Hi,
Every morning my PC start, in the middle of the starting process, it crashes and reboot. This may be from 2 to 5 times until Windows is able to complete starting, then my PC may be ON the whole day without any problems. Only sometimes it crashes during the day.
If the PC is OFF for a couple of hours and I start it in the afternoon, the same trouble.
I am having this problems for several months by now and I do not know how to solve it.
I was in Avast forum, some malware was found, cleaned but the problem is there, am I having some nasty virus?
In the PC I have Avast as antivirus and Comodo as Firewall.
Sunday, 5 August. This morning I had the following events when the PC started:
Error Source: DCOM ID 10005 Quantity: 8 times
It then triggered two IDs, 7024 and 7022 and PC crashed and restarted
A minute or two later again,
Error Source: DCOM ID 10005 Quantity: 1 times
It then triggered two IDs, 7009 and 7000 and PC crashed and restarted
A minute or two later again,
Error Source: DCOM ID 10005 Quantity: 1 times
It then triggered two IDs, 7009 and 7000 and PC crashed and restarted
The error messages I have are:
ID 10005
[FONT=MS Shell Dlg]DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service hpqcxs08 with arguments "" in order to run the server:[/FONT]
[FONT=MS Shell Dlg]{1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}[/FONT]
ID 7024
[FONT=MS Shell Dlg]The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).[/FONT]
ID 7022
[FONT=MS Shell Dlg]The Web Deployment Agent Service service hung on starting.[/FONT]
ID 7009
[FONT=MS Shell Dlg]Timeout (30000 milliseconds) waiting for the Windows Search service to connect.[/FONT]
ID 7000
[FONT=MS Shell Dlg]The Windows Search service failed to start due to the following error: [/FONT]
[FONT=MS Shell Dlg]The service did not respond to the start or control request in a timely fashion. [/FONT]
[FONT=MS Shell Dlg] [/FONT]
Monday 6th August. This morning I had the following events when the PC started:
Error Source: DCOM ID 10005 Quantity: 8 times
It then triggered a Warning ID 4226 and two IDs, 7009 and 7000; PC crashed and restarted
Warning 4226
[FONT=MS Shell Dlg]TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.[/FONT]
On the next reboot, there were 8 errors ID 10005, the PC crashed.
On the next reboot, there were 8 errors ID 10005, that triggered an ID 7022 and the PC crashed.
The PC restarted, there was one warning 4226, but this time continuo to work.
The same warning 4226 occurred 19 minutes later.
Can anybody please, help me to find the cause of this problem and delete/clean whatever is in my system?
The forum requested information follows:
Step 1 I am using Avast as Antivirus and Comodo Firewall
I scanned all system and also at boot time several times by now the system is clean. Do you still want me to run a scan?
Step 2 MalwareBytes scan:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.05.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Carlos :: CARLOS-94CD21FB [administrator]
6/08/2012 6:29:29 AM
mbam-log-2012-08-06 (06-29-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221644
Time elapsed: 3 minute(s), 45 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Step 3
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-06 07:05:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDS721010CLA332 rev.JP4OA3MA
Running: 6cm2wx2v.exe; Driver: F:\DOCUME~1\Carlos\LOCALS~1\Temp\uwnyifog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA7D76162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA7D75FCD]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA7E1E744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
Step 4 DDS
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Carlos at 7:11:25 on 2012-08-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3503.2655 [GMT 10:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
F:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
F:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\igfxtray.exe
F:\WINDOWS\system32\hkcmd.exe
F:\WINDOWS\system32\igfxpers.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
F:\Program Files\PowerISO\PWRISOVM.EXE
F:\Program Files\DivX\DivX Update\DivXUpdate.exe
F:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
F:\Program Files\COMODO\COMODO Internet Security\cfp.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
F:\Program Files\Common Files\Java\Java Update\jusched.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\AVAST Software\Avast\avastUI.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
svchost.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\AVAST Software\Avast\AvastSvc.exe
F:\WINDOWS\system32\bgsvcgen.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
F:\Program Files\Windows Desktop Search\WindowsSearch.exe
F:\Program Files\Common Files\LightScribe\LSSrvc.exe
F:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
F:\WINDOWS\System32\svchost.exe -k HPZ12
F:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
F:\WINDOWS\System32\svchost.exe -k HPZ12
f:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
F:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
F:\WINDOWS\system32\SearchIndexer.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\System32\svchost.exe -k HTTPFilter
F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
F:\Program Files\Common Files\Corel\Standby\Standby.exe
F:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - f:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - f:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - f:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - f:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - f:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - f:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - f:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - f:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - f:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - f:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - f:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - f:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - f:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - f:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [CTFMON.EXE] f:\windows\system32\ctfmon.exe
uRun: [Google Update] "f:\documents and settings\carlos\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] f:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "f:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [LightScribe Control Panel] f:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Xvid] f:\program files\xvid\CheckUpdate.exe
uRun: [MSMSGS] "f:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "f:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] f:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] f:\windows\system32\hkcmd.exe
mRun: [Persistence] f:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [GrooveMonitor] "f:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Standby] "f:\program files\common files\corel\standby\Standby.exe" -START
mRun: [NeroFilterCheck] f:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [PWRISOVM.EXE] f:\program files\poweriso\PWRISOVM.EXE
mRun: [APSDaemon] "f:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "f:\program files\quicktime\qttask.exe" -atboottime
mRun: [DivXUpdate] "f:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [COMODO] f:\program files\comodo\comodo geekbuddy\CLPSLA.exe
mRun: [CPA] f:\program files\comodo\comodo geekbuddy\VALA.exe
mRun: [COMODO Internet Security] "f:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "f:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "f:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "f:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "f:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] f:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avast] "f:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] f:\windows\system32\CTFMON.EXE
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - f:\program files\common files\autodesk shared\acstart17.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - f:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - f:\program files\windows desktop search\WindowsSearch.exe
IE: Append Link Target to Existing PDF - f:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - f:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - f:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - f:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - f:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - f:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {D5AD327A-A089-4F04-89FD-4EA9812B3913} - {D5AD327A-A089-4F04-89FD-4EA9812B3913}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - f:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{CEB340C0-A049-4B76-A2A3-2CB61CE4A32A} : NameServer = 203.134.64.66,203.134.65.66
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - f:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - f:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - f:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: f:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - f:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - f:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "f:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;f:\windows\system32\drivers\AppleCharger.sys [2011-6-6 18544]
R1 aswSnx;aswSnx;f:\windows\system32\drivers\aswSnx.sys [2012-7-27 721000]
R1 aswSP;aswSP;f:\windows\system32\drivers\aswSP.sys [2012-7-27 353688]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;f:\windows\system32\drivers\cmdGuard.sys [2012-1-17 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;f:\windows\system32\drivers\cmdhlp.sys [2011-12-19 31704]
R2 aswFsBlk;aswFsBlk;f:\windows\system32\drivers\aswFsBlk.sys [2012-7-27 21256]
R2 avast! Antivirus;avast! Antivirus;f:\program files\avast software\avast\AvastSvc.exe [2012-7-27 44808]
R2 CLPSLS;COMODO livePCsupport Service;f:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-11-23 1052472]
R2 cmdAgent;COMODO Internet Security Helper Service;f:\program files\comodo\comodo internet security\cmdagent.exe [2011-12-19 1983232]
R2 MsDepSvc;Web Deployment Agent Service;f:\program files\iis\microsoft web deploy\MsDepSvc.exe [2011-4-1 67400]
R2 Skype C2C Service;Skype C2C Service;f:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]
R2 UNS;Intel(R) Management and Security Application User Notification Service;f:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-6-6 2655768]
R3 MEI;Intel(R) Management Engine Interface;f:\windows\system32\drivers\HECI.sys [2011-6-6 41088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);f:\program files\google\update\GoogleUpdate.exe [2012-6-24 136176]
S2 SkypeUpdate;Skype Updater;f:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 Ambfilt;Ambfilt;f:\windows\system32\drivers\Ambfilt.sys [2011-6-6 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 gupdatem;Google Update Service (gupdatem);f:\program files\google\update\GoogleUpdate.exe [2012-6-24 136176]
S3 INIDVD;Initio USB DVD Filter Driver;f:\windows\system32\drivers\inidvd.sys [2011-12-8 7936]
S3 MFE_RR;MFE_RR;\??\f:\docume~1\carlos\locals~1\temp\mfe_rr.sys --> f:\docume~1\carlos\locals~1\temp\mfe_rr.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;f:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-07-27 05:10:08 721000 ----a-w- f:\windows\system32\drivers\aswSnx.sys
2012-07-27 05:09:37 -------- d-----w- f:\program files\AVAST Software
2012-07-27 05:09:37 -------- d-----w- f:\documents and settings\all users\application data\AVAST Software
2012-07-24 22:14:06 -------- d-----w- f:\program files\common files\HP
2012-07-24 22:12:42 49920 ----a-w- f:\windows\system32\drivers\HPZid412.sys
2012-07-24 22:12:42 16496 ----a-w- f:\windows\system32\drivers\HPZipr12.sys
2012-07-24 22:12:41 271704 ----a-w- f:\windows\system32\hpzids01.dll
2012-07-24 22:12:40 294912 ----a-w- f:\windows\system32\hpovst11.dll
2012-07-24 22:12:39 729088 ----a-w- f:\windows\system32\hpwwiax4.dll
2012-07-24 22:12:39 593920 ----a-w- f:\windows\system32\hpwtscl3.dll
2012-07-24 22:12:39 364544 ----a-w- f:\windows\system32\hppldcoi.dll
2012-07-24 22:12:39 309760 ----a-w- f:\windows\system32\difxapi.dll
2012-07-23 10:16:34 -------- d-----w- F:\JOBS - Resume July 2010
2012-07-15 12:04:21 -------- d-----w- f:\windows\system32\NtmsData
2012-07-14 11:12:22 -------- d-----w- F:\HP J4580 Driver July 2012
2012-07-13 09:47:01 -------- d-----w- f:\windows\pss
2012-07-10 03:10:52 -------- d-----w- F:\R&K Engineering Consultancy from July 2012
.
==================== Find3M ====================
.
2012-08-05 05:30:04 5642 --sha-w- f:\documents and settings\all users\application data\KGyGaAvL.sys
2012-07-31 04:24:42 70344 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-31 04:24:42 426184 ----a-w- f:\windows\system32\FlashPlayerApp.exe
2012-07-03 16:21:32 41224 ----a-w- f:\windows\avastSS.scr
2012-07-03 03:46:44 22344 ----a-w- f:\windows\system32\drivers\mbam.sys
2012-07-01 03:25:53 558133 ----a-w- f:\windows\system32\sqlite3.dll
2012-06-23 05:30:27 14664 ----a-w- f:\windows\stinger.sys
2012-06-23 05:24:57 159608 ----a-w- f:\windows\system32\mfevtps.exe.12b5.deleteme
2012-06-23 05:24:26 159608 ----a-w- f:\windows\system32\mfevtps.exe.d6c2.deleteme
2012-06-23 05:14:14 159608 ----a-w- f:\windows\system32\mfevtps.exe.8d20.deleteme
2012-06-13 13:19:59 1866112 ----a-w- f:\windows\system32\win32k.sys
2012-06-12 22:57:26 8 --sh--r- f:\documents and settings\all users\application data\B5D132743D.sys
2012-06-05 15:50:25 1372672 ----a-w- f:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- f:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- f:\windows\system32\schannel.dll
2012-06-02 05:19:44 22040 ----a-w- f:\windows\system32\wucltui.dll.mui
2012-06-02 05:19:38 219160 ----a-w- f:\windows\system32\wuaucpl.cpl
2012-06-02 05:19:38 15384 ----a-w- f:\windows\system32\wuaucpl.cpl.mui
2012-06-02 05:19:34 15384 ----a-w- f:\windows\system32\wuapi.dll.mui
2012-06-02 05:19:30 17944 ----a-w- f:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- f:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- f:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- f:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- f:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- f:\windows\system32\html.iec
.
============= FINISH: 7:12:55.40 ===============
The DDS report is above, but in the TECHSPOT GET VIRUS PC INFORMATION is mentioned “[FONT=Arial]Include the contents of both logs (OTL.txt and Extras.txt) in your new topic.[/FONT]”
Where are these logs? Am I missing something?
Thanks to anyone helping me with this problem.
