Antivir / fraud.sysguard

Status
Not open for further replies.
Hello RobinsonCano

I think the link you provided concerns programs that interfere with McAfee installations rather than running the removal tool itself.

If you have uninstalled the program through Add/Remove programs go ahead and try the AV/Firewall installation.

If you still run into problems let me know, but it is late here now so I will get back to you tommorrow.
 
a progress update.

i got Microsoft Security Essentials up and running. the initial definitions update was really slow going. but it seems simple enough to use. currently got real time protection running which is similar to teatimer? we might have to fiddle with the settings later.

also got Comodo firewall up and running. i did the firewall only. nothing else. this is the correct action right? i have no idea how to use this or how to set it up properly. but its running.

computer gets really slow at times. task manager shows some crazy numbers with svchost.exe. :/

off to do the rest.
 
first virus total scan.

ntivirus Version Last Update Result
AhnLab-V3 2010.08.03.00 2010.08.03 -
AntiVir 8.2.4.32 2010.08.02 -
Antiy-AVL 2.0.3.7 2010.08.02 -
Authentium 5.2.0.5 2010.08.03 -
Avast 4.8.1351.0 2010.08.02 -
Avast5 5.0.332.0 2010.08.02 -
AVG 9.0.0.851 2010.08.03 -
BitDefender 7.2 2010.08.03 -
CAT-QuickHeal 11.00 2010.08.02 -
ClamAV 0.96.0.3-git 2010.08.03 -
Comodo 5626 2010.08.03 -
DrWeb 5.0.2.03300 2010.08.03 -
Emsisoft 5.0.0.34 2010.07.30 -
eSafe 7.0.17.0 2010.08.02 -
eTrust-Vet 36.1.7757 2010.08.02 -
F-Prot 4.6.1.107 2010.08.03 -
F-Secure 9.0.15370.0 2010.08.03 -
Fortinet 4.1.143.0 2010.08.02 -
GData 21 2010.08.03 -
Ikarus T3.1.1.84.0 2010.08.03 -
Jiangmin 13.0.900 2010.08.01 -
Kaspersky 7.0.0.125 2010.08.03 -
McAfee 5.400.0.1158 2010.08.03 -
McAfee-GW-Edition 2010.1 2010.08.02 -
Microsoft 1.6004 2010.08.02 -
NOD32 5335 2010.08.02 -
Norman 6.05.11 2010.08.02 -
nProtect 2010-08-02.02 2010.08.02 -
Panda 10.0.2.7 2010.08.02 -
PCTools 7.0.3.5 2010.08.03 -
Prevx 3.0 2010.08.03 -
Rising 22.59.01.01 2010.08.03 -
Sophos 4.56.0 2010.08.03 -
Sunbelt 6677 2010.08.03 -
SUPERAntiSpyware 4.40.0.1006 2010.08.03 -
Symantec 20101.1.1.7 2010.08.03 -
TheHacker 6.5.2.1.328 2010.07.30 -
TrendMicro 9.120.0.1004 2010.08.03 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.03 -
VBA32 3.12.12.7 2010.08.02 -
ViRobot 2010.8.3.3968 2010.08.03 -
VirusBuster 5.0.27.0 2010.08.02 -
Additional information
File size: 32768 bytes
MD5...: f467fe72baceea180a782824fda01097
SHA1..: 6081325064b98baa293b7536cf14dbe6ad875583
SHA256: ca25e29e6ba0f687d4bd24054425d6e2de3381c5fce47f0804358f3a744d70b7
ssdeep: 192:BNpmcZOKoBfXI02vH22tKRg+NGIV/Rax1AGKhuBgkAh3HglTAfr41iI:LpJZ
1oJb2HZtKtNGIV/e6ygalmr41iI
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x14bc
timedatestamp.....: 0x473338c8 (Thu Nov 08 16:26:48 2007)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x46d0 0x5000 4.85 5d6a7ea97978b1233b6bd8234a5c1307
.data 0x6000 0x9fc 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x7000 0x8e8 0x1000 1.95 2305c4483ae53761a2051fa201c4943f

