Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows firewall and explorer starts a. 5 min.


  • Please log in to reply

#1
lars_E_E

lars_E_E

    Member

  • Member
  • PipPip
  • 12 posts
Hello!

My Windows Firewall and explorer does not start until 6 minutes after restarting the machine. Mozilla works and so does several other programs, except my NERO burner program. Windows Xp Home Edition, fully updated with servicepacks.

First approach was to do an extesive virus and trojan search - following your link Do you suspect a malware) - and since it's not changed, I've decided to post my Hijack This Log and hope for help.

Secound approach was to try to reinstall windows, with an old cd having only service pack one on it following your "how to repair windows XP" but that did not work since I could not accept the licence agreement: my computer did not respond to pressing "yes" or "F8"! :tazz:

Exceptionally moody and tired I'm beginning to think of installing one of these "Repair
kits",
but not sure what's the best one to choose. I tried 5 of them, and as expected, each different program ended up with wanting to fix from 480 to 140 problems on my computer. ;)

So: ;)


Logfile of HijackThis v1.99.1
Scan saved at 2:58:58 PM, on 29/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Nedlastede programmer\avast\aswUpdSv.exe
C:\Nedlastede programmer\avast\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\NEDLAS~1\avast\ashDisp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC MightyMax\pcmm.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\lars\Desktop\nedlastet\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://blackboard.n...u/webapps/login
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.winnercomputers.com.au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://blackboard.n...u/webapps/login
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [avast!] C:\NEDLAS~1/avast\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.winnercomputers.com.au
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1112394902359
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://D:\AUTORUN\Flash\swflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Nedlastede programmer/avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Nedlastede programmer/avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Nedlastede programmer/avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Nedlastede programmer/avast\ashWebSv.exe" /service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\WINDOWS\system32\brsvc01a.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

Advertisements


#2
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Does the keyboard have assigned hot keys, so F8 was trying to do something else.

Windows firewall only stops incoming issues, you would be better using a third party one. Zonealarm is a popular choice

http://www.majorgeek...ownload388.html

http://www.iopus.com...ee-firewall.htm

http://www.freeprogr.../firewalls.html

The Hijack This log needs to be posted to the malware section of these forums
  • 0

#3
lars_E_E

lars_E_E

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
No the "F8" and the keyboard seems is ok. At least, I can still use it to go into safe mode.

To be really sure, I tried to reinstall the Keyboard and mouse, but it seems then there's some error in the "finding new hardware wisard": The computer shuts down "msiexec.exe". The result was no keyboard and mouse for a while. Got it back on track and booted the computer back to "last settings that worked". Everything is as before:

The windows firewall, explorer and nero does not load at startup.
I get frequent error messages for "rundll32", "msiexec", and "gcasserv.exe". :tazz:

I can still get to internet through any other browser than explorer.
;)
  • 0

#4
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Try here

http://support.micro...kb;en-us;330159

http://support.micro...ndll32&srch=sup

http://support.micro...kb;en-us;324638

http://support.micro...kb;en-us;886630
  • 0

#5
lars_E_E

lars_E_E

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ok, I're reinstallet the whole windows. People: THIS TAKES TIME!! And on my computer I barely got thorugh it, after trying the secound time :tazz:

I'm still stuck with the problem I had in the first place: explorer and windows firewall does not start/work, but explorer was ok 30 minutes ago, BEFORE I installed SP2!! So there's two conclusions:

1. This is a problem with security pack 2.
2. Some program on my computer interferes, with SP2 (could it be Office 2003?).

I do not think this is spyware/virus problem yet.

;)
Thanks Keith!
  • 0

#6
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
This is the obvious one

CAUSE

This issue may occur if there is a problem with your NVIDIA video adapter driver.

RESOLUTION

To resolve this issue, download and install the latest driver for your NVIDIA video adapter. For information about how to download and install NVIDIA drivers, visit the following NVIDIA Web site:

http://www.nvidia.co...ers/drivers.asp

Try the latest driver, if no joy, then remove SP2 and see how it runs.

Office is not affected by SP2

If you have Zone Alarm you should switch the Windows firewall off

Did you clean install XP then install SP2 then install the other software

Nero can be downloaded as a trial which you put your serial number into during install and it becomes a licensed version

http://www.nero.com

If it was me, I would format the drive, again, choosing NTFS slow then I would install XP, the firewall, connect to the internet, download tuneup trial and then run their version of disc clean up and registry clean up

http://www.tune-up.com

Then install SP2 then run disc clean up and registry clean up from tune-up and then click optimize and run registry defrag, which takes a few minutes and requires a restart.

Run Tune up, optimize then click optimize computer, and then optimize internet, you will need to restart the PC after each one

Load a driver then run tune up disc clean up and registry cleaner, and do this with all drivers and software.

Get as many drivers as possible from the manufacturers sites, so you are using the latest drivers, try to get the related software this way as well, though some manufacturers are not allowed to include some of the bundled software as a download option

Everest Home will tell you what you have on your PC, click + next to computer then summary

http://www.lavalys.c...p?pid=1&lang=en

If you have the time, install just XP, firewall, connection, tune up, SP2, Office, printer, the soundcard and graphics card drivers, then run the PC for a while and add other software and drivers as you need them, create a restore point before any install, then run disc clean up and registry clean up directly after the install, if you then get a problem you will know what is responsible

Edited by Keith, 29 May 2005 - 05:27 AM.

  • 0

#7
lars_E_E

lars_E_E

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks again! :)

Is it possible to burn all win-updates into a cd and make an up to date Windows cd? How to do this/where do I find the original files? ;)




Well, since time is a precious thing, I'm not going to Kill my computer again until after exams.

However, after heaps of error messages to Windows, they decided to share some wisdom: and told me to disable some "third party cookies"\ or addons on explorer in safe mode. This did not help at all. The help I get from windows seems to be quite random and not very efficent.

I'm fairly happy anyway. I restart my computer, things run well after 10 minutes.
Tune up corrected 250 errors and finds new ones all the time. I will follow your good advice after my exam.

Q: To re-install XP leaves the computer vurnerable, so I should not connect to internet?
To get updates (50 hotfixes and SP2) I have to, and even some secounds means infection - even at www.microsoftupdate.com?... :tazz: ((..if so... now that's facinating.., how do they do it?)) Solution: Turn on Zone Alarm before updating, as adviced.

But: Is it possible to burn all win-updates into a cd and make an up to date Windows cd? How to do this/where do I find the original files? ;)


yup!
  • 0

#8
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
You should get an acceptable result with XP Back Up

Run disc clean up, disk defragmenter, select just XP and all its updates to back up then burn to CDR W/ DVDRW to give a disc you can load

Back up anything else which is running well, and up to date, to other discs, then you can load those if you need to format the drive

Install Backup on Windows XP Home Edition

Insert the CD Rom and navigate to CD-ROM Drive:\VALUEADD\MSFT\NTBACKUP

Double-click the Ntbackup.msi file to start the wizard that installs Backup

When the wizard is complete, click Finish.

After you install XP you should install a firewall as soon as

Edited by Keith, 29 May 2005 - 07:50 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP