CCE keeps finding same infections? and computer is now always recovering from a

This week I ran CCE on a hunch there is an infection on my computer.

CCE found 11 infections. I followed the steps and cleaned the infections out. or so I thought.

I ran cce again today just to be certain there were no more infections. CCE found 11 infections again!
after the program ran and reported that it had cleaned the malicious infections, I looked at the results in the quarantined area and these latest infections are the very same as the first???

Plus Each time CCE does the steps to I guess, verify the cleaning… the monitor suddenly goes black and blank, and the computer reboots. and then a window pops up and announces that the computer has just recovered from a serious error. This has happened both times that i have run CCE this week.
I made a screen print of this error so you can read the report. it is attached.

Plus, I would like to know how to make or find a Comodo log of the quarantined items. so you can see the names of the found infections and see what CCE did. for I suppose there is important info in those reports that will help you.

The computer is a HP pavilion a1102n desk top in a home.
using XP home edition V 2002 Pentium 4 2.93 Ghz
Using Comodo ISP, latest version

Please help me correct and rescue my computer please. Thank you

[attachment deleted by admin]

CCE is not very effective in some cases. You could configure it to report threats and such & clean persistent infections with another tool.
More information here.

Thank you for that info was very helpful! :-TU
I made adjustments to the scan and ran it again, and have attached the logs. This scan found only 4 infections. the scan ran for 4 hrs. 18 mins.

I also attached a screen print of the EEC results, just to help insure your getting all the info you need from me. that I can provide. for I had great difficulty locating the EEC log… for my computer doesn’t look exactly as the instruction picts on line do.

I will attempt to clean the four infections using EEC. wish me luck!

The Computer uses XP home edition Version 2002 32 bit
I do Not have the XP CD / DVD
Using Comodo internet security premium and malwarebytes

So here is an update since I posted the above info:
It is 8-25-2014 and 8:39 PM
I allowed CCE to clean the infections, and then reboot. and apparently the reboot went well and there were no warnings from windows that the system had recovered from a severe error, like has happened twice before this past week. when I ran CCE. SO that is good news.
I see no quarantined items dated with 8-25-2014 in Comodo I.S.P. 's quarantined items though? SO is it safe to figure that CCE has it’s own quarantining area somewhere?

Also comodo I.S.P. quarantine, has at least 18 - 22 malicious items listed at present. I’m wondering …is it better to leave them there or click on delete or empty? or do what with them?

Also I’m wondering about what I read about malicious code, having the ability to masquerade as something else once it has been detected and even quarantined and thus stay actively infecting a computer and continuing to reek havoc! is this really possible?
So could that be happening with the infections CCE found on my computer? And they just keep reappearing?

Also sad to report that Malwarebytes is still NOT able to fully activate, It still cannot activate the “malicious web site protection part of itself.”
So do you feel there is still a bug / infection in my computer causing this with malwarebytes?.. this is what prompted me in the first place to think there was an infection in the computer.

Then I’m wondering and hoping you can answer, is:
If I can never get malwarebytes to fully activate. is there another program I should get that will warn and protect of malicious web sites?

When this web site will allow it, I will Attach the log from after the CCE did the clean and reboot.
Finally remember this infected computer is running windows XP home edition V. 2002 and is 32 bit.
and I do Not have windows XP CD or DVD

Thanks, and I await your reply

[attachment deleted by admin]

Some advices,

  1. Switch to "COMODO - Proactive Security " configuration. More information here.
  2. Create a new scan profile. More information here.
    Set a “Scan Name”.
    Under “Items” tab ~ Right-click ~ Select “Add Region” ~ Select “Entire Computer” & “Memory”.
    Go to “Options” tab ~ Select “Use cloud while scanning” & Set heuristics to “High”.
    Scan using your newly created scan profile & clean suspicious files.
  3. Go to “Advanced Tasks” ~ “Watch Activity”.
    “KillSwitch” tab ~ Select “Kill All Untrusted Processes”.
    “Tools” tab ~ “Autorun Analyzer” ~ “File” tab ~ Select “Disable All Untrusted Entries” ~ Exit
    “Tools” tab ~ “Quick Repair…” ~ Check if everything is “OK”.
  4. If you can’t delete a file or stop an application. Use this tool.
    If you can’t delete a registry key. Use this tool.
  5. Use specialized anti-rootkit cleaners such as this one & this one.
  6. Avoid restarts if your computer system is not cleaned properly.

Thanks again! :-TU
Here is an update for you to think on.
Made the changes you suggested and used the auto kill and kill switch. results are: No untrusted processes found.
Quick repair_ says everything is Ok, except for HP-owner ( it is in red letters) and reports that IE Proxy - changed. (is this alarming?, for I am unable to decide or determine) .

and then the only process that was not able to disable was : Cwbnetnt, it failed, and reports, " it can’t disable / enable this"

While our reading this I will be running the newly created scan of the entire computer and memory as requested. and will report back on that later today.

It depends-- somehow it is. Some malicious applications use that method to serve unwanted ads, for example.

A new update for you.
But first, Thanks for sharing that about the IE Proxy change issue, I was not at all aware… what do you instruct me to do concerning it?

Now the update:
I will call the scan you requested I do, as the “special scan” . I ran it and it finished after 1hr. 37 mins.
found four infections! and if I interpret the results correctly it is telling me it cleaned them. But to be sure, I made screen prints of the results so you can see and confirm. When I looked, I think I saw them in the quarantined section of Comodo. …so I feel good about that.

There are two screen prints because all of it wouldn’t fit in one screen print.

I don’t know how or where to look for a log of what comodo has done, it seems to hide very well from me. …and I hate that. But if you want it and can tell me where to find it. I will make attempts to attach it.
Should I leave the infections sitting in quarantine or delete them / empty the quarantine?

Also, while Kill switch was up I looked around and I saw a report taking about Virtualization is disabled for several programs.…and several I recognized, many I did not but, I made a screen print to share with you of the ones I did recognize because among them i saw MBAM as disabled.…that concerned me because I am unable to get MBAM’s malicious web site protection to activate. I would be grateful if you would look at that screen print and assure me this is ok and not alarming, or “good job, you found a issue with MBAM that we can correct, and get MBAM fully working now.”
…and for the record, I have no clue what virtualization means to a computer or computer program. and thus this could be meaningless. So what ever you instruct is what I will do.
Then I have attached for you to look at , to be sure there are not other issues or underlining issues that should be addressed, if you feel it necessary, screen prints of the reports from MBAM before today and one of the windows crash last week, while attempting to clean infections.

I did attempt to activate MBAM malicious web site protection, but it still will not activate.
Among what ever next steps you give me to follow through on, Do you want me to run any MBAM programs / scans? or do you want any logs?

I have firewall set in training mode, in hopes to help wit the MBAM issue. is this ok to leave it in training mode?.. and for how long is ok?
I attached a screen print of the Comodo ISP user interface so you can see what it is reporting to me. Maybe there is something there i need to bring up?? maybe not? I feel better having asked you. :slight_smile: I am concerned that Defense + alerts is at 78.5% is this abnormal?.. and firewall is at 19.7% is there a “safe and danger range for these” graphic charts?

I am throwing a lot at you all at once, forgive me please. I will be patient and give you all the time you need to reply. I am grateful for your help! :slight_smile:

[attachment deleted by admin]

  1. If applications are not virtualized it means those are trusted. No problem.
  2. It does not matter if you leave the infected files in quarantine. However, if you do not need the files then removing would be ideal.
  3. Did you re-check using these tools if current settings maintain after a restart? Are you experiencing any other problems with applications or registry keys? Try to analyze your situation using those tools. If you do not find any other issues or messages you are probably safe (from malware).
  4. You could remove your proxy from Internet Explorer like in this guide.
  5. The error message might be related to your windows. This takes time to troubleshoot. You should make use of sfc-- this is a nice guide (on how to use it without CD).
    Another thing you could do is re-install all drivers and applications & update using Windows Update.
  6. Additionally, you could make use of Safe Mode.
  7. Don’t forget to delete your restore points & clean your disk. Apparently, these files are not safe in your situation.

Hope it helps.

Ok here is an update. I’m pleased with our progress so far! and that is all due to your expertise! so a big thank you from us! :-TU :-TU :-TU :smiley:

first, I am going threw the steps you listed, and Have completed the first 5 and will work with the rest after this posting. I will delete everything in quarantine. and I will clean the disk and run check disk.

In your reply, in response No3, you say, "did I recheck using these tools.? " do you mean the tools you listed earlier, or the ones listed in steps 4-7 of your latest reply?

When I checked for the proxy in IE, there was no check marks in the boxes? I didn’t have to remove any check marks. is that suspicious?.. what causes the proxy issue then to appear? see the zipped attachment of what I saw.

am I experiencing registry key problems?..I don’t know enough to be certain, sorry.
programs appear to open and close fine so far. Can get online and surf, with no problems, Comodo updates with no problems. …how ever there are new errors and other things that popped up, and I made screen prints of those for you and attached them.

Should I delete all the restore points? and software distribution service 3.0? and system check points?..I’m not certain what to safely remove.

I have c Cleaner installed. are you OK to allow me to use it?

I attached a screen print of what cCleaner sees as my restore points, I’m not 100% confident of what to delete and what not to.

Ccleaner is set to default settings, yet I wonder if it would cleaner a bit better if some of the other boxes were check marked, would you please recommend any additional boxes I could check? thanks.

it is not clear to me, What would you like me to make use of with safe mode? please advise.

Do you recommend I download and run Comodo system utilities any time ?

I have never did anything like re-install all drivers and applications. SO that is scary territory. So I am not certain how to do that. I will search the web to educate myself… I wish Comodo I. S. P. did that for me with a click of a button!

[attachment deleted by admin]

Scannow sounds great! Didn’t know about it, glad it runs automatically!..I like those automatic programs!
We can’t find our Windows XP disc. so I’m afraid to use scannow sfc. for fear it might ask for it and I also don’t have a I386. I don’t know if the computer has all the needed files for sfc. " I don’t want to kick a sleeping dog’. and this computer might be very close to 10 yrs old.

I have deleted restore points but not software distribution points, NOR did I delete system check points… because you didn’t mention those and I afraid to do so with out your approval.

What 's next.
and I assume your helping others and not exclusively just me, I’m very comfortable with that, so When you can, I am eager to read your answers to my questions in the posting before this one. :slight_smile:

Another important note to share. When I go to To do this:-
Click Start > All Programs > Accessories > System Tools > Click Disc Cleanup
Now launch this utility and click More Options tab. U
Well listed under system tools is Internet explorer. and nothing else. that’s right, nothing else. no options no Disc clean up . zilch! but a week ago and on Aug. 30 2014 there was. ??? now what has happened? and what do I do about this?
flywelder 9-03-2014

[attachment deleted by admin]

Hello…am I to interpret a no reply , to mean you are done helping? But I’m not feeling that we are, as I still have a couple questions I am waiting to read a reply to.