XP firewall does not work - "service failed to start"
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: XP firewall does not work - "service failed to start"

  1. #1
    Junior Member
    Join Date
    Jul 2006
    Posts
    20

    XP firewall does not work - "service failed to start"

    i can foresee comments like "the XP firewall doesn't really work even if it DID start", so let's just ignore the actual uselessnes of it for now...

    The problem is thus: yesterday my sister came to me and said "the firewall seems to be turned off. For some reason she was looking at the internet connection properties or something and noticed this. So sure enough I go to chek on it, and it's off.

    So anyway I check that box, "protect my computer and network by limiting or preventing access to this computer from the Internet". And when Ic lick okay on the dialog to apply the changes I get an error saying:

    "An error occurred while Internet Connection Sharing was being enabled.
    The dependency service or group failed to start"

    So, somehow I need to get this connection sharing busines to start. i have recently had some computer troubles, well-documented on this thread here: http://www.antionline.com/showthread...hreadid=275839
    I can't say if that's related at all. But if you read my last post you'll get a good idea of what went on. I wouldn't expect any one to read the whole thread.

    Yesterday I was killing some startup programs that I didn't want any more. (by using msconfig to stop them from starting at logon) so the ones I stopped were:
    -ashdips (the Avast! antivirus thingy's system tray icon and real-time protection)
    -and another entry which did not have a name. I thought it didn't looked a bit supicious because it didn't have aname. it was in HKCU\siftware\microsoft\windows\currentversion\run, if I remember correctly. I hope thatw asn;t a stupid hting to do.

    Anyway, any suggestions are greatly appreciated. if anyone wants to see an HJT log I can do that..

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Well,

    HKCU\siftware\microsoft\windows\currentversion\run is a fairly common place for malware to go and hide.

    You didn't say specifically, but do your sister and you share an internet connection? If so, which is the primary connection, and did you check if the service was not running on the primary connection?

  3. #3
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Hi

    If you have the HJT log, go ahead and post it..wouldn't hurt to have another set of eyes have a look at it..


    For your startups, this tool is easier to use then msconfig, Startup Inspector for Windows
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  4. #4
    Junior Member
    Join Date
    Jul 2006
    Posts
    20
    We share a computer, so yes, it is the same connection. it is the primary connection. I'm not quite sure what nihil means by "was the service not running on the primary connection?", but the service mentioned in my eror message popped up after trying to enable the firewall on the primary connection.

    Here is my HJT logfile. hJt was run from normal mode, not safe mode.Logfile of HijackThis v1.99.1
    Scan saved at 10:29:18 PM, on 15/07/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\System32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    D:\Program Files\ewido anti-spyware 4.0\guard.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\UStorSrv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Program Files\CursorXP\CursorXP.exe
    D:\WINDOWS\System32\ctfmon.exe
    D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    D:\Program Files\iTunes\iTunes.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    F:\travis\temp\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKCU\..\Run: [CursorXP] D:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
    O12 - Plugin for .csm: D:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .csml: D:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cub: D:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cube: D:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .dx: D:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .emb: D:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .embl: D:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .gau: D:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .jdx: D:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mol: D:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mop: D:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .pdb: D:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .rxn: D:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .scr: D:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .skc: D:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O12 - Plugin for .spt: D:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .tgf: D:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .xyz: D:\Program Files\Internet Explorer\Plugins\npchime.dll
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1136279425897
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136279409149
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37460.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O20 - Winlogon Notify: ComPlusSetup - D:\WINDOWS\System32\catsrvut.dll
    O20 - Winlogon Notify: MCPClient - D:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WB - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: UStorage Server Service - OTi - D:\WINDOWS\system32\UStorSrv.exe

    The jijackthis.de analyzer says that "R3 - Default URLSearchHook is missing" is dangerous. So I'll deal with that, although it's probably not causing this problem.
    thanks nihil and dalek for your replies.

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmm,

    Please try this: http://www.smartcomputing.com/techsu...&ErrorID=21695

    And make sure that your internet sharing is set to LAN. It is possible that your malware might have altered this to disable your firewall.

    I have not come across this before in this context. Usually it is because ICS has not been set up properly or there is a modem problem. That is why I wondered if you were using the primary connection, as I like to start there and work backwards You answered my question, thanks.

    Now, this system was working fine until you had the malware attack, so I suspect that as the most likely culprit. It does not seem like a modem problem to me, but you might just quickly run the diagnostics and check your settings, to eliminate the very, very slight possibility?

    Like I said, I have only come across this message when it wasn't working in the first place



    EDIT: Here is another one along the same lines:

    http://www.jsifaq.com/SUBO/tip7400/rh7427.htm

  6. #6
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    "A Required Dependancy Failed to Start".... That's a clue right there..

    If you go Start --> RUN --> services.msc <enter> You'll get a listing of the local services..

    Included in there is "Windows Firewall/Internet Connection Sharing (ICS)"... In order for you to make use of those checkboxes this service must be set to Automatic or Manual... If it's disabled you won't be able to use them... However it said a Dependency... not the service itself.. So let's right click and go to properties.. You'll have 4 tabs... The last tab is "Dependencies"... In the top box you'll see two items... "Network Connections" (Duh! you need a network connection if you're using this) and also "Windows Management Instrumentation"... If you click the + next to each of them you'll see two more services that are required for those services -- "Remote Procedure Call (RPC)" and "Event Log"... So you now have 4 services required to start "Windows Firewall/Internet Connection Sharing (ICS)"

    Check those four services...
    -- "Network Connections"
    -- "Windows Mangement Instrumentation"
    -- "Remote Procedure Call (RPC)"
    -- "Event Log"

    If Any of those services have a status of "Disabled" then you have located your problem... all of them need to be "Started" to work (or at very least "Stopped" when they are called the OS should start them)..

    Check on the status of that and let us know..

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  7. #7
    Junior Member
    Join Date
    Jul 2006
    Posts
    20
    nihil- I've followed the instructions in the first of your links, as it looked the more straightforward. it didn't help.

    I think we have a basic misunderstanding here because idid not give the correct information. My sis and i share the PC, there is only one PC on the internet connection, which is ADSL.

    As such, i don't quite understand what you mean by "modem", but I can say my NIC and my router are most likely not to blame. As for internet connection sharing, I'm actually not sure what you mean... but while I was looking for it I found htis: From control panel, I clicked internet connection, and the box closed on me aftre a fe seconds! i trieda few more times and it kept closing after a few seconds, until eventually, it didn't want to open at all. So there's some manner of virus at work there I'd suspect.

  8. #8
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by Gallo_Pinto
    nihil- I've followed the instructions in the first of your links, as it looked the more straightforward. it didn't help.

    I think we have a basic misunderstanding here because idid not give the correct information. My sis and i share the PC, there is only one PC on the internet connection, which is ADSL.

    As such, i don't quite understand what you mean by "modem", but I can say my NIC and my router are most likely not to blame. As for internet connection sharing, I'm actually not sure what you mean... but while I was looking for it I found htis: From control panel, I clicked internet connection, and the box closed on me aftre a fe seconds! i trieda few more times and it kept closing after a few seconds, until eventually, it didn't want to open at all. So there's some manner of virus at work there I'd suspect.
    Hey Hey,

    I'm guessing you ignored what I posted.. so look at it... Obviously you need to get this resolved... Try a virus scan with a third party such as Housecall.

    However I do have a question for you... You're behind a router... You're the only PC using it?? Why the firewall.. There's no added benefit from using it... The router is keeping malicious traffic targetting your PC from reaching it... and the Windows firewall does't really do anything about outbound connections... therefore it is completely useless in your case...

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  9. #9
    Junior Member
    Join Date
    Jul 2006
    Posts
    20
    sorry HTRegz, somehow I totally missed your posting. but I've seen it now.

    So i looked into that and found this:
    After following nihil's lnks, Iw as instructed to set "remote access connection manager" to automatic start. Well after rebooting it wasn't started. When I click "start" on it I got this error message:
    "Could not start the Remote Access Connection Manager service on Local Computer. Error 5: Acess is denied"
    Oh well, If this is referring to remote desktop ??? I don't care about it anyway.

    one more observation:
    the "Windows Firewall/Internet Connection Sharing (ICS)" was not set to automatic start. I don't imagine that's a real problem seeing as it was started.

    So yeah. About he router, that's the main reason we got it.. so what you say may make perfect sense. Sll the same, if htis is caused by a virus, I'd like to remove that virus.
    Sorry about missing your post.

  10. #10
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Hi

    A couple of things:

    Platform: Windows XP (WinNT 5.01.2600)
    Are you running WinXP without SP1 and SP2, if so, you won't even have the option of using Windows Firewall as it comes with SP2

    Secondly you are running two Anti-Virus programs in tandem, usually a no-no (AVG/AVAST) get rid of one or just disable one of them for real time protection and just run it manually when you want to.

    Also your HJT is in a temp file, if you were to make changes to the scan log and made a mistake you would not be able to go back and repair the mistake because part of the process is to delete all temp files. Save it to your C drive....

    Some reading:



    How did I get infected

    Windows SP1

    Windows SP2

    At least being behind a router, you should be okay for the patches if you decide to do re-install, and if you do take that route, keep one of your AV's handy.

    Now if I am mistaken about SP1 and SP2 you should be able to if you have SP2 go into control panel and find a icon that looks like a security shield and this will enable/disable your firewall, if it's not there, then you don't have SP2....(get it now)

    Luck
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •