Explorer tcp connections until crash[CLOSED]
Started by
lhdow
, Apr 29 2005 04:44 PM
#1
Posted 29 April 2005 - 04:44 PM
#2
Posted 07 May 2005 - 01:07 AM
Logfile of HijackThis v1.99.1
Scan saved at 5:46:58 PM, on 4/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\HPConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\RadioSvr.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\updates\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - _{6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file)
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {ECD07A28-FC4C-4DC1-8A9A-13EAA5FB7841} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ECD07A28-FC4C-4DC1-8A9A-13EAA5FB7841} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/notebooks/pavilion/e-center
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} (Diagmgr Class) - http://instantsuppor...DiagManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1114448703343
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O21 - SSODL: WyBfwPdN - {84AE118A-2E04-BB20-D3C9-77348BED0B97} - C:\WINDOWS\System32\yynml.dll
O21 - SSODL: NTDBGTOOL - {38684FF2-8AAF-4DD6-A35D-C500C4628E64} - C:\WINDOWS\System32\ieakview.dll
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Scan saved at 5:46:58 PM, on 4/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\HPConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\RadioSvr.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\updates\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - _{6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file)
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {ECD07A28-FC4C-4DC1-8A9A-13EAA5FB7841} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ECD07A28-FC4C-4DC1-8A9A-13EAA5FB7841} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/notebooks/pavilion/e-center
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} (Diagmgr Class) - http://instantsuppor...DiagManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1114448703343
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O21 - SSODL: WyBfwPdN - {84AE118A-2E04-BB20-D3C9-77348BED0B97} - C:\WINDOWS\System32\yynml.dll
O21 - SSODL: NTDBGTOOL - {38684FF2-8AAF-4DD6-A35D-C500C4628E64} - C:\WINDOWS\System32\ieakview.dll
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
#3
Posted 07 May 2005 - 01:08 AM
I'll brb!
#4
Posted 07 May 2005 - 01:19 AM
Well, you've got some kind of hijacker! The suspicious files I see appear to have random names. Will you please post a new HiJackThis log for me to make sure they've kept the same name?
#5
Posted 07 May 2005 - 09:58 AM
Well, I had a week to play with it. Here's the current status. System had had ivp6 installed, and backed out. I put it back, hoping for the updated firewall. no good. I then updated to XP SP2, and all subsequent patches. Firewall applet will still not start, so its still there. SP2 does limit the connections so its not as bad, but still there. I tried deleting the networking and recreating it (including regedit to remove lans 2-6) and just managed to irritate it. (caused a explorer fault and restart and it was back). New log attached. If you want the system backed out to SP1a, let me know.
Attached Files
#6
Posted 07 May 2005 - 10:49 AM
First, I need you to disable the Microsoft Antispyware program as it could interfere with cleaning your system. To disable the program, follow the instructions below:
1.) Right click on the Microsoft Antispyware tray icon (a little red and yellow circle looking thing)
2.) Click on Security Agents Status (Enabled)
3.) Click on Disable Real-time Protection.
Then, Please download the following programs but don't run them yet:
1) CWShredder - Download it and save it to your desktop.
2) Ad-Aware - Download, install, and update After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run a scan. Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
Reboot into Safe Mode.
Run CWShredder
-Next, click on the: ‘Fix’ button
-Follow the prompts, and press OK
Run Ad-Aware
Reconfigure Ad-Aware for Full Scan as per the following instructions:
In the Ad-Aware main window, click on the gear icon at the top of the screen to open the preferences window. In the "General" window, make sure the following options are selected:
1) Automatically save log-file
2) Automatically quarantine objects prior to removal
3) Safe Mode (always request confirmation)
Click the "Scanning" button on the left-hand side and make sure the following options are selected:
1) Scan within archives
2) Scan active processes
3) Scan registry
4) Deep scan registry
4) Scan my IE Favorites for banned URLs
5) Scan my Hosts file
Please also click on "Select drives & folders to scan" and select your hard drive(s). Then click the "Advanced" button on the left-hand side and make sure all the options under "Log-file Detail Level" are selected. Next, click the "Tweak" button on the left-hand side. Click on "Scanning Engine" and make sure the following options are selected:
1) Unload recognized processes & modules during scanning
2) Obtain command line of scanned processes
3) Scan registry for all users instead of current user only
Click on "Cleaning Engine" and make sure the following options are selected:
1) Always try to unload modules before deletion
2) During removal, unload Explorer and IE if necessary
3) Let Windows remove files in use at next reboot
4) Delete quarantined objects after restoring
Finally, click on "Safety Settings" and make sure the following options are selected:
1) Automatically select problematic objects in results lists
2) Write-protect system files after repair (Hosts file, etc)
Click on "Proceed" to save the preferences. Then please click the "Start" button on the bottom left side to begin a scan. Select "Use custom scanning options" and then click "Next". Ad-Aware will then scan for malware. When it is finished, make sure any objects listed in RED are selected and click "Next" to remove the objects.
