Remove these
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
Main Topics
Browse All TopicsI executed HijackThis and got the following log in return.
Since this counts as another question I thought I would post it as such.
special thanks to war1
Here is the hijackthis log:
Logfile of HijackThis v1.97.6
Scan saved at 3:43:30 PM, on 11/12/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc3
C:\WINDOWS\System32\svchos
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.e
C:\WINDOWS\System32\devldr
C:\WINDOWS\System32\spool\
C:\WINDOWS\System32\hphmon
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\MESSEN~1\msmsg
C:\WINDOWS\System32\ctfmon
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\HPHipm
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\cmd.ex
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip3
C:\Documents and Settings\All Users\Desktop\Download\Hij
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0
O2 - BHO: ineb Helper - {753AA023-02D1-447D-8B55-5
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: SpiderSearch.com Bar - {0AAF602E-72A1-45FE-BAB1-0
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\Launc
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.e
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hph
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msms
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: Web Entry (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Dell Home (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O16 - DPF: {072D3F2E-5FB6-11D3-B461-0
O16 - DPF: {7519DB27-0B01-4B3C-AB05-4
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {BD419ACD-B41C-49D9-8ADF-C
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-3
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Remove these
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
and this
O16 - DPF: {BD419ACD-B41C-49D9-8ADF-C
David,
Wow! Spideysearch really got your computer. Check the following items in HijackThis and have HT get rid of them.
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
O2 - BHO: ineb Helper - {753AA023-02D1-447D-8B55-5
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: SpiderSearch.com Bar - {0AAF602E-72A1-45FE-BAB1-0
O16 - DPF: {072D3F2E-5FB6-11D3-B461-0
O16 - DPF: {BD419ACD-B41C-49D9-8ADF-C
Thanks war1....
You know most of the time posting similar comments happen and you know what once the questioner accepts the comment as an answer , we would be commenting again to know why the other experts comment was accepted an answer even though you had posted earlier.
We are just trying to avoid that situation
Sunray
Business Accounts
Answer for Membership
by: sunray_2003Posted on 2003-11-12 at 13:03:18ID: 9734633
You may want to delete these entries ternet Explorer,SearchURL = http://www.spidersearch.co m/frame_re sults.php ternet Explorer\Main,Search Bar = http://www.spidersearch.co m/frame_re sults.php ternet Explorer\Main,Search Page = http://www.spidersearch.co m/frame_re sults.php
ternet Explorer\Search,SearchAssi stant = http://www.spidersearch.co m/frame_re sults.php
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
Sunray