Active Windows Firewall shutting off

[Active] Windows Firewall shutting off

Hi Geri,

Its Dana again. I still haven't gotten to the root of my problem. I went over to the XP area but I seemed to just fizzle away from my helpers. I haven't received a reply in two weeks or so. In the meantime, My security center is not recognizing that I have Aliant security operating and Windows Firewall always shuts off. It will continue to shut off even when I turn it back on again.

i have included a new DDS.txt report. I am still experiencing severe mouse lag and audio/video lag. Thanks

Dana


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 12:20:34.04 on Mon 04/13/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.74 [GMT -3:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Aliant\Aliant Security Services\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Aliant\Aliant Security Services\rps.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Aliant\Aliant Servicepoint Agent\ASA.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Aliant\Aliant Security Services\RpsSecurityAwareR.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cbc.ca/ns/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\aliant\aliant security services\pkR.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [MotiveReportAgent] "c:\program files\common files\motive\mccibootstrapper.exe" /url= "-appkey=motive -windowcontext=reportagent -url=file://c:\program files\common files\motive\reportagent.html" /browsertype=custommsie /browserpath= "c:\program files\common files\motive\MotiveBrowser.exe" /hidden
mRun: [ASA.exe] "c:\program files\aliant\aliant servicepoint agent\ASA.exe" /AUTORUN
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" BOOT
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [ConnectionManager] c:\program files\winsim\connectionmanager\Simply.SystemTrayIcon.exe
dRunOnce: [RunNarrator] Narrator.exe
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: TruePass EPF 7,0,100,717 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142097753734
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {861DB4B6-3838-11D2-8E50-002018200E57} - hxxp://data6.archives.ca/mrsidi_cab/MrSIDI.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://support.intel.com/design/motherbd/boardid/BoardID.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 KL1;KL1;c:\windows\system32\drivers\kl1.sys [2009-2-6 112144]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-2-6 196368]
R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2009-4-2 16680]
R3 Radialpoint Security Services;Aliant Security Services;c:\program files\aliant\aliant security services\RpsSecurityAwareR.exe [2008-12-2 97520]
S2 gupdate1c98dfc59cc5637;Google Update Service (gupdate1c98dfc59cc5637);c:\program files\google\update\GoogleUpdate.exe [2009-2-13 133104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-12-6 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-12-6 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-12-6 42112]

=============== Created Last 30 ================

2009-04-08 09:45 112 a------- c:\windows\Simply.ini
2009-04-07 18:01 69,632 a------- c:\windows\system32\lfgif13n.dll
2009-04-07 18:01 462,848 a------- c:\windows\system32\ltkrn13n.dll
2009-04-07 18:01 450,560 a------- c:\windows\system32\ltimg13n.dll
2009-04-07 18:01 401,408 a------- c:\windows\system32\lfcmp13n.dll
2009-04-07 18:01 299,008 a------- c:\windows\system32\ltdis13n.dll
2009-04-07 18:01 206,336 a------- c:\windows\system32\ltefx13n.dll
2009-04-07 18:01 163,840 a------- c:\windows\system32\ltfil13n.dll
2009-04-07 18:01 57,344 a------- c:\windows\system32\lfbmp13n.dll
2009-04-02 15:36 <DIR> --d----- c:\program files\Avery
2009-04-02 13:00 <DIR> --d----- c:\program files\common files\AnswerWorks 5.0
2009-04-02 12:59 <DIR> --d----- c:\program files\Seagate Software
2009-04-02 12:57 446,464 a------- c:\windows\system32\HHActiveX.dll
2009-04-02 12:57 40,448 a------- c:\windows\system32\dsofile.dll
2009-04-02 12:57 <DIR> --d----- c:\program files\winsim
2009-04-02 12:55 <DIR> --d----- c:\program files\Simply Accounting Pro 2009 - Trial Version
2009-03-29 20:20 <DIR> --d----- c:\program files\DVD Shrink
2009-03-24 22:16 87,608 a------- c:\docume~1\owner\applic~1\inst.exe
2009-03-24 22:16 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-03-24 22:16 47,360 a------- c:\docume~1\owner\applic~1\pcouffin.sys
2009-03-24 22:16 <DIR> --d----- c:\program files\DVDFab 5
2009-03-15 12:18 <DIR> --d----- c:\program files\Panda Security

==================== Find3M ====================

2009-04-13 12:19 852,000 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-04-13 12:19 26,245,664 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-12 20:35 351,860 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-04-12 20:35 80,660 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-11 09:54 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-09 08:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-14 10:53 29,680 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2006-11-03 10:21 14 a------- c:\documents and settings\owner\getfile.dat
2006-08-08 12:33 774,144 -------- c:\program files\RngInterstitial.dll
2004-10-01 15:00 40,960 a------- c:\program files\Uninstall_CDS.exe
2008-09-22 18:27 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092220080923\index.dat

============= FINISH: 12:22:21.48 ===============

 

I was just looking through the report and noticed a few things.
1) BHO Yahoo toolbar - shouldn't be there - never intentially downloaded this
2) DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll - never intentially downloaded this

Don't know if this helps but maybe.

Thanks

Dana

 

Hi Dana

Ok this is a Firewall for Aliant, so it may be turning Windows Firewall off, you can't have both running at the same time.
C:\Program Files\Aliant\Aliant Security Services\Fws.exe

As far as security center not recognizing that you have Aliant security is not that big a deal, It is common for that to happen with fairly new or unknown security programs.

If you are getting alerts you can turn them off.
If you are in Classic View with Control Panel.
Click Start > Control Panel > Security Center
On the left side click on "Change the way Security Center alerts me "
Uncheck the Firewall and Virus Protection boxes and click OK

Run Hijackthis doing a scan only and put a check mark next to those two entries and click Fix Checked.
Make sure no other windows are open when doing this.

02) BHO Yahoo toolbar
016) DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

Geri