My 3rd party Firewall has been disabled; is now inaccessible

Alex W · 2008/01/30

Firstly, I greatly appreciate the help I've received here over the years - my friends are always amazed at how I'm able to help them solve their computer problems for free with clear, helpful step by step instructions.

Ok to get to the problem.

I'm running Zone Alarm and recently I've noticed some odd behaviour start to occur. It disappeared from the taskbar, and when I try to run it from its installed directory, I'm unable to even see the contents of the folder. It locks up as soon as I click on the folder. Other strange behaviour includes an inability to complete a full system scan in Avira Anti Vir. Now it always seems to stop around 90%.

I've created a Hi-Jack This and DSS log. Here they are:

Hi-Jack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:44 PM, on 30/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Ben\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.optusnet.com.au/?brand=ODSL&panel=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dc6_check] C:\Program Files\Common Files\SystemDoctor 2006\dcmon.exe
O4 - HKLM\..\Run: [pas_check] C:\Program Files\Common Files\SystemDoctor 2006\pasmon.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Downloads\net ****\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O17 - HKLM\System\CCS\Services\Tcpip\..\{084F3375-2140-4AE4-838E-42E7A88D4777}: NameServer = 192.231.203.132,192.231.203.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{084F3375-2140-4AE4-838E-42E7A88D4777}: NameServer = 192.231.203.132,192.231.203.3
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem02.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6332 bytes

DSS Log:

Deckard's System Scanner v20071014.68
Run by Ben on 2008-01-30 18:45:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
55: 2008-01-30 07:45:43 UTC - RP400 - Deckard's System Scanner Restore Point
54: 2008-01-28 06:16:28 UTC - RP399 - System Checkpoint
53: 2008-01-27 02:45:20 UTC - RP398 - System Checkpoint
52: 2008-01-25 21:14:16 UTC - RP397 - System Checkpoint
51: 2008-01-24 21:08:53 UTC - RP396 - System Checkpoint

-- First Restore Point --
1: 2007-11-06 02:22:46 UTC - RP346 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Ben.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:32 PM, on 30/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Ben\Desktop\dss.exe
C:\DOCUME~1\Ben\Desktop\Ben.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.optusnet.com.au/?brand=ODSL&panel=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dc6_check] C:\Program Files\Common Files\SystemDoctor 2006\dcmon.exe
O4 - HKLM\..\Run: [pas_check] C:\Program Files\Common Files\SystemDoctor 2006\pasmon.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Downloads\net ****\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O17 - HKLM\System\CCS\Services\Tcpip\..\{084F3375-2140-4AE4-838E-42E7A88D4777}: NameServer = 192.231.203.132,192.231.203.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{084F3375-2140-4AE4-838E-42E7A88D4777}: NameServer = 192.231.203.132,192.231.203.3
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem02.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6325 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys
R3 hdsp (RME Hammerfall Audio Device) - c:\windows\system32\drivers\hdsp.sys <Not Verified; RME; Hammerfall DSP>

S3 EzInstall - e:\ezinstall\ezinstall.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - c:\program files\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; Scheduler>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-01-23 12:56:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-12-30 and 2008-01-30 -----------------------------

2008-01-16 13:27:58 0 d-------- C:\Program Files\iPod
2008-01-16 13:27:53 0 d-------- C:\Program Files\iTunes
2008-01-16 13:25:57 0 d-------- C:\Program Files\QuickTime
2008-01-07 19:41:50 0 d-------- C:\WINDOWS\vbSkinner
2007-12-31 13:23:00 0 d-------- C:\Program Files\uTorrent
2007-12-31 13:22:55 0 d-------- C:\Documents and Settings\Ben\Application Data\uTorrent

-- Find3M Report ---------------------------------------------------------------

2008-01-22 22:15:30 0 d-------- C:\Program Files\VstPlugins
2007-12-31 13:30:30 0 d-------- C:\Documents and Settings\Ben\Application Data\Shareaza
2007-12-20 19:25:22 0 d-------- C:\Program Files\Java
2007-12-19 10:08:38 0 d-------- C:\Program Files\MSN Messenger
2007-12-15 13:02:10 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut "= "HDAudPropShortcut.exe" [17/03/2004 04:10 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan "= "SOUNDMAN.EXE" [01/07/2004 02:58 PM C:\WINDOWS\SoundMan.exe]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [10/10/2005 09:49 PM]
"nwiz "= "nwiz.exe" [10/10/2005 09:49 PM C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 12:50 PM]
"NWEReboot "=" " []
"HDSPTray1 "= "hdsp32.exe" [02/03/2005 08:53 PM C:\WINDOWS\system32\hdsp32.exe]
"HDSPTray2 "= "hdspmix.exe" [02/03/2005 08:55 PM C:\WINDOWS\system32\hdspmix.exe]
"AlcWzrd "= "ALCWZRD.EXE" [05/07/2004 09:05 PM C:\WINDOWS\alcwzrd.exe]
"Alcmtr "= "ALCMTR.EXE" [02/07/2004 10:49 PM C:\WINDOWS\ALCMTR.EXE]
"DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [15/09/2006 07:09 AM]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [10/10/2005 09:49 PM]
"Desktop Service Centre "= "C:\Program Files\OptusNet DSL Internet\DSC.exe" []
"avgnt "= "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [11/10/2007 07:01 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/04/2007 07:09 PM]
"dc6_check "= "C:\Program Files\Common Files\SystemDoctor 2006\dcmon.exe" []
"pas_check "= "C:\Program Files\Common Files\SystemDoctor 2006\pasmon.exe" []
"ZoneAlarm Client "= "G:\Downloads\net ****\ZoneAlarm\zlclient.exe" []
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [10/01/2008 03:27 PM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [15/01/2008 03:22 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ "= "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [02/06/2005 05:03 PM]
"MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1620bf9d-31b5-11da-8551-806d6172696f}]
AutoRun\command- E:\setup.exe

-- End of Deckard's System Scanner: finished at 2008-01-30 18:50:32 ------------

Again, thank you very much for any assistance you can give, I greatly appreciate it.

noahdfear · 2008/01/30

Hi Alex

Nothing but a BHO sticks out in your logs. You can fix it with HijackThis.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Lets see if Dr Web finds anything, and completes. Download Dr.Web CureIt, saving the file to your desktop.

Doubleclick the drweb-cureit.exe file and Allow to run the express scan

This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.

Once the short scan has finished, mark the drives that you want to scan.

Select all drives. A red dot shows which drives have been chosen.

Click the green arrow at the right, and the scan will start.

Click 'Yes to all' if it asks if you want to cure/move the file.

When the scan has finished, in the menu, click file and choose save report list

Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.

Post the DrWeb log here please.

Alex W · 2008/01/31

Ok , done.

The log for that was:

installer.exe;c:\deckard\system scanner\backup\DOCUME~1\ben\locals~1\temp\usdr6_7777_bhlp061setupdtsb.exe;c:\program files\daemon tools;adware.savenow;;

noahdfear · 2008/01/31

Download ATF Cleaner by Atribune and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Prefetch

Java Cache

Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".

Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot

See if Avira will now complete a scan. If Zone Alarm still has problems, recommend you uninstall it then re-install it after rebooting.

Alex W · 2008/02/01

EDIT: Woops, I did the wrong thing. I need to take these steps again.

Alex W · 2008/02/03

The problem is still there. I completed the last steps and am still unable to complete a full system scan in Avira. In fact, it doesn't even begin scanning the HDDs - it stops at 92% while scanning the registry.

I didn't alter the installation of Zone Alarm - since the Avira scan didn't complete, I figured I should wait to see what you recommended first.

Another strange thing to note - after I try to access the folder where Zone Alarm is installed, it locks up for quite a while and the whole systems becomes almost completely unresponsive. After that ends and it returns somewhat to normal, I get a message asking whether I'd like to format the HDD where Zone Alarm is installed.

noahdfear · 2008/02/05

Go ahead with trying to uninstall Zone Alarm. Re-install only after rebooting.

Please do an online scan with Kaspersky WebScanner

http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html (link for US and others not listed below)
http://www.kaspersky.com.au/online-scanner/# (Australian link)
http://www.kaspersky.co.uk/virusscanner (UK link)

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:

Once the files have been downloaded click on NEXT

Now click on Scan Settings

In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:

Select My Computer

This will program will start and scan your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Post the Kaspersky log here please.

Log in or Sign up

My 3rd party Firewall has been disabled; is now inaccessible

Alex W Inactive Thread Starter

noahdfear Inactive

Alex W Inactive Thread Starter

noahdfear Inactive

Alex W Inactive Thread Starter

Alex W Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

My 3rd party Firewall has been disabled; is now inaccessible

Alex W Inactive Thread Starter

noahdfear Inactive

Alex W Inactive Thread Starter

noahdfear Inactive

Alex W Inactive Thread Starter

Alex W Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches