Trojan.Dropper, Rootkit.Agent, Trojan.Agent

[treb]

Attachment is ARK3 because with 2 I forgot to disable Ad-Aware, I saved 2 if you want to see it.

P.S. I've been reading other Posts which refer to a conflict between Mbam & Comodo???

[treb]

Negster22: Have not heard from you since posting ARK3, did you receive it?

[negster22]

I didn't see ARK3.txt until now I don't know why I didn't get a previous topic notification to my knowledge. I will have too look it over and get back to You!

There is only a problem with Comodo Defense+ component of CIS and Malwarebytes' Anti-Malware's protection module which is part of MBAM Pro's registered version.

Please read this topic for clarification:

http://forums.malwarebytes.org/index.php?showtopic=63502

For now, the trouble is not with the COMODO Firewall but with their "Defense+" component(s) within COMODO Internet Security (CIS).

An excellent workaround you may consider, before entering any exclusions in MBAM, is reinstalling COMODO CIS 5.0, and during the installation process, do NOT use the default install choices but instead choose "Firewall Only".

This will forbid the "Defense+" components from activating that presently seem to have unfavorable interaction with mbamservice.exe and consume excessive CPU usage.

One of the COMODO moderators suggests this warrants a bug report with COMODO and this has been done:

[negster22]

Download my Security Check:

http://screen317.spywareinfoforum.org/SecurityCheck.exe

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt
  
• Please post the contents of that document.
  

Uninstall Bonjour from Add/Remove Programs and then reboot.

Run this "FixIt Solution" by clicking the "Run Now" Button:

Download DDS and save it to your desktop from >HERE<

Disable any script blocking programs you may have installed (such as Norton script blocking), and disable the active protection component of your antivirus/anti-malware programs by following the directions that apply here:

http://www.bleepingcomputer.com/forums/topic114351.html

Double-click dss.scr to run the tool.

• When done, DDS will open two (2) logs:
  • DDS.txt
    
  • Attach.txt
    

  [*]Save both reports to your desktop

  [*]Please copy and paste both logs into your next reply (do NOT attach them).

[treb]

Download my Security Check:

http://screen317.spywareinfoforum.org/SecurityCheck.exe

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt
  
• Please post the contents of that document.
  

Uninstall Bonjour from Add/Remove Programs and then reboot.

Run this "FixIt Solution" by clicking the "Run Now" Button:

Download DDS and save it to your desktop from >HERE<

Disable any script blocking programs you may have installed (such as Norton script blocking), and disable the active protection component of your antivirus/anti-malware programs by following the directions that apply here:

http://www.bleepingcomputer.com/forums/topic114351.html

Double-click dss.scr to run the tool.

• When done, DDS will open two (2) logs:
  • DDS.txt
    
  • Attach.txt
    

  [*]Save both reports to your desktop

  [*]Please copy and paste both logs into your next reply (do NOT attach them).

Deleted Bonjour, theres also a Bonjour Print Services, they both came with my Kodak printer. Should I uninstall it also?

Checkup.txt: Results of screen317's Security Check version 0.99.6

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

Trend Micro RUBotted

Microsoft Security Essentials

Microsoft Security Essentials successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 22

Adobe Flash Player 10.1.102.64

Adobe Reader X

Mozilla Firefox (3.6.13)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Ad-Aware AAWService.exe

Ad-Aware AAWTray.exe

WinPatrol winpatrol.exe

Comodo Firewall cmdagent.exe

Comodo Firewall cfp.exe

Microsoft Security Essentials msseces.exe

Acronis OnlineBackupStandalone TrueImageMonitor.exe

BillP Studios WinPatrol WinPatrol.exe

Trend Micro RUBotted TMRUBotted.exe

Trend Micro RUBotted TMRUBottedTray.exe

````````````````````````````````

DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

DDS.txt:

DDS (Ver_10-12-12.02) - NTFSx86

Run by Eric at 17:49:07.57 on Sun 12/12/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3317.2504 [GMT -7:00]

AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: COMODO Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files\COMODO\Time Machine\ClientService.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\COMODO\Time Machine\CTMTRAY.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Program Files\Secunia\PSI\psi.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Documents and Settings\Eric\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - SingleInstance Class

TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

uRun: [Google Update] "c:\documents and settings\eric\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [Conime] %windir%\system32\conime.exe

mRun: [COMODO_TimeMachine] "c:\program files\comodo\time machine\CTMTRAY.exe"

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"

mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"

mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

mRun: [sAOB Monitor] c:\program files\acronis\onlinebackupstandalone\TrueImageMonitor.exe

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\WinPatrol.exe -expressboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\eric\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Notify: igfxcui - igfxdev.dll

SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\eric\applic~1\mozilla\firefox\profiles\gnfkpn3n.default\

FF - plugin: c:\documents and settings\eric\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

FF - Ext: Team Cymru's MHR: mhr@team.cymru - %profile%\extensions\mhr@team.cymru

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

R0 CTMFLT;COMODO Time Machine Bus Driver;c:\windows\system32\drivers\CTMFLT.sys [2010-8-3 2097152]

R0 CTMMOUNT;COMODO Time Machine Mount Manager Driver;c:\windows\system32\drivers\CTMMOUNT.sys [2010-8-3 2097152]

R0 CTMSHD;COMODO Time Machine Disk Filter Driver;c:\windows\system32\drivers\CTMSHD.sys [2010-8-3 2097152]

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2010-10-14 26248]

R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2010-10-14 20616]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-14 64288]

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2010-11-18 752128]

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-6-1 15592]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 239240]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 25240]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-8-11 3975088]

R2 ClientService;COMODO Time Machine Client Service;c:\program files\comodo\time machine\ClientService.exe [2010-7-20 280888]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-6-1 1901056]

R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2010-10-13 582992]

R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-8-11 163232]

R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2010-10-14 122504]

R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1389400]

R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-10-13 206608]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656]

S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-11-1 13192]

S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2010-10-14 14216]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-11-1 8456]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15264]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]

S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-10-13 206608]

=============== Created Last 30 ================

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 7/23/2010 12:10:51 AM

System Uptime: 12/12/2010 2:06:27 PM (0 hours ago)

Motherboard: Intel Corporation | | D945GCNL

Processor: Intel® Core2 CPU 4300 @ 1.80GHz | LGA 775 | 1795/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 214.774 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP96: 9/14/2010 4:41:06 PM - Software Distribution Service 3.0

RP97: 9/14/2010 5:57:52 PM - Software Distribution Service 3.0

RP98: 9/14/2010 8:27:19 PM - Installed Windows XP KB2347290.

RP99: 9/15/2010 6:16:16 PM - Software Distribution Service 3.0

RP100: 9/16/2010 7:10:52 PM - Installed Windows XP KB981322.

RP101: 9/17/2010 12:11:22 PM - Software Distribution Service 3.0

RP102: 9/17/2010 2:10:41 PM - Revo Uninstaller's restore point - Ashampoo WinOptimizer 7.11

RP103: 9/17/2010 2:13:22 PM - Revo Uninstaller's restore point - Ashampoo WinOptimizer 7.11

RP104: 9/18/2010 1:07:55 PM - Software Distribution Service 3.0

RP105: 9/18/2010 8:28:59 PM - Software Distribution Service 3.0

RP106: 9/20/2010 3:08:04 PM - Software Distribution Service 3.0

RP107: 9/21/2010 3:44:02 PM - Software Distribution Service 3.0

RP108: 9/22/2010 4:09:22 PM - System Checkpoint

RP109: 9/23/2010 5:11:03 PM - Software Distribution Service 3.0

RP110: 9/24/2010 5:26:57 PM - System Checkpoint

RP111: 9/25/2010 9:02:19 PM - Software Distribution Service 3.0

RP112: 9/26/2010 9:13:23 PM - Software Distribution Service 3.0

RP113: 9/27/2010 9:14:25 PM - Software Distribution Service 3.0

RP114: 9/28/2010 5:26:46 PM - Software Distribution Service 3.0

RP115: 9/29/2010 4:13:33 PM - Software Distribution Service 3.0

RP116: 9/30/2010 5:03:11 PM - Software Distribution Service 3.0

RP117: 10/1/2010 3:30:20 PM - Software Distribution Service 3.0

RP118: 10/1/2010 5:28:52 PM - Installed Windows XP KB2362765.

RP119: 10/1/2010 10:07:29 PM - Software Distribution Service 3.0

RP120: 10/3/2010 4:12:01 PM - Software Distribution Service 3.0

RP121: 10/4/2010 5:05:48 PM - System Checkpoint

RP122: 10/5/2010 3:49:53 PM - Software Distribution Service 3.0

RP123: 10/5/2010 9:44:09 PM - Removed Adobe Reader 9.3.4.

RP124: 10/5/2010 9:44:42 PM - Installed Adobe Reader 9.4.0.

RP125: 10/5/2010 9:53:57 PM - Revo Uninstaller's restore point - McAfee Security Scan Plus

RP126: 10/5/2010 9:55:07 PM - Revo Uninstaller's restore point - McAfee Security Scan Plus

RP127: 10/6/2010 4:52:43 PM - Installed Windows 7 Upgrade Advisor

RP128: 10/6/2010 6:01:18 PM - Software Distribution Service 3.0

RP129: 10/7/2010 6:04:44 PM - Revo Uninstaller's restore point - PC Pitstop Optimize3 3.0

RP130: 10/7/2010 6:05:39 PM - Revo Uninstaller's restore point - PC Pitstop Optimize3 3.0

RP131: 10/8/2010 11:31:46 AM - Software Distribution Service 3.0

RP132: 10/8/2010 1:29:08 PM - Installed Cloudmark DesktopOne.

RP133: 10/8/2010 1:31:56 PM - Revo Uninstaller's restore point - Cloudmark DesktopOne

RP134: 10/8/2010 1:32:08 PM - Removed Cloudmark DesktopOne.

RP135: 10/8/2010 1:33:29 PM - Revo Uninstaller's restore point - Cloudmark DesktopOne

RP136: 10/8/2010 1:34:06 PM - Revo Uninstaller's restore point - Cloudmark DesktopOne

RP137: 10/9/2010 3:41:17 PM - Software Distribution Service 3.0

RP138: 10/10/2010 7:08:31 PM - Software Distribution Service 3.0

RP139: 10/11/2010 4:10:11 PM - Software Distribution Service 3.0

RP140: 10/12/2010 4:47:17 PM - System Checkpoint

RP141: 10/12/2010 6:03:09 PM - Installed Java 6 Update 22

RP142: 10/12/2010 6:29:28 PM - Revo Uninstaller's restore point - Mozilla Thunderbird (3.1.4)

RP143: 10/12/2010 6:32:10 PM - Revo Uninstaller's restore point - Mozilla Thunderbird (3.1.4)

RP144: 10/12/2010 6:40:44 PM - Software Distribution Service 3.0

RP145: 10/12/2010 7:04:57 PM - Software Distribution Service 3.0

RP146: 10/13/2010 3:12:28 PM - Removed Java 6 Update 21

RP147: 10/13/2010 3:14:06 PM - Installed Java 6 Update 22

RP148: 10/13/2010 5:13:11 PM - Installed Trend Micro RUBotted

RP149: 10/14/2010 3:36:42 PM - Software Distribution Service 3.0

RP150: 10/15/2010 4:26:31 PM - Software Distribution Service 3.0

RP151: 10/16/2010 2:48:57 PM - Software Distribution Service 3.0

RP152: 10/17/2010 6:12:17 PM - Software Distribution Service 3.0

RP153: 10/18/2010 6:48:43 PM - Software Distribution Service 3.0

RP154: 10/19/2010 4:49:42 PM - Installed Windows Windows Easy Transfer for Windows 7.

RP155: 10/19/2010 4:55:12 PM - Installed Windows Windows Easy Transfer for Windows 7.

RP156: 10/19/2010 4:57:43 PM - Installed Windows Windows Easy Transfer for Windows 7.

RP157: 10/20/2010 5:06:02 PM - System Checkpoint

