Routine PC Cleanup - Logs Included

By talace ยท 4 replies
Jun 17, 2009
  1. Logs Included!

    I'm just doing a routine clean up. I constantly have Kaspersky Internet Security 2009 and Webroot Spy Sweeper running. I also regularly use Malwarebyte's and SuperAntiSpyware. But I was wondering if anything in these logs needed attention.

    As for problems, I have very few. Just a lot of svchost.exe's taking up a bit of memory (15 @ around 130-200mb of ram.) Not worried much with those though, Vista has quite a few services running at once. Also, I have been getting a few taskeng.exe running all the time. I haven't scheduled anything though, that I know of.

    Another thing that I noticed was that the Windows directory takes up around 17gb of space. Is this normal? ~50% (8.6gb) of this space is taken by the winsxs folder, ~17%(3.0gb) by the system32 folder, and ~16%(2.7gb) by the installer folder. The other folders I am not worried too much about.

    It seems that my hard drive is always in use also. If i disabled search indexing, would my computer obtain a slight performance boost? Would disabling search indexing cause my searches to become severely slower. Or would my computer still have the files already indexed still stored so that I could search them quickly, just not indexing newer files.

    There's two instances of avp.exe running on my PC. Both appear to be the same file within the KIS directory. One runs under Username, the other under System.'s HJT log analyzer mentioned something about a Mutbo-A Trojan, regarding avp.exe. Just wondering about that.

    Most of these scans were ran while the computer was in Safe-Mode. But I also included a HJT scan while running Windows normally. KIS Anti-Virus, Ad-Aware, and Webroot Spy Sweeper (scan was clean) were ran normally. ComboFix was acting strange in safe-mode (can't find text in blah blah errors, and privilege errors) so I ran it normally as well. There is also a list of the current processes running, along with their parameters.

    I am using a laptop by the way. Sorry for all the logs (referring to zip archive). I was trying to be very comprehensive. I don't trust any single line of defense. Thanks =]

    [U]Panda Active Scan 2.0[/u]:
    Description                                  Version                       Active    Updated
    Kaspersky Internet Security                             Yes       Yes
    Spybot - Search and Destroy                               No        Yes
    Windows Defender                             1.1.1505.0                    No        Yes
    Kaspersky Internet Security                             No        Yes
    SUPERAntiSpyware                             4, 15, 0, 1000                No        Yes
    Spyware Terminator                                      No        Yes
    Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
    00484705  Application/IEDefender             HackTools           No        0         Yes            No           C:\Qoobox\Quarantine\C\Windows\System32\IEDFix.C.exe.vir
    00484705  Application/IEDefender             HackTools           No        0         Yes            No           C:\Windows\System32\SmitfraudFix\IEDFix.C.exe
    00921467  Generic Malware                    Virus/Trojan        No        0         Yes            No           C:\Qoobox\Quarantine\C\Windows\System32\404Fix.exe.vir
    00921467  Generic Malware                    Virus/Trojan        No        0         Yes            No           C:\Windows\System32\SmitfraudFix\404Fix.exe
    03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           C:\Program Files\NAMEOFGAMEWASHERE\Conquer.exe
    [U]Logs Included[/U]:
    Ad-Aware, Malwarebytes' Anti-Malware, SuperAntiSpyware, Kaspersky Internet Security, Hijackthis, DDS Tool, ComboFix, SpyWare Terminator
    [U]System Specs[/U]:
                       Manufacturer:          Toshiba
                       Model:                 Satellite X205-Sli6                   
                       Windows Version:       Windows Vista (6.0.6002) Ultimate SP2
                        Processor Name:       Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz
                        Videocard Name:       NVIDIA GeForce 8600M GT
                      Installed Memory:       3,069.50 MB
               Number of Installed Programs:       182 programs
                Number of Running Processes:       72 processes
                             Total Services:       162
                           Running Services:       87
                           Startup Services:       81
                       Startup Applications:       20
                             Loaded Drivers:       182
                             Storage: 200gb HDD @ 7200 rpm
  2. mflynn

    mflynn TS Rookie Posts: 2,655

    Run MBAM again and elect to remove the malware this time. No action taken last time!

    Most of what ComboFix found is false positives but TODDSrv is a nasty!

    Rename Combofix to 1cfix and run 1cfix and post log.

    Post new HJT from Normal Mode!

  3. talace

    talace TS Rookie Topic Starter

    That's strange I thought I selected remove. Nonetheless, I just rescanned that folder. Nothing found. I then uninstalled the program and removed the folder anyway. The first attachment is the HJT log from normal mode. =] Here's a new one just for safe measure. Doing another full scan with MBAM right now. Also going to rescan with ComboFix. Thanks for replying! =]

    ::Added ComboFix log.
    ::MBAM Came up clean.
  4. mflynn

    mflynn TS Rookie Posts: 2,655

    LOL! My mistake I read your title as from safe mode. I see now and it tells in the header i just didn't look!

    Make sure to do the rename of ComboFix!

  5. talace

    talace TS Rookie Topic Starter

    Unsure if this is against the rules, but im bumping this thread.
    Anyone else mind checking out the logs? My pc seems a little sluggish at times. Im just wanted to make sure i am clean.
    ::ill use this post to answer another post incase sum1 responds. That way this post wont be spam.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...