Hi I am a newbie to this Forum... this is actually my very first post!

I usually get someone else to help me with my logs but she's been really busy lately.. so I did an internet search and came to this site! I was pleased to see that you help with HJT logs!

Here is a log off of my mom's laptop.. she's been having alot of problems lately.. So I would be happy with some help to clean it up.

Logfile of HijackThis v1.97.7
Scan saved at 08:44:38 AM, on 5/23/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_MONITOR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\TEMP\TD_0003.DIR\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.institutechildrenslit.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...c=2C01&lc=1009
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/r...c=2C01&lc=1009
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /A "C:\WINDOWS\SYSTEM\E_SE075.TMP"
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...891.6811458333


I also have a start up log from Spybot Search and Distroy.. I will post it here as well if I need to post it in a seperate thread can someone direct me to where I should post it for help. The start up on this laptop takes forever.. any idea on what I can remove to make it shorter..


Spybot-S&D Startup list report, 5/23/2004 09:15:45 AM

Located: HK_CU:Run, MsnMsgr
file: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

Located: HK_CU:Run, EPSON Stylus C60 Series
file: C:\WINDOWS\SYSTEM\E_S10IC2.EXE /A "C:\WINDOWS\SYSTEM\E_SE075.TMP"

Located: HK_CU:RunOnce, QRIA
file: 0

Located: HK_LM:Run, ScanRegistry
file: C:\WINDOWS\scanregw.exe /autorun

Located: HK_LM:Run, TaskMonitor
file: C:\WINDOWS\taskmon.exe
MD5: A23BCA4B69AC68FD410B6AFCCB11AF07

Located: HK_LM:Run, PCHealth
file: C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

Located: HK_LM:Run, SystemTray
file: SysTray.Exe

Located: HK_LM:Run, LoadPowerProfile
file: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

Located: HK_LM:Run, SynTPLpr
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
MD5: 870741617D9499044B6B2D40FDE6FF88

Located: HK_LM:Run, SynTPEnh
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MD5: 5690ED6B5BB3609578781B2169CFCE15

Located: HK_LM:Run, WorksFUD
file: C:\Program Files\Microsoft Works\wkfud.exe
MD5: 9D05D00E8631B7874D164D6DEDD6D801

Located: HK_LM:Run, Microsoft Works Portfolio
file: C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

Located: HK_LM:Run, LoadQM
file: loadqm.exe

Located: HK_LM:Run, CXMon
file: "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

Located: HK_LM:Run, Share-to-Web Namespace Daemon
file: C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
MD5: D4F5FAA2FD2DC5923C82EE5808BEED7C

Located: HK_LM:Run, Ink Monitor
file: C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
MD5: D85622AE601B456D8E465BEDD5689747

Located: HK_LM:Run, ccApp
file: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

Located: HK_LM:Run, Symantec Core LC
file: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start

Located: HK_LM:Run, URLLSTCK.exe
file: C:\Program Files\Norton Internet Security\UrlLstCk.exe
MD5: 82AD82D69906784633F51DD7CA2248D8

Located: HK_LM:RunServices, LoadPowerProfile
file: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

Located: HK_LM:RunServices, SchedulingAgent
file: mstask.exe

Located: HK_LM:RunServices, SSDPSRV
file: C:\WINDOWS\SYSTEM\ssdpsrv.exe
MD5: 95914D31A0B7001E99A537DC5F563F4D

Located: HK_LM:RunServices, *StateMgr
file: C:\WINDOWS\System\Restore\StateMgr.exe
MD5: 02282C55DC8B1BF1FF1180C98D7337D6

Located: HK_LM:RunServices, StillImageMonitor
file: C:\WINDOWS\SYSTEM\STIMON.EXE
MD5: 902252F831D45763F7711B24ED430785

Located: HK_LM:RunServices, ccEvtMgr
file: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

Located: HK_LM:RunServices, ccSetMgr
file: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

Located: HK_LM:RunServices, ScriptBlocking
file: "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

Located: HK_LM:RunServices, ccProxy
file: C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
MD5: 0935F7D04466A3D3C91A531A0D8FB7BC

Located: HK_LM:RunServices, SndSrvc
file: C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
MD5: E6D3841A12FACE16E2EBA24E714CA203

Located: Startup (user), PowerReg SchedulerV2.exe
file:

Located: Startup (user), Microsoft Works Calendar Reminders.lnk
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
MD5: 7084B58A098D2F83B304832251A8C6A8

Located: Startup (user), EPSON Status Monitor 3 Environment Check 2.lnk
file: C:\WINDOWS\SYSTEM\E_SRCV02.EXE
MD5: 480A4C03FEF58AF24D840851EDD186F9

Thanks in advance...