Every morning my PC start, in the middle of the starting process, it crashes and reboot. This may be from 2 to 5 times until Windows is able to complete starting, then my PC may be ON the whole day without any problems. Only sometimes it crashes during the day.
If the PC is OFF for a couple of hours and I start it in the afternoon, the same trouble.
I am having this problems for several months by now and I do not know how to solve it.
I was in Avast forum, some malware was found, cleaned but the problem is there, am I having some nasty virus?
In the PC I have Avast as antivirus and Comodo as Firewall.
Sunday, 5 August. This morning I had the following events when the PC started:
Error Source: DCOM ID 10005 Quantity: 8 times
It then triggered two IDs, 7024 and 7022 and PC crashed and restarted
A minute or two later again,
Error Source: DCOM ID 10005 Quantity: 1 times
It then triggered two IDs, 7009 and 7000 and PC crashed and restarted
A minute or two later again,
Error Source: DCOM ID 10005 Quantity: 1 times
It then triggered two IDs, 7009 and 7000 and PC crashed and restarted
The error messages I have are:
ID 10005
[FONT=MS Shell Dlg]DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service hpqcxs08 with arguments "" in order to run the server:[/FONT]
[FONT=MS Shell Dlg]{1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}[/FONT]
ID 7024
[FONT=MS Shell Dlg]The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).[/FONT]
ID 7022
[FONT=MS Shell Dlg]The Web Deployment Agent Service service hung on starting.[/FONT]
ID 7009
[FONT=MS Shell Dlg]Timeout (30000 milliseconds) waiting for the Windows Search service to connect.[/FONT]
ID 7000
[FONT=MS Shell Dlg]The Windows Search service failed to start due to the following error: [/FONT]
[FONT=MS Shell Dlg]The service did not respond to the start or control request in a timely fashion. [/FONT]
[FONT=MS Shell Dlg] [/FONT]
Monday 6th August. This morning I had the following events when the PC started:
Error Source: DCOM ID 10005 Quantity: 8 times
It then triggered a Warning ID 4226 and two IDs, 7009 and 7000; PC crashed and restarted
Warning 4226
[FONT=MS Shell Dlg]TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.[/FONT]
On the next reboot, there were 8 errors ID 10005, the PC crashed.
On the next reboot, there were 8 errors ID 10005, that triggered an ID 7022 and the PC crashed.
The PC restarted, there was one warning 4226, but this time continuo to work.
The same warning 4226 occurred 19 minutes later.
Can anybody please, help me to find the cause of this problem and delete/clean whatever is in my system?
The forum requested information follows:
Step 1 I am using Avast as Antivirus and Comodo Firewall
I scanned all system and also at boot time several times by now the system is clean. Do you still want me to run a scan?
Step 2 MalwareBytes scan:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.05.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Carlos :: CARLOS-94CD21FB [administrator]
6/08/2012 6:29:29 AM
mbam-log-2012-08-06 (06-29-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221644
Time elapsed: 3 minute(s), 45 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Step 3
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-06 07:05:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDS721010CLA332 rev.JP4OA3MA
Running: 6cm2wx2v.exe; Driver: F:\DOCUME~1\Carlos\LOCALS~1\Temp\uwnyifog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA7D76162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA7D75FCD]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA7E1E744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
Step 4 DDS
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Carlos at 7:11:25 on 2012-08-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3503.2655 [GMT 10:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
F:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
F:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\igfxtray.exe
F:\WINDOWS\system32\hkcmd.exe
F:\WINDOWS\system32\igfxpers.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
F:\Program Files\PowerISO\PWRISOVM.EXE
F:\Program Files\DivX\DivX Update\DivXUpdate.exe
F:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
F:\Program Files\COMODO\COMODO Internet Security\cfp.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
F:\Program Files\Common Files\Java\Java Update\jusched.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\AVAST Software\Avast\avastUI.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
svchost.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\AVAST Software\Avast\AvastSvc.exe
F:\WINDOWS\system32\bgsvcgen.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
F:\Program Files\Windows Desktop Search\WindowsSearch.exe
F:\Program Files\Common Files\LightScribe\LSSrvc.exe
F:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
