Why not use ‘check for suspicious MBR in full scan’?
i using to single OS (windows XP SP3 EN, Cpu : Core2 Duo)
[attachment deleted by admin]
Here has seized the moment in which there is a departure (right after check memory)…
http://s010.radikal.ru/i311/1102/c6/2e100b9cb229.jpg
Somebody help
Please follow this advice from egemen here
Replace cmdagent.exe in this case for cce.exe
At the moment of process disappearance cce.exe, I have had time to photograph only it:
http://s008.radikal.ru/i305/1102/f4/af18c19e8c60t.jpg
http://s54.radikal.ru/i144/1102/04/e150fffab702t.jpg
If it helps you to understand, why process takes off - help me to understand…
Would you please post your boot.ini in system drive?
-
Your Operating System (32 or 64 bit) and Service Pack revision
Windows 7 Pro 64-bit -
Other Security and Utility Software Installed
Comodo Firewall (w/o AV)
Microsoft Security Essentials
Avast Free (only Network + Web Shield)
WinPatrol -
Step by step description to reproduce the issue
I started my custom scan on memory, critical areas, and registry. Then after a while, the scanning window disappears. It simply crashed without showing any notifications.
Also sometimes the virus database gets stuck on 99%. After closing and re-opening, it updates fine. -
How you tried to resolve the problem
Deleted program. Didn’t know which registry keys to delete. Then re-installed. Changed various settings. -
Upload Memory Dumps on crash if you encounter any
Attached 3. -
Attach screenshots to your posts to clarify the issue further
None available. -
Any other information you think that might be useful
In the beginning, there were no problems. Please tell me which registry keys to delete so that I can reset the settings.
[attachment deleted by admin]
-
Your Operating System (32 or 64 bit) and Service Pack revision
ANS: 32bit, Windows XP Professional 2002 SP3 -
Other Security and Utility Software Installed
ANS: SAS, MBAM, SpyShelter, HiJackThis -
Step by step description to reproduce the issue
ANS: Click CCE.exe
Click Option -
How you tried to resolve the problem
ANS: It is disabled of the option: Check of suspicious MRB in full scan(Only apply to single operating system) -
Upload Memory Dumps on crash if you encounter any (see on bottom on how to do a memory dump or forced it to product a memory dump) <–This makes it easier for the delvopers to fix stubbern bugs, freezes, glitchs and such WITH THE BUG REPORT(not required but very very helpfull) (((If you don’t want to post the link to the memory dump, then PM a Mod with the link for the dump))))
-
Attach screenshots to your posts to clarify the issue further
ANS: Please see attached screen shot. -
Any other information you think that might be useful
ANS: I have 2 accounts can log in.
[attachment deleted by admin]
What is this “Hidden Service KKillSwitch2”
Please see attached file.
[attachment deleted by admin]
System Crash Possibly Caused By Comodo Cleaning Essentials Or System Cleaner
-
Windows 7 Ultimate 32-Bit Fully Updated
-
Resident Protection: AVG 2011 Free, Norton DNS Utility, Secunia PSI, Windows Defender, Windows Firewall, and Peer Block.
I have Comodo System Cleaner with Active Clean On, set to for all three categories (Privacy, Registry, etc.).
I have Comodo Cleaning Essentials set to check MBR, CIMA, DACS, scan files up to size 9999999.
Comodo Cleaning Essentials
1.4.177889.49
Comodo System Cleaner
3.0.172695.53
- I was doing a Comodo Cleaning Essentials scan, and my brother was trying to watch a video on YouTube and the screen went black and then it went to a blue screen
that made a crash dump and the computer restarted, I will attach the crash dump; the crash may have nothing to do with Comodo Cleaning Essentials or System Cleaner,
but I am submitting this just in case.
- I will also add the Windows Crash Event report, KillSwitch Log, and Emsisoft HiJackFree Log to this report.
