Need help Big Time

[tm24ns58]

I can not log on normally. I am in safe mode now with networking. I have run a hijack this log and it shows 4 nasty. Here is my log. Please someone help me.

Logfile of HijackThis v1.99.1

Scan saved at 12:28:10 PM, on 9/16/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSExplorer.EXE

C:Program FilesInternet Exploreriexplore.exe

C:Documents and SettingsJust MeLocal SettingsTempHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=192.168.0.1:87

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = 127.0.0.1;www.DirecWaysupport.com;192.168.0.*

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: DiABLO - {487CA274-DDC9-45CA-BF51-2017CE8D6D8A} - C:Program FilesComodoi-Vaulti-Vault.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll

O3 - Toolbar: &FirstStop WebSearch - {E26FDEC1-053B-11D6-B969-CEEBA9E95046} - C:PROGRA~1BRUSHG~1FSWEBS~1ieband3.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:Program FilesNetZeroToolbar.dll

O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"

O4 - HKLM..Run: [sunKistEM] C:Program FilesDigital Media Readershwiconem.exe

O4 - HKLM..Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM..Run: [EPSON Stylus C62 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"

O4 - HKLM..Run: [share-to-Web Namespace Daemon] C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe

O4 - HKLM..Run: [DPAgnt] C:Program FilesDigitalPersonaBinDPAgnt.exe

O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe

O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe

O4 - HKLM..Run: [Comodo Launch Pad Tray] "C:Program FilesComodoLaunchPadCLPTray.exe"

O4 - HKLM..Run: [cnfgCav] "C:Program FilesComodoComodo AntiVirusCMain.exe"  " /login"

O4 - HKLM..Run: [Comodo Firewall] "C:Program FilesComodoFirewallCPF.exe" /background

O4 - HKLM..Run: [PC Pitstop Optimize Scheduler] C:Program FilesPCPitstopOptimizePCPOptimize.exe -boot

O4 - HKCU..Run: [EPSON Stylus C62 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_S0BIC1.EXE /A "C:WINDOWSsystem32E_SD.tmp"

O4 - HKCU..RunOnce: [CleanUp!] C:Program FilesCleanUp!Cleanup.exe /WindowsRestart

O4 - Startup: Desktop Alert.lnk = C:Program FilesDesktop Alertdesktopalert_1984197.exe

O4 - Startup: Trend Micro Anti-Spyware.lnk = C:Program FilesTrend MicroTmasTmas.exe

O4 - Startup: Trillian.lnk = C:Program FilesTrilliantrillian.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:Program FilesHewlett-PackardAiOhp officejet v seriesBinhpoant07.exe

O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:Program FilesTrend MicroTmasTmas.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSsystem32msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSsystem32msjava.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSsystem32shdocvw.dll

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSsystem32shdocvw.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32cavemlsp.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32cavemlsp.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32cavemlsp.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32cavemlsp.dll

O16 - DPF: PCPitstop-Tracks-Checker - http://www.pcpitstop.com/privacy/PCPTracks.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwda.ops.placeware.com/etc/place/DESK/VADpws-a3s/5.1.8.511/lib/quicksilver.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:Program FilesComodoFirewallcmdagent.exe

O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:Program FilesComodocommonCAVASpycavasm.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:Program FilesExecutive SoftwareDiskeeperDkService.exe

O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:Program FilesDigitalPersonaBinDPFUSMgr.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:Program FilesDigitalPersonaBinDpHost.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - (no file)

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:Program FilesTuneUp Utilities 2004WinStylerThemeSvc.exe

I have run spybot and it finds nothing. Comodo antivirus finds nothing either. When I try to log in normally I get a error message. C:Windowssystem32lsass.exe  -1073741819. It says that is is going to shut down and does. When I enter my password before it shuts down it say it is wrong. However I enter the same on in safe mode and it works.

[dlewis23]

try ewido, http://www.ewido.net/en/

[tm24ns58]

Ewido running I will post back with results. Thanks.

[tm24ns58]

Ewido scan finished. No problems found.

[Voltageman]

If you have your XP disk handy, you can check the system files, to make sure none have been altered..

-Put the XP disk in

-Goto run and type: sfc /scannow

Also never hurts to run a chkdsk /f

If you then can get on line, you should check windows update afterwards, as it may replace certain files if they are found to be altered.

[tm24ns58]

I do not have a xp disk. I did run sfc /scannow. Nothing showed after the black screen. chkdsk /f says something is in use and will run when windows restarts. I am going to restart now. Windows update will not check for updates.

[tm24ns58]

Well it appears that the chkdsk /f worked. I am up and running normally. Thanks to all that have helped. You guys have saved me once again.

[tm24ns58]

Ok guys, even though I am up an running as far as being able to log in normally, I still have these 4 entries in my hijack this log. As suggested I have spybot to try and fix the problems. Spybot finds nothing. I have also tries LSPFix from Cexx.org. It says no problems. How do I get rid of this mess?

[cholla]

tm24ns58 ;Did a search on cavemlsp.dll & came up with this.The problem seems to be with COMODO software & maybe the way windows installer installs it.Hope this helps.Let us know if it does.

http://forums.comodo.com/index.php/topic,873.0.html

http://forums.comodo.com/index.php?PHPSESSID=29ecd7aae33ad48e8733f7103c5e712f&/topic,887.0.html

[tm24ns58]

Cholla, thanks for the research. I am going to un-install the antivirus. Damn them! Then again I guess most companies have their issues with programs causing problems.