F:\WINDOWS\System32\svchost.exe -k HPZ12
F:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
F:\WINDOWS\System32\svchost.exe -k HPZ12
f:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
F:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
F:\WINDOWS\system32\SearchIndexer.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\System32\svchost.exe -k HTTPFilter
F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
F:\Program Files\Common Files\Corel\Standby\Standby.exe
F:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - f:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - f:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - f:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - f:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - f:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - f:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - f:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - f:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - f:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - f:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - f:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - f:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - f:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - f:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [CTFMON.EXE] f:\windows\system32\ctfmon.exe
uRun: [Google Update] "f:\documents and settings\carlos\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] f:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "f:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [LightScribe Control Panel] f:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Xvid] f:\program files\xvid\CheckUpdate.exe
uRun: [MSMSGS] "f:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "f:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] f:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] f:\windows\system32\hkcmd.exe
mRun: [Persistence] f:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [GrooveMonitor] "f:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Standby] "f:\program files\common files\corel\standby\Standby.exe" -START
mRun: [NeroFilterCheck] f:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [PWRISOVM.EXE] f:\program files\poweriso\PWRISOVM.EXE
mRun: [APSDaemon] "f:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "f:\program files\quicktime\qttask.exe" -atboottime
mRun: [DivXUpdate] "f:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [COMODO] f:\program files\comodo\comodo geekbuddy\CLPSLA.exe
mRun: [CPA] f:\program files\comodo\comodo geekbuddy\VALA.exe
mRun: [COMODO Internet Security] "f:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "f:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "f:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "f:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "f:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] f:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avast] "f:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] f:\windows\system32\CTFMON.EXE
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - f:\program files\common files\autodesk shared\acstart17.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - f:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - f:\program files\windows desktop search\WindowsSearch.exe
IE: Append Link Target to Existing PDF - f:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - f:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - f:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - f:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - f:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - f:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {D5AD327A-A089-4F04-89FD-4EA9812B3913} - {D5AD327A-A089-4F04-89FD-4EA9812B3913}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - f:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{CEB340C0-A049-4B76-A2A3-2CB61CE4A32A} : NameServer = 203.134.64.66,203.134.65.66
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - f:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - f:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - f:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: f:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - f:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - f:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "f:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;f:\windows\system32\drivers\AppleCharger.sys [2011-6-6 18544]
R1 aswSnx;aswSnx;f:\windows\system32\drivers\aswSnx.sys [2012-7-27 721000]
R1 aswSP;aswSP;f:\windows\system32\drivers\aswSP.sys [2012-7-27 353688]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;f:\windows\system32\drivers\cmdGuard.sys [2012-1-17 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;f:\windows\system32\drivers\cmdhlp.sys [2011-12-19 31704]
R2 aswFsBlk;aswFsBlk;f:\windows\system32\drivers\aswFsBlk.sys [2012-7-27 21256]
R2 avast! Antivirus;avast! Antivirus;f:\program files\avast software\avast\AvastSvc.exe [2012-7-27 44808]
R2 CLPSLS;COMODO livePCsupport Service;f:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-11-23 1052472]
R2 cmdAgent;COMODO Internet Security Helper Service;f:\program files\comodo\comodo internet security\cmdagent.exe [2011-12-19 1983232]
R2 MsDepSvc;Web Deployment Agent Service;f:\program files\iis\microsoft web deploy\MsDepSvc.exe [2011-4-1 67400]
R2 Skype C2C Service;Skype C2C Service;f:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]
R2 UNS;Intel(R) Management and Security Application User Notification Service;f:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-6-6 2655768]
R3 MEI;Intel(R) Management Engine Interface;f:\windows\system32\drivers\HECI.sys [2011-6-6 41088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);f:\program files\google\update\GoogleUpdate.exe [2012-6-24 136176]
S2 SkypeUpdate;Skype Updater;f:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 Ambfilt;Ambfilt;f:\windows\system32\drivers\Ambfilt.sys [2011-6-6 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 gupdatem;Google Update Service (gupdatem);f:\program files\google\update\GoogleUpdate.exe [2012-6-24 136176]
S3 INIDVD;Initio USB DVD Filter Driver;f:\windows\system32\drivers\inidvd.sys [2011-12-8 7936]
S3 MFE_RR;MFE_RR;\??\f:\docume~1\carlos\locals~1\temp\mfe_rr.sys --> f:\docume~1\carlos\locals~1\temp\mfe_rr.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;f:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-07-27 05:10:08 721000 ----a-w- f:\windows\system32\drivers\aswSnx.sys
2012-07-27 05:09:37 -------- d-----w- f:\program files\AVAST Software
2012-07-27 05:09:37 -------- d-----w- f:\documents and settings\all users\application data\AVAST Software
2012-07-24 22:14:06 -------- d-----w- f:\program files\common files\HP
2012-07-24 22:12:42 49920 ----a-w- f:\windows\system32\drivers\HPZid412.sys
2012-07-24 22:12:42 16496 ----a-w- f:\windows\system32\drivers\HPZipr12.sys
2012-07-24 22:12:41 271704 ----a-w- f:\windows\system32\hpzids01.dll
2012-07-24 22:12:40 294912 ----a-w- f:\windows\system32\hpovst11.dll
2012-07-24 22:12:39 729088 ----a-w- f:\windows\system32\hpwwiax4.dll
2012-07-24 22:12:39 593920 ----a-w- f:\windows\system32\hpwtscl3.dll
2012-07-24 22:12:39 364544 ----a-w- f:\windows\system32\hppldcoi.dll
2012-07-24 22:12:39 309760 ----a-w- f:\windows\system32\difxapi.dll
2012-07-23 10:16:34 -------- d-----w- F:\JOBS - Resume July 2010
2012-07-15 12:04:21 -------- d-----w- f:\windows\system32\NtmsData
2012-07-14 11:12:22 -------- d-----w- F:\HP J4580 Driver July 2012
2012-07-13 09:47:01 -------- d-----w- f:\windows\pss
2012-07-10 03:10:52 -------- d-----w- F:\R&K Engineering Consultancy from July 2012
.
==================== Find3M ====================
.
2012-08-05 05:30:04 5642 --sha-w- f:\documents and settings\all users\application data\KGyGaAvL.sys
2012-07-31 04:24:42 70344 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-31 04:24:42 426184 ----a-w- f:\windows\system32\FlashPlayerApp.exe
2012-07-03 16:21:32 41224 ----a-w- f:\windows\avastSS.scr
2012-07-03 03:46:44 22344 ----a-w- f:\windows\system32\drivers\mbam.sys
2012-07-01 03:25:53 558133 ----a-w- f:\windows\system32\sqlite3.dll
2012-06-23 05:30:27 14664 ----a-w- f:\windows\stinger.sys
2012-06-23 05:24:57 159608 ----a-w- f:\windows\system32\mfevtps.exe.12b5.deleteme
2012-06-23 05:24:26 159608 ----a-w- f:\windows\system32\mfevtps.exe.d6c2.deleteme
2012-06-23 05:14:14 159608 ----a-w- f:\windows\system32\mfevtps.exe.8d20.deleteme
2012-06-13 13:19:59 1866112 ----a-w- f:\windows\system32\win32k.sys
2012-06-12 22:57:26 8 --sh--r- f:\documents and settings\all users\application data\B5D132743D.sys
2012-06-05 15:50:25 1372672 ----a-w- f:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- f:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- f:\windows\system32\schannel.dll
2012-06-02 05:19:44 22040 ----a-w- f:\windows\system32\wucltui.dll.mui
2012-06-02 05:19:38 219160 ----a-w- f:\windows\system32\wuaucpl.cpl
2012-06-02 05:19:38 15384 ----a-w- f:\windows\system32\wuaucpl.cpl.mui
2012-06-02 05:19:34 15384 ----a-w- f:\windows\system32\wuapi.dll.mui
2012-06-02 05:19:30 17944 ----a-w- f:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- f:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- f:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- f:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- f:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- f:\windows\system32\html.iec
.
============= FINISH: 7:12:55.40 ===============
The DDS report is above, but in the TECHSPOT GET VIRUS PC INFORMATION is mentioned “[FONT=Arial]Include the contents of both logs (OTL.txt and Extras.txt) in your new topic.[/FONT]”
Where are these logs? Am I missing something?
Thanks to anyone helping me with this problem.