Windows Crash Event:
Log Name: Application
Source: Windows Error Reporting
Date: 2/18/2011 5:25:46 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Family-Laptop
Description:
Fault bucket 0x18_OVER_DEREFERENCE_ccekrnl+47b7, type 0
Event Name: BlueScreen
Response: Not available
Cab Id: 0
Problem signature:
P1:
P2:
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:
Attached files:
C:\Windows\Minidump\021811-54693-01.dmp
C:\Users\Family\AppData\Local\Temp\WER-97812-0.sysdata.xml
C:\Users\Family\AppData\Local\Temp\WERC496.tmp.WERInternalMetadata.xml
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Kernel_0_0_cab_0d3d0aaa
Analysis symbol: 0x18_OVER_DEREFERENCE_ccekrnl+47b7
Rechecking for solution: 0
Report Id: 021811-54693-01
Report Status: 0
Event Xml:
1001
4
0
0x80000000000000
30902
Application
Family-Laptop
0x18_OVER_DEREFERENCE_ccekrnl+47b7
0
BlueScreen
Not available
0
C:\Windows\Minidump\021811-54693-01.dmp
C:\Users\Family\AppData\Local\Temp\WER-97812-0.sysdata.xml
C:\Users\Family\AppData\Local\Temp\WERC496.tmp.WERInternalMetadata.xml
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Kernel_0_0_cab_0d3d0aaa
0x18_OVER_DEREFERENCE_ccekrnl+47b7
0
021811-54693-01
0
Comodo Killswitch Log:
KillSwitch 1.4.177889.49
Windows NT 6.1 (32-bit)
2/18/2011 5:35:11 PM
Name PID Verdict CPU I/O Total Private Bytes User Name
Description
System Idle Process 0 54.69 0 NT AUTHORITY\SYSTEM
System 4 Safe 284 kB NT AUTHORITY\SYSTEM
NT Kernel & System
smss.exe 308 Safe 228 kB NT AUTHORITY\SYSTEM
Windows Session Manager
DPCs 0
Interrupts 0
csrss.exe 524 Safe 1.23 MB NT AUTHORITY\SYSTEM
Client Server Runtime Process
conhost.exe 532 Safe 524 kB NT AUTHORITY
\SYSTEM Console Window Host
csrss.exe 576 Safe 1.95 kB/s 1.87 MB NT AUTHORITY\SYSTEM
Client Server Runtime Process
conhost.exe 2272 Safe 628 kB FAMILY-LAPTOP\Family
Console Window Host
wininit.exe 592 Safe 900 kB NT AUTHORITY\SYSTEM
Windows Start-Up Application
services.exe 688 Safe 1.56 4.43 MB NT AUTHORITY
\SYSTEM Services and Controller app
svchost.exe 880 Safe 2.62 MB NT AUTHORITY
\SYSTEM Host Process for Windows Services
WmiPrvSE.exe 2812 Safe 5.28 MB NT AUTHORITY\NETWORK
SERVICE WMI Provider Host
unsecapp.exe 4160 Safe 824 kB NT AUTHORITY\SYSTEM
Sink to receive asynchronous callbacks for WMI client application
svchost.exe 968 Safe 2.6 MB NT AUTHORITY
\NETWORK SERVICE Host Process for Windows Services
svchost.exe 1104 Safe 18.42 MB NT AUTHORITY\LOCAL SERVICE
Host Process for Windows Services
audiodg.exe 3400 Safe 15.98 MB NT AUTHORITY\LOCAL SERVICE
Windows Audio Device Graph Isolation
svchost.exe 1144 Safe 64.18 MB NT AUTHORITY\SYSTEM
Host Process for Windows Services
dwm.exe 1484 Safe 1.56 54.54 MB FAMILY-LAPTOP\Family
Desktop Window Manager
svchost.exe 1176 Safe 11.97 kB/s 17.34 MB NT AUTHORITY\SYSTEM
Host Process for Windows Services
taskeng.exe 3020 Safe 1.03 MB FAMILY-LAPTOP\Family
Task Scheduler Engine
peerblock.exe 3172 Safe 2.39 kB/s 31.34 MB FAMILY-LAPTOP\Family PeerBlock
taskeng.exe 5024 Safe 1.07 MB FAMILY-LAPTOP\Family
Task Scheduler Engine
svchost.exe 1320 Safe 5.74 MB NT AUTHORITY\LOCAL
SERVICE Host Process for Windows Services
svchost.exe 1520 Safe 11.33 MB NT AUTHORITY\NETWORK
SERVICE Host Process for Windows Services
spoolsv.exe 1676 Safe 4.65 MB NT AUTHORITY
\SYSTEM Spooler SubSystem App
svchost.exe 1716 Safe 10.75 MB NT AUTHORITY\LOCAL SERVICE
Host Process for Windows Services
AppleMobileDeviceService.exe 1792 Safe 1.68 MB NT AUTHORITY\SYSTEM
MobileDeviceService
avgwdsvc.exe 1816 Safe 7.04 MB NT AUTHORITY\SYSTEM
AVG Watchdog Service
avgnsx.exe 1780 Safe 1.56 4.3 kB/s 10.82 MB NT AUTHORITY\SYSTEM AVG Online
Shield Service
avgemcx.exe 420 Safe 1.84 MB NT AUTHORITY\SYSTEM
AVG E-mail Scanner
avgchsvx.exe 2848 Safe 20.13 kB/s 2.72 MB NT AUTHORITY\SYSTEM
AVG Cache Server
mDNSResponder.exe 1860 Safe 1.5 MB NT AUTHORITY
\SYSTEM Bonjour Service
Cleaner_Validator.exe 1892 Safe 11.63 MB NT AUTHORITY\SYSTEM
svchost.exe 1952 Safe 832 B/s 4.05 MB NT AUTHORITY\LOCAL
SERVICE Host Process for Windows Services
psia.exe 404 Safe 338 B/s 8.61 MB NT AUTHORITY\SYSTEM
Secunia PSI Agent
taskhost.exe 840 Safe 2.38 MB FAMILY-LAPTOP\Family
Host Process for Windows Tasks
svchost.exe 1980 Safe 1.18 MB NT AUTHORITY\LOCAL
SERVICE Host Process for Windows Services
WLIDSVC.EXE 2208 Safe 4.29 MB NT AUTHORITY
\SYSTEM Microsoft® Windows Live ID Service
WLIDSVCM.EXE 2480 Safe 616 kB NT AUTHORITY\SYSTEM
Microsoft® Windows Live ID Service Monitor
IAANTmon.exe 2256 Safe 1.55 MB NT AUTHORITY\SYSTEM
RAID Monitor
NortonDNSSvc.exe 2604 Safe 2.75 MB NT AUTHORITY\SYSTEM
Norton DNS Beta Service
AVGIDSAgent.exe 2692 Safe 4.79 kB/s 19.69 MB NT AUTHORITY\SYSTEM AVG IDS
application
SearchIndexer.exe 2768 Safe 1.69 kB/s 38.02 MB NT AUTHORITY\SYSTEM Microsoft
Windows Search Indexer
SearchProtocolHost.exe 5260 Safe 2.48 MB NT AUTHORITY\SYSTEM
Microsoft Windows Search Protocol Host
SearchFilterHost.exe 5320 Safe 1.56 MB NT AUTHORITY\SYSTEM
Microsoft Windows Search Filter Host
iPodService.exe 3368 Safe 1.52 MB NT AUTHORITY\SYSTEM
iPodService Module (32-bit)
sua.exe 3304 Safe 740 kB NT AUTHORITY\SYSTEM
Secunia Update Agent
wmpnetwk.exe 764 Safe 3.16 MB NT AUTHORITY\NETWORK
SERVICE Windows Media Player Network Sharing Service
lsass.exe 704 Safe 2.18 kB/s 2.93 MB NT AUTHORITY\SYSTEM
Local Security Authority Process
lsm.exe 720 Safe 1.26 MB NT AUTHORITY\SYSTEM
Local Session Manager Service
winlogon.exe 620 Safe 1.57 MB NT AUTHORITY
\SYSTEM Windows Logon Application
explorer.exe 1596 Safe 54.8 MB FAMILY-LAPTOP\Family
Windows Explorer
SynTPEnh.exe 3484 Safe 3.29 MB FAMILY-LAPTOP\Family
Synaptics TouchPad Enhancements
SynTPHelper.exe 2772 Safe 532 kB FAMILY-LAPTOP\Family
Synaptics Pointing Device Helper
hkcmd.exe 3524 Safe 2.95 MB FAMILY-LAPTOP\Family
hkcmd Module
igfxpers.exe 3532 Safe 1.11 MB FAMILY-LAPTOP\Family
persistence Module
iTunesHelper.exe 3604 Safe 4.43 MB FAMILY-LAPTOP\Family
iTunesHelper
avgtray.exe 3680 Safe 3.97 MB FAMILY-LAPTOP\Family
AVG Tray Monitor
AVGIDSMonitor.exe 4068 Safe 1.39 MB FAMILY-LAPTOP\Family
AVG IDS application
ipoint.exe 3688 Safe 7.1 MB FAMILY-LAPTOP\Family
IPoint.exe
jusched.exe 3800 Safe 840 kB FAMILY-LAPTOP\Family
Java(TM) Update Scheduler
NortonDNSTray.exe 3936 Safe 2.29 MB FAMILY-LAPTOP\Family
Norton DNS Beta Notification Icon
psi_tray.exe 3944 Safe 768 kB FAMILY-LAPTOP\Family
Secunia PSI Tray
firefox.exe 876 Safe 89.49 MB FAMILY-LAPTOP\Family
Firefox
notepad.exe 3444 Safe 9.14 MB FAMILY-LAPTOP\Family
Notepad
a2HiJackFree.exe 2324 Safe 14.06 94.89 kB/s 18.16 MB FAMILY-LAPTOP\Family HiJackFree
notepad.exe 5052 Safe 1.09 MB FAMILY-LAPTOP\Family
Notepad
CSC.exe 1900 Safe 19.39 MB FAMILY-LAPTOP\Family
Comodo System Cleaner
avgrsx.exe 4352 Safe 26.71 kB/s 1.07 MB NT AUTHORITY\SYSTEM
AVG Resident Shield Service
avgcsrvx.exe 4476 Safe 3.13 7.29 kB/s 13.48 MB NT AUTHORITY\SYSTEM
AVG Scanning Core Module - Server Part
KillSwitch.exe 4860 Safe 23.44 39.58 kB/s 134.62 MB FAMILY-LAPTOP\Family
COMODO Cleaning Essentials
Emsisoft HiJackFree Log:
Logfile of HiJackFree v4.5
Scan saved at 5:34:57 PM, on 2/18/2011
Platform: Windows Win7_32 (Windows NT 6.1.7600)
MSIE: Internet Explorer v 8.0 (8.0.7600.16385)
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\services.exe
C:\Windows\System32\lsass.exe
C:\Windows\System32\lsm.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Secunia\PSI\psia.exe
C:\Windows\System32\taskhost.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\System32\conhost.exe
C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
C:\Program Files\Norton DNS\NortonDNSSvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Norton DNS\NortonDNSTray.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
C:\Windows\System32\conhost.exe
C:\Windows\System32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\notepad.exe
C:\Program Files\COMODO\COMODO System-Cleaner\CSC.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\SearchProtocolHost.exe
C:\Windows\System32\SearchFilterHost.exe
C:\Users\Family\Desktop\Software Shortcuts\x32\KillSwitch.exe
C:\Program Files\Emsisoft HiJackFree\a2HiJackFree.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = %s - Google Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} -
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX
\AcroIEHelperShim.dll
O2 - BHO: GhosteryBHO Class - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObjec.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live
\WindowsLiveLogin.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [Microsoft Default Manager] “C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe” -resume
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM..\Run: [IntelliPoint] “C:\Program Files\Microsoft IntelliPoint\ipoint.exe”
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKLM..\Run: [FileHippo.com] “C:\Program Files\FileHippo.com\UpdateChecker.exe” /background
O7 - Regedit - Enabled
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component
\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program
Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra “Tools” menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObjec.dll
O14 - IERESET.INF: SearchAssistant=
O14 - IERESET.INF: CustomizeSearch=
O16 - DPF: {10000000-1000-1000-1000-100000000000} - http://cdn.betteradvertising.com/ghostery/addons/ie/WebInstall/ghostery.cab
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\System32\igfxdev.dll
O21 - ShellServiceObjectDelayLoad: WebCheck -
O23 - Service: Application Experience Service - C:\Windows\system32\svchost.exe
O23 - Service: Application Layer Gateway Service - C:\Windows\System32\alg.exe
O23 - Service: Application Identity Service - C:\Windows\system32\svchost.exe
O23 - Service: Application Information Service - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppMgmt - C:\Windows\system32\svchost.exe
O23 - Service: Windows Audio Service - C:\Windows\System32\svchost.exe
O23 - Service: Windows Audio Service - C:\Windows\System32\svchost.exe
O23 - Service: AVGIDSAgent - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: ActiveX Installer Service - C:\Windows\system32\svchost.exe
O23 - Service: BDE Service - C:\Windows\System32\svchost.exe
O23 - Service: Background Intelligent Transfer Service - C:\Windows\System32\svchost.exe
O23 - Service: Bonjour Service - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Computer Browser Service DLL - C:\Windows\System32\svchost.exe
O23 - Service: Bluetooth Support Service - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft Smartcard Certificate Propagation Service - C:\Windows\system32\svchost.exe
O23 - Service: COMODO System - Cleaner Service - C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
O23 - Service: Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
O23 - Service: COMSysApp - C:\Windows\system32\dllhost.exe
O23 - Service: Cryptographic Services - C:\Windows\system32\svchost.exe
O23 - Service: CSC Service DLL - C:\Windows\System32\svchost.exe
O23 - Service: Microsoft\Disk Defragmenter - C:\Windows\system32\svchost.exe
O23 - Service: DHCP Client Service - C:\Windows\system32\svchost.exe
O23 - Service: DNS Client API DLL - C:\Windows\system32\svchost.exe
O23 - Service: Wired AutoConfig Service - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft EAPHost service - C:\Windows\System32\svchost.exe
O23 - Service: EFS Service - C:\Windows\System32\lsass.exe
O23 - Service: Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
O23 - Service: Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
O23 - Service: Event Logging Service - C:\Windows\System32\svchost.exe
O23 - Service: EventSystem - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft Fax Resource DLL - C:\Windows\system32\fxssvc.exe
O23 - Service: Function Discovery Provider host service - C:\Windows\system32\svchost.exe
O23 - Service: Function Discovery Resource Publication Service - C:\Windows\system32\svchost.exe
O23 - Service: Windows Font Cache Service - C:\Windows\system32\svchost.exe
O23 - Service: Windows Presentation Foundation Host - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
O23 - Service: Windows Live Family Safety Service - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
O23 - Service: GameConsoleService - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HID Service - C:\Windows\system32\svchost.exe
O23 - Service: Key Management Service - C:\Windows\System32\svchost.exe
O23 - Service: Windows HomeGroup - C:\Windows\System32\svchost.exe
O23 - Service: Windows HomeGroup - C:\Windows\System32\svchost.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service Model Installer Resource Library - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
O23 - Service: IKE extension - C:\Windows\system32\svchost.exe
O23 - Service: PnP-X IP Bus Enumerator DLL - C:\Windows\system32\svchost.exe
O23 - Service: Service that offers IPv6 connectivity over an IPv4 network. - C:\Windows\System32\svchost.exe
O23 - Service: iPod Service - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KeyIso - C:\Windows\system32\lsass.exe
O23 - Service: KtmRm - C:\Windows\System32\svchost.exe
O23 - Service: Server Service DLL - C:\Windows\system32\svchost.exe
O23 - Service: Workstation Service DLL - C:\Windows\System32\svchost.exe
O23 - Service: Link-Layer Topology Discovery Resources - C:\Windows\System32\svchost.exe
O23 - Service: TCPIP NetBios Transport Services DLL - C:\Windows\system32\svchost.exe
O23 - Service: Media Center Resources - C:\Windows\system32\svchost.exe
O23 - Service: Multimedia Class Scheduler Service - C:\Windows\system32\svchost.exe
O23 - Service: Windows Firewall API - C:\Windows\system32\svchost.exe
O23 - Service: MSDTC - C:\Windows\System32\msdtc.exe
O23 - Service: iSCSI Discovery api - C:\Windows\system32\svchost.exe
O23 - Service: Windows® Installer International Messages - C:\Windows\system32\msiexec.exe
O23 - Service: Quarantine Agent Service Run-Time - C:\Windows\System32\svchost.exe
O23 - Service: Net Logon Services DLL - C:\Windows\system32\lsass.exe
O23 - Service: Network Connections Manager - C:\Windows\System32\svchost.exe
O23 - Service: Network List Manager - C:\Windows\System32\svchost.exe
O23 - Service: Service Model Installer Resource Library - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
O23 - Service: Network Location Awareness 2 - C:\Windows\System32\svchost.exe
O23 - Service: Norton DNS - C:\Program Files\Norton DNS\NortonDNSSvc.exe
O23 - Service: Network Store Interface RPC server - C:\Windows\system32\svchost.exe
O23 - Service: PNRP Service Dll - C:\Windows\System32\svchost.exe
O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe
O23 - Service: Program Compatibility Assistant Service - C:\Windows\system32\svchost.exe
O23 - Service: BranchCache Service - C:\Windows\System32\svchost.exe
O23 - Service: Performance Logs & Alerts - C:\Windows\System32\svchost.exe
O23 - Service: User-mode Plug-and-Play Service - C:\Windows\system32\svchost.exe
O23 - Service: PNRP Auto Service Dll - C:\Windows\System32\svchost.exe
O23 - Service: PNRP Service Dll - C:\Windows\System32\svchost.exe
O23 - Service: Policy Storage dll - C:\Windows\system32\svchost.exe
O23 - Service: User-mode Power Service - C:\Windows\system32\svchost.exe
O23 - Service: ProfSvc - C:\Windows\system32\svchost.exe
O23 - Service: Protected Storage default provider - C:\Windows\system32\lsass.exe
O23 - Service: Windows NT - C:\Windows\system32\svchost.exe
O23 - Service: Remote Access AutoDial Manager - C:\Windows\System32\svchost.exe
O23 - Service: Remote Access Connection Manager - C:\Windows\System32\svchost.exe
O23 - Service: Dynamic Interface Manager - C:\Windows\System32\svchost.exe
O23 - Service: RemoteRegistry - C:\Windows\system32\svchost.exe
O23 - Service: RPC Endpoint Mapper - C:\Windows\system32\svchost.exe
O23 - Service: Rpc Locator - C:\Windows\system32\locator.exe
O23 - Service: Smart Card Resource Management Server - C:\Windows\system32\svchost.exe
O23 - Service: Task Scheduler Service - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft Smartcard Certificate Propagation Service - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft® Windows Backup Service - C:\Windows\system32\svchost.exe
O23 - Service: Secunia PSI Agent - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: System Event Notification Service (SENS) - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft Windows ambient light service - C:\Windows\system32\svchost.exe
O23 - Service: Remote Desktop Configuration service - C:\Windows\System32\svchost.exe
O23 - Service: Microsoft NAT Helper Components - C:\Windows\System32\svchost.exe
O23 - Service: Windows Shell Services Dll - C:\Windows\System32\svchost.exe
O23 - Service: SNMP Trap - C:\Windows\System32\snmptrap.exe
O23 - Service: Microsoft Software Protection Platform Service - C:\Windows\system32\sppsvc.exe
O23 - Service: SPP Notification Service - C:\Windows\system32\svchost.exe
O23 - Service: SSDP Service DLL - C:\Windows\system32\svchost.exe
O23 - Service: Provides the facility of using Secure Socket Tunneling Protocol (SSTP) to connect to remote computers (using VPN). - C:\Windows\system32\svchost.exe
O23 - Service: Still Image Devices Service - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft® Volume Shadow Copy Service software provider - C:\Windows\System32\svchost.exe
O23 - Service: Superfetch Service Host - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft Tablet PC Input Service - C:\Windows\System32\svchost.exe
O23 - Service: Microsoft® Windows™ Telephony Server - C:\Windows\System32\svchost.exe
O23 - Service: TBS Service - C:\Windows\System32\svchost.exe
O23 - Service: Remote Desktop Session Host Server Remote Connections Manager - C:\Windows\System32\svchost.exe
O23 - Service: Windows Shell Theme Service Dll - C:\Windows\System32\svchost.exe
O23 - Service: Multimedia Class Scheduler Service - C:\Windows\system32\svchost.exe
O23 - Service: Interactive services detection - C:\Windows\system32\UI0Detect.exe
O23 - Service: Remote Desktop Services Device Redirector Service - C:\Windows\System32\svchost.exe
O23 - Service: UPnP Device Host - C:\Windows\system32\svchost.exe
O23 - Service: Desktop Window Manager - C:\Windows\System32\svchost.exe
O23 - Service: Credential Manager Service - C:\Windows\system32\lsass.exe
O23 - Service: Virtual Disk Service - C:\Windows\System32\vds.exe
O23 - Service: Microsoft® Volume Shadow Copy Service - C:\Windows\system32\vssvc.exe
O23 - Service: Windows Time Service - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft® Block Level Backup Engine Service EXE - C:\Windows\system32\wbengine.exe
O23 - Service: Windows Biometric Service - C:\Windows\system32\svchost.exe
O23 - Service: Windows Connect Now - Config Registrar Service - C:\Windows\System32\svchost.exe
O23 - Service: WcsPlugInService DLL - C:\Windows\system32\svchost.exe
O23 - Service: Web DAV Service DLL - C:\Windows\system32\svchost.exe
O23 - Service: Event Collector Service - C:\Windows\system32\svchost.exe
O23 - Service: Problem Reports and Solutions - C:\Windows\System32\svchost.exe
O23 - Service: Windows Error Reporting Service - C:\Windows\System32\svchost.exe
O23 - Service: Windows Defender Resource Module - C:\Windows\System32\svchost.exe
O23 - Service: Windows HTTP Services - C:\Windows\system32\svchost.exe
O23 - Service: WMI - C:\Windows\system32\svchost.exe
O23 - Service: WSMan Service - C:\Windows\System32\svchost.exe
O23 - Service: Windows WLAN AutoConfig Service DLL - C:\Windows\system32\svchost.exe
O23 - Service: Windows Live Mesh remote connections service - C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
O23 - Service: Windows Live ID Sign-in Assistant - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
O23 - Service: WMI Performance Reverse Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: Windows Media Player Network Sharing Service - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: WPC Filtering Service - C:\Windows\system32\svchost.exe
O23 - Service: Portable Device Enumerator - C:\Windows\system32\svchost.exe
O23 - Service: Windows Security Center Service - C:\Windows\System32\svchost.exe
O23 - Service: Microsoft Windows Search Indexer - C:\Windows\system32\SearchIndexer.exe
O23 - Service: Windows Update Agent - C:\Windows\system32\svchost.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework Service - C:\Windows\system32\svchost.exe
O23 - Service: WWAN Auto Config Service - C:\Windows\system32\svchost.exe
[attachment deleted by admin]
as i see the crash was caused by the flash player opened in youtube
flash player in the browser is very unstable, and you were doin a lot of think in the same time,
try to reproduce this issue with a lot less variables for the Comodo team to be able to do somethin
references:
http://kb2.adobe.com/cps/408/kb408620.html
http://answers.yahoo.com/question/index?qid=20080611191840AAUYFWs
and i personally had this problem with flash player, it can be fixed by intalling a video driver fron the time the video card was released or the last version, updating the browser or the flashplayer
off topic
i noticed you have a lot of what i call “overload” on the computer startud, i persoanally disable all this
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM..\Run: [FileHippo.com] “C:\Program Files\FileHippo.com\UpdateChecker.exe” /background
if you do it,you pc will start faster and you will notice a best “mood” forn the pc 
Thank you very much. 
I would like to update my video card drivers, but the newer drivers do not work for me, I have reported the issue in detail to Nvidia maybe two weeks or so ago, and no one has responded yet.
I have not been able to update any of the new drivers the last year or so. 
Even a fresh format and re-install of Windows did not work. 
Oh, well, maybe one of these years Nvidia will fix the problem.
only remember,
when we are talking about softwares only, the lastest is the best
but if we are talking about softwares who manage hardwares (video card) the lastest can be problematic if you dont have also the lastest hardware, the companies just stop supporting old hardware, and only fix problem fron the modern harware, even if something old is broken in the way.
in you case, maybe the lastest driver are no longer compatible,
i recoment you to downgrade to the driver version windows install for you, drivers from windows update are usually old but the more stable you can ask for.
the easy way to do it is to go to device manager>display adapter>(properties of the video card)>driver and clic on roll back driver until the botton turn off
note1:the nvidia manager will still works so you dont lose nothing
note2:you will be able to return to you current driver easily just clicking on update driver in the same menu
Yeah, I am already using the older drivers.
I have had to Rollback every time I have tested the newest Geforce drivers.
The newer drivers are suppose to still support my Geforce 6600 I think, but I could be wrong.
I will continue to use the newest Old driver until either a working newer driver is made and/or I get another graphics card.
Thank you for responding.
Hey,
I tried cce since BETA 1.3 (now 1.5 RC2) and find it´s idea and technology together with killswitch are great, but the scanner hangs up on one PC since the beginning, tried several solutions so here are the infos:
1. Your Operating System (32 or 64 bit) and Service Pack revision
Win 7 x64 ultimate - at 1.3 Beta without, now at 1.5 RC2 with sp1
2. Other Security and Utility Software Installed
Installed are several, but guess you just need act. running? So CIS (with temp Defense+ disabled at scan), avira antivir pers (deact.), ah and MS def. I also checked with killswitch and long times before i already used autoruns/processexp to check loadings/loadeds.
3. Step by step description to reproduce the issue
running any (full or custom) scan with cce, after a while it hangs up on some file i couldn´t identify yet and just fully loads ram and i just can stop the scan - pausing, clearing ram and continue loads up ram again.
4. How you tried to resolve the problem
Tried different settings/options for scan/cce together with the posted solution on freezes - so scanning with cis ends normally
5. Upload Memory Dumps on crash if you encounter any (see on bottom on how to do a memory dump or forced it to product a memory dump) <–This makes it easier for the delvopers to fix stubbern bugs, freezes, glitchs and such WITH THE BUG REPORT(not required but very very helpfull) (((If you don’t want to post the link to the memory dump, then PM a Mod with the link for the dump))))
yet none available
6. Attach screenshots to your posts to clarify the issue further
forgott to make one either i don´t believe i could make one that would be helpfull
7. Any other information you think that might be useful
I already had one scan (i had to stop) with results (Attached) - don´t know if it really was a rootkit - i disinfected it as i know all these files are moreless temporary
So my question would be: how can i identify the causing issue respectively what to do now?
[attachment deleted by admin]
From the beginning I’ve had a hangup on the update process.
