Jump to content


Photo

Getting rid of spot results


  • Please log in to reply
1 reply to this topic

#1 snienhuis98

snienhuis98

    Member

  • New Member
  • Pip
  • 1 posts

Posted 02 August 2004 - 12:04 PM

Can anybody help me to analyze my Hijack This log and remove the spot results spyware

Thanks in advance

Logfile of HijackThis v1.97.7
Scan saved at 10:47:03 p.m., on 02/08/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\ARCHIVOS DE PROGRAMA\TREND MICRO\PC-CILLIN 2002\PCCIOMON.EXE
C:\ARCHIVOS DE PROGRAMA\TREND MICRO\PC-CILLIN 2002\PCCPFW.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\ARCHIVOS DE PROGRAMA\TELMEX\PRODIGY INFINITUM\APP\TANGOMANAGER.EXE
C:\WINDOWS\MIXER.EXE
C:\WINPATROL\WINPATROL.EXE
C:\ARCHIVOS DE PROGRAMA\TREND MICRO\PC-CILLIN 2002\PCCGUIDE.EXE
C:\ARCHIVOS DE PROGRAMA\TREND MICRO\PC-CILLIN 2002\PCCCLIENT.EXE
C:\ARCHIVOS DE PROGRAMA\TREND MICRO\PC-CILLIN 2002\POP3TRAP.EXE
C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE
C:\ARCHIVOS DE PROGRAMA\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\HPFBKG11.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\ESCRITORIO\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchexe.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchexe.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: name comp start - {55F4CA73-3145-4D66-B70B-8B016AC238C9} - C:\ARCHIVOS DE PROGRAMA\TWO SURF\MEET DRV.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [TangoManager] C:\ARCHIV~1\TELMEX\PRODIG~1\APP\TANGOM~1.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WinPatrol] "C:\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Archivos de programa\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Archivos de programa\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Archivos de programa\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Archivos de programa\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Archivos de programa\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PCCPFW] C:\Archivos de programa\Trend Micro\PC-cillin 2002\PCCPFW.exe
O4 - HKCU\..\Run: [CommCtr] C:\ARCHIV~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Kodak EasyShare software.lnk = C:\Archivos de programa\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Instantánea de caché de la página - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Páginas similares - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = prodigy.net.mx
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 200.23.242.201,200.23.242.193

#2 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 02 August 2004 - 01:44 PM

Please download Lspfix
Unzip and run it. Check all instances of inetadpt.dll (and nothing else) , and move them to the "Remove" pane.
You will have to click the "I know what I'm doing" button.

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchexe.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchexe.com/searchbar.html

R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 

O3 - Toolbar: name comp start - {55F4CA73-3145-4D66-B70B-8B016AC238C9} - C:\ARCHIVOS DE PROGRAMA\TWO SURF\MEET DRV.DLL

Reboot after fixing

Please post a followup Hijack this log, and say if your problems persist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button