-
March 12th, 2010, 01:40 PM
#1
Registered User
Hijackthis Log ?
Hello,
I run Windows XP, used to have Norton, but removed it and now have free Comodo firewall and free Avast Antivirus.
Hijackthis appeared to be ok ... until recently ..... recently I removed Avast, downloaded free Avira ... I can't believe these actions produced this possible problem, but I ran Hijackthis and have the O15 entries, which the Log Analyser site at the Log Analyser site which I use http://www.hijackthis.de/ says that some of the O15 Entries are nasty....
Every time I get Hijackthis to Delete them, they return straight away. Have been to other Log Analyser sites.... some agree with the above, but one site said everything was ok....
Computer appears to be working ok, but it's been a bit slower since I downloded Comodo and Avast.
And currently, as I have been unwell, I don't think I have the mental energy to Reinstall Windows, etc etc....
Thanks... Mags
Full log posted here....
Logfile of HijackThis v1.99.1
Scan saved at 17:29:16, on 12/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Ux Downloads PC Dont Change Often\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?rls=ig
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [UPS-Status] C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Unknown owner - C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe
-
March 12th, 2010, 03:25 PM
#2
Heya Mags!
In Internet Explorer, click Tools, Internet Options, and then Security.
The look under Trusted Sites, then Sites.
What shows there?
edit: and Mags, this article covers how to manipulate the My Computer entries; http://support.microsoft.com/kb/174360
This HJT tutorial covers the entries you are seeing; http://www.bleepingcomputer.com/tuto...2.html#O15Diag
Last edited by CCT; March 12th, 2010 at 04:25 PM.
-
March 12th, 2010, 05:50 PM
#3
Registered User
Also, you seem to have Comodo Internet Security, not just the Comodo firewall..Comodo Internet Security includes an antivirus, so with Avast and Comodo running you may be getting slowdowns and conflicts..it's never good to have two antivirus programs running at the same time.
Last edited by geoscomp; March 12th, 2010 at 05:52 PM.
-
March 14th, 2010, 11:54 AM
#4
Registered User
Oh .............. dear .................... blush .............. blush ............. I've since realised an essential key was missing ....HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Internet Settings\ZoneMap
I think I may have deleted it, thinking it was something to do with Spybot that I had on ages ago .... so I re-Merged it .... and oh .... dear .... blush..... blush ........................
I have worked very hard the last few days to try and sort this and had a few sleepless nights, so this will teach me not to mess with the Registry so much !!!
A log analyser now says that my HJT log is clean ..... !!!
And no, I don't have Comodo Antivirus, only the Firewall, but that with Avast Antivirus still seems slow ... other people have same problems.
Thanks guys ....
Exits left ..................................
Mags
-
March 23rd, 2010, 09:56 AM
#5
Comodo Free Firewall is bundled with the free version of Comodo Internet Security. I've got it, but only for the firewall, I disabled the other features, it runs smoothly alongside Symantec Endpoint Protection.
But yeah, deleting random registry entries you think might not be important is what led to one or two of my computers dying... <.< >.>
-
March 25th, 2010, 01:36 AM
#6
Registered User
Do you have a router?
If you have a router I cant imagine
why you need a software firewall.
Deleting registry keys is a very very very scary proposition.
Similar Threads
-
By dslmike in forum Spyware & Antivirus - Security
Replies: 11
Last Post: February 22nd, 2008, 04:22 AM
-
By TDoeden in forum Spyware & Antivirus - Security
Replies: 3
Last Post: November 7th, 2005, 06:22 AM
-
By Max in forum Spyware & Antivirus - Security
Replies: 4
Last Post: March 7th, 2005, 08:45 AM
-
By houllier* in forum Windows XP
Replies: 7
Last Post: July 18th, 2004, 04:44 PM
-
By Rev Fred in forum Spyware & Antivirus - Security
Replies: 7
Last Post: June 10th, 2004, 10:50 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks