 malware found
    Statistics
    Scanned:

    * Files: 25844
    * System: 4228
    * Not scanned: 5

    Actions:

    * Disinfected: 0
    * Renamed: 0
    * Deleted: 0
    * None: 0
    * Submitted: 0

    Files not scanned:

    * C:\HIBERFIL.SYS
    * C:\PAGEFILE.SYS
    * C:\WINDOWS\SYSTEM32\DRIVERS\DTSCSI.SYS
    * C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
    * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

    Options
    Scanning engines:

    * F-Secure Libra: 2.4.2, 2006-11-13
    * F-Secure AVP: 7.0.171, 2006-11-13
    * F-Secure Orion: 1.2.37, 2006-11-13
    * F-Secure Blacklight: 1.0.31, 0000-00-00
    * F-Secure Draco: 1.0.35, 0260-02-44
    * F-Secure Pegasus: 1.19.0, 2006-08-29

    Scanning options:

    * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
    * Use Advanced heuristics

    Panda Activescan couldn't find any problems, and therefore didn't create a log.

    I have had complaints from my operator. They have limited my line to web-browsing only, because they consider my computer as dangerous. They have recived spam from this line, they say, but i can't find anything out of the ordinary on my computer=(

  5. #5
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Thanks

    Try Solution for Case 1: here for the firewall problems
    http://windowsxp.mvps.org/sharedaccess.htm

    Your Nero program could be causing problems getting to safe mode.
    Uninstall and get the latest version.
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    How is it going BEIST
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  7. #7
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    This topic has been archived.

    If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original topic starter.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •