Help on finishing figuring out this log

Question

Xander81 0 Newbie Poster

19 Years Ago

I've got help in here before, when I had trouble with my PC and trouble interpreting the log from "Hijackthis". Now I'm giving it a shot. Spent some time reading up on the material and tried to "do it myself". But as I wrote it's only the second time I'm doing this, so a 2nd appinion would be appriciated....

Here's the log. The lines I would remove are marked by (*) in the end of the line in question....Hope someone will review the log and tell me if I'm doing something wrong or missed something!!!

Also any help concerning "O4 - Autoloading programs from Registry" can't find any guide to figuring those out like "HBO-lists"

thanks Lasse

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.indice.com(*)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)(*)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programmer\MySearch\bar\1.bin\S4BAR.DLL(*)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4A51A1C9-2A33-D1A2-6E4C-02A16D4190EC} - C:\PROGRA~1\SHIMBO~1\compreadme.dll(?)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D3E49A50-D429-4F34-861A-F6EFDA9DF4EB} - C:\WINDOWS\System32\cogmdlg32.dll
O3 - Toolbar: anti mail - {3CA4DDED-1FA0-A90F-8B06-A44FACA5F7FF} - C:\PROGRA~1\SHIMBO~1\compreadme.dll(?)
O3 - Toolbar: SuperBar - {DE188F91-0CA4-4BD5-ACE1-2F2EF341D710} - C:\Programmer\_SUPERBAR\_SUPERBAR.dll (file missing)(*)
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Programmer\MySearch\bar\1.bin\S4BAR.DLL(*)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE(?)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load(*)
O4 - HKLM\..\Run: [city64] C:\PROGRA~1\TRAYFI~1\ABOUT LOAD.exe
O4 - HKLM\..\Run: [tdbegllbpz] C:\WINDOWS\System32\bftbqpl.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe(*)
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [utilidadesdk-htm] RunDll32 NrsgroupUD.dll,RunAsIcon utilidadesdk
O4 - HKLM\..\Run: [RealTray] C:\Programmer\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmer\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [vgx] C:\WINDOWS\vgx.exe
O4 - HKCU\..\Run: [Retu] C:\Documents and Settings\Ejer\Application Data\stes.exe
O4 - HKCU\..\Run: [WNSI] C:\WINDOWS\System32\wnscptr.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Programmer\PrecisionTime\PrecisionTime.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Free Surfer (HKLM)
O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {12E5E9D9-4366-45D9-BA41-D0BCD55AD8CF} (UDConnect Class) - http://17.sharedsource.org/html/NrsgroupUD_1.0.0.3ie.cab?
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

The lines marked by (?) is something i could'nt get any information on...
:rolleyes:

windows-virus

2 Contributors
5 Replies
168 Views
3 Days Discussion Span
Latest Post 19 Years Ago Latest Post by crunchie

All 5 Replies

crunchie 990 Most Valuable Poster

19 Years Ago

First of all you never included the top half of the log. This is required so that we can view running processes, see where you have located hijackthis etc. The following is what I would fix, but not without seeing your entire log.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programmer\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {4A51A1C9-2A33-D1A2-6E4C-02A16D4190EC} - C:\PROGRA~1\SHIMBO~1\compreadme.dll
O2 - BHO: (no name) - {D3E49A50-D429-4F34-861A-F6EFDA9DF4EB} - C:\WINDOWS\System32\cogmdlg32.dll

O3 - Toolbar: anti mail - {3CA4DDED-1FA0-A90F-8B06-A44FACA5F7FF} - C:\PROGRA~1\SHIMBO~1\compreadme.dll
O3 - Toolbar: SuperBar - {DE188F91-0CA4-4BD5-ACE1-2F2EF341D710} - C:\Programmer\_SUPERBAR\_SUPERBAR.dll (file missing)
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Programmer\MySearch\bar\1.bin\S4BAR.DLL

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [city64] C:\PROGRA~1\TRAYFI~1\ABOUT LOAD.exe
O4 - HKLM\..\Run: [tdbegllbpz] C:\WINDOWS\System32\bftbqpl.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [vgx] C:\WINDOWS\vgx.exe
O4 - HKCU\..\Run: [Retu] C:\Documents and Settings\Ejer\Application Data\stes.exe
O4 - HKCU\..\Run: [WNSI] C:\WINDOWS\System32\wnscptr.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

Reboot into safe mode following the instructions here & navigate to & delete the following if found:

C:\Programmer\MySearch
C:\PROGRA~1\SHIMBO~1
C:\Programmer\_SUPERBAR
C:\PROGRA~1\TRAYFI~1
C:\Program Files\WindowsSA

ALCXMNTR.EXE Guessing that it's in C:\Windows\System32\
C:\WINDOWS\System32\bftbqpl.exe
C:\WINDOWS\vgx.exe
C:\WINDOWS\System32\wnscptr.exe
C:\Documents and Settings\Ejer\Application Data\stes.exe

Reboot normally after doing the above then post a fresh log please.

Go here for an on-line scan & set it to autoclean for you.

Try this scan as well.

crunchie 990 Most Valuable Poster

19 Years Ago

No hints, but I can give you a link.

http://computercops.biz/CLSID.html

Go ahead & fix all those from my previous post. You need to take more preventative measures too. Read the *How you got infected* link in my sig.

Go here for an on-line scan & set it to autoclean for you.

Try this scan as well.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Xander81 0 Newbie Poster · Answer 1 · 2004-07-05T20:36:14+00:00

Hmm. sorry, but I as i wrote I'm new at this, and still trying to comprehend these log files.

Heres the entire log:
Logfile of HijackThis v1.97.7
Scan saved at 16:31:45, on 04-07-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmer\Winamp\winampa.exe
C:\PROGRA~1\TRAYFI~1\ABOUT LOAD.exe
C:\WINDOWS\System32\bftbqpl.exe
C:\Programmer\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programmer\Real\RealPlayer\RealPlay.exe
C:\Programmer\Logitech\ImageStudio\LogiTray.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\LVComS.exe
c:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Free Surfer\fs20.exe
C:\Documents and Settings\Ejer\Dokumenter\Modtagne filer\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.indice.com(*)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)(*)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programmer\MySearch\bar\1.bin\S4BAR.DLL(*)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4A51A1C9-2A33-D1A2-6E4C-02A16D4190EC} - C:\PROGRA~1\SHIMBO~1\compreadme.dll(?)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D3E49A50-D429-4F34-861A-F6EFDA9DF4EB} - C:\WINDOWS\System32\cogmdlg32.dll
O3 - Toolbar: anti mail - {3CA4DDED-1FA0-A90F-8B06-A44FACA5F7FF} - C:\PROGRA~1\SHIMBO~1\compreadme.dll(?)
O3 - Toolbar: SuperBar - {DE188F91-0CA4-4BD5-ACE1-2F2EF341D710} - C:\Programmer\_SUPERBAR\_SUPERBAR.dll (file missing)(*)
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Programmer\MySearch\bar\1.bin\S4BAR.DLL(*)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE(?)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load(*)
O4 - HKLM\..\Run: [city64] C:\PROGRA~1\TRAYFI~1\ABOUT LOAD.exe
O4 - HKLM\..\Run: [tdbegllbpz] C:\WINDOWS\System32\bftbqpl.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe(*)
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [utilidadesdk-htm] RunDll32 NrsgroupUD.dll,RunAsIcon utilidadesdk
O4 - HKLM\..\Run: [RealTray] C:\Programmer\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmer\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [vgx] C:\WINDOWS\vgx.exe
O4 - HKCU\..\Run: [Retu] C:\Documents and Settings\Ejer\Application Data\stes.exe
O4 - HKCU\..\Run: [WNSI] C:\WINDOWS\System32\wnscptr.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Programmer\PrecisionTime\PrecisionTime.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Free Surfer (HKLM)
O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {12E5E9D9-4366-45D9-BA41-D0BCD55AD8CF} (UDConnect Class) - http://17.sharedsource.org/html/NrsgroupUD_1.0.0.3ie.cab?
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

Perhaps you can give me some hints concerning toolbars. I can't find any list where I can figure out if they're good or bad!!!!

Xander81 0 Newbie Poster · Answer 2 · 2004-07-07T16:11:49+00:00

I've fixed what was posted, but should'nt these be fixed too?? (marked by (*)) in the new log:

Logfile of HijackThis v1.97.7
Scan saved at 12:10:55, on 07-07-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\VTTimer.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programmer\Real\RealPlayer\RealPlay.exe
C:\Programmer\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\LVComS.exe
c:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ejer\Dokumenter\Modtagne filer\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.indice.com(*)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =(*)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = (*)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost(*)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [utilidadesdk-htm] RunDll32 NrsgroupUD.dll,RunAsIcon utilidadesdk
O4 - HKLM\..\Run: [RealTray] C:\Programmer\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmer\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Programmer\PrecisionTime\PrecisionTime.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Free Surfer (HKLM)
O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {12E5E9D9-4366-45D9-BA41-D0BCD55AD8CF} (UDConnect Class) - http://17.sharedsource.org/html/NrsgroupUD_1.0.0.3ie.cab?

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 3 · 2004-07-08T16:56:59+00:00

crunchie 990 Most Valuable Poster

19 Years Ago

Just the first three.

Help on finishing figuring out this log

Recommended Answers Collapse Answers

All 5 Replies

Recommended Answers