40 replies to this topic

[php111]

Hey Broni,

As per your email here is my thread. I think you meant this forum.

My PC is slow and freezing. My Firefox browser won't make it pass the default page into Google. It won't load any of my apps either. I did an uninstall of Avast because it wasn't updating, and Web Sheild was off. I did a restore, it's all messed up. The same goes for my Comodo firewall. I don't know what else to do....

However, Safe Mode works. Without Safe Mode, it's hard to go into the Control Panel.

I have eMachines EL1200 (model).

[Broni]

Please complete all steps from here: http://www.smartestc...ease-read-this/

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  
• Please refrain from running tools or applying updates other than those I suggest.
  
• Never run more than one scan at a time.
  
• Keep updating me regarding your computer behavior, good, or bad.
  
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

[php111]

Hey,

I'm sorry but it's not working. I'll tell you what I did.

I opened Mozilla Firefox, and then typed in www.smartestcomputing.us.com

It won't let me bypass the Firefox home default screen. It's odd but true. I don't know where I put my Win 7 at.

As far as IE goes because Firefox didn't work. It opens then closes by itself.

Sent from my iPhone

[php111]

Here's some more info.

I made a Repair Disc, and I don't think it found errors. I have Internet on my PC. It won't let me bypass the Firefox screen. It's not an browser error as in when I'm not connected. I hope this second reply helps.

[Broni]

Restart computer in Safe Mode with Networking and see if you can operate it there better.

Alternatively, download prescribed tools on another working computer and transfer them to "bad" computer using USB flash drive.

[php111]

Broni, on 08 August 2011 - 10:59 PM, said:

Restart computer in Safe Mode with Networking and see if you can operate it there better.

Alternatively, download prescribed tools on another working computer and transfer them to "bad" computer using USB flash drive.

I rather do the Safe Mode option. I don't have another computer to use. I don't have money for a USB drive.

1. How do I enable Networking in Safe Mode?

2. Would it let me gain access to the Internet where I can do the steps in Safe Mode? Could I reinstall my Avast and update it in Safe Mode?

I just made a big purchase on top of being in debt.

[php111]

Hey,

This is what I got in Avast after installed in Safe Mode with Networking.


Unable to File System Shield!
Shield unreachable.

It was working when I downloaded it. I can't win. LOL. I am posting from Safe Mode.

[Broni]

Very good :)

Don't worry about Avast for now.

Go ahead with other steps form here: http://www.smartestc...ease-read-this/

[php111]

I disconnected my Internet to scan gmer. I can't figure out on how to reconnect it? I know I right clicked it and brings up a box.

[Broni]

Restart computer in Safe Mode with Networking and connection should come back.

[php111]

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7413

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

8/8/2011 9:59:27 PM
mbam-log-2011-08-08 (21-59-27).txt

Scan type: Quick scan
Objects scanned: 154292
Time elapsed: 1 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[php111]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-08 21:17:07
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000057 WDC_WD10 rev.05.0
Running: nyxq4zov.exe; Driver: C:\Users\Derek\AppData\Local\Temp\uwdoapow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 81C88339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81CC1D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1736] ntdll.dll!LdrLoadDll 770E22B8 5 Bytes JMP 010C1410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1736] USER32.dll!GetWindowInfo 75DF4B5E 5 Bytes JMP 6E70C647 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2036] USER32.dll!SetWindowLongA 75DE8BA3 5 Bytes JMP 6E8EF0D7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2036] USER32.dll!SetWindowLongW 75DF4449 5 Bytes JMP 6E8EF069 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2036] USER32.dll!GetWindowInfo 75DF4B5E 5 Bytes JMP 6E7056CB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2036] USER32.dll!TrackPopupMenu 75E02228 5 Bytes JMP 6E705CE7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000042 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.15 ----

[php111]

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-08 21:43:34
-----------------------------
21:43:34.673 OS Version: Windows 6.1.7601 Service Pack 1
21:43:34.673 Number of processors: 1 586 0x7F02
21:43:34.673 ComputerName: DEREK-PC UserName: Derek
21:43:42.707 Initialize success
21:43:43.035 AVAST engine defs: 11071801
21:44:14.032 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
21:44:14.047 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
21:44:16.075 Disk 0 MBR read successfully
21:44:16.075 Disk 0 MBR scan
21:44:16.247 Disk 0 Windows 7 default MBR code
21:44:16.247 Disk 0 scanning sectors +1953520065
21:44:16.450 Disk 0 scanning C:\Windows\system32\drivers
21:44:22.939 Service scanning
21:44:24.156 Modules scanning
21:44:26.309 Disk 0 trace - called modules:
21:44:26.325 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
21:44:26.325 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a86ac8]
21:44:26.340 3 CLASSPNP.SYS[8759459e] -> nt!IofCallDriver -> [0x8441dab0]
21:44:26.356 5 ACPI.sys[823b03d4] -> nt!IofCallDriver -> \Device\00000057[0x83afb9e0]
21:44:26.715 AVAST engine scan C:\Windows
21:44:27.697 AVAST engine scan C:\Windows\system32
21:45:34.325 AVAST engine scan C:\Windows\system32\drivers
21:45:40.705 AVAST engine scan C:\Users\Derek
21:46:01.843 AVAST engine scan C:\ProgramData
21:46:08.770 Scan finished successfully
21:46:43.230 Disk 0 MBR has been saved successfully to "C:\Users\Derek\Desktop\MBR.dat"
21:46:43.230 The log file has been saved successfully to "C:\Users\Derek\Desktop\aswMBR.txt"

[php111]

10:08 PM 8/8/2011
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Derek at 21:47:39 on 2011-08-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.1250 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\users\derek\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\derek\appdata\roaming\micros~1\windows\startm~1\programs\startup\frostw~1.lnk - c:\program files\frostwire\FrostWire.exe
StartupFolder: c:\users\derek\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableStatusMessages = 1 (0x1)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 204.186.110.76 216.144.187.37 216.144.187.199
TCP: Interfaces\{E40A41B6-2C42-4FFB-BD8A-7DE0E26507A4} : DhcpNameServer = 204.186.110.76 216.144.187.37 216.144.187.199
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\derek\appdata\roaming\mozilla\firefox\profiles\n2v5f101.default\
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\derek\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\users\derek\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-9-28 15328]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 37592]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-13 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-13 309848]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 238960]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-13 19544]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-4-13 54104]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-8 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-8 366640]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-9-28 220128]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-9 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-8 22712]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-9 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-24 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-08-09 01:22:17 -------- d-----w- c:\users\derek\appdata\local\ElevatedDiagnostics
2011-08-09 01:05:25 -------- d-----w- c:\users\derek\appdata\roaming\Malwarebytes
2011-08-09 01:05:03 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-09 01:05:02 -------- d-----w- c:\programdata\Malwarebytes
2011-08-09 01:05:00 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-09 01:05:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-09 00:11:52 -------- d-----w- c:\program files\AVAST Software
2011-08-07 18:45:15 -------- d-----w- c:\programdata\Comodo Downloader
2011-08-07 04:08:43 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-08-07 04:08:43 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-08-07 04:08:05 -------- d-----w- c:\program files\iPod
2011-08-07 04:08:04 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-08-07 04:08:04 -------- d-----w- c:\program files\iTunes
2011-08-07 04:06:09 -------- d-----w- c:\program files\Bonjour
2011-08-05 22:53:03 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{60645802-c160-4063-9238-811097a5c3ea}\mpengine.dll
2011-08-05 22:51:14 -------- d-----w- c:\users\derek\appdata\local\Apple Computer
2011-08-05 22:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-08-05 22:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-08-05 22:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-08-05 22:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-08-05 22:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-08-05 22:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-08-05 22:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-08-05 22:49:21 -------- d-----w- c:\users\derek\appdata\local\Apple
2011-07-30 17:46:50 -------- d-----w- c:\users\derek\appdata\local\Google
2011-07-15 11:24:00 271872 ----a-w- c:\windows\system32\conhost.exe
2011-07-15 11:24:00 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-15 11:23:55 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
==================== Find3M ====================
.
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-05 00:48:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
.
============= FINISH: 21:47:57.97 ===============

