I could use some help on my Hijack log.

I have read and followed your tutorial, using all the spyware, and cleaner toolds. I have run a hijack log and would like some help. Thank you gentlemen.

Logfile of HijackThis v1.99.0
Scan saved at 12:04:19 AM, on 12/30/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\CREATIVE\PC-CAM CENTER\CAMTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\EASY CD CREATOR\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETSHOW SERVICES\TOOLS\REXPROXY.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TEMP\TD_0003.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [PC-CAM 600 STI App Registration] RunDLL32.exe PD023pin.dll,RunDLL32EP 512
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUALIPINSIGHT\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUALIPINSIGHT\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\PROGRA~1\AVPERS~1\AVGCTRL.EXE" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program Files\NetShow Services\Tools\nsppthlp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\PROGRAM FILES\VERIZON ONLINE\CONTROLPAD\Misc\a_menu.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

 

ALWAYS ATTACH LOGS TO YOUR POST, THIS WILL BE EDITED BY A MOD AND ATTACHED AS A .TXT FILE

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed,including your web browser, e-mail. Close before running Hijack This!

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

Ok sorry, I read the first set of instructions. And ran and updated all virus, and spyware scans suggested. I didnt get to the second set of instructions.

 

Ok, While I investigate your log can you give me some ideas of whats going on? What problems are you currently experiencing?


PLEASE MOVE YOUR HIJACKTHIS.EXE TO A DIFFERENT LOCATION.

C:\WINDOWS\TEMP\TD_0003.DIR\HIJACKTHIS.EXE


HJT should be in its own directory. For example, C:\Program Files\HJT

Please read all the information I provide to you all the way through. For your benefit.

 

Honestly I didnt pay much attention. I just fired my machine up after letting a cousin borrow it. I have had problems like this before so as soon as I noticed that I was getting popups I jetted over to your site. But I am getting the pop up search engines, I think one was called seeq.

 

Run HJT again from the new location "C:\Program Files\HJT" and then post me a new log as an attachment. Thanks!

Also, Please note to close all browsers before running Hijack This!

 

is this what you are talking about?

 

Your are running Hijack This from

C:\WINDOWS\TEMP\TD_0003.DIR\HIJACKTHIS.EXE

Please pay close attention to everything I post, Its very important that you follow ALL instructions that we provide to you. Running HJT from where you have will not give you backups and will cause more problems. Please read this sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

dude, I dont know what I did but I can not save the hijack this file to the c drive. It only want to open using Acrobat now, which is not right.

 

Follow these instructions please. Let me know if you have any problems with this.

1) Go into C:\Program Files

2) Create a new folder, name it HJT

2) Download HijackThis 1.99

3) Save this file to the folder you just created C:\Program Files\HJT

4) Run Hijack This from that location and post a new log as an attachment to your post.

Thanks!

 

How about this?

 

Good, thats the correct location for HJT. Now run HJT and remove these entries, Before fixing anything with HJT please close all open browsers!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


After repairing these items, reboot and post new HJT log. Other than these few entries your log looks ok. After reboot let me know is problem remains. Thanks!