Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Comodo uninstall problem. Cmdagent removal breaks netconnect


  • Please log in to reply
77 replies to this topic

#1 Jerhyn

Jerhyn

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:06:17 AM

Posted 17 July 2015 - 01:25 PM

A few years back I installed Comodo firewall/av.

A few months ago I changed and bought Emsisoft on the recommendation of the forums here.

 

I tried the windows uninstall but several Comodo files remained and stayed active.

I tried this solution

http://www.bleepingcomputer.com/forums/t/510516/how-to-remove-comodo-internet-security/

I have successfully stopped these services and disabled in the admin/services panel

 

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe

R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2014-01-20] (Comodo Security Solutions, Inc.)

S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-01-20]

S2 cmdvirth; "C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe" [X]

 

and my internet connection functions normally.

 

However, when I disable

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)

 

My internet connection breaks, I think it is the connect to the router that fails.

 

Somehow I would like to kill Cmdagent and reset or fix the broken net connection.

 

Thanks in advance

Jerry



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:17 PM

Posted 17 July 2015 - 03:42 PM

Hi Jerry,

What happens if you attempt to troubleshoot Internet connection after you disable cmdAgent?

#3 Jerhyn

Jerhyn
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:06:17 AM

Posted 17 July 2015 - 06:22 PM

Tried troubleshooter,

 

can not automaticly fix the problem.

would you like to try other options ?

search online for answers.

 

Did this in safe mode and not.

The only line I got different when right clicking was

in network manager

Incompatable router attached to the network.

 

The ONLY way to get onnline is to run cmdagent on auto.

Jerry



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,599 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 AM

Posted 17 July 2015 - 06:24 PM

Hi Jerhyn :)

Are you on a wired or wireless connection?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:17 PM

Posted 17 July 2015 - 07:35 PM

Hello Jerhyn,
 
Looks like I am last in the line at the moment, and I found this worked on Windows 7 versions .(not knowing what system you installed it on).
Since you are having problems, it would pay to save any important data to CD or DVD. Always important when making any changes.
Have you fully installed Emsisoft on your system yet ?
 
If so Temporarily shutdown your antivirus to avoid any conflicts, and don't forget to reconnect after you finish removals..
 
Originally posted as : For Windows 8 and Windows 8.1 Users

 

1) Download Autoruns - http://technet.microsoft.com/en-us/sysinternals/bb963902
2) Right click the zipped folder and extract all to a known location (like the desktop)
3) Right click and select run as administrator for the 'autoruns.exe' file found in the extracted folder.
4) Look under both the 'services' and 'drivers' tabs for the following entries (CmdAgent, cmderd, cmdGuard, cmdhlp, cmdvirth & inspect).
5) Take note of the associated file and location for each (Hover over image path).
6) Right click and delete each of the mentioned Comodo entries.
7) Using Windows explorer navigate to the previously noted file locations and delete any remaining associated files.

 

You have a variety of choices, plus the Comodo Forum to help you, so please keep us updated on each situation, so that we may pass it on..

 

Thank You -



#6 Jerhyn

Jerhyn
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:06:17 AM

Posted 18 July 2015 - 10:58 PM

Autoruns was one of the first tools that showed me comodo was still active.

 

I followed directions, disabled emsisoft,

ran autoruns as admin,

deleted the comodo files, 8 of em.

rebooted and had no internet connection,

Ran trouble shooter admin,

said that there was a network interface driver  problem,

I tried to make a new network connection, but no network found.

reversed the procedure

rebooted and I am here.

Oh, and my bad about system, Win 7 home, 8 gigs memory, century link dsl, Linksys e1200 router, 4 wired ports and wireless.

wireless connection, netflix and cellphone wireless all still work.

 

Jerry

 

I trier



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,599 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 AM

Posted 19 July 2015 - 08:53 AM

Jerhyn, follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the executable file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator;
  • Check the following options:
    • List Installed Programs;
    • List Last 10 Event Viewer Errors;
    • List Devices - All;
    • List Users, Partitions and Memory size;
      wNeKMCX.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Jerhyn

Jerhyn
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:06:17 AM

Posted 19 July 2015 - 10:19 AM

Below is the the minitool box result. The net is working at the moment.

 

However, I then retried the autorun and was disabling comodo entries to get a minitool log when the net was failed.

and hit what I am afraid could be an emergency.

 

the entire current controll set services hundreds of drivers, now are listed as file not found.

Huge block of drivers are now highlighted yellow.

 

If this means all my drivers are no longer here I will not shut down or reboot till I revert this.

Is there a method to revert all changes made in autoruns similar to undo in other apps ?

And I checked the recycle bin, no deleted files in there to restore.

 

I have never seen this happen in 30 years.

 

MiniToolBox by Farbar  Version: 01-07-2015
Ran by Gerald (administrator) on 19-07-2015 at 07:31:29
Running from "C:\Users\Gerald\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: GA-890FXA-UD5 Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/19/2015 07:21:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2015 08:44:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2015 08:31:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2015 04:18:10 PM) (Source: Application Hang) (User: )
Description: The program autoruns.exe version 11.70.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1188

Start Time: 01d0c1ae9b656df1

Termination Time: 6

Application Path: C:\Users\Gerald\Desktop\autoruns.exe

Report Id: 3a95981c-2da3-11e5-a5fe-1c6f65c205b5

Error: (07/18/2015 02:10:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 04:13:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 03:59:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 03:46:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 03:42:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: mmc.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc808
Faulting module name: mmcndmgr.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce7c775
Exception code: 0xc0000005
Fault offset: 0x000007feeb9d017e
Faulting process id: 0x141c
Faulting application start time: 0xmmc.exe0
Faulting application path: mmc.exe1
Faulting module path: mmc.exe2
Report Id: mmc.exe3

Error: (07/17/2015 11:44:31 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/17/2015 11:37:22 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/17/2015 11:37:22 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (07/17/2015 11:37:19 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/17/2015 11:37:19 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/17/2015 11:37:19 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/17/2015 11:37:19 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/17/2015 11:37:19 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/17/2015 11:37:19 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/17/2015 11:37:16 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/17/2015 11:37:10 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}


Microsoft Office Sessions:
=========================
Error: (07/19/2015 07:21:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2015 08:44:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2015 08:31:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2015 04:18:10 PM) (Source: Application Hang)(User: )
Description: autoruns.exe11.70.0.0118801d0c1ae9b656df16C:\Users\Gerald\Desktop\autoruns.exe3a95981c-2da3-11e5-a5fe-1c6f65c205b5

Error: (07/18/2015 02:10:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 04:13:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 03:59:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 03:46:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 03:42:04 PM) (Source: Application Error)(User: )
Description: mmc.exe6.1.7600.163854a5bc808mmcndmgr.dll_unloaded0.0.0.04ce7c775c0000005000007feeb9d017e141c01d0c0e189936a29C:\Windows\system32\mmc.exemmcndmgr.dll0b27fa4d-2cd5-11e5-a227-1c6f65c205b5

Error: (07/17/2015 11:44:31 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8


CodeIntegrity Errors:
===================================
  Date: 2014-10-03 13:18:00.295
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-03 12:57:35.650
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-03 12:46:32.727
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-02 08:47:31.330
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-01 19:58:34.949
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-30 18:32:29.248
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-29 23:08:39.691
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-29 22:59:34.269
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-29 22:40:02.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-29 22:33:58.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.08 - GIGABYTE)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\{1BBE4C53-634B-44B3-8693-314ED6260557}) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\{ADEE751B-09AE-4DA7-9658-DCF90E8F9ED7}) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AutoGreen B10.0517.1 (HKLM-x32\...\{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE) Hidden
AutoGreen B10.0517.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Classic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft)
COMODO Firewall (HKLM\...\{901D1D88-408D-48E5-80DD-CC3145BD8456}) (Version: 6.3.39949.2976 - COMODO Security Solutions Inc.)
Easy Tune 6 B10.0516.1 (HKLM-x32\...\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Hidden
Easy Tune 6 B10.0516.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
EasySaver B9.1214.1  (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 9.0 - Emsisoft GmbH)
EPSON Print CD (HKLM-x32\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version:  - )
EPSON SPR300 Reference Guide (HKLM-x32\...\Silent Package Run-Time Sample) (Version:  - )
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Family Tree Maker 2005 (HKLM-x32\...\{B136E4A4-7660-4F15-9752-EF8E6BA7866D}) (Version:  - )
Family Tree Maker 2010 (HKLM-x32\...\{89EAD745-088B-4160-B964-42C4D4D273AD}) (Version: 19.0.180 - Ancestry.com) Hidden
Family Tree Maker 2010 (HKLM-x32\...\Family Tree Maker 2010) (Version: 19.0.180 - Ancestry.com)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
GeekBuddy (HKLM\...\{7137372F-6AD2-40C2-A794-F4A3BE5A98F8}) (Version: 4.10.86 - Comodo Security Solutions Inc)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.59.0 - GIGABYTE Technologies, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Junk Mail filter update (HKLM-x32\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Logitech G11 Keyboard Software 1.03 (HKLM\...\{59427B1F-852F-4AF1-8215-E5B12F966D89}) (Version: 1.3.166.0 - Logitech)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
NVIDIA 3D Vision Driver 266.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.66 - NVIDIA Corporation)
NVIDIA Graphics Driver 266.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.66 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Online Armor 7.0 (HKLM-x32\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Pawsoft Fass (HKLM-x32\...\Fass) (Version:  - )
RAIDXpert (HKLM-x32\...\{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.10 - AMD) Hidden
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.10 - AMD)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.26.902.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6215 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Smart Dual Lan (HKLM-x32\...\{FB238A00-FB43-49C8-8955-6F1F430944B7}) (Version: 1.00.0000 - Realtek)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Lord of the Rings Online™ v1100.0052.1373.8030 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 1100.0052.1373.8030 - Turbine, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 29.2.2013 - BillP Studios)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 8189.55 MB
Available physical RAM: 5978.48 MB
Total Virtual: 16377.32 MB
Available Virtual: 13735.87 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.35 GB) (Free:674.84 GB) NTFS

========================= Users: ========================================

User accounts for \\USER-PC

Administrator            ASPNET                   Gerald                   
Guest                    User                     


**** End of log ****
 


Edited by Jerhyn, 19 July 2015 - 10:25 AM.


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,599 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 AM

Posted 19 July 2015 - 10:22 AM

Jerhyn, you are currently on a wired connection, is that right? Also, what is your Ethernet Controller brand and model?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 Jerhyn

Jerhyn
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:06:17 AM

Posted 19 July 2015 - 10:41 AM

Wired to

pk5001z centurylink modem.

 

I just looked in directory c:\windows\system 323\drivers

and the files not found by autoruns are still in directory.



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,599 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 AM

Posted 19 July 2015 - 10:43 AM

Alright, when your connection is broken, install the latest drivers for your Ethernet Controller and that should reset it.

http://download.gigabyte.us/FileList/Driver/motherboard_driver_lan_realtek_8111_w7.exe

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Jerhyn

Jerhyn
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:06:17 AM

Posted 19 July 2015 - 10:59 AM

Ethernet controller, is that the modem to phone line, not the linksys router ?

 

and seeing these hundred drivers not found has me concerned.

I was knocking out the 8 comodo files to break the connection to get a minitool broken log.

I am concerned that I inadvertantly disabled my entire control set,

and if I reboot without drivers there might be disasterous fail to load system and missing drivers.

 

I was using the autoruns find to locate comodo files and disable, which I have done maybe 20 times by now, but never

got hundreds of drivers not found before.

is there a way to check this, Is there a key shortcutthat would have caused these files to suddenly be file not found ?



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,599 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 AM

Posted 19 July 2015 - 11:00 AM

May I ask to see that Autoruns file?

sUc2qjf.pngAutoruns - Start-up Entries
Follow the instructions below to give me an Autoruns log containing your start-up entries:
  • Download Autoruns.zip from the Sysinternals Suite webpage;
  • Extract the content of the Autoruns.zip folder where you want, then go in the folder, right-click on Autoruns.exe and select Run as Administrator;
  • Accept the EULA on opening, then wait for all the entries to load;
  • Click on File then Save and save the file to a location easily accessible as a .arn (Autoruns) file;
  • Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 Jerhyn

Jerhyn
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:06:17 AM

Posted 19 July 2015 - 11:41 AM

Onedrive

https://onedrive.live.com/?id=418A862F580B587C!105&cid=418A862F580B587C&group=0

 

dropbox wouldnt connect.

Jerry



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,599 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 AM

Posted 19 July 2015 - 11:43 AM

Apparently I cannot access that file either. It says that it's broken.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users