Hi. Wondering if someone could help me out. Here's my Hijack this log.

Is there anything out of the ordinary here? What can I clean up from here?

By the way, I'm trying to un-install Bitdefender, but having some issues doing that, so that's why it still shows up in the log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:22 AM, on 7/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Mystery P.I. - Lost in Los Angeles\Images\stg_drm.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228525188265
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Bejeweled Twist\Images\armhelper.ocx
O16 - DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} (ChatRepublicPlayer ActiveX) - http://www.miniclip.com/superstar_racing/ChatRepublicPlayer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\program files\relevantknowledge\rlls.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\System32\FsUsbExService.Exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 5613 bytes

Thanks.

Plug your log file in at this site. It will analyze it for you and give you a report.

http://www.hijackthis.de/

Ok, so I went to that site and posted the log there.

This is what it came up with. What can I clean from here?

Actions Entry Kind Visitor's assessment Information
Logfile of Trend Micro HijackThis v2.0.2
This should be the newest version.
Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
This should be the newest version.
Boot mode: Normal
Very safe This entry was classified from our visitors as good.
C:\WINDOWS\System32\smss.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\winlogon.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\services.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\lsass.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\svchost.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\System32\svchost.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\spoolsv.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\Explorer.EXE
Very safe
This entry was classified from our visitors as good.
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
Very safe Safe (4.41 / 5.00)
C:\WINDOWS\System32\FsUsbExService.Exe
This is a unknown process.

C:\Program Files\Java\jre6\bin\jqs.exe
Very safe Safe (4.14 / 5.00)
C:\WINDOWS\System32\svchost.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\wanmpsvc.exe
Safe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
Very safe
BitDefender
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

Very safe
This entry was classified from our visitors as good.
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
Very safe Safe (4.83 / 5.00)
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
Very safe Safe (4 / 5.00)
C:\Program Files\Java\jre6\bin\jusched.exe
Very safe
This entry was classified from our visitors as good.
C:\PROGRA~1\AVG\AVG8\avgtray.exe
Very safe Safe (4.7 / 5.00)
C:\Program Files\Messenger\msmsgs.exe
Safe
This entry was classified from our visitors as good.
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
Very safe Safe (4.22 / 5.00)
C:\PROGRA~1\AVG\AVG8\avgemc.exe
Very safe
Possibly nasty! According to our database this process runs normally in c:\programme\grisoft\.*\! Check if you know this process and arrange a viruscheck where required. This entry was classified from our visitors as good.
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
Safe
BitDefender
C:\Program Files\AVG\AVG8\avgcsrvx.exe
Safe This is a unknown process.
This entry was classified from our visitors as good.
C:\WINDOWS\system32\wuauclt.exe
Neutral
Windows Update AutoUpdate Client
C:\Program Files\Microsoft Money\System\urlmap.exe
Safe Safe (4.1 / 5.00)
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Safe Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! This entry was classified from our visitors as good.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
Neutral
Unnecessary (deactivated) entry that can be fixed. Ycomp*_*_*_*.dll - Yahoo Companion!, Yahoo Companion!
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
Very safe AcroIEhelper.ocx, AcroIEhelper.dll - Adobe Acrobat reader, http://www.adobe.com/products/acrobat/re adstep2.html
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
Safe This entry was classified from our visitors as good.
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
Safe jp2ssv.dll - Sun_Java, http://java.sun.com/javase/downloads/ind ex.jsp browser plugin
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Very safe jqs_plugin.dll - Java Quick Starter, https://jdk6.dev.java.net/testQS.html
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
Safe This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
Safe Java von Sun
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
Safe Must be fixed! This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
Very safe Unknown application. This entry was classified from our visitors as good.
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
Microsoft Works Update Detection
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
Safe This entry was classified from our visitors as good.
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
Safe (4.22 / 5.00)
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
Unknown application.
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
Neutral The entry ICQ has been identified as safe.
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
Very safe The entry ICQ has been identified as safe.
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
Very safe The entry Real.com has been identified as safe.
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
The entry MoneySide has been identified as safe.
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Safe This entry was classified from our visitors as good.
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Neutral The entry Windows Messenger has been identified as safe.
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
Safe This entry was classified from our visitors as good.
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
Very safe This entry should be fixed if this address does not belong to your PC-manufacturer or your 'Internet-Service-Provider (ISP)'.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Mystery P.I. - Lost in Los Angeles\Images\stg_drm.ocx
Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
Neutral This entry has been identified as safe.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_si te.cab?1228525188265
This entry has been identified as safe.
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Bejeweled Twist\Images\armhelper.ocx
Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!
O16 - DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} (ChatRepublicPlayer ActiveX) - http://www.miniclip.com/superstar_racing/ChatRepublicPlayer.cab
Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
Safe This entry was classified from our visitors as good.
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
Safe This entry was classified from our visitors as good.
O20 - Winlogon Notify: RelevantKnowledge - C:\program files\relevantknowledge\rlls.dll (file missing)
Nasty (2.25 / 5.00)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
This service (avgemc.exe) was identified as a good one.
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
Very safe Unknown service. (avgwdsvc.exe) This entry was classified from our visitors as good.
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
This service (bdss.exe) was identified as a good one.
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\System32\FsUsbExService.Exe
Unknown service. (FsUsbExService.Exe)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
Safe Unknown service. (jqs.exe) This entry was classified from our visitors as good.
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
Safe This service (livesrv.exe) was identified as a good one.
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe (file missing)
Neutral This service (vsserv.exe) was identified as a good one.
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Safe This service (wanmpsvc.exe) was identified as a good one.
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
Safe This service (xcommsvr.exe) was identified as a good one

Have you tried through the Add/Remove Programs? If so run the BitDefender tool. It can be obtained from here-->> http://kb.bitdefender.com/KB333-en--How-to-uninstall-BitDefender.html