HJT Log help

[Kalinomalino84]

here's the log

http://hjt.networktechs.com/parse.php?log=341158

What should I do with the single red thing and with this purple things but this one in particular:

Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll

Guys on other forums told me I should delete it because it's a leftover from failed Kasparsky Anti-Virus uninstall but they are not 100% sure. What do you think what should I do? Thanks.

[jholland1964]

Please do not link the parsed log. Please just copy/paste the log here and let us read it. Parsed logs are too hard to read and often show false positives.
You also need to go back into msconfig and renable the items you have disabled. THEN run a new HJT scan and post THAT log here.
I also need to know exactly what problems you are having.

[Kalinomalino84]

Sorry about the parsed log I tought that's the way it should be posted, I'm new to this forum. Here's the log:

http://hjt.networktechs.com/parse.php?log=341397

Logfile of HijackThis v1.99.1
Scan saved at 2:08:03 PM, on 6/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
e:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
e:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
e:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
G:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - g:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] e:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RemoteControl] "e:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://g:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://g:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://g:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Everything is enabled in startup. There are no actual problems I just want to identify some thins so I should know can I clean them or disable them.

Can O20 issue be cleaned I don't know what it is? Some guys told me that's leftover from unsucessfull Kaspersky uninstalation and I had that problem.

Also the bolded O4 issue. Your Log Analayzer highlighted it in RED and it says it should be deleted. It starts on my computer from day one but I don't really know what it is, I have a Google bar in my browser, that wasn't there from day one.

Also can u tell me what more can be cleaned with Hijack This and what can be safely disabled from msconfig startup. Than you.

[jholland1964]

Hello Kalinomalino84,
You are correct about the O20 entry. It is probably a leftover from the bad Kaspersky install. But the way to remove this is not with HiJackThis. You will need to boot to Safe Mode and then first do a file search for everything related to Kaspersky and delete all that you find. If this file is not listed during that search THEN go to C:\WINDOWS\System32\ Then locate the file and delete if from there.
The O4 entry CFTMON.EXE is a perfectly legitimate file, this is why I personally don't recommend using the parser, it DOES find bad files but also flags some legitimate files without explanation. If a person removes a legitimate NEEDED file then they can do damage to the operating system or a particular program. In the case of this file it is a Windows OfficeXP file which relates to language/alternative input services in Office XP. Now unless you do use alternative languages, other than English I mean, you can disable this from the start up.
CTFMON can be disabled from Control Panel, Text & Speech Services.
Instead of using msconfig to disable start items I recommend using Mike Lin's StartUpControlPanel
A small, FREE and very easy to use program. Download and install it and then you will find it in Control Panel listed as Start Up. Open the program and you will see multiple tabs. Within each tab are the various programs which start when Windows starts up. Just remove the checkmark from any program that you don't want to run at start. Next time you start up the computer those particular programs won't start. If you decide that you do want something to start you have disabled just go back in and replace the checkmark. Other than the ones you reenabled I don't see anything else running at start up that you would want to disable.
Judy

[Kalinomalino84]

Thanx for the update jholland1964

[Kalinomalino84]

Hi, I have a new question regarding the same log. Can the O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe be safely turned of? I found out that it has something to do with my HP Laser printer, and it starts up with the system. Can you explain me detailed for this issue what does it EXACTLY do, and should I turn it off, and what will happend if I do? Thank you.