oalvarado
asked on
explorer hijack by res://spdbt.dll/index.html#37049
I run the spy bot, toolbar cop and remove several things but this page keeps showing up this is the log from hijackthis , I have try to run the antivirus from www.housecall.antivirus.com but the explorer will quit when the applet starts to download , can this be becouse of the hijacking of the explorer???
Thanks
Logfile of HijackThis v1.97.7
Scan saved at 9:04:03 AM, on 8/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\System32\DRIVER
C:\WINDOWS\system32\cisvc.
C:\WINDOWS\system32\crypse
C:\WINDOWS\System32\tcpsvc
C:\WINDOWS\System32\snmp.e
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
C:\WINDOWS\system32\cidaem
C:\WINDOWS\system32\cidaem
C:\WINDOWS\System32\ezSP_P
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator.CEC
C:\WINDOWS\System32\ctfmon
C:\Documents and Settings\Administrator.CEC
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ntdk.exe
C:\WINDOWS\system32\ipxq.e
C:\Documents and Settings\Administrator.CEC
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E
O2 - BHO: (no name) - {5DCD2B4E-94CD-BAC9-A2ED-1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_P
O4 - HKLM\..\Run: [ntdk.exe] C:\WINDOWS\ntdk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKLM\..\RunOnce: [delsubmit] rundll32.exe advpack.dll,DelNodeRunDLL3
O4 - HKLM\..\RunOnce: [ipxq.exe] C:\WINDOWS\system32\ipxq.e
O4 - HKCU\..\RunOnce: [Updater] rundll32 C:\WINDOWS\msku\msku.dll,U
O9 - Extra button: AnyWho (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5
O16 - DPF: {AE563720-B4F5-11D4-A415-0
O16 - DPF: {C6637286-300D-11D4-AE0A-0
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {D702FBF4-EE60-11D0-BD5B-0
O16 - DPF: {F281A59C-7B65-11D3-8617-0
I
Thanks
Logfile of HijackThis v1.97.7
Scan saved at 9:04:03 AM, on 8/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\System32\DRIVER
C:\WINDOWS\system32\cisvc.
C:\WINDOWS\system32\crypse
C:\WINDOWS\System32\tcpsvc
C:\WINDOWS\System32\snmp.e
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
C:\WINDOWS\system32\cidaem
C:\WINDOWS\system32\cidaem
C:\WINDOWS\System32\ezSP_P
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator.CEC
C:\WINDOWS\System32\ctfmon
C:\Documents and Settings\Administrator.CEC
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ntdk.exe
C:\WINDOWS\system32\ipxq.e
C:\Documents and Settings\Administrator.CEC
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E
O2 - BHO: (no name) - {5DCD2B4E-94CD-BAC9-A2ED-1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_P
O4 - HKLM\..\Run: [ntdk.exe] C:\WINDOWS\ntdk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKLM\..\RunOnce: [delsubmit] rundll32.exe advpack.dll,DelNodeRunDLL3
O4 - HKLM\..\RunOnce: [ipxq.exe] C:\WINDOWS\system32\ipxq.e
O4 - HKCU\..\RunOnce: [Updater] rundll32 C:\WINDOWS\msku\msku.dll,U
O9 - Extra button: AnyWho (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5
O16 - DPF: {AE563720-B4F5-11D4-A415-0
O16 - DPF: {C6637286-300D-11D4-AE0A-0
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {D702FBF4-EE60-11D0-BD5B-0
O16 - DPF: {F281A59C-7B65-11D3-8617-0
I
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.