RP158: 10/21/2010 4:17:37 PM - Software Distribution Service 3.0

RP159: 10/22/2010 10:48:07 PM - Software Distribution Service 3.0

RP160: 10/23/2010 5:25:58 PM - Revo Uninstaller's restore point - Hitman Pro 3.5

RP161: 10/23/2010 5:26:58 PM - Revo Uninstaller's restore point - Hitman Pro 3.5

RP162: 10/23/2010 5:27:32 PM - Revo Uninstaller's restore point - Hitman Pro 3.5

RP163: 10/24/2010 9:20:21 PM - Software Distribution Service 3.0

RP164: 10/25/2010 4:55:15 PM - Software Distribution Service 3.0

RP165: 10/26/2010 6:48:02 PM - System Checkpoint

RP166: 10/27/2010 9:14:57 PM - Software Distribution Service 3.0

RP167: 10/30/2010 8:29:48 PM - Software Distribution Service 3.0

RP168: 10/31/2010 8:24:57 PM - Software Distribution Service 3.0

RP169: 11/1/2010 1:40:05 AM - Software Distribution Service 3.0

RP170: 11/2/2010 2:05:38 AM - Software Distribution Service 3.0

RP171: 11/2/2010 12:58:14 PM - Software Distribution Service 3.0

RP172: 11/3/2010 3:12:15 PM - Software Distribution Service 3.0

RP173: 11/4/2010 10:26:33 AM - Software Distribution Service 3.0

RP174: 11/5/2010 3:12:43 PM - Software Distribution Service 3.0

RP175: 11/6/2010 5:06:03 PM - Software Distribution Service 3.0

RP176: 11/7/2010 7:06:19 PM - System Checkpoint

RP177: 11/8/2010 5:08:51 PM - Revo Uninstaller's restore point - Perfect Optimizer 5.2

RP178: 11/8/2010 5:10:39 PM - Revo Uninstaller's restore point - Perfect Optimizer 5.2

RP179: 11/8/2010 5:11:12 PM - Revo Uninstaller's restore point - Perfect Optimizer 5.2

RP180: 11/8/2010 5:16:19 PM - Software Distribution Service 3.0

RP181: 11/9/2010 6:21:00 PM - Software Distribution Service 3.0

RP182: 11/10/2010 4:13:00 PM - Software Distribution Service 3.0

RP183: 11/11/2010 4:45:21 PM - Software Distribution Service 3.0

RP184: 11/12/2010 7:52:58 PM - System Checkpoint

RP185: 11/12/2010 8:29:46 PM - Software Distribution Service 3.0

RP186: 11/12/2010 10:22:52 PM - SYSTEM RESTORE POINT

RP187: 11/12/2010 10:23:51 PM - SYSTEM RESTORE POINT

RP188: 11/13/2010 4:08:01 PM - Software Distribution Service 3.0

RP189: 11/14/2010 5:45:25 PM - Software Distribution Service 3.0

RP190: 11/15/2010 1:46:18 AM - Software Distribution Service 3.0

RP191: 11/15/2010 9:56:30 PM - Software Distribution Service 3.0

RP192: 11/16/2010 8:35:48 PM - Software Distribution Service 3.0

RP193: 11/17/2010 8:36:53 PM - System Checkpoint

RP194: 11/18/2010 3:39:32 AM - Software Distribution Service 3.0

RP195: 11/18/2010 5:47:12 PM - Installed Acronis

[negster22]

Hi treb,

I'm quite sure your PC slowness is being caused by the many security programs you have installed on your system.

Having more than one AV running can cause major system slowness, and instability and as I see that you have three AVs (although You disabled them during the DDS scan):

1. COMODO Antivirus

2. Lavasoft Ad-Watch Live! Anti-Virus

3. Microsoft Security Essentials

You MUST retain only ONE of these. Even when You disable an AV, components will remain active at the kernel level and that is not a good situation. For example, your DDS log shows all these drivers are loaded even though You disabled the security programs they belong to such as Lavasoft, MSE, and CIS :

SERVICES / DRIVERS ===============

R0 CTMFLT;COMODO Time Machine Bus Driver;c:\windows\system32\drivers\CTMFLT.sys [2010-8-3 2097152]

R0 CTMMOUNT;COMODO Time Machine Mount Manager Driver;c:\windows\system32\drivers\CTMMOUNT.sys [2010-8-3 2097152]

R0 CTMSHD;COMODO Time Machine Disk Filter Driver;c:\windows\system32\drivers\CTMSHD.sys [2010-8-3 2097152]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-14 64288] <= Lavasoft Boot driver

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-6-1 15592]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 239240]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 25240]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216] <== MSE

R2 ClientService;COMODO Time Machine Client Service;c:\program files\comodo\time machine\ClientService.exe [2010-7-20 280888]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-6-1 1901056]

R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2010-10-13 582992]

R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1389400]

R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-10-13 206608]

There are also processes running from various security programs.

Additionally, though not necessarily in conflict I see:

Malwarebytes' Anti-Malware

SuperAntispyware

TrendMicroRUBotted

Windows Defender

WinPatrol

You need to remove security programs, but which ones you remove depends on which ones you paid for. So please let me know which programs you have registered versions of . You can keep as many on-demand scanners (programs that have NO active protection modules) that you like. In answer to your question - You should keep Bonjour Print Services.

[treb]

Hi treb,

I'm quite sure your PC slowness is being caused by the many security programs you have installed on your system.

Having more than one AV running can cause major system slowness, and instability and as I see that you have three AVs (although You disabled them during the DDS scan):

1. COMODO Antivirus

2. Lavasoft Ad-Watch Live! Anti-Virus

3. Microsoft Security Essentials

You MUST retain only ONE of these. Even when You disable an AV, components will remain active at the kernel level and that is not a good situation. For example, your DDS log shows all these drivers are loaded even though You disabled the security programs they belong to such as Lavasoft, MSE, and CIS :

There are also processes running from various security programs.

Additionally, though not necessarily in conflict I see:

Malwarebytes' Anti-Malware

SuperAntispyware

TrendMicroRUBotted

Windows Defender

WinPatrol

You need to remove security programs, but which ones you remove depends on which ones you paid for. So please let me know which programs you have registered versions of . You can keep as many on-demand scanners (programs that have NO active protection modules) that you like. In answer to your question - You should keep Bonjour Print Services.

OK: 1. They're all free, unregistered programs!

2. as to the AV's, I got rid of Ad-Aware, but at a loss re: Comodo vs MSE, please advise. Or could you suggest a better program(like the one you use perhaps?) I don't mind paying, I've just never bothered.

3. I kept Mbam and uninstalled the other four.

[negster22]

I would uninstall Comodo and keep MSE. MSE works in combination with the Windows Firewall by providing enhanced network filtering as described here:

http://social.answers.microsoft.com/Forums...ac-d2bd214f0a6f

Pay particular attention to the 6th reply in this topic by Rob Koch.

Also, FYI:

http://windows.microsoft.com/en-us/windows...asked-questions

I have been using ESET Samrt Security for about 7 years now, and I am very happy with it. First, I used just the Nod32 AV but now I use the Security Suite:

http://www.eset.com/home/smart-security

Two other AV's I recommend and have installed numerous times on user's systems are:

Avira Antivir Free:

http://www.avira.com/en/avira-free-antivirus

Avast Free Antivirus:

http://www.avast.com/free-antivirus-download

I also use MBAM and WinPatrol. The latter is very light on resources so you can use it without bogging down your system but you should disable it before running scans or installing programs.

[treb]

Hi, Negster: sorry for the delayed response, took the PC to the Tech shop, it went crazy when I uninstalled Comodo!

They found 8 assorted viruses and rootkits, couldn't fix them all, recommended a clean install which I am in the middle of now. Will contact you after I get back online.(using a friend's PC right now) Treb

[negster22]

Thanks for the update, treb!!

We tried, but it can be difficult to thoroughly assess the degree to which entrenched stealth malware has compromised a system using correspondence troubleshooting alone. There was probably a hidden threat remaining that opened the door for additional threats to come on board, after Comodo was removed. In your case, a reformat and reinstall was the best option to ensure that your computer is truly clean.

I'd be interested in knowing what the 8 threats were that the Tech shop found, but I assume any logs created are now gone!

BTW, Microsoft Security Essentials version 2.0 was just released yesterday with many improvements. FYI:

http://secure-computer-solutions.com/blog/2010/12/

Thanks for keeping me posted, and let me know how the rest of the Saga goes, once you get back online!!

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!