Solved Unable to complete Virus scans etc...

[Resolved] Unable to complete Virus scans etc...

A very good Afternoon to all.

I have been having problems using Comodo Anti Virus Scan and The Spybot S&D Scanner. Both start ok but then stop working and the computer crashes/freezes. I have managed to complete the Quick scan using Malware Bytes but the same thing happens when i try to carry out a full scan?

I have completed the GMER scan but unable to copy / paste it?

Many thanks in advance.

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5354

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19/12/2010 08:18:42
mbam-log-2010-12-19 (08-18-42).txt

Scan type: Quick scan
Objects scanned: 162589
Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 14/01/2007 16:49:55
System Uptime: 19/12/2010 08:00:25 (3 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7255
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Socket 775 | 1862/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 293 GiB total, 139.726 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1268: 05/10/2010 14:44:09 - System Checkpoint
RP1269: 06/10/2010 16:21:07 - System Checkpoint
RP1270: 07/10/2010 06:21:02 - COMODO Registry Cleaner 07-10-10_06-20-56
RP1271: 08/10/2010 07:29:30 - System Checkpoint
RP1272: 09/10/2010 14:01:58 - System Checkpoint
RP1273: 10/10/2010 05:28:26 - COMODO Registry Cleaner 10-10-10_05-28-19
RP1274: 10/10/2010 15:14:45 - COMODO Registry Cleaner 10-10-10_15-14-32
RP1275: 11/10/2010 15:36:06 - System Checkpoint
RP1276: 12/10/2010 22:08:51 - System Checkpoint
RP1277: 14/10/2010 07:03:55 - System Checkpoint
RP1278: 15/10/2010 14:46:37 - System Checkpoint
RP1279: 16/10/2010 13:35:45 - COMODO Registry Cleaner 16-10-10_13-35-33
RP1280: 17/10/2010 14:18:28 - System Checkpoint
RP1281: 19/10/2010 04:27:02 - System Checkpoint
RP1282: 20/10/2010 06:07:01 - COMODO Registry Cleaner 20-10-10_06-06-51
RP1283: 21/10/2010 06:51:25 - System Checkpoint
RP1284: 22/10/2010 07:34:04 - System Checkpoint
RP1285: 23/10/2010 07:56:50 - System Checkpoint
RP1286: 24/10/2010 09:05:42 - System Checkpoint
RP1287: 25/10/2010 14:31:00 - System Checkpoint
RP1288: 26/10/2010 18:38:56 - System Checkpoint
RP1289: 27/10/2010 08:00:35 - COMODO Registry Cleaner 27-10-10_08-00-22
RP1290: 27/10/2010 08:04:48 - Removed COMODO System - Cleaner
RP1291: 27/10/2010 08:05:00 - [ErrorText_1715]
RP1292: 27/10/2010 08:37:41 - COMODO Registry Cleaner 27-10-10_08-37-35
RP1293: 27/10/2010 21:03:21 - Installed Webcam 2200
RP1294: 28/10/2010 00:16:35 - Installed Eraser 6.0.7.1893
RP1295: 28/10/2010 06:02:08 - Removed Webcam 2200
RP1296: 28/10/2010 06:03:22 - Removed Labtec WebCam
RP1297: 28/10/2010 06:40:59 - Removed Eraser 6.0.7.1893
RP1298: 28/10/2010 06:48:24 - COMODO Registry Cleaner 28-10-10_06-48-18
RP1299: 28/10/2010 07:13:48 - Restore Operation
RP1300: 28/10/2010 13:10:12 - Restore Operation
RP1301: 28/10/2010 16:54:46 - Restore Operation
RP1302: 28/10/2010 17:08:20 - Restore Operation
RP1303: 28/10/2010 20:23:24 - Software Distribution Service 3.0
RP1304: 30/10/2010 12:00:14 - System Checkpoint
RP1305: 31/10/2010 11:04:42 - System Checkpoint
RP1306: 01/11/2010 11:39:50 - System Checkpoint
RP1307: 01/11/2010 21:30:08 - Installed Quake Live Mozilla Plugin
RP1308: 02/11/2010 05:34:52 - Restore Operation
RP1309: 03/11/2010 06:43:05 - System Checkpoint
RP1310: 04/11/2010 06:58:41 - System Checkpoint
RP1311: 05/11/2010 09:08:57 - System Checkpoint
RP1312: 05/11/2010 12:28:39 - Removed Ghost Recon Advanced Warfighter
RP1313: 05/11/2010 12:31:25 - Installed Tom Clancy's Ghost Recon Advanced Warfighter® 2
RP1314: 05/11/2010 15:02:27 - Installed DirectX
RP1315: 06/11/2010 19:09:23 - System Checkpoint
RP1316: 07/11/2010 18:56:53 - Software Distribution Service 3.0
RP1317: 08/11/2010 22:07:55 - System Checkpoint
RP1318: 10/11/2010 05:01:50 - System Checkpoint
RP1319: 11/11/2010 08:00:49 - System Checkpoint
RP1320: 12/11/2010 05:54:24 - COMODO Registry Cleaner 12-11-10_05-54-18
RP1321: 13/11/2010 06:14:51 - System Checkpoint
RP1322: 14/11/2010 10:43:41 - System Checkpoint
RP1323: 15/11/2010 13:53:13 - System Checkpoint
RP1324: 16/11/2010 12:41:08 - Installed Command & Conquerâ„¢ 4 Tiberian Twilight
RP1325: 16/11/2010 19:48:59 - Removed Command & Conquerâ„¢ 4 Tiberian Twilight
RP1326: 17/11/2010 16:07:22 - Installed Command & Conquer The First Decade
RP1327: 17/11/2010 17:09:40 - Installed DirectX 9.0
RP1328: 18/11/2010 20:46:11 - System Checkpoint
RP1329: 20/11/2010 08:10:15 - System Checkpoint
RP1330: 21/11/2010 09:38:57 - System Checkpoint
RP1331: 22/11/2010 21:46:45 - Installed Battlefield: Bad Companyâ„¢ 2
RP1332: 24/11/2010 03:52:21 - System Checkpoint
RP1333: 25/11/2010 04:19:41 - System Checkpoint
RP1334: 25/11/2010 10:07:12 - Removed Tom Clancy's Ghost Recon Advanced Warfighter® 2
RP1335: 26/11/2010 14:06:48 - System Checkpoint
RP1336: 27/11/2010 14:46:05 - System Checkpoint
RP1337: 28/11/2010 16:42:42 - System Checkpoint
RP1338: 29/11/2010 06:15:26 - Removed Java(TM) 6 Update 21
RP1339: 29/11/2010 06:19:27 - Installed Java(TM) 6 Update 22
RP1340: 30/11/2010 06:22:45 - System Checkpoint
RP1341: 30/11/2010 23:47:51 - Windows Media Center Update
RP1342: 30/11/2010 23:48:19 - Restore Operation
RP1343: 01/12/2010 00:01:22 - Installed Windows XP KB895961-v4.
RP1344: 01/12/2010 00:10:23 - Installed Windows XP Media Center Edition 2005 KB905589.
RP1345: 02/12/2010 12:18:47 - System Checkpoint
RP1346: 03/12/2010 13:40:03 - System Checkpoint
RP1347: 04/12/2010 13:40:57 - System Checkpoint
RP1348: 05/12/2010 15:30:19 - System Checkpoint
RP1349: 06/12/2010 05:24:50 - COMODO Registry Cleaner 06-12-10_05-24-44
RP1350: 07/12/2010 07:36:30 - System Checkpoint
RP1351: 08/12/2010 07:41:59 - Installed OF Dragon Rising
RP1352: 08/12/2010 08:34:01 - Removed OF Dragon Rising
RP1353: 09/12/2010 12:12:26 - System Checkpoint
RP1354: 10/12/2010 13:02:24 - System Checkpoint
RP1355: 11/12/2010 20:00:28 - System Checkpoint
RP1356: 11/12/2010 23:02:01 - Removed Skypeâ„¢ 5.0
RP1357: 13/12/2010 03:17:26 - Installed Wanted: Weapons of Fate
RP1358: 14/12/2010 07:23:52 - System Checkpoint
RP1359: 15/12/2010 08:49:28 - System Checkpoint
RP1360: 16/12/2010 15:05:31 - System Checkpoint
RP1361: 17/12/2010 15:17:02 - System Checkpoint
RP1362: 18/12/2010 15:32:29 - System Checkpoint
RP1363: 19/12/2010 07:07:26 - System Checkpoint
RP1364: 19/12/2010 07:36:14 - Restore Operation

==== Installed Programs ======================

7-Zip 4.42
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.5
Adobe Shockwave Player 11.5
Age of Empires III
AIM 7
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Baldur's Gate(TM) II - Shadows of Amn(TM)
Battle.net
blueMSX
Bonjour
CCleaner (remove only)
Comanche Gold
Command & Conquer The First Decade
COMODO Internet Security
COMODO System-Cleaner
Compatibility Pack for the 2007 Office system
Creative WebCam Vista Plus Driver (1.02.02.0414)
Creatix V.92 Data Fax Modem
Critical Update for Windows Media Player 11 (KB959772)
Diablo
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Download Updater (AOL LLC)
DVD X Player 5.4 Professional
EasyInfo
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
EPSON Web-To-Page
Facebook Plug-In
Free Audio CD Burner version 1.4
Free YouTube to MP3 Converter version 3.7
GameSpy Arcade
Google Earth
Google Update Helper
GUN (TM)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB895961-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IBM ViaVoice Command and Control Runtime 5.3 - UK English
IBM ViaVoice Outloud Runtime - UK English
iPod for Windows 2006-01-10
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Last.fm 1.5.4.27091
LibUSB-Win32-0.1.10.1
Malwarebytes' Anti-Malware
Medal of Honor Allied Assault(tm) Breakthrough
Medal of Honor Allied Assault(tm) Spearhead
Media Center Extender
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo Trial
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.12)
MRU-Blaster v1.5 (Database 3/28/2004)
MSN
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NVIDIA PhysX v8.04.25
OCA Client history tool install
OpenAL
Outpost Firewall 2009
Platform
Project64 1.6
Puppy Luv
Quake 4(TM)
QuickTime
QuickTime 3.0
RealPlayer
Roxio Burn Engine
RPG Maker VX
RPG Maker VX RTP
Saitek Dual Analog Rumble Pad
Samsung Master
Samsung USB Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype Toolbars
Snes9x
Spybot - Search & Destroy
SpywareBlaster 4.4
SpywareGuard v2.2
Taksi Desktop Video Recorder
Taksi Desktop Video Recorder v0.765
Total Video Converter 3.10
Total Video Converter 3.21 090220
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.4053
VIA Platform Device Manager
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Movie Maker 2.0
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB915381
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WindSlayer
WinPcap 3.1
WinRAR archiver

==== Event Viewer Messages From Past Week ========

18/12/2010 15:31:59, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'netstat4.log' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
18/12/2010 15:20:00, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Google\Update\GoogleUpdate.exe. Reference error message: The operation completed successfully. .
18/12/2010 15:12:22, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: Insufficient system resources exist to complete the requested service. .
18/12/2010 15:12:22, error: SideBySide [59] - Generate Activation Context failed for C:\windows\system32\sirenacm.dll. Reference error message: The operation completed successfully. .
18/12/2010 15:12:22, error: SideBySide [58] - Syntax error in manifest or policy file "C:\windows\WinSxS\Policies\x86_Policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.4053.policy" on line 0.
18/12/2010 15:12:21, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
18/12/2010 15:12:21, error: SideBySide [59] - Generate Activation Context failed for C:\windows\system32\wuapi.dll. Reference error message: The operation completed successfully. .
18/12/2010 15:12:21, error: SideBySide [58] - Syntax error in manifest or policy file "C:\windows\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.6028.Policy" on line 0.
18/12/2010 15:03:25, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'mac.log' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
18/12/2010 11:05:08, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the libusbd service.
14/12/2010 22:22:21, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 001617C81DAD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
14/12/2010 04:09:27, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
14/12/2010 04:09:27, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
13/12/2010 15:01:39, error: Service Control Manager [7023] - The Uninterruptible Power Supply service terminated with the following error: %%2481
13/12/2010 15:01:39, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.
13/12/2010 15:01:39, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
13/12/2010 15:01:14, error: UPS [2481] - The UPS service is not configured correctly.
12/12/2010 14:27:14, error: Service Control Manager [7034] - The COMODO System - Cleaner Service service terminated unexpectedly. It has done this 1 time(s).
12/12/2010 14:27:12, error: Service Control Manager [7034] - The LibUsb-Win32 - Daemon, Version 0.1.10.1 service terminated unexpectedly. It has done this 1 time(s).
12/12/2010 14:27:12, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/12/2010 14:27:12, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/12/2010 14:27:11, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================



DDS (Ver_10-12-12.01) - NTFSx86
Run by shaun wade at 11:46:02.96 on 19/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.303 [GMT 0:00]

AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: Outpost Firewall *Enabled*

============== Running Processes ===============

C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
C:\windows\eHome\ehRecvr.exe
C:\windows\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\libusbd-nt.exe
C:\windows\ehome\RMSvc.exe
svchost.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\shaun wade\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [EPSON Stylus DX7400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticde.exe /fu "c:\docume~1\shaunw~1\locals~1\temp\E_SB.tmp" /EF "HKCU "
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\docume~1\shaunw~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\shaun wade\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260767348203
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254718264375
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shaunw~1\applic~1\mozilla\firefox\profiles\xibohe18.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GBfficial
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\shaun wade\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\docume~1\shaunw~1\applic~1\mozilla\firefox\profiles\xibohe18.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\shaunw~1\applic~1\mozilla\firefox\profiles\xibohe18.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Personas: personas@christopher.beard - c:\docume~1\shaunw~1\applic~1\mozilla\firefox\profiles\xibohe18.default\extensions\personas@christopher.beard
FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\docume~1\shaunw~1\applic~1\mozilla\firefox\profiles\xibohe18.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Extension: Ghostery: firefox@ghostery.com - c:\docume~1\shaunw~1\applic~1\mozilla\firefox\profiles\xibohe18.default\extensions\firefox@ghostery.com
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2010-12-9 66584]
R1 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [2010-12-9 33232]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-9-10 15592]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-10 239240]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2007-7-19 3026]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-11-30 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2009-11-30 1195008]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2009-6-17 941784]
R2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\comodo\comodo system-cleaner\Cleaner_Validator.exe [2010-12-9 305600]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-10 1901056]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-11-30 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-11-30 257432]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-1-22 33792]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-16 136176]
S3 aaudstum;aaudstum;\??\c:\docume~1\shaunw~1\locals~1\temp\aaudstum.sys --> c:\docume~1\shaunw~1\locals~1\temp\aaudstum.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\manycam.sys --> c:\windows\system32\drivers\ManyCam.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\6.tmp --> c:\windows\system32\6.tmp [?]
S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\qscnusb.sys [2010-4-9 103552]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\drivers\pssdk30.drv --> c:\windows\system32\drivers\PsSdk30.drv [?]
S3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys --> c:\windows\system32\drivers\scrcap.sys [?]
S3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\drivers\V0090Vid.sys [2007-1-28 138112]
S3 XDva226;XDva226;\??\c:\windows\system32\xdva226.sys --> c:\windows\system32\XDva226.sys [?]
S4 BGEEJA;BGEEJA;c:\docume~1\shaunw~1\locals~1\temp\bgeeja.exe --> c:\docume~1\shaunw~1\locals~1\temp\BGEEJA.exe [?]
S4 SC;SC;c:\docume~1\shaunw~1\locals~1\temp\sc.exe --> c:\docume~1\shaunw~1\locals~1\temp\SC.exe [?]

=============== Created Last 30 ================

2010-12-19 07:37:40 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-19 07:37:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-12 14:28:38 91533 ----a-w- c:\windows\cscmondump.bin
2010-12-12 06:17:57 2204 -c--a-w- c:\windows\crpf.bin
2010-12-12 06:17:57 1552 -c--a-w- c:\windows\crpf_sdum.bin
2010-12-09 12:15:18 33232 ----a-w- c:\windows\system32\drivers\CFRPD.sys
2010-12-09 12:14:56 66584 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2010-12-08 07:42:01 -------- d-----w- c:\program files\Codemasters
2010-12-07 23:45:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\AIM
2010-12-07 23:45:21 -------- d-----w- c:\program files\AIM
2010-12-07 23:45:14 -------- d-----w- c:\program files\common files\Software Update Utility
2010-12-05 01:58:13 -------- d-----r- c:\program files\Skype
2010-11-30 23:55:49 295424 -c----w- c:\windows\system32\dllcache\termsrv.dll
2010-11-29 06:19:59 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2010-11-22 17:34:17 515416 -c--a-w- c:\windows\system32\XAudio2_5.dll
2010-11-22 17:34:17 238936 -c--a-w- c:\windows\system32\xactengine3_5.dll
2010-11-22 17:34:16 1974616 -c--a-w- c:\windows\system32\D3DCompiler_42.dll
2010-11-22 17:34:15 5501792 -c--a-w- c:\windows\system32\d3dcsx_42.dll
2010-11-22 17:34:14 453456 -c--a-w- c:\windows\system32\d3dx10_42.dll
2010-11-22 17:34:14 235344 -c--a-w- c:\windows\system32\d3dx11_42.dll
2010-11-22 17:34:13 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

==================== Find3M ====================

2010-11-29 06:19:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-02 00:20:58 235248 -c--a-w- c:\windows\system32\PnkBstrB.xtr
2010-09-24 21:05:12 86528 -c--a-w- c:\windows\bnetunin.exe
2010-09-24 21:05:12 61440 -c--a-w- c:\windows\diabunin.exe
2010-09-20 20:48:57 88 -csh--w- c:\docume~1\alluse~1\applic~1\42CDCD17F7.sys
2010-09-20 20:48:57 848 -csha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-04-17 16:58:38 444 -c--a-w- c:\program files\04201017583831.bat

============= FINISH: 11:48:38.14 ===============


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001dc

Kernel Drivers (total 188):
0x804D7000 \windows\system32\ntkrnlpa.exe
0x806E4000 \windows\system32\hal.dll
0xF7AD0000 \windows\system32\KDCOM.DLL
0xF79E0000 \windows\system32\BOOTVID.dll
0xF73CF000 spxs.sys
0xF7AD2000 \windows\System32\Drivers\WMILIB.SYS
0xF73B7000 \windows\System32\Drivers\SCSIPORT.SYS
0xF7389000 ACPI.sys
0xF7378000 pci.sys
0xF75D0000 isapnp.sys
0xF7B98000 pciide.sys
0xF7850000 \windows\system32\DRIVERS\PCIIDEX.SYS
0xF7AD4000 aliide.sys
0xF7AD6000 cmdide.sys
0xF7AD8000 toside.sys
0xF7ADA000 viaide.sys
0xF7ADC000 intelide.sys
0xF75E0000 MountMgr.sys
0xF7359000 ftdisk.sys
0xF7ADE000 dmload.sys
0xF7333000 dmio.sys
0xF7858000 PartMgr.sys
0xF75F0000 VolSnap.sys
0xF79E4000 cpqarray.sys
0xF731B000 atapi.sys
0xF79E8000 aha154x.sys
0xF7860000 sparrow.sys
0xF79EC000 symc810.sys
0xF7600000 aic78xx.sys
0xF79F0000 dac960nt.sys
0xF7610000 ql10wnt.sys
0xF79F4000 amsint.sys
0xF7868000 asc.sys
0xF79F8000 asc3550.sys
0xF7870000 mraid35x.sys
0xF7878000 i2omp.sys
0xF79FC000 ini910u.sys
0xF7620000 ql1240.sys
0xF7630000 aic78u2.sys
0xF7880000 symc8xx.sys
0xF7888000 sym_hi.sys
0xF7890000 sym_u3.sys
0xF7898000 ABP480N5.SYS
0xF78A0000 asc3350p.sys
0xF7AE0000 cd20xrnt.sys
0xF7640000 ultra.sys
0xF7302000 adpu160m.sys
0xF78A8000 dpti2o.sys
0xF7650000 ql1080.sys
0xF7660000 ql1280.sys
0xF7670000 ql12160.sys
0xF78B0000 perc2.sys
0xF7AE2000 perc2hib.sys
0xF78B8000 hpn.sys
0xF7A00000 cbidf2k.sys
0xF72D6000 dac2w2k.sys
0xF7680000 disk.sys
0xF7690000 \windows\system32\DRIVERS\CLASSPNP.SYS
0xF72B6000 fltmgr.sys
0xF72A4000 sr.sys
0xF76A0000 PxHelp20.sys
0xF728D000 KSecDD.sys
0xF727A000 WudfPf.sys
0xF71ED000 Ntfs.sys
0xF71C0000 NDIS.sys
0xF76B0000 viaagp.sys
0xF76C0000 uagp35.sys
0xF76D0000 ohci1394.sys
0xF76E0000 \windows\system32\DRIVERS\1394BUS.SYS
0xF71A6000 Mup.sys
0xF70E6000 IASTOR.SYS
0xF76F0000 alim1541.sys
0xF7700000 amdagp.sys
0xF7710000 agpCPQ.sys
0xF7740000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF6AD9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6642000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF662E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6606000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF64FA000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF64D7000 \SystemRoot\system32\DRIVERS\ks.sys
0xF79B0000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6AC9000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF6AB9000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6AA9000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7AB0000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF79B8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF64B3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79C0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF79C8000 \SystemRoot\system32\DRIVERS\fetnd5.sys
0xF644E000 \SystemRoot\System32\Drivers\aqsjqshw.SYS
0xF7928000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6A99000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7002000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF643A000 \SystemRoot\system32\DRIVERS\parport.sys
0xF6A89000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7930000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7938000 \SystemRoot\system32\DRIVERS\afw.sys
0xF63FC000 \SystemRoot\system32\drivers\afwcore.sys
0xF7940000 \SystemRoot\system32\drivers\TDI.SYS
0xF629E000 \SystemRoot\system32\DRIVERS\CAMTHWDM.sys
0xF6A79000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF7CC5000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6A69000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF6FEE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF606B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6A59000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6A49000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF605A000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7750000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7950000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7958000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5FDA000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7760000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7960000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B0E000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5F7C000 \SystemRoot\system32\DRIVERS\update.sys
0xF6FDE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7790000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAE7E4000 \SystemRoot\system32\drivers\AtiHdmi.sys
0xAE7C0000 \SystemRoot\system32\drivers\portcls.sys
0xF77C0000 \SystemRoot\system32\drivers\drmk.sys
0xF77E0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B16000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF77F0000 \SystemRoot\system32\drivers\libusb0.sys
0xAE716000 \SystemRoot\system32\drivers\viahduaa.sys
0xF701E000 \SystemRoot\System32\DRIVERS\cmderd.sys
0xF701A000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xAE6B5000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xF700E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7810000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7990000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7820000 \SystemRoot\system32\DRIVERS\CFRMD.sys
0xF7998000 \SystemRoot\system32\DRIVERS\CFRPD.sys
0xF7C47000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7C4C000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF7B26000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C50000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B28000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79A8000 \SystemRoot\System32\drivers\vga.sys
0xF7B2A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B2C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79D0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79D8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF63DB000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAE621000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAE5C8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAE578000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAE552000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7830000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF63C7000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xAE530000 \SystemRoot\System32\drivers\afd.sys
0xF7840000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF70D6000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAE3E5000 \??\C:\windows\system32\drivers\SandBox.sys
0xF78C8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF6FF6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAE394000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAE324000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7CB5000 \SystemRoot\System32\Drivers\hwinterface.sys
0xF70B6000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7096000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAE2E4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B3E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAE6FE000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7910000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BBD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF058000 \SystemRoot\System32\ati2cqag.dll
0xBF0D3000 \SystemRoot\System32\atikvmag.dll
0xBF141000 \SystemRoot\System32\atiok3x2.dll
0xBF16E000 \SystemRoot\System32\ati3duag.dll
0xBF469000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xABF37000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xABBCE000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAE65C000 \SystemRoot\System32\drivers\aspi32.sys
0xAB985000 \SystemRoot\System32\Drivers\HTTP.sys
0xAB8DD000 \SystemRoot\system32\DRIVERS\srv.sys
0xABB3E000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xAB738000 \SystemRoot\system32\drivers\wdmaud.sys
0xABD93000 \SystemRoot\system32\drivers\sysaudio.sys
0xAE64C000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xAB1AD000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xAAD47000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 40):
0 System Idle Process
4 System
1076 C:\WINDOWS\system32\smss.exe
1200 csrss.exe
1284 C:\WINDOWS\system32\winlogon.exe
1328 C:\WINDOWS\system32\services.exe
1340 C:\WINDOWS\system32\lsass.exe
1512 C:\WINDOWS\system32\ati2evxx.exe
1532 C:\WINDOWS\system32\svchost.exe
1644 svchost.exe
1788 C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
1828 C:\WINDOWS\system32\svchost.exe
1968 C:\WINDOWS\system32\svchost.exe
1996 C:\WINDOWS\system32\ati2evxx.exe
284 svchost.exe
460 svchost.exe
612 C:\WINDOWS\system32\spoolsv.exe
1132 svchost.exe
1492 C:\Program Files\Bonjour\mDNSResponder.exe
1772 C:\Program Files\Comodo\COMODO System-Cleaner\Cleaner_Validator.exe
244 C:\WINDOWS\ehome\ehrecvr.exe
448 C:\WINDOWS\ehome\ehSched.exe
1188 C:\Program Files\Java\jre6\bin\jqs.exe
1204 C:\WINDOWS\system32\libusbd-nt.exe
1748 C:\WINDOWS\ehome\RMSvc.exe
2080 svchost.exe
2140 C:\WINDOWS\system32\svchost.exe
2412 McrdSvc.exe
3260 C:\WINDOWS\explorer.exe
1656 C:\WINDOWS\system32\dllhost.exe
1584 alg.exe
3236 C:\WINDOWS\system32\ctfmon.exe
3284 C:\Program Files\Windows Media Player\wmpnscfg.exe
3456 C:\WINDOWS\system32\svchost.exe
3484 C:\Program Files\SpywareGuard\sgmain.exe
2276 C:\Program Files\SpywareGuard\sgbhp.exe
3828 op_mon.exe
3912 acs.exe
3256 C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
896 C:\Documents and Settings\shaun wade\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`55b6f200 (NTFS)

PhysicalDrive0 Model Number: ST3320820AS, Rev: 3.AAC

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 680C3DFB3AF5C02B7E098CA7B25CA73D63745DC5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 

Hi Broni, and may thank you for all your help with this issue.

Tried to follow you instructions with little success.

Disabled all active antivirus protection ECT and ran Combofix...I got the message: h/iexplore.exe windows cannot access the specified device, path, and file. Tried both downloads of Combofix and received the same message.

Downloaded Combofix and renamed it and saved it to the desktop

Entered Safe Mode and i think i managed to run RKill...

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 19/12/2010 at 18:13:19.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:


Rkill completed on 19/12/2010 at 18:13:23.

When i ran Combofix it said comodo AV was still active? I even booted into normal mode and uninstalled Comodo to make sure it was not still active? I booted into Safe Mode and tried to run Combofix and again it said Comodo AV was still active, I clicked OK for it to run and it just stayed at the part were it says "Please wait, Combofix is preparing to run, attempting to create a new system restore point for 20 minutes, so i ended up booting back into normal mode and here i am.

Many Thanks to you,

Sean.

 

Phewww, that was scary

"Once rebooted, run MBRCheck again and post its log" please could you send me the link to download the MBRCheck

Cheers,

 

Forget that last post...Forgot i downloaded it at the start, that last set of instructions made me a little nervous

Cheers,

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001dc

Kernel Drivers (total 188):
0x804D7000 \windows\system32\ntkrnlpa.exe
0x806E4000 \windows\system32\hal.dll
0xF7AD0000 \windows\system32\KDCOM.DLL
0xF79E0000 \windows\system32\BOOTVID.dll
0xF73CF000 spav.sys
0xF7AD2000 \windows\System32\Drivers\WMILIB.SYS
0xF73B7000 \windows\System32\Drivers\SCSIPORT.SYS
0xF7389000 ACPI.sys
0xF7378000 pci.sys
0xF75D0000 isapnp.sys
0xF7B98000 pciide.sys
0xF7850000 \windows\system32\DRIVERS\PCIIDEX.SYS
0xF7AD4000 aliide.sys
0xF7AD6000 cmdide.sys
0xF7AD8000 toside.sys
0xF7ADA000 viaide.sys
0xF7ADC000 intelide.sys
0xF75E0000 MountMgr.sys
0xF7359000 ftdisk.sys
0xF7ADE000 dmload.sys
0xF7333000 dmio.sys
0xF7858000 PartMgr.sys
0xF75F0000 VolSnap.sys
0xF79E4000 cpqarray.sys
0xF731B000 atapi.sys
0xF79E8000 aha154x.sys
0xF7860000 sparrow.sys
0xF79EC000 symc810.sys
0xF7600000 aic78xx.sys
0xF79F0000 dac960nt.sys
0xF7610000 ql10wnt.sys
0xF79F4000 amsint.sys
0xF7868000 asc.sys
0xF79F8000 asc3550.sys
0xF7870000 mraid35x.sys
0xF7878000 i2omp.sys
0xF79FC000 ini910u.sys
0xF7620000 ql1240.sys
0xF7630000 aic78u2.sys
0xF7880000 symc8xx.sys
0xF7888000 sym_hi.sys
0xF7890000 sym_u3.sys
0xF7898000 ABP480N5.SYS
0xF78A0000 asc3350p.sys
0xF7AE0000 cd20xrnt.sys
0xF7640000 ultra.sys
0xF7302000 adpu160m.sys
0xF78A8000 dpti2o.sys
0xF7650000 ql1080.sys
0xF7660000 ql1280.sys
0xF7670000 ql12160.sys
0xF78B0000 perc2.sys
0xF7AE2000 perc2hib.sys
0xF78B8000 hpn.sys
0xF7A00000 cbidf2k.sys
0xF72D6000 dac2w2k.sys
0xF7680000 disk.sys
0xF7690000 \windows\system32\DRIVERS\CLASSPNP.SYS
0xF72B6000 fltmgr.sys
0xF72A4000 sr.sys
0xF76A0000 PxHelp20.sys
0xF728D000 KSecDD.sys
0xF727A000 WudfPf.sys
0xF71ED000 Ntfs.sys
0xF71C0000 NDIS.sys
0xF76B0000 viaagp.sys
0xF76C0000 uagp35.sys
0xF76D0000 ohci1394.sys
0xF76E0000 \windows\system32\DRIVERS\1394BUS.SYS
0xF71A6000 Mup.sys
0xF70E6000 IASTOR.SYS
0xF76F0000 alim1541.sys
0xF7700000 amdagp.sys
0xF7710000 agpCPQ.sys
0xF7740000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF70D6000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5FEA000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF5FD6000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5FAE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF5EA2000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF5E7F000 \SystemRoot\system32\DRIVERS\ks.sys
0xF79D0000 \SystemRoot\System32\Drivers\Modem.SYS
0xF70C6000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF70B6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF70A6000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7012000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF79D8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5E5B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF78D0000 \SystemRoot\system32\DRIVERS\fetnd5.sys
0xF5DF6000 \SystemRoot\System32\Drivers\aws6a7u5.SYS
0xF7948000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7096000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7A90000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF5DE2000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7086000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7950000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7958000 \SystemRoot\system32\DRIVERS\afw.sys
0xF5DA4000 \SystemRoot\system32\drivers\afwcore.sys
0xF7960000 \SystemRoot\system32\drivers\TDI.SYS
0xF5C6E000 \SystemRoot\system32\DRIVERS\CAMTHWDM.sys
0xF7076000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF7BE7000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7066000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7AA0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5A3B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7056000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7046000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF5A2A000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6A9E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7970000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7978000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF59AA000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF6A8E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7980000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B26000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF594C000 \SystemRoot\system32\DRIVERS\update.sys
0xF6409000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6A7E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAE7E4000 \SystemRoot\system32\drivers\AtiHdmi.sys
0xAE7C0000 \SystemRoot\system32\drivers\portcls.sys
0xF6A4E000 \SystemRoot\system32\drivers\drmk.sys
0xF6A2E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B2C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF6A1E000 \SystemRoot\system32\drivers\libusb0.sys
0xAE6D7000 \SystemRoot\system32\drivers\viahduaa.sys
0xF7AC4000 \SystemRoot\System32\DRIVERS\cmderd.sys
0xF7AC8000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xAE676000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xF7750000 \SystemRoot\system32\DRIVERS\CFRMD.sys
0xF7990000 \SystemRoot\system32\DRIVERS\CFRPD.sys
0xF7C95000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7C97000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF7B38000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C98000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B3A000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79A0000 \SystemRoot\System32\drivers\vga.sys
0xF7B3C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B3E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79A8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79B0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7006000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAE643000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAE5EA000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAE5C4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAE59C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7760000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF6FEA000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xAE552000 \SystemRoot\System32\drivers\afd.sys
0xF7770000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF7780000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAE4A7000 \??\C:\windows\system32\drivers\SandBox.sys
0xF6FE6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7790000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF79B8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF79C0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF6FE2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAE428000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAE318000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7BCF000 \SystemRoot\System32\Drivers\hwinterface.sys
0xF77C0000 \SystemRoot\System32\Drivers\Fips.SYS
0xAE398000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xADBF9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B62000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAE57C000 \SystemRoot\System32\drivers\Dxapi.sys
0xAE2DB000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C5F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF058000 \SystemRoot\System32\ati2cqag.dll
0xBF0D3000 \SystemRoot\System32\atikvmag.dll
0xBF141000 \SystemRoot\System32\atiok3x2.dll
0xBF16E000 \SystemRoot\System32\ati3duag.dll
0xBF469000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAB930000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAB77B000 \SystemRoot\system32\drivers\wdmaud.sys
0xAB858000 \SystemRoot\system32\drivers\sysaudio.sys
0xAB43E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAE091000 \SystemRoot\System32\drivers\aspi32.sys
0xAB155000 \SystemRoot\System32\Drivers\HTTP.sys
0xAADDD000 \SystemRoot\system32\DRIVERS\srv.sys
0xADFD9000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xF7940000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xAAA4A000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xAA7EF000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 43):
0 System Idle Process
4 System
1160 C:\WINDOWS\system32\smss.exe
1288 csrss.exe
1356 C:\WINDOWS\system32\winlogon.exe
1400 C:\WINDOWS\system32\services.exe
1424 C:\WINDOWS\system32\lsass.exe
1600 C:\WINDOWS\system32\ati2evxx.exe
1620 C:\WINDOWS\system32\svchost.exe
1724 svchost.exe
1868 C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
1908 C:\WINDOWS\system32\svchost.exe
2028 C:\WINDOWS\system32\svchost.exe
152 C:\WINDOWS\system32\ati2evxx.exe
340 svchost.exe
524 svchost.exe
748 C:\WINDOWS\system32\spoolsv.exe
1256 C:\WINDOWS\explorer.exe
1812 svchost.exe
1844 acs.exe
204 C:\Program Files\Bonjour\mDNSResponder.exe
468 C:\Program Files\Comodo\COMODO System-Cleaner\Cleaner_Validator.exe
556 C:\WINDOWS\ehome\ehrecvr.exe
720 op_mon.exe
944 C:\WINDOWS\ehome\ehSched.exe
1020 C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
1188 C:\WINDOWS\system32\ctfmon.exe
1784 C:\Program Files\Windows Media Player\wmpnscfg.exe
2008 C:\Program Files\SpywareGuard\sgmain.exe
1664 C:\Program Files\Java\jre6\bin\jqs.exe
2064 C:\Program Files\SpywareGuard\sgbhp.exe
2516 C:\WINDOWS\system32\libusbd-nt.exe
3008 C:\WINDOWS\ehome\RMSvc.exe
3176 svchost.exe
3240 C:\WINDOWS\system32\svchost.exe
3436 McrdSvc.exe
4052 C:\WINDOWS\system32\dllhost.exe
2344 alg.exe
3080 C:\WINDOWS\system32\svchost.exe
1660 C:\Program Files\Internet Explorer\iexplore.exe
3124 C:\Program Files\Internet Explorer\iexplore.exe
2868 C:\Program Files\Internet Explorer\iexplore.exe
3668 C:\Documents and Settings\shaun wade\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`55b6f200 (NTFS)

PhysicalDrive0 Model Number: ST3320820AS, Rev: 3.AAC

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

Run it in normal mode and dident get that message "h/iexplore.exe windows cannot access the specified device, path, and file" when it reached stage 50 and started to delete files and folders, i started getting these messages...

The system cannot execute the specified program and not enough storage is available to process this command. Also i dident get a report?

Cheers,

 

would it be ok in the morning...Got to get some sleep ready for work.

 

Good morning to you Broni.

Managed to run it in Safe Mode and below are the results...

I have noticed that the CPU is running quite high 50-100% with iexplore.exe and explore.exe being highest? I have just checked the CPU when nothing is open and it's the same jumping around from 50-100%.

Got to go to work now Arghhhh, i check in later.

ComboFix 10-12-18.02 - xxxx xxxx 20/12/2010 5:29.3.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.763 [GMT 0:00]
Running from: c:\documents and settings\xxxx xxxx\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: Outpost Firewall *Enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-11-20 to 2010-12-20 )))))))))))))))))))))))))))))))
.

2010-12-19 19:58 . 2010-12-19 19:58 -------- d-----w- C:\VritualRoot
2010-12-19 07:37 . 2010-12-19 07:37 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-12 14:28 . 2010-12-20 05:21 91533 ----a-w- c:\windows\cscmondump.bin
2010-12-12 06:17 . 2010-12-12 06:17 2204 -c--a-w- c:\windows\crpf.bin
2010-12-12 06:17 . 2010-12-12 06:17 1552 -c--a-w- c:\windows\crpf_sdum.bin
2010-12-10 07:34 . 2010-12-10 16:03 -------- d-----w- c:\documents and settings\shaun wade\Application Data\Skype
2010-12-09 12:15 . 2010-12-09 12:15 33232 ----a-w- c:\windows\system32\drivers\CFRPD.sys
2010-12-09 12:14 . 2010-12-09 12:14 66584 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2010-12-08 07:42 . 2010-12-08 08:34 -------- d-----w- c:\program files\Codemasters
2010-12-07 23:45 . 2010-12-07 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-12-07 23:45 . 2010-12-07 23:45 -------- d-----w- c:\program files\AIM
2010-12-07 23:45 . 2010-12-07 23:45 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-12-05 01:58 . 2010-12-11 23:02 -------- d-----r- c:\program files\Skype
2010-12-05 01:58 . 2010-12-05 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-11-30 23:55 . 2008-04-15 15:17 295424 -c----w- c:\windows\system32\dllcache\termsrv.dll
2010-11-29 06:20 . 2010-11-29 06:20 -------- d-----w- c:\program files\Common Files\Java
2010-11-29 06:19 . 2010-11-29 06:19 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2010-11-29 06:19 . 2010-11-29 06:19 -------- d-----w- c:\program files\Java
2010-11-22 17:34 . 2009-09-04 17:44 515416 -c--a-w- c:\windows\system32\XAudio2_5.dll
2010-11-22 17:34 . 2009-09-04 17:44 238936 -c--a-w- c:\windows\system32\xactengine3_5.dll
2010-11-22 17:34 . 2009-09-04 17:29 1974616 -c--a-w- c:\windows\system32\D3DCompiler_42.dll
2010-11-22 17:34 . 2009-09-04 17:29 5501792 -c--a-w- c:\windows\system32\d3dcsx_42.dll
2010-11-22 17:34 . 2009-09-04 17:29 453456 -c--a-w- c:\windows\system32\d3dx10_42.dll
2010-11-22 17:34 . 2009-09-04 17:29 235344 -c--a-w- c:\windows\system32\d3dx11_42.dll
2010-11-22 17:34 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 17:42 . 2008-07-19 13:27 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 17:42 . 2008-05-08 02:33 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 06:19 . 2010-07-17 06:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-02 00:20 . 2009-08-15 00:54 235248 -c--a-w- c:\windows\system32\PnkBstrB.xtr
2010-09-24 21:05 . 2010-09-24 21:05 86528 -c--a-w- c:\windows\bnetunin.exe
2010-09-24 21:05 . 2010-09-24 21:05 61440 -c--a-w- c:\windows\diabunin.exe
2010-04-17 16:58 . 2010-04-17 16:58 444 -c--a-w- c:\program files\04201017583831.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix "= "c:\combofix\CF19063.cfxxe" [X]
"OutpostMonitor "= "c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"COMODO Internet Security "= "c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]

c:\documents and settings\xxxx xxxx u\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer "=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"ctfmon.exe "=c:\windows\system32\ctfmon.exe
"WMPNSCFG "=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
"PDVD8LanguageShortcut "= "c:\program files\CyberLink\PowerDVD8\Language\Language.exe "
"RemoteControl8 "= "c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\Kontiki\\KService.exe "=
"c:\\Program Files\\XBC\\neXBC.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe "=
"c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe "=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe "=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\AIM\\aim.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56490:TCP "= 56490:TCPando Media Booster
"56490:UDP "= 56490:UDPando Media Booster
"1434:TCP "= 1434:TCP:Akamai NetSession Interface
"5000:UDP "= 5000:UDP:Akamai NetSession Interface
"3776:UDP "= 3776:UDP:Media Center Extender Service
"3390:TCP "= 3390:TCP:Remote Media Center Experience

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/07/2008 00:38 717296]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [09/12/2010 12:14 66584]
R1 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [09/12/2010 12:15 33232]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [10/09/2010 23:40 15592]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/09/2010 23:40 239240]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [30/11/2009 19:32 704384]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [17/06/2009 21:51 941784]
R2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\Comodo\COMODO System-Cleaner\Cleaner_Validator.exe [09/12/2010 12:08 305600]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [30/11/2009 19:30 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [30/11/2009 19:31 257432]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [22/01/2008 22:04 33792]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [30/11/2009 19:30 1195008]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/05/2010 03:55 136176]
S3 aaudstum;aaudstum;\??\c:\docume~1\SHAUNW~1\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\SHAUNW~1\LOCALS~1\Temp\aaudstum.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\6.tmp --> c:\windows\system32\6.tmp [?]
S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\qscnusb.sys [09/04/2010 17:57 103552]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
S3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\drivers\V0090Vid.sys [28/01/2007 04:29 138112]
S3 XDva226;XDva226;\??\c:\windows\system32\XDva226.sys --> c:\windows\system32\XDva226.sys [?]
S4 BGEEJA;BGEEJA;c:\docume~1\SHAUNW~1\LOCALS~1\Temp\BGEEJA.exe --> c:\docume~1\SHAUNW~1\LOCALS~1\Temp\BGEEJA.exe [?]
S4 SC;SC;c:\docume~1\XXXXXS~1\Temp\SC.exe --> c:\docume~1\XXXXXCALS~1\Temp\SC.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder

2010-12-18 c:\windows\Tasks\COMODO Updater.job
- c:\program files\COMODO\COMODO System-Cleaner\Updater.exe [2010-12-09 12:08]

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 03:55]

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 03:55]

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987269382-2677141407-1074731499-1007Core.job
- c:\documents and settings\kieran wade\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-30 08:17]

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987269382-2677141407-1074731499-1007UA.job
- c:\documents and settings\xxxxx xxxxtings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-30 08:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\xxxx xxxxion Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\documents and settings\xxxx xxxxion Data\Mozilla\Firefox\Profiles\xibohe18.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GBfficial
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-Comodo Firewall - c:\program files\Comodo\Firewall\CPF.exe
MSConfigStartUp-CTFMON - (no file)
AddRemove-BFG-Puppy Luv - c:\program files\Puppy Luv\Uninstall.exe
AddRemove-Comanche Gold - c:\program files\NovaLogic\Comanche Gold\Uninst.isu
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-20 05:48
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath "= "\??\c:\windows\system32\6.tmp "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
"ImagePath "= "\??\c:\windows\system32\Drivers\PsSdk30.drv "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1987269382-2677141407-1074731499-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1987269382-2677141407-1074731499-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?? "=hex:c5,fa,ca,e0,40,6f,f7,3d,98,65,63,73,7d,3d,59,da,c0,5a,c4,46,e7,bd,36,
7d,96,91,04,e7,9d,b5,c7,e6,8e,ee,ea,f3,75,03,8b,bc,00,92,54,e4,ae,8f,17,f0,\
"?? "=hex:77,41,a4,25,d7,8e,b1,5d,4e,11,b4,f7,db,9b,c4,f9

[HKEY_USERS\S-1-5-21-1987269382-2677141407-1074731499-1006\Software\SecuROM\License information*]
"datasecu "=hex:bc,de,28,ed,8f,36,49,09,8f,e9,98,e2,f4,57,38,c3,47,6b,62,90,e3,
8e,ae,a8,3f,e4,ce,fa,94,20,98,b6,49,00,4a,f0,9f,7f,1a,22,d1,d6,65,21,45,00,\
"rkeysecu "=hex:6c,33,7b,3b,e2,25,e6,76,ff,a4,29,b1,81,c5,11,57

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61E02159-A14A-FC32-018FB6A6B5E128FA}\{BE08726F-5794-26E4-FF65539D238093C7}\{FD6EFD08-28CD-2519-DC89D4AD1DA3D3A5}*]
"O2CT5QFVF1HWGZGS36NG52TBRG1 "=hex:01,00,01,00,00,00,00,00,c9,e6,15,9c,9d,78,76,
aa,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1308)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1384)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(3772)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\libusbd-nt.exe
c:\windows\ehome\RMSvc.exe
c:\windows\ehome\McrdSvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2010-12-20 05:54:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-20 05:54

Pre-Run: 151,019,163,648 bytes free
Post-Run: 149,780,078,592 bytes free

- - End Of File - - 4034D454348DF368601A5B6A076D7C5F


Cheers.

 

Hi Broni.

I think i have sussed it out. Its the Cleaner_validator thats causing the CPU spikes, it belongs to Comodo System Cleaner. I have not taken any action yet until you get back to me and let me know the next stage.

Cheers,

Sean.

 

Good morning Broni.

I used to use the Free Comodo FireWall a good while back now but uninstalled it? As far as i know i only use Comodo Free AV and the Comodo Cleaner?

Thanks,

Sean.

from Combofix log...

ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-Comodo Firewall - c:\program files\Comodo\Firewall\CPF.exeMSConfigStartUp-CTFMON - (no file)
AddRemove-BFG-Puppy Luv - c:\program files\Puppy Luv\Uninstall.exe
AddRemove-Comanche Gold - c:\program files\NovaLogic\Comanche Gold\Uninst.isu
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe

 

Outpost Firewall 2009 is my Firewall of choice and windows firewall is turned off. Would it be ok to uninstall Comodo Cleaner to stop the Cleaner_Validator.exe running my CPU hot?

Cheers,

 

I'm ready to go, but just one quick question...Can i still use the Combofix i downloaded yesterday to my desktop to drag and drop or do i need a fresh download?

Many thanks.