Bonjour, I already wrote to you per email one month ago, now I'm registered and I post here on the forum. I am cumdacon and I posted 2012 on the forum "general changelog". In the meantime I see that you changed the forum adress and switched from ZHPdiag to FRST. Vista ended its main support one month ago, [Office2007 is still receiving updates at least until september and Firefox 52ESR until at least june 2008 - even if Mozilla blacklisted my GTX650 without any reason - she is capable up to H264 4K full screen at 120Mbps with only 6% CPU load...but I have problems with a simply 240p on Facebook via Firefox! Therefore I am very very unhappy with Mozilla - no HW acceleration means that you are unable using Street View even if you was able using it for 4 hours until 2015! -  very abusive in my opinion, BUT Mozilla can guarantee security updates until 2018, then we will see what to do. Mozilla simply waited more than ONE YEAR, and one year after she replied to me "hey now Vista is no longer supported by MS itself!" - ok but...until "now"??] and before to make my "final" disk image I ask here for your help.

I guess (that is only my guess) that I am not infected on both PCs, but.... 1) regarding the attached file "A_Laptop.rar" I see some Warning messages from FRST.exe, like

http://postimg.org/image/5lxeej9er/

Anyway I was able to do a Scan.

2) I want to add some (useful?) details about attached file "B_Desktop.rar": sometimes there are OS hangs just after a boot (when Comodo is updating his database). "Event viewer" application tells me that there are EXE files that slow down the boot speed/boot process (causing OS hang? it seems so). Here I still see something like "83,7 seconds delay"

http://postimg.org/image/fpgp4xrsx/

related to NORTON (even if it has been fully uninstalled since 2012!). Perhaps FRST could definitively erase this old Symantec exetutable file. As a workaround I need a reboot and restart the CIS updating database process, then I am fine (with all other database updates the whole day), until the next boot. I see 4 active processes javaw.exe at boot, even if I fully uninstalled Java! perhaps this maybe a problem, but it maybe even a bigger problem if we erase these old java.exe, perhaps they are used by HP applications installed by the vendor (ex.gr. Monitor Software, Toolbox and HP Solution Center from 2007, which is useful today too, for scanner, printer options...as you see its is important having these HP app working). Therefore I am taken by fright in "simply" deleting these javaw.exe files, perhaps I will receive error messages from OS. Anyway cmdguard.sys seems to be involved at boot and this driver belongs to Comodo hmmmmm Perhaps CIS interactions at boot with Symantec "to be erased" products??? Maybe that a cleaning process via FRST may help a lot.

3)

http://postimg.org/image/xuyzdivjn/

you see 3 commercials on Facebook Home/News. Since 2 months ADBlock seems to be unable in blocking the ads and sponsored posts, very strage :(

Here the attached logs ("A and B" in RAR files) for analysis. Merci beaucoup. Best Regards from your old cumdacon,

ooopsssss!! its nonsense...but now I discover that there is not an option to add attachments here on the forum, very strange...how can I send these (long) reports, via email? is it safe to add these high personal infos about PC via zippyshare? hmmmm thanks for suggestions.

Re: Cleaning process for both Vista32: there is something to be erased?

Greetings,

I invite you to host your reports using Up2Share. Also, if you want to delete these reports later, you can first create an account (before uploading your reports).

Then, please send the generated links via email - don't forget to refer it to this thread.

Regards.

Re: Cleaning process for both Vista32: there is something to be erased?

Hi, I just remember...I have an account in Google Drive I upload the files and I send the password via https://toolslib.net/contact/ you will see reports and an previous full memory dump. thanks

Re: Cleaning process for both Vista32: there is something to be erased?

Ok, message sent now via "toolslib Contact", with links and password. thanks.

Re: Cleaning process for both Vista32: there is something to be erased?

Hello,

I'm really sorry for the delay.

- For both computers:

You have MBAM 2 installed, can you uninstall it and install MB3? Then, do a scan with it and share the generated logfile.

- For DesktopB:

I don't see anything suspect at first glance, I'm still looking at it.

- For ALaptop:

More after the MB3 scan :)

Thanks, and sorry again.

Re: Cleaning process for both Vista32: there is something to be erased?

Hi fr33tux, thanks for your reply and analysis. Here both logs A_Laptop and B_Desktop

(I hope that you may want to delete Symantec from boot process, see please my first post, part #2; on Google Drive I shared a memory.dump file too, hope this helps).

Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data scansione: 26/05/17
Ora scansione: 13:43
File di log: MBAM_for__A_Laptop.txt
Amministratore: Sì

-Informazioni software-
Versione: 3.1.2.1733
Versione componenti: 1.0.122
Aggiorna versione pacchetto: 1.0.2026
Licenza: Trial

-Informazioni sistema-
SO: Windows Vista Service Pack 2
CPU: x86
File system: NTFS
Utente: PC-edi\edi

-Riepilogo scansione-
Tipo di scansione: Scansione personalizzata
Risultati: Completata
Elementi analizzati: 322285
Minacce rilevate: 0
(Nessun elemento nocivo rilevato)
Minacce messe in quarantena: 0
(Nessun elemento nocivo rilevato)
Tempo impiegato: 4 ore, 9 min, 33 sec

-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Analisi euristica: Attivata
PUP: Attivata
PUM: Attivata

-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)

Modulo: 0
(Nessun elemento nocivo rilevato)

Chiave di registro: 0
(Nessun elemento nocivo rilevato)

Valore di registro: 0
(Nessun elemento nocivo rilevato)

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 0
(Nessun elemento nocivo rilevato)

File: 0
(Nessun elemento nocivo rilevato)

Settore fisico: 0
(Nessun elemento nocivo rilevato)


(end)
Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data scansione: 26/05/17
Ora scansione: 13:21
File di log: MBAM_for__B_Desktop.txt
Amministratore: Sì

-Informazioni software-
Versione: 3.1.2.1733
Versione componenti: 1.0.122
Aggiorna versione pacchetto: 1.0.2026
Licenza: Trial

-Informazioni sistema-
SO: Windows Vista Service Pack 2
CPU: x86
File system: NTFS
Utente: PC-admin\admin

-Riepilogo scansione-
Tipo di scansione: Scansione personalizzata
Risultati: Completata
Elementi analizzati: 323105
Minacce rilevate: 0
(Nessun elemento nocivo rilevato)
Minacce messe in quarantena: 0
(Nessun elemento nocivo rilevato)
Tempo impiegato: 3 ore, 55 min, 58 sec

-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Analisi euristica: Attivata
PUP: Attivata
PUM: Attivata

-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)

Modulo: 0
(Nessun elemento nocivo rilevato)

Chiave di registro: 0
(Nessun elemento nocivo rilevato)

Valore di registro: 0
(Nessun elemento nocivo rilevato)

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 0
(Nessun elemento nocivo rilevato)

File: 0
(Nessun elemento nocivo rilevato)

Settore fisico: 0
(Nessun elemento nocivo rilevato)


(end)

 

Re: Cleaning process for both Vista32: there is something to be erased?

Hello,

Thanks. Let me some time to review the FRST logs more deeply and I'll be back to you by Tuesday night.

Best regards,

Re: Cleaning process for both Vista32: there is something to be erased?

Hi, perhaps an Off Topic but I add some infos for next Tuesday:

today at boot, when Comodo was finalizing its definition updating process I become a Blue Screen and I had to power my PC off (B_Desktop). After reboot all was ok.

No logs, no report in Event Viewer, No minidumps, No memory.dump today (you can see the latest from 10th April in Google Drive), No Livekernelreports, I only saw "Memory_Management" STOP: 0x0000001A__(0x00041287, 0x62829D8T, 0x00000000).

I noticed that, IF this happens, it happens on Sunday or Monday only, very strange. All the next Comodo def updates during the whole day are ok, that means that if the problem arises, it arises at the first boot only. Sorry if this post maybe OT. Thanks a lot again. PS: I just watched a YT video where they suggest a registry cleaner for fixing this blue screen, or changing something in Bios (change Sata into AHCI...), but I am unsure what to do....

Re: Cleaning process for both Vista32: there is something to be erased?

Hello,

Can you do a check with Memtest following this tutorial?

Thanks,

Re: Cleaning process for both Vista32: there is something to be erased?

edit. it seems a hard task for me, even if th tutorial is good....

Re: Cleaning process for both Vista32: there is something to be erased?

Hello,

Don't worry, it's very easy. Once you've plugged your USB key in your computer, just reboot. At the very first screen when your computer manuacturer and model is shown, there will be a small message saying "press this key in order to boot on your key". You'll just need to press it, and "voilà".

Otherwise, you may need to see at a repair shop, because it's very likely that whether your motherboard or your memory sticks are not dead but at least "very tired"..

 

Re: Cleaning process for both Vista32: there is something to be erased?

The test is running (now 4 pass....) I hope to find the log after pass 8th, anyway I will take photos....[In the meantime a full - 4 hours long - scandisk said me that the HDD is ok with zero damaged clusters].

Re: Cleaning process for both Vista32: there is something to be erased?

Hello dear fr33tux,

taa taratàtta taaaaaa (I-II-III C trumpets)

pim popopìm pom p'rrrrrrrr (kettledrums in G-C)

You will understand the reason for this Fanfare by looking at the following report (after the....11th pass!) for B_Desktop: https://s15.postimg.org/5w9f0e3tl/untitled3.jpg?dl=1

No words, music only! :D 

[ If there were a portable (!) USB version for Windows I could do a further test for the HDD like this one https://sourceforge.net/projects/smartmontools/ ??]

Anyway after "Memtest big miracle" I guess that it's

1) Comodo fault and/or

2) Symantec CCSVCHST.exe (83 seconds delay at boot) and/or

3) BackgroundPrefetchTime (according to the red string in Event Viewer) but I remember that this (sporadic) issue arised in December 2015, when Comodo changed his CIS8 to add compatibility with w10, perhaps broking something for Vista....BUT (to be fully honest) I have to say that this NEVER happens on A-Laptop with the same OS and the same CIS. In 2014 I had a lot bluescreen (USB headphones for videos via Firefox) due to a driver of Trust headphones, resolved by switching to Sound Blaster USB Headphones. On Google Drive the one and only full memory.dump that I have now (dated 11th April 2017), unfortunately the (sporadic) OS hang - at boot only - offers to us zero logs.

Regarding A_Laptop (with no issues at boot, but always used by my father, therefore less protected against malware hehehe) are there some strings to be deleted via FRST or am I allowed to do the final image? (I guess its better to set Macrium Reflect Free for cloning a "copy 1:1" instead of a so called intelligent recommended image? thanks for suggestions)

In the meantime we have to celebrate today Memtest results :D :D thanks a lot for your patience. Now B-Desktop is going to sleep otherwise with all these tests it becomes much older than 10 years old only hihihi. Best,

Re: Cleaning process for both Vista32: there is something to be erased?

Hello,

- DesktopB: Can you fully uninstall Comodo and reboot a few times?

- LaptopA: yes, you can snapshot this system.

 

Re: Cleaning process for both Vista32: there is something to be erased?

Hi, ok I delete frst.exe and generated logs from A_Laptop. It is a miracle that all is ok here after 5 years. Great. B-Desktop: I am able to boot for a month with Comodo installed without problems. To be sure I would have to unistall CIS for *at least* one month (better two) to see if the hang happens even without CIS. Perhaps we could leave this misterious issue unresolved, after all - if this happens once or twice/month - I can simply power off, wait one minute and boot. Surely a strange arcane issue (auto-hybernation?) but fortunately not invalidating. Can we delete something from B or is it fine as A is? thanks a lot. Best,

Re: Cleaning process for both Vista32: there is something to be erased?

B was clean.

A solution would be to move from Comodo to MB3 if you still encounter this issue again when Comodo installed :)

Please keep me informed!

Re: Cleaning process for both Vista32: there is something to be erased?

Hi, today I had the first "real" bluescreen after 11th april.

Boot > manually update CID database (in a few secvonds since the defs has been updated yesterday) > end of downloading process > bluescreen BAD_POOL_CALLER 0x000000C2 !! 

Reboot: CIS updates has not been installed! CIS is now dowloading a big database file: 270MB!! In CIS scanner folder the file "bxxxxxxx.cav" cannot be deleted since it is always in use. Yes, I guess that there are big issues with Comodo.

I will snapshot B_Desktop since it is clean, and I will search deeper for the suggested MB3 (a free antivirus + firewall from Malwarebytes dvelopers? I dont find infos by typing "MB3". I go a lot about "MP3" but this another thing hehe...), in the hope that Comodo can be "fully" uninstalled from my system.

Maybe of some interest if I upload a big log of the bluescreen?

thanks.

Edit: ok I found MP3 but it is not firewall, is it able to fully replace CIS?

Re: Cleaning process for both Vista32: there is something to be erased?

Hello,

Thanks for the confirmation.

Yes, I was speaking of MB3 as Malwarebytes 3 as a replacement for your BSOD'ing Comodo: https://toolslib.net/downloads/viewdownload/309-malwarebytes/

A more detailled description: https://www.malwarebytes.com/premium/

If you need some details, just ask.

Re: Cleaning process for both Vista32: there is something to be erased?

Hello, thanks for your reply and the great help. I just snapshot B-Desktop too.

I attempted to upload the bsod big log file (surely there is the name of the driver causing the crash), the uploading process told me "2 hours remaining" but at a certain point 22 hours remaining....it seems a very hard task to upload this file. Reagrding MB3 the problem in my opinion is that it is not boundled with a firewall, i.e. not all-in-one while CIS is antivirus+firewall :(

Re: Cleaning process for both Vista32: there is something to be erased?

The Windows Firewall is sufficient for most needs, which specific feature do you use inside Comodo?