Comodo Version 3 Firewall Locked all applications

Hi

I recently installed Comodo Firewall
One day it asked me if i should allow or block an application (.exe)
I wasnt sure what it was so i blocked it

NOW

I cant

Run any application, Shut down or restatart my computer, uninstall things

Pretty much i am screwed and cant use my computer please save me pplz (im dieing)

Can you do this?
Start > Run > type in:

"C:\Program Files\Comodo\Firewall\CPF.exe" -uninstall

Include the quote marks.

I tried and unfortunately it didn't work

This is because i think the program is blocking me from opening any task

If you would like should i give you my running process list (as this is the

only thing i can access)

Cant acces my registry as it is locked Like everything else

This doesnt sound right......send through a HJT log.

I suspect that there are unauthorized forces at work here!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:42 AM, on 9/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Areeb\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com.au/cabs/QOLCheck.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

I had to do the scan in safe mode otherwise

It was not possible

Doing a scan in safe mode won't help, since not many malware are able to run in safe mode.

Since you can boot into safe mode, can you uninstall Comodo Firewall? If the problem is really caused by blocking a wrong application, you can reinstall it. If the problem persists, post for help in the Malware Removal forum and we will bring you through our clean up steps.

You blocked a single exe and now you cannot run anything? Impossible. This is malware at work, I just cannot find anything in your log file. As Doc said, please post in our malware removal forum, and we will run you through the common scan process.

Guys i uninstalled and then reinstalled

Works a treat

Thanks alot

However i will reformat my computer just incase

Would that solve all problems

Yes it would.

[I read that the user formatted, but for record, he wasn't able to uninstall because of restrictions set]

I can't find the user that had the infection i'm looking for, but tdssserv [I think] kills normal mode and sets restrictions.
[edit]
Found what I was looking for. tdssserv, unable to use normal mode and policies were set.

Last edited by Belahzur on 27th September 2008, 12:46 am; edited 2 times in total

Thanks alot once again

To avoid this once ive reformatted im going to have the following security

Firewall: Comodo

AntiVirus: AVAST Home Edition

Hopeully this will keep me protected If there any better please tell me

Download this pre-made host file from here.
http://www.mvps.org/winhelp2002/hosts.zip

Once downloaded, unzip it and run mvps.bat. This will replace your current host file with a modified one, this one contains links to bad sites and will stop you visiting them.

Goodluck and stay safe.