Antivir / fraud.sysguard

[RobinsonCano]

step 2. Java update complete.

gonna do step 3 now. quick question, i dont need to disable spybot right since the teatimer is still disabled correct? just the microsoft securities essentials?

and from the looks of it this will be running a while. so i guess we pick up tomorrow.

 

[JonTom]

Hello Robinsoncano

i dont need to disable spybot right since the teatimer is still disabled correct? just the microsoft securities essentials?

:bigthumb:

Let me know if you have any problems

 

[RobinsonCano]

i keep getting this error

Launch of the Java Application is interrupted. Please establish an uninterrupted internet connection for work with this program.

i dunno what im doing wrong. i even disabled the wireless and used a wired to connect to the internet.

 

[RobinsonCano]

Also, please describe how your machine is behaving now. Are you still experiencing problems?
[/list]

ever since i did step 2, the update and the scan of malwarebytes, its been running much much smoother and fast. most of the time its little to no lag. control alt delete to peek at my processes is immediate. there was one instance earlier this afternoon where svchost.exe took over again. as much as 200,000k. it just sorta zaps the computer of life. while this was something that happened constantly, its happening much less since this afternoon.

 

[JonTom]

Hello RobinsonCano

Lets try this scan instead:

1. Please run the following scan
   
   
   • Note: You will need to use Internet Explorer for this scan.
   • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
   • Please disable your real time security programs before performing the scan.
   
   
   • Scan your system with Eset Online Scanner
   • Place a check mark in the box YES, I accept the Terms Of Use.
   • Click the
     
     button.
   • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
   • Click on
     
     to download the ESET Smart Installer. Save it to your desktop.
   • Double click on the
     
     icon on your desktop.
   
   
   • Check
     
   • Click the
     
     button.
   • Accept any security warnings from your browser.
   • Check
     
   • Push the "Start" button.
   • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
   • When the scan completes, push
     
   • Push
     
     , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
   • Push the
     
     button.
   • Push
     
   
   Please post the ESET log in your next reply.

 

[RobinsonCano]

ESETScan

C:\Qoobox\Quarantine\C\WINDOWS\system32\autorun.inf.vir INF/Autorun.gen trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{AD8F9D70-CF7E-4526-8105-3467FD234E0C}\RP157\A0042743.inf INF/Autorun.gen trojan cleaned by deleting - quarantined

Question. Do I check boxes for uninstall and/or delete quarantined files?

 

[JonTom]

Hello RobinsonCano

Do I check boxes for uninstall and/or delete quarantined files?

Don't do anything with them right now. They can cause no harm to your system where they are.

I will get back to you later today with the next steps

 

[JonTom]

Hello RobinsonCano

The ESET log has detected infected files in ComboFix quarantine and also in one of your system restore points. We will deal with these in the steps below:

1. Please Uninstall Combofix
   
   
   • Click on "Start" and then on "Run".
   • Now type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there.
   
   Do you wish to keep the IBM client access program on your machine?
   
   We can disable it so it does not run when your system starts (then you can run it manually if you ever need it) or alternatively, we can remove it completely or leave it where it is. Please let me know, then we will continue with the rest of the clean up procedure.

 

[RobinsonCano]

i sent you a PM with a dumb question. lol.

 

[RobinsonCano]

never got an email notification on your last reply. havent been ignoring it. working on it now.

 

[RobinsonCano]

update. Combofix is uninstalled. it asked me to disable my AV so it could get it done without interferance. and my sandbox on comodo went off like crazy went it was finishing. all of them were combofix related so i hit allow.

ibm client access. i have no idea what that is or does.

 

[RobinsonCano]

when i uninstalled that combofix and the comodo sandbox went off like crazy its like my computer is back to square one again. it just stalls.

can i run those last two scans again before we continue?

You may need to empty the sandbox.

Feel free to run another ESET scan and post the log in your forum thread.

I ran ESET scan again. It came up empty. No infections. So there was no "List of found threats" link. The quarantine link did show the two hits from the first ESET scan.

sandbox shows that it is empty.

IMB client access. I still don't exactly know what it is. So lets remove it I think.

 

[JonTom]

Hello Robinsoncano

I ran ESET scan again. It came up empty. No infections.

I am not sure why your firewall is playing up after uninstalling ComboFix. Whatever is behind it, it does not appear to be malware related.

IMB client access. I still don't exactly know what it is. So lets remove it I think.

As you wish

Please work your way through the following steps:

1. Please open OTL
   
   
   • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.
     
     

     :OTL
     PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
     O4 - HKLM..\Run: [Client Access Check Version] C:\Program Files\IBM\Client Access\cwbckver.exe (IBM Corporation)
     O4 - HKLM..\Run: [Client Access Express Welcome] C:\Program Files\IBM\Client Access\cwbwlwiz.exe (IBM Corporation)
     O4 - HKLM..\Run: [Client Access Help Update] C:\Program Files\IBM\Client Access\cwbinhlp.exe (IBM Corporation)
     O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
     
     :Files
     C:\Program Files\IBM
     
     :Commands
     [purity]
     [emptytemp]
     [emptyflash]
     [start explorer]
     [Reboot]

     
     
     
   • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
   • Allow the program to run unhindered.
   • Your machine will re-start itself. This is normal.
   • A log will be created after your machine reboots. Please post the contents of the log in your next reply.

 

[RobinsonCano]

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Client Access Check Version deleted successfully.
C:\Program Files\IBM\Client Access\cwbckver.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Client Access Express Welcome deleted successfully.
C:\Program Files\IBM\Client Access\cwbwlwiz.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Client Access Help Update deleted successfully.
C:\Program Files\IBM\Client Access\cwbinhlp.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Client Access Service deleted successfully.
C:\Program Files\IBM\Client Access\cwbsvstr.exe moved successfully.
========== FILES ==========
C:\Program Files\IBM\Client Access\Shared folder moved successfully.
C:\Program Files\IBM\Client Access\Mri2931 folder moved successfully.
C:\Program Files\IBM\Client Access\Emulator\Private folder moved successfully.
C:\Program Files\IBM\Client Access\Emulator\PdfPdt folder moved successfully.
C:\Program Files\IBM\Client Access\Emulator folder moved successfully.
C:\Program Files\IBM\Client Access\Classes folder moved successfully.
C:\Program Files\IBM\Client Access folder moved successfully.
C:\Program Files\IBM folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.N09110003
->Temp folder emptied: 1860640 bytes
->Temporary Internet Files folder emptied: 8379855 bytes
->Java cache emptied: 124352 bytes
->FireFox cache emptied: 87182995 bytes
->Flash cache emptied: 5320 bytes

User: All Users

User: All Users.WINDOWS

User: Ctx_StreamingSvc
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 343 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 39360 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: pa00849
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: pa00884

User: u0703
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: u085950.BBVA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: u085950.RDEXBBVA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: xe16290
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35184 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 635313640 bytes

Total Files Cleaned = 699.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.N09110003
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Ctx_StreamingSvc

User: Default User

User: Default User.WINDOWS
->Flash cache emptied: 0 bytes

User: LocalService

User: LocalService.NT AUTHORITY
->Flash cache emptied: 0 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY

User: pa00849

User: pa00884

User: u0703

User: u085950.BBVA
->Flash cache emptied: 0 bytes

User: u085950.RDEXBBVA
->Flash cache emptied: 0 bytes

User: xe16290

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08062010_153700

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[JonTom]

Hello RobinsonCano

Thank you for the log.

Please scan your system with DDS and post the log created.

 

[RobinsonCano]

working on it.

svchost.exe plus wuauclt.exe are hogging my memory. im on a different computer post this.

 

[RobinsonCano]

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 16:43:34.65 on Fri 08/06/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.198 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator.N09110003\Desktop\dds.com

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
mPolicies-system: MaxGPOScriptWait = 1200 (0x4b0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1.n09\applic~1\mozilla\firefox\profiles\up2f9avd.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 25240]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-6-1 1778480]

=============== Created Last 30 ================

2010-08-06 01:46:56 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-05 14:20:47 0 d-----w- c:\program files\ESET
2010-08-04 19:53:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-04 19:53:10 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-04 15:00:30 0 d-----w- C:\spoolerlogs
2010-08-04 14:48:38 0 d--h--w- C:\VritualRoot
2010-08-03 20:23:18 0 d-----w- C:\_OTL
2010-08-03 04:02:25 0 d-----w- c:\docume~1\alluse~1.win\applic~1\COMODO
2010-08-03 03:44:47 0 d-----w- c:\program files\COMODO
2010-08-03 03:37:50 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Comodo Downloader
2010-08-03 02:16:44 0 d-----w- c:\program files\Microsoft Security Essentials
2010-08-01 23:47:53 0 d-sha-r- C:\cmdcons
2010-07-31 07:12:50 0 d-----w- c:\docume~1\admini~1.n09\applic~1\Malwarebytes
2010-07-31 07:12:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-31 07:12:31 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-07-31 07:12:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-31 07:12:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-31 06:38:35 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-31 06:04:05 0 d-----w- c:\windows\pss
2010-07-08 22:44:32 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-07-08 22:44:32 21504 ----a-w- c:\windows\system32\hidserv.dll

==================== Find3M ====================

2010-06-02 00:00:52 278288 ----a-w- c:\windows\system32\guard32.dll
2007-11-22 03:26:02 3917824 --sha-r- c:\windows\system32\ntlfs.sys

============= FINISH: 16:45:09.92 ===============

 

[JonTom]

Hello RobinsonCano

Your logs appear to be clean! Great job :bigthumb:

svchost.exe plus wuauclt.exe are hogging my memory. im on a different computer post this.

The ESET scan shows that your system is clean, and as mentioned before extra RAM will help.

wuauclt.exe is the AutoUpdate Client for Windows and is nothing to worry about (It is probably trying to download XP Service Pack 3, which you really should install).

Since your system appears to be clean but seems to be running more slowly, you can always experiment with different security programs to see which ones are lightest on system resources, however when it comes to running multiple processes, RAM is king.

Please work your way through the following clean up and update steps:

1. Please perform the following cleanup procedure
   
   
   • Double click on the OTL.exe icon on your desktop to run the program. (Note: If you are running Vista, right-click on the file and choose Run As Administrator).
   • Once OTL has opened, click on the "CleanUp!" button.
   • Follow any prompts that you receive.
   
   
2. Removal of Tools
   
   
   • You no longer need Security Check or the McAfee Removal Tool. Please delete them from your system.
   
   
3. Your Internet Explorer is out of date
   
   
   • A newer version of Internet Explorer is available from here.
   
   
4. Please install XP Service Pack 3
   
   
   • XP Service Pack 3 contains many more security features that are not present in Service Pack 2.
   • Instructions for downloading XP Service Pack 3 can be found here.
   
   
   Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask.
   
   
5. Finally, please take the time to read through the information provided below:
   
   Enhance your System Security
   
   • For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here.
   • IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
   • Once complete, remember to re-engage your resident security before going online.
   
   Web Browsers and Browser Security
   
   Firefox
   • Firefox is generally considered to have greater browsing security in comparison to other popular programs. You can download Firefox 3.0 from here.
   
   No-Script
   • If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
   • You can download No-Script by clicking here.
   
   Internet Explorer
   • The newest version of Internet Explorer is available from here.
   
   SpywareBlaster
   • If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
   • SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
   • You can download SpywareBlaster by clicking here.
   
   Web of Trust
   • When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
   • Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
   • You can download Web of Trust by clicking here.
   
   Keep your Software Updated
   • Outdated software can sometimes have vulnerabilities that are exploitable by malware.
   • Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here.
   
   Passwords
   • Learn how to create strong passwords by clicking here and test the strength of the passwords you already use by clicking here.
   
   General Reading
   • How did I get infected in the first place?
     
   • PC Safety and Security - What do I need?
     
   • How to prevent Malware (by Miekiemoes)
   
   Learn How To Combat Malware
   • Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here.

 

[RobinsonCano]

clean is good! and i do have a RAM investment on my to do list. but i dont even know where to start on that.

holy toledo at the list of things in that last post. i will get to them one by one and give you an update.

but... check back tomorrow.

:cowboy:

 

[RobinsonCano]

question 1. teatimer back on? This would run along with Comodo Firewall and Microsoft Security Essentials. Or should I just use Spybot as an on demand thing like Malwarebytes?