Trend Micro HijackThis Report

Hello again fellow Comodos,

I’ve come across issues with my PC in the past but I think I’ve fixed them all. I have Comodo Firewall and ESET NOD32 installed. Could someone please give my Trend Micro HijackThis report a once over please,

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:53:51, on 26/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Outlook, Office, Skype, Bing, Breaking News, and Latest Videos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Outlook, Office, Skype, Bing, Breaking News, and Latest Videos
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Internet Explorer 6 Search Companion is no longer supported.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Wizardm0ds.co.uk Toolbar - {8123d652-9498-4270-ae63-dfbf7179e857} - C:\Program Files\Wizardm0ds.co.uk\tbWiz1.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Wizardm0ds.co.uk Toolbar - {8123d652-9498-4270-ae63-dfbf7179e857} - C:\Program Files\Wizardm0ds.co.uk\tbWiz1.dll
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE
O4 - HKLM..\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay
O4 - HKLM..\Run: [egui] “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM..\Run: [COMODO Internet Security] “C:\Program Files\COMODO\COMODO Internet Security\cfp.exe” -h
O4 - HKCU..\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-21-1614895754-57989841-725345543-1004..\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background (User ‘Jilani’)
O4 - HKUS\S-1-5-21-1614895754-57989841-725345543-1004..\Run: [swg] “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” (User ‘Jilani’)
O4 - HKUS\S-1-5-21-1614895754-57989841-725345543-1004..\Run: [TomTomHOME.exe] “C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe” (User ‘Jilani’)
O4 - HKUS\S-1-5-21-1614895754-57989841-725345543-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User ‘Jilani’)
O4 - HKUS\S-1-5-21-1614895754-57989841-725345543-1004..\Run: [Google Update] “C:\Documents and Settings\Jilani\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” /c (User ‘Jilani’)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090820164211
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip..{B88F0BFF-853E-40DD-A158-09FD9C31C937}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip..{C614F786-E421-488E-8F2A-9A7E1612E906}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe


End of file - 8163 bytes

Hi,
I’ve analyzed your log and the only things that I don’t know are :

O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090820164211
Do you know this entry ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{B88F0BFF-853E-40DD-A158-09FD9C31C937}: NameServer = 156.154.70.22,156.154.71.22 O17 - HKLM\System\CCS\Services\Tcpip\..\{C614F786-E421-488E-8F2A-9A7E1612E906}: NameServer = 156.154.70.22,156.154.71.22
[s]Do you know the IP or Domain '156.154.70.22,156.154.71.22'? If not, fix this entry. (quote from hijackthis.de)[/s] edit: these are part of Comodo DNS and are not advised to delete.

best regards,
eXPerience

I used Boots photo shop to print some pictures afew days ago, I think the photobox entry applys to that.

I don’t know about the other 2 entrys regarding IP or Domain ‘156.154.70.22,156.154.71.22’

What should I do?

I got rid of both, thank you eXPerience

156.154.70.22,156.154.71.22 is comodo secure DNS (chuckle)

I found out how to change back in help > Network Connections > Internet Protocol (TCP/IP) > Properties >>>>

Preferred DNS server address for Comodo Secure DNS is: 156.154.70.22

Alternate DNS server address for Comodo Secure DNS is: 156.154.71.22

but it also reads,

You can disable Comodo Secure DNS by:
  • Selecting ‘Obtain DNS server address automatically’. This means that you will use the DNS server provided by your ISP. This is the option that most home users should choose if they wish to disable the service.

or

  • Entering different preferred and alternate DNS server IP addresses.

Does it matter if I don’t have Comodos secure DNS? and also in the help pictures, the network connections have a “pad lock” on them, mine hasn’t but firewall is active does it matter. That little “padlock” comes up when you enable windows firewall, windows firewall is currently disabled on my machine of course and so is Windows Firewall/Internet Connection Sharing (ICS) service

Is it ? Sorry, I wasn’t aware of that.

thierry, sorry for this inconvenience. Do you have your computer or your router configured for Comodo’s DNS ? If it’s the computer please make sure that all the settings are still there XP, Vista, Mac OS x


that aside : I think that your pc is alright ? Do you get any alerts from virii or so ?

best regards,
eXPerience

Done, changed DNS to Secure Comodo settings.

Just one question mate, Miscellaneous > Settings > General Tab >>>> Automatically detect new private networks ?

Do I need this enabled, I’m not going to use this PC connection to share anything including my net line so do I need it on? Is this enabled for my ISP or others to connect? I stealth my ports but I did get a request earlyer when restarting, for an unknown IP to connect to my PC. Also how do I find out what IP’s are connected to my PC, using my internet line other than network defense which is on the main page when you open Comodo Firewall

The alert is only there to notify and for convenience. You can use the network zone in combination with the Stealth Ports Wizard to easily define a new trusted network.

When you don’t need it you can disable it under Miscellaneous → Settings → General.