( 1 imports )
> MSVBVM60.DLL: __vbaVarSub, _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaFreeVar, __vbaEnd, __vbaFreeVarList, _adj_fdiv_m64, __vbaNextEachVar, _adj_fprem1, -, __vbaStrCat, -, -, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaVargVar, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, __vbaVarTstEq, __vbaObjVar, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, __vbaStrVarVal, __vbaVarCat, __vbaDateVar, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaVarSetVar, -, __vbaLateMemCall, -, __vbaVarDup, __vbaVarLateMemCallLd, __vbaVarCopy, _CIatan, __vbaForEachVar, _allmul, _CItan, -, __vbaAryUnlock, _CIexp, __vbaFreeObj, __vbaFreeStr

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Microsoft Visual Basic 6 (90.9%)
Win32 Executable Generic (6.1%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Video Player F.P.
copyright....: n/a
product......: Reinicio
description..: n/a
original name: Reinicio.exe
internal name: Reinicio
file version.: 1.00
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
 
second virustotal scan.

File ntlfs.sys received on 2010.08.03 05:15:57 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/42 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2010.08.03.00 2010.08.03 -
AntiVir 8.2.4.32 2010.08.02 -
Antiy-AVL 2.0.3.7 2010.08.02 -
Authentium 5.2.0.5 2010.08.03 -
Avast 4.8.1351.0 2010.08.02 -
Avast5 5.0.332.0 2010.08.02 -
AVG 9.0.0.851 2010.08.03 -
BitDefender 7.2 2010.08.03 -
CAT-QuickHeal 11.00 2010.08.02 -
ClamAV 0.96.0.3-git 2010.08.03 -
Comodo 5626 2010.08.03 -
DrWeb 5.0.2.03300 2010.08.03 -
Emsisoft 5.0.0.34 2010.07.30 -
eSafe 7.0.17.0 2010.08.02 -
eTrust-Vet 36.1.7757 2010.08.02 -
F-Prot 4.6.1.107 2010.08.03 -
F-Secure 9.0.15370.0 2010.08.03 -
Fortinet 4.1.143.0 2010.08.02 -
GData 21 2010.08.03 -
Ikarus T3.1.1.84.0 2010.08.03 -
Jiangmin 13.0.900 2010.08.01 -
Kaspersky 7.0.0.125 2010.08.03 -
McAfee 5.400.0.1158 2010.08.03 -
McAfee-GW-Edition 2010.1 2010.08.02 -
Microsoft 1.6004 2010.08.02 -
NOD32 5335 2010.08.02 -
Norman 6.05.11 2010.08.02 -
nProtect 2010-08-02.02 2010.08.02 -
Panda 10.0.2.7 2010.08.02 -
PCTools 7.0.3.5 2010.08.03 -
Prevx 3.0 2010.08.03 -
Rising 22.59.01.01 2010.08.03 -
Sophos 4.56.0 2010.08.03 -
Sunbelt 6677 2010.08.03 -
SUPERAntiSpyware 4.40.0.1006 2010.08.03 -
Symantec 20101.1.1.7 2010.08.03 -
TheHacker 6.5.2.1.328 2010.07.30 -
TrendMicro 9.120.0.1004 2010.08.03 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.03 -
VBA32 3.12.12.7 2010.08.02 -
ViRobot 2010.8.3.3968 2010.08.03 -
VirusBuster 5.0.27.0 2010.08.02 -
Additional information
File size: 3917824 bytes
MD5...: a2164a9736a0c93b95a9ed667572bec5
SHA1..: f08fb5981cd0d4fc0efbe8733b11bafa8191abcc
SHA256: 7b61a8011a2efa724649ba96dca44b570d1982ad5337a4bfb890b7a93e22eea7
ssdeep: 98304:oFq3lKDzbrbRYoYt5vNaMfb5mJcj7PyLiDI7FtoWlYr:RVKD/Rf0n7P+eI
3oWlYr
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: MP3 audio (ID3 v1.x tag) (71.4%)
MP3 audio (28.5%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
 
Hello RobinsonCano

Thank you for the Scan logs and for the progress update.

this is the correct action right?
Click to expand...
You did it right. Good job!

computer gets really slow at times.
Click to expand...
This may be due to the presence of McAfee remnants on your system, or it could be that the new programs draw heavily on system resources.

Lets find out and try to do something about it if we can. Please work your way through the following steps:


  1. Security Check

    • Please download Security Check by screen317 from here or here and save the file (called securitycheck.exe) to your desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.

  2. Download and run OTL by Oldtimer

    • Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop.
    • Close all open windows on your computer then Double click on the OTL.exe icon to run the program.
    • Check the boxes beside "LOP Check" and "Purity Check".
    • Under Custom Scan paste this in:



    • netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      /md5stop
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\drivers\*.sys /90
      CREATERESTOREPOINT

    • Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.
    • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
    • Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.

    Please post the Security Check log and the OTL logs in your next reply.
 
Security Check

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Adobe Flash Player 9 (Out of date Flash Player installed!)
Adobe Flash Player 10.1.53.64
Adobe Reader 8.1.2 - Español
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
Microsoft Security Essentials msseces.exe
````````````````````````````````
DNS Vulnerability Check:

``````````End of Log````````````
 
OTL.tet

OTL logfile created on: 8/3/2010 8:34:14 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator.N09110003\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 147.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 34.09 Gb Free Space | 61.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: N09110003
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/03 08:29:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.N09110003\Desktop\OTL.exe
PRC - [2010/07/25 12:46:24 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/25 12:46:13 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/12 11:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/06/01 19:00:40 | 002,039,240 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/30 03:06:10 | 000,229,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/10/30 03:06:10 | 000,131,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
PRC - [2006/10/30 03:06:10 | 000,098,304 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/10/12 03:10:54 | 000,241,775 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
PRC - [2006/10/12 03:10:54 | 000,049,263 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
PRC - [2005/03/18 06:18:56 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/08/04 03:05:00 | 000,570,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/08/03 08:29:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.N09110003\Desktop\OTL.exe
MOD - [2010/06/01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2006/08/25 08:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 07:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2006/10/30 03:06:10 | 000,098,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/04 03:05:00 | 000,570,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\kbstuff5.sys -- (kbstuff)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\idisw2km.sys -- (idisw2km)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1.N09\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/06/04 11:55:58 | 000,229,312 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/06/01 19:00:24 | 000,087,824 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/06/01 19:00:22 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2007/03/01 12:47:48 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004/11/16 12:46:38 | 000,190,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/06/27 02:50:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2001/08/17 07:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/27 00:15:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 12:46:37 | 000,000,000 | ---D | M]

[2010/07/01 17:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.N09110003\Application Data\Mozilla\Extensions
[2010/07/01 17:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.N09110003\Application Data\Mozilla\Firefox\Profiles\up2f9avd.default\extensions
[2010/07/01 17:33:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/02 08:37:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Client Access Check Version] C:\Program Files\IBM\Client Access\cwbckver.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Express Welcome] C:\Program Files\IBM\Client Access\cwbwlwiz.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Help Update] C:\Program Files\IBM\Client Access\cwbinhlp.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UpdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 1200
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bbva.igrupobbva
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator.N09110003\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator.N09110003\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/16 10:43:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/03 08:29:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.N09110003\Desktop\OTL.exe
[2010/08/02 23:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\COMODO
[2010/08/02 22:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/08/02 22:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo Downloader
[2010/08/02 22:29:16 | 058,570,184 | ---- | C] (COMODO) -- C:\Documents and Settings\Administrator.N09110003\Desktop\cfw_installer_x86.exe
[2010/08/02 21:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/08/02 21:05:16 | 011,862,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator.N09110003\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/08/02 18:19:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/01 18:47:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/01 18:44:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/01 18:44:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/01 18:44:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/01 18:44:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/01 18:44:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/31 22:02:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/31 22:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/31 21:59:28 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Administrator.N09110003\Desktop\erunt-setup.exe
[2010/07/31 02:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.N09110003\Application Data\Malwarebytes
[2010/07/31 02:12:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/31 02:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/07/31 02:12:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/31 02:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/31 01:04:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/31 00:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.N09110003\Local Settings\Application Data\snuemqsiu
[2010/07/27 19:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/07/27 19:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.N09110003\Application Data\Winamp
[2010/07/08 17:44:32 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2010/07/07 16:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Webteh
[2010/07/04 12:08:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010/07/04 12:08:28 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010/07/04 12:08:26 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/03 08:29:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.N09110003\Desktop\OTL.exe
[2010/08/03 08:23:14 | 000,869,051 | ---- | M] () -- C:\Documents and Settings\Administrator.N09110003\Desktop\SecurityCheck.exe
[2010/08/03 08:19:48 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/03 08:14:52 | 000,000,465 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2010/08/03 08:14:29 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2010/08/03 08:14:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/03 08:14:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/03 02:51:31 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Administrator.N09110003\NTUSER.DAT
[2010/08/03 02:51:11 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator.N09110003\ntuser.ini
[2010/08/03 02:50:55 | 003,238,030 | -H-- | M] () -- C:\Documents and Settings\Administrator.N09110003\Local Settings\Application Data\IconCache.db
[2010/08/02 22:48:23 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\COMODO Firewall.lnk
[2010/08/02 22:37:02 | 058,570,184 | ---- | M] (COMODO) -- C:\Documents and Settings\Administrator.N09110003\Desktop\cfw_installer_x86.exe
[2010/08/02 21:16:47 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Security Essentials.lnk
[2010/08/02 21:14:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/02 21:09:34 | 011,862,384 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator.N09110003\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/08/02 18:03:21 | 001,373,616 | ---- | M] () -- C:\Documents and Settings\Administrator.N09110003\Desktop\MCPR.exe
[2010/08/02 08:37:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/02 08:37:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/01 18:48:04 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/01 18:17:23 | 003,748,898 | R--- | M] () -- C:\Documents and Settings\Administrator.N09110003\Desktop\ComboFix.exe
[2010/08/01 15:47:11 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Administrator.N09110003\Desktop\gmer.zip
[2010/07/31 22:00:59 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator.N09110003\Desktop\ERUNT.lnk
[2010/07/31 21:59:32 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrator.N09110003\Desktop\erunt-setup.exe
[2010/07/31 02:12:36 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/31 01:38:35 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/30 00:07:08 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Administrator.N09110003\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/28 19:32:12 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Administrator.N09110003\Desktop\Microsoft Office Excel 2003.lnk
[2010/07/27 19:59:39 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Winamp.lnk
[2010/07/17 00:27:03 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator.N09110003\Desktop\Internet Explorer.lnk
[2010/07/07 17:19:10 | 000,002,509 | ---- | M] () -- C:\Documents and Settings\Administrator.N09110003\Desktop\Microsoft Office Word 2003.lnk
[2010/07/07 17:14:01 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/07/07 16:24:43 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\Administrator.N09110003\Desktop\My Documents.lnk
[2010/07/07 16:15:54 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\Administrator.N09110003\Application Data\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk
[2010/07/07 16:15:54 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\Administrator.N09110003\Desktop\BS.Player FREE.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/03 08:23:14 | 000,869,051 | ---- | C] () -- C:\Documents and Settings\Administrator.N09110003\Desktop\SecurityCheck.exe
[2010/08/02 22:48:23 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\COMODO Firewall.lnk
[2010/08/02 21:22:02 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/02 21:16:47 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Security Essentials.lnk
[2010/08/02 18:03:22 | 001,373,616 | ---- | C] () -- C:\Documents and Settings\Administrator.N09110003\Desktop\MCPR.exe
[2010/08/01 18:48:04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/01 18:48:01 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/01 18:44:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/01 18:44:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/01 18:44:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/01 18:44:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/01 18:44:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/01 18:16:52 | 003,748,898 | R--- | C] () -- C:\Documents and Settings\Administrator.N09110003\Desktop\ComboFix.exe
[2010/08/01 15:47:15 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Administrator.N09110003\Desktop\gmer.zip
[2010/07/31 22:00:59 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator.N09110003\Desktop\ERUNT.lnk
[2010/07/31 02:12:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/31 01:38:35 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/27 19:59:39 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Winamp.lnk
[2010/07/17 00:27:03 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator.N09110003\Desktop\Internet Explorer.lnk
[2010/07/07 17:19:10 | 000,002,509 | ---- | C] () -- C:\Documents and Settings\Administrator.N09110003\Desktop\Microsoft Office Word 2003.lnk
[2010/07/07 17:18:40 | 000,002,495 | ---- | C] () -- C:\Documents and Settings\Administrator.N09110003\Desktop\Microsoft Office Excel 2003.lnk
[2010/07/07 16:24:43 | 000,000,403 | ---- | C] () -- C:\Documents and Settings\Administrator.N09110003\Desktop\My Documents.lnk
[2010/07/07 16:15:54 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\Administrator.N09110003\Application Data\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk
[2010/07/07 16:15:54 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Administrator.N09110003\Desktop\BS.Player FREE.lnk
[2010/07/06 22:07:38 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Administrator.N09110003\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/18 16:05:59 | 003,917,824 | RHS- | C] () -- C:\WINDOWS\System32\ntlfs.sys
[2008/06/02 20:23:07 | 000,000,465 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2008/06/02 20:16:47 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2008/06/02 20:16:25 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2008/06/02 20:16:25 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\qxdaedrs.dll
[2008/06/02 20:16:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2008/06/02 19:48:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/02 18:46:30 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2004/08/04 07:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/07/02 13:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.N09110003\Application Data\acccore
[2010/07/02 13:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AIM
[2010/08/02 18:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Network Associates
[2010/08/03 08:19:48 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/06/02 13:58:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/06/02 13:58:54 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/06/02 13:58:54 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/06/01 19:00:20 | 000,015,464 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\cmderd.sys
[2010/06/04 11:55:58 | 000,229,312 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\cmdGuard.sys
[2010/06/01 19:00:22 | 000,025,240 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\cmdhlp.sys
[2010/06/01 19:00:24 | 000,087,824 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\inspect.sys
< End of report >
 
OTL extras

OTL Extras logfile created on: 8/3/2010 8:34:14 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator.N09110003\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 147.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 34.09 Gb Free Space | 61.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: N09110003
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EC5AE85-BAED-400D-95E6-A3528FC9B124}" = Livelink Office Editor
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AC76BA86-7AD7-1034-7B44-A81200000003}" = Adobe Reader 8.1.2 - Español
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FCDC3CDD-F53E-4239-8CA5-BC492942931B}" = SMS Advanced Client
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"BSPlayerf" = BS.Player FREE
"ClientAccessExpress" = IBM AS/400 Client Access Express para Windows
"ERUNT_is1" = ERUNT 1.1j
"HP-LaserJet 1020 series" = LaserJet 1020 series
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/3/2010 12:03:46 AM | Computer Name = N09110003 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/3/2010 12:04:46 AM | Computer Name = N09110003 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 8/3/2010 12:41:21 AM | Computer Name = N09110003 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6004.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.

Error - 8/3/2010 12:41:53 AM | Computer Name = N09110003 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6004.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.

Error - 8/3/2010 1:04:46 AM | Computer Name = N09110003 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/3/2010 1:54:53 AM | Computer Name = N09110003 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/3/2010 1:55:53 AM | Computer Name = N09110003 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 8/3/2010 2:32:04 AM | Computer Name = N09110003 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6004.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.

Error - 8/3/2010 3:52:15 AM | Computer Name = N09110003 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/3/2010 9:14:26 AM | Computer Name = N09110003 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ System Events ]
Error - 8/3/2010 3:18:16 AM | Computer Name = N09110003 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/3/2010 3:33:51 AM | Computer Name = N09110003 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/3/2010 3:40:20 AM | Computer Name = N09110003 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/3/2010 3:52:15 AM | Computer Name = N09110003 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain BBVA due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 8/3/2010 3:52:17 AM | Computer Name = N09110003 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 8/3/2010 9:14:26 AM | Computer Name = N09110003 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain BBVA due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 8/3/2010 9:14:32 AM | Computer Name = N09110003 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 8/3/2010 9:20:10 AM | Computer Name = N09110003 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/3/2010 9:35:13 AM | Computer Name = N09110003 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 8/3/2010 10:05:17 AM | Computer Name = N09110003 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.


< End of report >
 
Hello Robinsoncano

Thank you for the logs.

Security check reveals that you still have the Windows Firewall engaged. If you want to run Comodo, you must first switch off the Windows Firewall.

Do not run more than ONE Firewall and ONE real time antivirus on your machine.

Information on how to configure Comodo can be found in the links below:


http://forums.comodo.com/guides-cis...r-maximum-protection-min-alerts-t57944.0.html

http://personalfirewall.comodo.com/Comodo_Internet_Security_User_Guide.pdf


It appears that you have several remnants of McAfee products on your machine that the removal tool is unable to deal with. This may be one reason why your machine now appears to run slower. Another reason may be the amount of RAM you have installed:

503.00 Mb Total Physical Memory
Click to expand...
Installing extra RAM would almost certainly increase your system performance. However, lets try to deal with the McAfee remnants first, then follow with a few scans:


  1. Please open OTL

    • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

      Code: 
      :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - [2006/10/30 03:06:10 | 000,229,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/10/30 03:06:10 | 000,131,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
PRC - [2006/10/30 03:06:10 | 000,098,304 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
SRV - [2006/10/30 03:06:10 | 000,098,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UpdaterUI.exe (McAfee, Inc.)
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Services
McAfeeFramework

:Files
C:\Documents and Settings\Administrator.N09110003\Local Settings\Application Data\snuemqsiu
C:\Program Files\McAfee
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]


    • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
    • Allow the program to run unhindered.
    • Your machine will re-start itself. This is normal.
    • A log will be created after your machine reboots. Please post the contents of the log in your next reply.
 
this is gonna be a stupid question. is windows firewall on this laptop itself? or on the wireless network connection im currently on?
 
note. once we get this all fixed and running properly. yes, ill look into a RAM upgrade. :fear:

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Process naPrdMgr.exe killed successfully!
No active process named UpdaterUI.exe was found!
No active process named FrameworkService.exe was found!
Service McAfeeFramework stopped successfully!
Service McAfeeFramework deleted successfully!
C:\Program Files\McAfee\Common Framework\FrameworkService.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\McAfeeUpdaterUI deleted successfully.
C:\Program Files\McAfee\Common Framework\UpdaterUI.exe moved successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== SERVICES/DRIVERS ==========
Error: No service named McAfeeFramework was found to stop!
Service\Driver key McAfeeFramework not found.
========== FILES ==========
C:\Documents and Settings\Administrator.N09110003\Local Settings\Application Data\snuemqsiu folder moved successfully.
C:\Program Files\McAfee\Common Framework\0409 folder moved successfully.
C:\Program Files\McAfee\Common Framework folder moved successfully.
C:\Program Files\McAfee folder moved successfully.
File\Folder C:\Program Files\McAfee\Common Framework\naPrdMgr.exe not found.
File\Folder C:\Program Files\McAfee\Common Framework\UpdaterUI.exe not found.
File\Folder C:\Program Files\McAfee\Common Framework\FrameworkService.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 2656 bytes
->Temporary Internet Files folder emptied: 2931648 bytes

User: Administrator.N09110003
->Temp folder emptied: 673253 bytes
->Temporary Internet Files folder emptied: 1425634 bytes
->FireFox cache emptied: 42651914 bytes
->Flash cache emptied: 40003 bytes

User: All Users

User: All Users.WINDOWS

User: Ctx_StreamingSvc
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 47690 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: pa00849
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: pa00884

User: u0703
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: u085950.BBVA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3040909 bytes
->Java cache emptied: 763036 bytes
->Flash cache emptied: 405 bytes

User: u085950.RDEXBBVA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: xe16290
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29674 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1373616 bytes

Total Files Cleaned = 51.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.N09110003
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Ctx_StreamingSvc

User: Default User

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

User: pa00849

User: pa00884

User: u0703

User: u085950.BBVA
->Flash cache emptied: 0 bytes

User: u085950.RDEXBBVA
->Flash cache emptied: 0 bytes

User: xe16290

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08032010_152318

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Hello Robinsoncano

is windows firewall on this laptop itself?
Click to expand...
It is. You can find it by doing the following:

  • Click on "Start".
  • Click on "Control Panel".
  • Click on "Windows Firewall".

I am checking through your OTL log now.

If you run into any problems just let me know.
 
JonTom said:
Hello Robinsoncano

It is. You can find it by doing the following:

  • Click on "Start".
  • Click on "Control Panel".
  • Click on "Windows Firewall".

I am checking through your OTL log now.

If you run into any problems just let me know.
Click to expand...

im gonna assume that Comodo is a better firewall than the windows firewall? will look through the set up links tonight after dinner and get it running properly.
 
Hello RobinsonCano

It blocks both inbound and outbound traffic and so is considered to have the edge over the MS Firewall which only blocks inbound material.

However, that being said, a firewall is a firewall, and you should have one running on your system. I'll leave it up to you to decide which one to go for. Regardless of which one you choose it is essential that you have one installed.

Let me know how you get on.

Just turned midnight for me. We'll pick up again tommorrow :)
 
JonTom said:
Hello RobinsonCano

It blocks both inbound and outbound traffic and so is considered to have the edge over the MS Firewall which only blocks inbound material.

However, that being said, a firewall is a firewall, and you should have one running on your system. I'll leave it up to you to decide which one to go for. Regardless of which one you choose it is essential that you have one installed.

Let me know how you get on.

Just turned midnight for me. We'll pick up again tommorrow :)
Click to expand...

good morning. :)

this is great info. thanks. ive just turned off windows firewall. and i am looking at the links you provided to properly set up Comodo firewall.

i got a popup from Comodo pretty much right after i killed windows firewall. saying svchost.exe is a safe program / procedure. but that it was currently trying to connect to another computer. ?! ive blocked that.

fidding with Comodo now.
 
Comodo firewall is set up.
Upon startup the sandbox goes to work. I don't know most of these items are. Except for winamp. lol. So they are still in the sandbox for now.
On my latest restart, DEP killed spooler subsystem app. ?
 
RobinsonCano said:
Upon startup the sandbox goes to work. I don't know most of these items are. Except for winamp. lol. So they are still in the sandbox for now.
Click to expand...

i figured this out. most of them are apart of this IBM client access program that is on the computer.

svchost is still hogging up the little memory i have. if we get this computer fixed, i do plan a RAM upgrade. ususally within 15 mins or so of connecting to the internet its in the 150,000k and the computer starts to crawl. but before that happens, it runs smoothly. so far the only thing that helps is to disable my internet connection for a few minutes.
 
Hello RobinsonCano

i got a popup from Comodo pretty much right after i killed windows firewall. saying svchost.exe is a safe program / procedure. but that it was currently trying to connect to another computer. ?! ive blocked that.
Click to expand...
It will take a while to optimise the settings for your system. From what I have read, the warnings from Comodo are quite frequent at first and then become less frequent over time as you allow the applications you trust to cross the firewall.

As for svchost.exe, it is a generic process that is commonly found on machines. It is not unusual to find multiple instances of svchost.exe running on a system. The process can drain system resources depending on how many applications it is running.

As for it trying to connect to another computer, not too sure. Are you machines networked perhaps? Something for you to think about.

Anyway, I'll leave to you to fiddle with the settings in your own time. Also, please remember, Comodo was only a suggestion. If you do not like it, there are many others you can try.

most of them are apart of this IBM client access program that is on the computer.
Click to expand...
We can take care of that program later if you wish. For now though, I would like to make sure that your system is clean.

Please do the following:


  1. MalwareBytes AntiMalware:

    • I can see that you have MBAM installed.
    • Double click on your MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform full scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.

  2. Please update your Java

    • Click on "Start", then on "Control Panel".
    • Go to "Add or Remove Programs" and uninstall any previous versions of Java that you find (J2SE Runtime Environment 5.0 Update 9).
    • Reboot your computer.
    • Next, download the latest version of Java by clicking here
    • Scroll down the page until you reach "Java Platform Standard Edition".
    • Beneath this and to the right, you will see a link marked "Download JRE".
    • Click on the "Download JRE" link.
    • Select the platform (Windows, in your case), multi language.
    • Accept the license agreement and click on "Continue".
    • You do not have to register if you do not want to (the registration step is optional).
    • Scroll down and click on the file called jre-6u21-windows-i586.exe located under "Windows Offline Installation".
    • Save the file to your desktop.
    • Do not select Run.
    • Double click on the saved file (jre-6u21-windows-i586.exe) to install the update.
    • Delete the downloaded installation file after completing the above procedure and reboot your system if not prompted to do so.

  3. Please perform the following scan:

    • This is a very deep scan that can take many hours. In some instances you may need to let it run overnight. Please be patient.

    • It is recommended that you disable your onboard antivirus program and antispyware programs while performing scans to eliminate software conflicts and to speed up scan time.
    • DO NOT surf the net while your resident protection is disabled!
    • Once the scan is finished remember to re-enable your resident antivirus protection along with whatever antispyware applications you use.

    • Please perform a Kaspersky Online Scan of your computer by clicking here or here.

    • Click on the Accept button and install any components it needs.
    • The program will install and then begin downloading the latest definition files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run (at times it may appear to stall).
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    • Once the scan is complete, click on View scan report. To obtain the report:
    • Click on: Save Report As
    • Next, in the Save as prompt, Save in area, select: Desktop
    • In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:Text file [*.txt]
    • Then, click: Save
    • Please post the Kaspersky Online Scanner Report in your reply.
    • If you need help performing the above steps, an animated tutorial can be found here.

    Please post the MBAM log and the Kaspersky Online Scan log in your next reply.

    Also, please describe how your machine is behaving now. Are you still experiencing problems?
 
here is step 1. MalwareBytes scan. please note, while the log did pop up I was not prompted to do a restart.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4389

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

8/4/2010 2:22:44 PM
mbam-log-2010-08-04 (14-22-44).txt

Scan type: Full scan (C:\|)
Objects scanned: 268020
Time elapsed: 1 hour(s), 12 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Status
Not open for further replies.
Back
Top