Reboot into normal mode.
Make sure you are disconnected from the Internet and that all programs and windows are closed. Run HiJackThis and place a check next to the following items, if found, and click FIX CHECKED:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - _{6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {ECD07A28-FC4C-4DC1-8A9A-13EAA5FB7841} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ECD07A28-FC4C-4DC1-8A9A-13EAA5FB7841} - (no file) (HKCU)
O21 - SSODL: WyBfwPdN - {84AE118A-2E04-BB20-D3C9-77348BED0B97} - C:\WINDOWS\System32\yynml.dll
O21 - SSODL: NTDBGTOOL - {38684FF2-8AAF-4DD6-A35D-C500C4628E64} - C:\WINDOWS\System32\ieakview.dll
Close HiJackThis.
Delete these files, if found:
C:\WINDOWS\System32\yynml.dll
C:\WINDOWS\System32\ieakview.dll
Post a new HiJackThis log.
1.) Right click on the Microsoft Antispyware tray icon (a little red and yellow circle looking thing)
2.) Click on Security Agents Status (Enabled)
3.) Click on Disable Real-time Protection.
Then, Please download the following programs but don't run them yet:
1) CWShredder - Download it and save it to your desktop.
2) Ad-Aware - Download, install, and update After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run a scan. Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
Reboot into Safe Mode.
Run CWShredder
-Next, click on the: ‘Fix’ button
-Follow the prompts, and press OK
Run Ad-Aware
Reconfigure Ad-Aware for Full Scan as per the following instructions:
In the Ad-Aware main window, click on the gear icon at the top of the screen to open the preferences window. In the "General" window, make sure the following options are selected:
1) Automatically save log-file
2) Automatically quarantine objects prior to removal
3) Safe Mode (always request confirmation)
Click the "Scanning" button on the left-hand side and make sure the following options are selected:
1) Scan within archives
2) Scan active processes
3) Scan registry
4) Deep scan registry
4) Scan my IE Favorites for banned URLs
5) Scan my Hosts file
Please also click on "Select drives & folders to scan" and select your hard drive(s). Then click the "Advanced" button on the left-hand side and make sure all the options under "Log-file Detail Level" are selected. Next, click the "Tweak" button on the left-hand side. Click on "Scanning Engine" and make sure the following options are selected:
1) Unload recognized processes & modules during scanning
2) Obtain command line of scanned processes
3) Scan registry for all users instead of current user only
Click on "Cleaning Engine" and make sure the following options are selected:
1) Always try to unload modules before deletion
2) During removal, unload Explorer and IE if necessary
3) Let Windows remove files in use at next reboot
4) Delete quarantined objects after restoring
Finally, click on "Safety Settings" and make sure the following options are selected:
1) Automatically select problematic objects in results lists
2) Write-protect system files after repair (Hosts file, etc)
Click on "Proceed" to save the preferences. Then please click the "Start" button on the bottom left side to begin a scan. Select "Use custom scanning options" and then click "Next". Ad-Aware will then scan for malware. When it is finished, make sure any objects listed in RED are selected and click "Next" to remove the objects.
Reboot into normal mode.
Make sure you are disconnected from the Internet and that all programs and windows are closed. Run HiJackThis and place a check next to the following items, if found, and click FIX CHECKED:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - _{6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {ECD07A28-FC4C-4DC1-8A9A-13EAA5FB7841} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ECD07A28-FC4C-4DC1-8A9A-13EAA5FB7841} - (no file) (HKCU)
O21 - SSODL: WyBfwPdN - {84AE118A-2E04-BB20-D3C9-77348BED0B97} - C:\WINDOWS\System32\yynml.dll
O21 - SSODL: NTDBGTOOL - {38684FF2-8AAF-4DD6-A35D-C500C4628E64} - C:\WINDOWS\System32\ieakview.dll
Close HiJackThis.