RC2 1.5 still does it. It hits 99% “activating the new updates” and wants to camp out there.
What I’ve been doing to get around it is closing CCE and then restart it again, run the update to make sure it’s current, and proceed from there without any issues.
Win7 Home premium. MBAM. Avast 6, CFW
[attachment deleted by admin]
What you show is not a bug and it’s seems that it take time for CCE integrate the updates. Whne I used one of the beta it was for some time on 99% but it did finish it
Regards,
Valentin N
Laugh.
Personally, I’d call sitting there for 6 1/2 hours doing nothing but saying it’s updating a bit of a bug.
;D
HI,
CCE 1.5.181743.64 stopped (hang) the scan every by the file: Java™ Plug-In SSV Helper
Defense+ is deactivated
Windows 7 x64
CIS 5.3
Process Explorer Log-File in attachment
[attachment deleted by admin]
KillSwitch - Time-out on DACS scan not working.
Win7, x32, Enterprise.
Seems like scanning DACS can take over 42 minutes before time-out kicks in.
[attachment deleted by admin]
- Your Operating System (32 or 64 bit) and Service Pack revision
Windows 7 32-Bit Ultimate And Service Pack 1
- Other Security and Utility Software Installed
CIS, AVG LinkScanner, Secunia PSI, Norton DNS Client, Peer Block, (Comodo KillSwitch Was Manually Set To Start Up On System
Logon From The Task Scheduler, But I Had To Disable It To Stop It From Resetting My DNS Service To Default, So That I Could Use
Norton DNS)
- Step by step description to reproduce the issue
I was having a problem where everything that I restarted my computer, Norton DNS Client would show that it was disabled, and
when I would manually check my DNS settings, they would be reset to default.
Manually setting the Router and Computer to Norton DNS would work until I would restart the computer, then the DNS service on
my computer would be reset to default.
The Norton Client would fail to enable it, so I would always have to manually set it after each restart of the computer
(actually this happened on both of my computers).
I started troubleshooting on my own and getting help from the Norton Team (who are still investigating the issue), and I
noticed something that fixed the problem (removing Comodo KillSwitch from the the Task Scheduler, which I manually had set to
start up with the computer on the system log on, stop my DNS from being reset to default after restarting my computer).
I had set Comodo KillSwitch to start up with the computer at the system logon on both computers from the Task Scheduler, here
were my settings for that:
General:
Run When User Is Logged On, Run With Highest Privileges, Configure For Windows 7.
Triggers:
At Log On, Enabled.
Actons:
Start A Program, KillSwitch.exe
Conditions:
Everything Unchecked.
Settings:
Allow Task To Be Run On Demand, Run Task As Soon As Possible If A Scheduled Start Is Missed, If Task Fails Restart Every 1
Minute And Attempt To Restart Up To 3 Times.
When set Comodo KillSwitch would simply start up with the computer to the Taskbar and quietly sit there until I needed to click
on it to check running processes, and everything was working good with that; but for some strange reason it seems to reset the
computer’s DNS service to default after restarting the computer.
I made two WireShark logs before restarting and after restarting for the Norton Team, who are still examining them, and I could
share them with y’all too if y’all can give me a private way to share them with you (I have them password protected) and I also
have a list of my Windows Services that I can share but it is password protected & available at MegaUpload.com too.
I will try to attack a KillSwitch & Emsisoft HiJackFree Log to this post, that I took while KillSwitch was still set to start
up.
- How you tried to resolve the problem
Manually reseting the DNS to Norton DNS, trying to set Norton DNS from the Norton DNS Client, Running SFC /Scan Now From the
Windows Command Prompt, Checking My CIS Settings, Checking Peer Block, checking Secunia PSI, scanning my system with
CCE/CIS/Hitman Pro/Norton Power Eraser, running CCleaner, checking my Router settings, reseting my Router, etc.
- Upload Memory Dumps on crash if you encounter any (see on bottom on how to do a memory dump or forced it to product a memory
dump) <–This makes it easier for the delvopers to fix stubbern bugs, freezes, glitchs and such WITH THE BUG REPORT(not
required but very very helpfull) (((If you don’t want to post the link to the memory dump, then PM a Mod with the link for the
dump))))
None.
- Attach screenshots to your posts to clarify the issue further
I will try to find one if I can.
- Any other information you think that might be useful
COMODO Cleaning Essentials 1.5.181743.64 RC2, and Norton DNS Client 0.10.7.
Thank you,
-John Jr
[attachment deleted by admin]