conflict with Hijackthis

[REDACTED]

running win7 on a laptop, I uninstalled Avast and as well ran aswclear.exe, ran hijackthis and found a conflict between what was in the log and what was showing in hijackthis. 

Log states-  O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
hijackthis application- O4 - HKLM\..\Run: [Comodo Internet Security] "C:\Program Files\Comodo\Comodo Internet Security\cfp.exe" -h

why would Hijackthis state two different things on the same scan?

[essexboy]

Could you post the log please

[REDACTED]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:26 AM, on 3/6/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\windows\Explorer.EXE
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\windows\system32\ctfmon.exe
C:\windows\helppane.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:  C:\windows\system32\guard32.dll
O23 - Service: Absolute Notifier (AbsoluteNotifier) - Absolute Software - C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - Cisco WebEx LLC - C:\windows\system32\atashost.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files\Common Files\Nuance\dgnsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: Livescribe Pulse Smartpen Service (PenCommService) - Livescribe - C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
O23 - Service: Qualcomm Gobi 2000 Download Service (Sierra) (QDLService2kSierra) - QUALCOMM, Inc. - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kSierra.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) LD (rpcld) - Unknown owner - C:\ProgramData\Rpcnet\Bin\rpcld.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: Bluetooth Feature Support (VFPRadioSupportService) - CSR, plc - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe

--
End of file - 3469 bytes

[ArtemisF0wl]

your version of HJT is way out of date, released circa july  2007. current ver. is 2.04 released in 2010  maybe thats the reason? or that youre running it form safe mode. anyway im sure Essexboy will sort  it out. cheers

[REDACTED]

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#   127.0.0.1       localhost
#   ::1             localhost

[SafeSurf]

@scottieLdavis@gmail.com,

In general, other tools like OTL have replaced Hjk log, as Essexboy has commented on in the Virus and Worms section of this forum.

Also, you may want to change your user name to a non-linkable email for your protection.

[essexboy]

That scan is 15 days old - is it still apparent on a more recent scan ?

[iroc9555]

Besides all said above by other members, It seems the log has been edited. Only one 04 entry ? Isn't it 04 entries for all apps, for all users which start on boot ? Only one app ?