Delete these files, if found:
C:\WINDOWS\System32\yynml.dll
C:\WINDOWS\System32\ieakview.dll
Post a new HiJackThis log.
#7
Posted 07 May 2005 - 01:01 PM
Done. Seems to have stopped the tcp connections, but the firewall is still broken. Back out to 1a and try update again ? Last scan attached.
Attached Files
#8
Posted 07 May 2005 - 01:14 PM
Your log looks great, so the firewall was probably corrupted somehow. I would recommend uninstalling SP2, then re-installing it again. It should work perfectly this time.
Before doing that, one other thing:
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\
If you don't know why this is there, run HiJackthis and place a check next to this item and click fix checked:
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\
Let me know how the uninstall, reinstall goes!
Before doing that, one other thing:
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\
If you don't know why this is there, run HiJackthis and place a check next to this item and click fix checked:
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\
Let me know how the uninstall, reinstall goes!
#9
Posted 07 May 2005 - 01:37 PM
Please do this as well:
Run this online virus scan:
ActiveScan
Copy the results of the ActiveScan and paste them here. ActiveScan finds adware/spyware that other programs don't find. It doesn't delete them, but we can do that ourselves! We just want to make sure nothing else is hiding.
Run this online virus scan:
ActiveScan
Copy the results of the ActiveScan and paste them here. ActiveScan finds adware/spyware that other programs don't find. It doesn't delete them, but we can do that ourselves! We just want to make sure nothing else is hiding.
#10
Posted 08 May 2005 - 06:30 AM
SP2 uninstalled. ICF tested under 1a, didn't work. Spplied SP2 and subsequent patches, and the Firewall still will not start.
Ran Activescan. The only interesting thing I see is the WUpd entry. I tried searching the registry for it and couldn't find it. I did find all the windows update entries though. Scan attached. The other three items I'm going to delete. netscan -no 's are coming back ok, so we've managed to cripple whatever it is. Any ideas on debugging the firewall ?
Ran Activescan. The only interesting thing I see is the WUpd entry. I tried searching the registry for it and couldn't find it. I did find all the windows update entries though. Scan attached. The other three items I'm going to delete. netscan -no 's are coming back ok, so we've managed to cripple whatever it is. Any ideas on debugging the firewall ?
Attached Files
#11
Posted 08 May 2005 - 02:36 PM
Is it just showing that the firewall is disabled or what's going on exactly?
Have you already done this:
http://help.isu.edu/...d=876&cat_id=81
Have you already done this:
http://help.isu.edu/...d=876&cat_id=81
#12
Posted 12 May 2005 - 05:08 AM
Some really strange things were happenning when I tried to post to this before. Messages about database errors and such. Anyway, yes I tried all that. When I tried to enable ICF under 1a, it just said it couldn't do it. Under 2a, Security Center, it says, "Due to unidentified problem, Windows cannot display Windows Firewall settings." I've run chkdisk online, and at boot, seems ok. I'm starting to think that it might be some type of ownership/security issue, as I found other files that I had to take ownership of (under safe mode) to get rid of, as they had unknown security headers. Others when I tried to uninstall, just rebooted the system. Perhaps this system was part of a domain at one time, and items were installed under a account, that had administrator priviledge, that was deleted when it was dumped into a workgroup. Either that or the virus's it had messed with the security headers. Unless something rings a bell here, I'm just going to install Norton Internet Security 2005 and be done with it.
#13
Posted 12 May 2005 - 11:41 AM
Hmm, I've never run into that problem with the XP firewall! Unless you had some serious infections that you got rid of before posting here, I don't think it's malware that caused it.
I will still research this and let you know what I find out!
Have you tried creating a new Admin account to see if it works from there?
I will still research this and let you know what I find out!
Have you tried creating a new Admin account to see if it works from there?
#14
Posted 12 May 2005 - 11:44 AM
#15
Posted 24 May 2005 - 11:29 PM
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users