Jump to content
Sign in to follow this  
tm24ns58

Need help Big Time

Recommended Posts

I can not log on normally. I am in safe mode now with networking. I have run a hijack this log and it shows 4 nasty. Here is my log. Please someone help me.

Logfile of HijackThis v1.99.1

Scan saved at 12:28:10 PM, on 9/16/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSExplorer.EXE

C:Program FilesInternet Exploreriexplore.exe

C:Documents and SettingsJust MeLocal SettingsTempHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=192.168.0.1:87

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = 127.0.0.1;www.DirecWaysupport.com;192.168.0.*

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: DiABLO - {487CA274-DDC9-45CA-BF51-2017CE8D6D8A} - C:Program FilesComodoi-Vaulti-Vault.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll

O3 - Toolbar: &FirstStop WebSearch - {E26FDEC1-053B-11D6-B969-CEEBA9E95046} - C:PROGRA~1BRUSHG~1FSWEBS~1ieband3.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:Program FilesNetZeroToolbar.dll

O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"

O4 - HKLM..Run: [sunKistEM] C:Program FilesDigital Media Readershwiconem.exe

O4 - HKLM..Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM..Run: [EPSON Stylus C62 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"

O4 - HKLM..Run: [share-to-Web Namespace Daemon] C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe

O4 - HKLM..Run: [DPAgnt] C:Program FilesDigitalPersonaBinDPAgnt.exe

O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe

O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe

O4 - HKLM..Run: [Comodo Launch Pad Tray] "C:Program FilesComodoLaunchPadCLPTray.exe"

O4 - HKLM..Run: [cnfgCav] "C:Program FilesComodoComodo AntiVirusCMain.exe"  " /login"

O4 - HKLM..Run: [Comodo Firewall] "C:Program FilesComodoFirewallCPF.exe" /background

O4 - HKLM..Run: [PC Pitstop Optimize Scheduler] C:Program FilesPCPitstopOptimizePCPOptimize.exe -boot

O4 - HKCU..Run: [EPSON Stylus C62 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_S0BIC1.EXE /A "C:WINDOWSsystem32E_SD.tmp"

O4 - HKCU..RunOnce: [CleanUp!] C:Program FilesCleanUp!Cleanup.exe /WindowsRestart

O4 - Startup: Desktop Alert.lnk = C:Program FilesDesktop Alertdesktopalert_1984197.exe

O4 - Startup: Trend Micro Anti-Spyware.lnk = C:Program FilesTrend MicroTmasTmas.exe

O4 - Startup: Trillian.lnk = C:Program FilesTrilliantrillian.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:Program FilesHewlett-PackardAiOhp officejet v seriesBinhpoant07.exe

O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:Program FilesTrend MicroTmasTmas.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSsystem32msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSsystem32msjava.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSsystem32shdocvw.dll

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSsystem32shdocvw.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32cavemlsp.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32cavemlsp.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32cavemlsp.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32cavemlsp.dll

O16 - DPF: PCPitstop-Tracks-Checker - http://www.pcpitstop.com/privacy/PCPTracks.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwda.ops.placeware.com/etc/place/DESK/VADpws-a3s/5.1.8.511/lib/quicksilver.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:Program FilesComodoFirewallcmdagent.exe

O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:Program FilesComodocommonCAVASpycavasm.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:Program FilesExecutive SoftwareDiskeeperDkService.exe

O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:Program FilesDigitalPersonaBinDPFUSMgr.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:Program FilesDigitalPersonaBinDpHost.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - (no file)

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:Program FilesTuneUp Utilities 2004WinStylerThemeSvc.exe

I have run spybot and it finds nothing. Comodo antivirus finds nothing either. When I try to log in normally I get a error message. C:Windowssystem32lsass.exe  -1073741819. It says that is is going to shut down and does. When I enter my password before it shuts down it say it is wrong. However I enter the same on in safe mode and it works.

Share this post


Link to post
Share on other sites

If you have your XP disk handy, you can check the system files, to make sure none have been altered..

-Put the XP disk in

-Goto run and type: sfc /scannow

Also never hurts to run a chkdsk /f

If you then can get on line, you should check windows update afterwards, as it may replace certain files if they are found to be altered.

Share this post


Link to post
Share on other sites

Ok guys, even though I am up an running as far as being able to log in normally, I still have these 4 entries in my hijack this log. As suggested I have spybot to try and fix the problems. Spybot finds nothing. I have also tries LSPFix from Cexx.org. It says no problems. How do I get rid of this mess?

Share this post


Link to post
Share on other sites

tm24ns58 ;Did a search on cavemlsp.dll & came up with this.The problem seems to be with COMODO software & maybe the way windows installer installs it.Hope this helps.Let us know if it does.

http://forums.comodo.com/index.php/topic,873.0.html

http://forums.comodo.com/index.php?PHPSESSID=29ecd7aae33ad48e8733f7103c5e712f&/topic,887.0.html

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...