Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Horse?


  • Please log in to reply

#1
deimbt

deimbt

    New Member

  • Member
  • Pip
  • 9 posts
Hello I would like some assistance with rehabilitating my Internet Explorer. I viewed some threads and believe based on other conversations I have a trojan horse:
I have to admit I was kinda stupid and deleting some things before I read that you should consult an expert :tazz:
Here is my thread from Hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 10:21:30 PM, on 5/24/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\APIHK32.EXE
C:\WINDOWS\MSYI.EXE
C:\WINDOWS\MFCQL32.EXE
C:\WINDOWS\SYSTEM\JAVAMW32.EXE
C:\WINDOWS\IELP32.EXE
C:\WINDOWS\SYSTEM\APPML.EXE
C:\WINDOWS\SYSTEM\IPPP32.EXE
C:\WINDOWS\IPRT.EXE
C:\WINDOWS\SYSTEM\NTYL32.EXE
C:\WINDOWS\SYSTEM\NTOK32.EXE
C:\WINDOWS\CRCQ.EXE
C:\WINDOWS\SYSTEM\MFCYN32.EXE
C:\WINDOWS\IPWC32.EXE
C:\WINDOWS\ADDNE.EXE
C:\WINDOWS\JAVAUO.EXE
C:\WINDOWS\NTRJ.EXE
C:\WINDOWS\JAVACX32.EXE
C:\WINDOWS\SYSTEM\APIIR32.EXE
C:\WINDOWS\SYSTEM\WINJQ32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MSMSGS.EXE
C:\WINDOWS\JAVAAG.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\BSW.EXE
C:\WINDOWS\SYSTEM\WINNOOK.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\FSSCRCTL.EXE
C:\PROGRAM FILES\SCOUR EXCHANGE\SX.EXE
C:\WINDOWS\SYSTEM\WINJQ32.EXE
C:\WINDOWS\SYSTEM\NETST32.EXE
C:\WINDOWS\SYSTEM\JAVAMW32.EXE
C:\WINDOWS\IELP32.EXE
C:\WINDOWS\JAVAUO.EXE
C:\WINDOWS\ADDGZ.EXE
C:\WINDOWS\CRCQ.EXE
C:\WINDOWS\SYSTEM\APPOX32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\NETSCAPE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\bfikz.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\bfikz.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\bfikz.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\bfikz.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\bfikz.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\bfikz.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\bfikz.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {44D255E6-2EF4-39C2-21AD-A22CFC343440} - C:\WINDOWS\MSER.DLL
O2 - BHO: Class - {7E895675-8786-0AE8-F4FB-E7CDC57A70B8} - C:\WINDOWS\APPVX32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\SYSTEM\msmsgs.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [JAVAAG.EXE] C:\WINDOWS\JAVAAG.EXE
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [APIHK32.EXE] C:\WINDOWS\SYSTEM\APIHK32.EXE /s
O4 - HKLM\..\RunServices: [MSYI.EXE] C:\WINDOWS\MSYI.EXE /s
O4 - HKLM\..\RunServices: [MFCQL32.EXE] C:\WINDOWS\MFCQL32.EXE /s
O4 - HKLM\..\RunServices: [JAVAMW32.EXE] C:\WINDOWS\SYSTEM\JAVAMW32.EXE /s
O4 - HKLM\..\RunServices: [IELP32.EXE] C:\WINDOWS\IELP32.EXE /s
O4 - HKLM\..\RunServices: [APPML.EXE] C:\WINDOWS\SYSTEM\APPML.EXE /s
O4 - HKLM\..\RunServices: [IPPP32.EXE] C:\WINDOWS\SYSTEM\IPPP32.EXE /s
O4 - HKLM\..\RunServices: [IPRT.EXE] C:\WINDOWS\IPRT.EXE /s
O4 - HKLM\..\RunServices: [NTYL32.EXE] C:\WINDOWS\SYSTEM\NTYL32.EXE /s
O4 - HKLM\..\RunServices: [NTOK32.EXE] C:\WINDOWS\SYSTEM\NTOK32.EXE /s
O4 - HKLM\..\RunServices: [CRCQ.EXE] C:\WINDOWS\CRCQ.EXE /s
O4 - HKLM\..\RunServices: [MFCYN32.EXE] C:\WINDOWS\SYSTEM\MFCYN32.EXE /s
O4 - HKLM\..\RunServices: [IPWC32.EXE] C:\WINDOWS\IPWC32.EXE /s
O4 - HKLM\..\RunServices: [ADDNE.EXE] C:\WINDOWS\ADDNE.EXE /s
O4 - HKLM\..\RunServices: [JAVAUO.EXE] C:\WINDOWS\JAVAUO.EXE /s
O4 - HKLM\..\RunServices: [NTRJ.EXE] C:\WINDOWS\NTRJ.EXE /s
O4 - HKLM\..\RunServices: [JAVACX32.EXE] C:\WINDOWS\JAVACX32.EXE /s
O4 - HKLM\..\RunServices: [APIIR32.EXE] C:\WINDOWS\SYSTEM\APIIR32.EXE /s
O4 - HKLM\..\RunServices: [WINJQ32.EXE] C:\WINDOWS\SYSTEM\WINJQ32.EXE /s
O4 - HKLM\..\RunServices: [NETST32.EXE] C:\WINDOWS\SYSTEM\NETST32.EXE /s
O4 - HKLM\..\RunServices: [ADDGZ.EXE] C:\WINDOWS\ADDGZ.EXE /s
O4 - HKLM\..\RunServices: [APPOX32.EXE] C:\WINDOWS\SYSTEM\APPOX32.EXE /s
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WindowsFY] C:\BSW.EXE
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\SYSTEM\winnook.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Startup: Scour Exchange.lnk = C:\Program Files\Scour Exchange\SX.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {34A54E9A-6A98-45EA-8B73-D8DF6BB515A6} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {34A54E9A-6A98-45EA-8B73-D8DF6BB515A6} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra button: Dell Home - {24A6FF20-6412-11D4-A864-602351C10000} - http://www.dellnet.com (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {34A54E9A-6A98-45EA-8B73-D8DF6BB515A6} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {34A54E9A-6A98-45EA-8B73-D8DF6BB515A6} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Wrong section to post in. Your problem is currently being taken care of at:

http://www.geekstogo...se_-t28626.html
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP