My browser disconnects after 5 minutes. Messaging and P2P still connects so I know it's nothing wrong with my connection. My Disc drives dont show up in my computer and hardware manager says the drivers are missing or corrupt. AVG/Adaware clean scan.

Logfile of HijackThis v1.99.1
Scan saved at 12:27:50 PM, on 4/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0. dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0. dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/u...5/sdcregie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1133924377864
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133924352337
O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)
O21 - SSODL: systemie - {E2E348BA-F290-4A55-8E8E-12FB74D5CEC9} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

You have a downloader Trojan: W32/Mitglieder.HT (O20 item):
http://www.f-prot.com/virusinfo/desc...lieder_ht.html


You also a backdoor trojan: Backdoor.Iroffer / Backdoor.Noer (3x O23 items).





Read over the following directions. Ask if anything appears unclear to you.


Download Clean.bat to your desktop: for later use to clean out your TEMPORARY and PREFETCH files.
http://www.thatcomputerguy.us/downloads/clean.bat



We will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)


Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.



HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).



Delete TEMPORARY FILES: Now, hunt down the most common temporary file locations and the temporary file clutter contained therein (and of possible malware hiding places):

Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for:

• Temporary Internet Files
• Downloaded Program Files
• Recycle Bin
• Temporary Files

Click OK or Enter

For additional, more thorough cleaning and for multi-profile user configurations:
(*) Run Clean.bat to clean up your TEMPorary files.

***** Clean out the Recycle Bin for items removed below, ONLY once you have regained the full functional use of your PC.




Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):


DELETE FILES:

ldr64.dll (locate full path)
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe




POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

Logfile of HijackThis v1.99.1
Scan saved at 7:48:56 PM, on 4/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0. dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0. dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1133924377864
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133924352337
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)

Stop and Disable a Service

• Go to Start » Run » type: Services.msc » OK.
• Scroll down and find this service: NTBOOT
• Double-click on it.
• Under the General tab, click the Stop button.
• Then change the Startup Type to Disabled.
• Click Apply and then OK.

Next:

• Run HijackThis.
• Click on ’Open the Misc Tools section’.
• Click on ’Delete an NT Service’.
• Enter the (service name identified in brackets) into that field (make sure there are NO spaces before or after the name): (NTBOOT)
• Click OK and select YES when asked to reboot.

Remove this HJT line if still present:

O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)



Tell us how your PC is now behaving.

It still disconnects after 5 minutes and my CDRW and DVD drive are not working. I receive this message when browsing but I don't know if it is authentic or not:

Notice from Zone Labs Internet Security

This page is to notify you that ZoneAlarm has detected a problem with your installation, and therefore has restricted Internet access from your machine for your protection. Don’t panic! The step-by-step instructions listed here will help you to determine the problem, and explain how to resolve the issue.

Please print this Page out first. If you don’t have a Printer setup or use a Network Printer, please click here to get a word version of this Page and save it.

Why did this happen?
There was an error on your machine that is preventing the ZoneAlarm (Plus/Pro) security engine from properly starting. Because this condition is similar to a condition where a hacker is trying to disable your security, ZoneAlarm (Plus/Pro) has blocked would-be hackers by locking down your computer from outside Internet attacks. You should verify that your system is clean of any viruses or Trojans before restoring Internet Access. Check with your antivirus support site for help and special tools to remove viruses.

How long will it take to restore my access?
This will take between 5 and 15 minutes.

Instructions to restore Internet access

First try this:

1. Restart your computer. (To do this, locate the Windows Start menu in the system tray, select Shut down, select Restart from the drop-down menu and then click OK.)
2. After restarting, check your Internet access. Try this up to three times to see if your Internet access is restored. If this does not restore your access, proceed to step B below.

If above doesn’t work, do this:

1. In the ZoneAlarm (Pro/Plus) interface, go to the Overview Panel, locate the Preferences tab and uncheck "load ZoneAlarm (Pro/Plus) at start-up" as shown in figure 1 below.
2. Reboot your computer. (To do this, locate the Windows Start menu in the system tray, select Shut down, select Restart from the drop-down menu and then click OK.)
3. In this third step, you will be renaming your Internet logs folder. This simple step only takes a moment, just follow the instructions carefully below. Please note: Deleting your Internet logs is necessary to restore Internet access, but you will lose your ZoneAlarm (Plus/Pro) settings as a result.

a. In the Windows Start menu select Search and then For files or Folders.
b. In the box titled “search for files or folders named:” type the following exactly, with quotes: “internet logs”
c. In the box titled “look in:” select Local Harddrives…
d. Now press Search Now
e. In the results to the right you will see a folder called Internet Logs. Typically, this is located at:
i. C:\Windows\Internet Logs (for Win 9x/XP)
ii. C:\Winnt\Internet Logs (for Win 2000/NT)
f. To rename the folder, simply right-click your mouse on the word “Internet Logs,” select Rename and then type in a new name in the text field such as “oldlogs.” Press Return when done.
4. Reboot your computer. (See step 2 above)

You should now have Internet access. (If you do not, click here.) To restore your security, install the latest version of your product by clicking the correct link below:

Figure 1: Unchecking “load at startup” as shown with the red circle below.


Advanced instructions:

You have been taken to this area if you have tried previous steps to restore Internet access and have been unsuccessful. Thank you for your patience.

1. Removal will require using Safe Mode and editing the registry. If you are not comfortable using these, you should seek out someone more knowledgeable in their use. Please click here to view the instructions necessary to restore Internet access. This will take approximately 15 minutes.
2. If you are unable to complete these steps yourself, you may contact Zone Labs Technical Support via fax at 415-343-0057. Someone will contact you as quickly as possible and in the order your Fax was received and will follow the exact steps above with you.

Look at what the W32/Mitglieder.HT infection potentially does:

http://www.f-prot.com/virusinfo/desc...lieder_fs.html
http://www.f-prot.com/virusinfo/desc...lieder_ht.html

It tries to make its removal more difficult by attempting to kill any antivirus-related processes, disable their services, delete their files and make their websites inaccessible.

Surely, zonealarm is trying to neutralize the infection and/or is missing some of its components. A non-functional CD makes reinstallation of ZoneAlarm very difficult.


Review what was done here, successfully, and/or try the ZoneAlarm suggested procedures:
http://www.help2go.com/component/opt...p,89022/#89022



I am not sure the listed procedures alone will resolve your issues. Your best option may be to backup all user files to another hard drive (USB) or pen/memory drive and to do a fresh install. Or have a local shop do those procedures for you.