[php111]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/24/2010 4:19:14 PM
System Uptime: 8/8/2011 9:21:09 PM (0 hours ago)
.
Motherboard: eMachines | | WMCP61M
Processor: AMD Athlon™ Processor 2650e | Socket AM2 | 1607/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 50 GiB total, 36.658 GiB free.
D: is FIXED (NTFS) - 100 GiB total, 91.269 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 32 GiB total, 29.631 GiB free.
G: is FIXED (NTFS) - 500 GiB total, 413.05 GiB free.
H: is FIXED (NTFS) - 250 GiB total, 67.993 GiB free.
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: avast! Network Shield Support
Device ID: ROOT\LEGACY_ASWTDI\0000
Manufacturer:
Name: avast! Network Shield Support
PNP Device ID: ROOT\LEGACY_ASWTDI\0000
Service: aswTdi
.
==== System Restore Points ===================
.
RP15: 8/8/2011 7:39:23 PM - avast! Free Antivirus Setup
RP16: 8/8/2011 7:39:39 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
AVG PC Tuneup 2011
AviSynth 2.5
Bonjour
CCleaner
CDBurnerXP
D3DX10
ffdshow v1.1.3800 [2011-03-28]
Foxit Creator
Foxit Reader
iTunes
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 24
Junk Mail filter update
LSI PCI-SV92EX Soft Modem
Macrium Reflect - Free Edition
Malwarebytes' Anti-Malware version 1.51.1.1800
MediaInfo 0.7.44
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MKVtoolnix 4.7.0
Mozilla Firefox 5.0.1 (x86 en-US)
MSVCRT
MyDefrag v4.3.1
NVIDIA Display Control Panel
NVIDIA Drivers
OpenOffice.org 3.3
PDFCreator
PVSonyDll
QuickTime
Revo Uninstaller 1.92
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/8/2011 9:21:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/8/2011 9:21:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/8/2011 9:21:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/8/2011 9:21:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/8/2011 9:21:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi cmdGuard discache spldr Wanarpv6
8/8/2011 9:10:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service lltdsvc with arguments "" in order to run the server: {5BF9AA75-D7FF-4AEE-AA2C-96810586456D}
8/8/2011 9:00:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/8/2011 8:27:47 PM, Error: Microsoft-Windows-WMPNSS-Service [14319] - Service 'WMPNetworkSvc' did not start because Group Policy is preventing Windows Media Player from sharing media with other devices.
8/8/2011 8:12:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/8/2011 8:08:39 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/8/2011 8:01:56 PM, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The system cannot find the file specified.
8/8/2011 7:21:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
8/8/2011 3:44:29 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/8/2011 3:44:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/8/2011 3:44:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/8/2011 3:44:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi cmdGuard cmdHlp DfsC discache inspect NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
8/8/2011 3:44:09 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/8/2011 3:44:09 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/8/2011 3:44:09 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/8/2011 3:44:09 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/8/2011 3:44:09 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/8/2011 3:44:09 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/8/2011 3:44:09 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/8/2011 3:44:09 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/8/2011 3:44:09 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/8/2011 3:44:09 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/8/2011 3:29:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
8/7/2011 7:06:20 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
8/7/2011 6:09:01 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
8/7/2011 5:52:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx
8/7/2011 3:42:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/6/2011 9:22:09 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/6/2011 11:52:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
8/6/2011 11:52:37 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/6/2011 11:52:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/6/2011 11:47:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
8/6/2011 10:41:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
8/6/2011 10:41:40 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/6/2011 10:41:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
8/6/2011 10:23:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
8/6/2011 10:23:38 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

[Broni]

...and Attach.txt part of DDS please...

[Broni]

Disregard.
I didn't see your last reply.

[Broni]

I don't see much malware-wise, but we'll keep checking.

Possibly Comodo, or now Comodo's leftovers are messing things up. I've seen this issue.

Restart computer in normal mode and see if you can use Internet Explorer.

[php111]

Here it is.

Attached Files

•  Attach.txt   12.57K   60 downloads

[Broni]

You posted it already.

Go ahead with my previous reply.