oalvarado
asked on
explorer hijack by res://spdbt.dll/index.html#37049
I run the spy bot, toolbar cop and remove several things but this page keeps showing up this is the log from hijackthis , I have try to run the antivirus from www.housecall.antivirus.com but the explorer will quit when the applet starts to download , can this be becouse of the hijacking of the explorer???
Thanks
Logfile of HijackThis v1.97.7
Scan saved at 9:04:03 AM, on 8/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\System32\DRIVER S\CDANTSRV .EXE
C:\WINDOWS\system32\cisvc. exe
C:\WINDOWS\system32\crypse rv.exe
C:\WINDOWS\System32\tcpsvc s.exe
C:\WINDOWS\System32\snmp.e xe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e xe
C:\WINDOWS\system32\cidaem on.exe
C:\WINDOWS\system32\cidaem on.exe
C:\WINDOWS\System32\ezSP_P x.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator.CEC DOMAIN01\D esktop\Hij ackThis.ex e
C:\WINDOWS\System32\ctfmon .exe
C:\Documents and Settings\Administrator.CEC DOMAIN01\D esktop\Too lbarCop.ex e
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ntdk.exe
C:\WINDOWS\system32\ipxq.e xe
C:\Documents and Settings\Administrator.CEC DOMAIN01\D esktop\Hij ackThis.ex e
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = res://C:\WINDOWS\spdbt.dll /sp.html#3 7049
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Page = res://C:\WINDOWS\spdbt.dll /sp.html#3 7049
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = res://spdbt.dll/index.html #37049
R1 - HKCU\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant = res://C:\WINDOWS\spdbt.dll /sp.html#3 7049
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = res://spdbt.dll/index.html #37049
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Bar = res://C:\WINDOWS\spdbt.dll /sp.html#3 7049
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = res://C:\WINDOWS\spdbt.dll /sp.html#3 7049
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = res://spdbt.dll/index.html #37049
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = res://C:\WINDOWS\spdbt.dll /sp.html#3 7049
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant = res://C:\WINDOWS\spdbt.dll /sp.html#3 7049
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH elper.ocx
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E 79D4EC6F80 6} - C:\Program Files\Submit\submithook.dl l
O2 - BHO: (no name) - {5DCD2B4E-94CD-BAC9-A2ED-1 738BBFD853 B} - C:\WINDOWS\system32\msvh32 .dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_P x.exe
O4 - HKLM\..\Run: [ntdk.exe] C:\WINDOWS\ntdk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
O4 - HKLM\..\RunOnce: [delsubmit] rundll32.exe advpack.dll,DelNodeRunDLL3 2 "C:\Program Files\Common Files\submit.exe"
O4 - HKLM\..\RunOnce: [ipxq.exe] C:\WINDOWS\system32\ipxq.e xe
O4 - HKCU\..\RunOnce: [Updater] rundll32 C:\WINDOWS\msku\msku.dll,U pdateDll s
O9 - Extra button: AnyWho (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox. dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-0 0C04F9A3B6 1} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5 009F29E09E 1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-0 0108302FDF D} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0 010830243B D} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0 F47A330807 8} (ActiveDataInfo Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D702FBF4-EE60-11D0-BD5B-0 0A0C91F463 5} (CFForm Runtime) - http://source.invensysibs.com/CFIDE/classes/CFJava.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0 010830243B D} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
I
Thanks
Logfile of HijackThis v1.97.7
Scan saved at 9:04:03 AM, on 8/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\System32\DRIVER
C:\WINDOWS\system32\cisvc.
C:\WINDOWS\system32\crypse
C:\WINDOWS\System32\tcpsvc
C:\WINDOWS\System32\snmp.e
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
C:\WINDOWS\system32\cidaem
C:\WINDOWS\system32\cidaem
C:\WINDOWS\System32\ezSP_P
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator.CEC
C:\WINDOWS\System32\ctfmon
C:\Documents and Settings\Administrator.CEC
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ntdk.exe
C:\WINDOWS\system32\ipxq.e
C:\Documents and Settings\Administrator.CEC
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E
O2 - BHO: (no name) - {5DCD2B4E-94CD-BAC9-A2ED-1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_P
O4 - HKLM\..\Run: [ntdk.exe] C:\WINDOWS\ntdk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKLM\..\RunOnce: [delsubmit] rundll32.exe advpack.dll,DelNodeRunDLL3
O4 - HKLM\..\RunOnce: [ipxq.exe] C:\WINDOWS\system32\ipxq.e
O4 - HKCU\..\RunOnce: [Updater] rundll32 C:\WINDOWS\msku\msku.dll,U
O9 - Extra button: AnyWho (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5
O16 - DPF: {AE563720-B4F5-11D4-A415-0
O16 - DPF: {C6637286-300D-11D4-AE0A-0
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {D702FBF4-EE60-11D0-BD5B-0
O16 - DPF: {F281A59C-7B65-11D3-8617-0
I
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.