Vape Posted April 16, 2005 Share Posted April 16, 2005 Logfile of HijackThis v1.99.1 Scan saved at 12:11:26 AM, on 4/16/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.00 (5.00.2614.3500) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\MPREXE[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\MSTASK[Caution: ExecutableFile] C:\PROGRAM FILES\MESSENGERPLUS! 3\MSGPLUS[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER[Caution: ExecutableFile] C:\WINDOWS\TASKMON[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\SYSTRAY[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\ATICWD32[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\ATITASK[Caution: ExecutableFile] C:\PROGRAM FILES\EASY KEYBOARD\EASYKEY[Caution: ExecutableFile] C:\WINDOWS\LOADQM[Caution: ExecutableFile] C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR[Caution: ExecutableFile] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE[Caution: ExecutableFile] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM[Caution: ExecutableFile] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\WMIEXE[Caution: ExecutableFile] C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\DDHELP[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oinkhepohkatzvlmhkvhy.com/qF ... mbLBY.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uvsgvljgebyvxxhxxsotgdj.net/ ... nP3PU.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.e4me.com/start.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL O2 - BHO: (no name) - {B265B4E5-5905-B2F1-5F4A-ED8AA1FDBAB9} - C:\WINDOWS\APPLICATION DATA\RULE WMA\MEOW WAIT[Caution: ExecutableFile] O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw[Caution: ExecutableFile] /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon[Caution: ExecutableFile] O4 - HKLM\..\Run: [systemTray] systray[Caution: ExecutableFile] O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32[Caution: ExecutableFile] powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [AtiCwd32] Aticwd32[Caution: ExecutableFile] O4 - HKLM\..\Run: [AtiKey] Atitask[Caution: ExecutableFile] O4 - HKLM\..\Run: [Easykey] C:\Program Files\Easy Keyboard\Easykey[Caution: ExecutableFile] O4 - HKLM\..\Run: [sBWatchDog[Caution: ExecutableFile]] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog[Caution: ExecutableFile] /l O4 - HKLM\..\Run: [soundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd O4 - HKLM\..\Run: [LoadQM] loadqm[Caution: ExecutableFile] O4 - HKLM\..\Run: [internetIsoLicenseVc] C:\WINDOWS\Application Data\ford type internet iso\gluedraw[Caution: ExecutableFile] O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32[Caution: ExecutableFile] powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [schedulingAgent] c:\windows\SYSTEM\mstask[Caution: ExecutableFile] O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus[Caution: ExecutableFile]" O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [Nurb Window] C:\WINDOWS\APPLIC~1\TIMESH~1\BlahStupid[Caution: ExecutableFile] O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager[Caution: ExecutableFile] -quiet O4 - Startup: WinZip Quick Pick.lnk = C:\My Documents\WinZip\WZQKPICK[Caution: ExecutableFile] O4 - Startup: eWare Startup.lnk = C:\Program Files\eWare\iWareStart[Caution: ExecutableFile] O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem[Caution: ExecutableFile] O4 - Startup: Wireless-B PCI Adapter Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg[Caution: ExecutableFile] O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL O14 - IERESET.INF: START_PAGE_URL=www.e4me.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab Where the bloody hell are you? Link to comment Share on other sites More sharing options...
Hannibal Posted April 16, 2005 Share Posted April 16, 2005 First of all, visit Windows update. Your version of IE is out of date. Very out of date. Fix: certainly: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oinkhepohkatzvlmhkvhy.com/qF ... mbLBY.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uvsgvljgebyvxxhxxsotgdj.net/ ... nP3PU.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.e4me.com/start.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com O2 - BHO: (no name) - {B265B4E5-5905-B2F1-5F4A-ED8AA1FDBAB9} - C:\WINDOWS\APPLICATION DATA\RULE WMA\MEOW WAIT[Caution: ExecutableFile] O4 - HKLM\..\Run: [sBWatchDog.e3e (CAUTION - executable file)] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.e3e (CAUTION - executable file) /l probably: O4 - HKLM\..\Run: [internetIsoLicenseVc] C:\WINDOWS\Application Data\ford type internet iso\gluedraw.e3e (CAUTION - executable file) certainly: O4 - HKCU\..\Run: [Nurb Window] C:\WINDOWS\APPLIC~1\TIMESH~1\BlahStupid.e3e (CAUTION - executable file) O4 - Startup: eWare Startup.lnk = C:\Program Files\eWare\iWareStart.e3e (CAUTION - executable file) O14 - IERESET.INF: START_PAGE_URL=www.e4me.com Not sure if I got it all. There's some weird stuff on there, and I presume the 'eWare' stuff is not wanted. Link to comment Share on other sites More sharing options...
Hannibal Posted April 16, 2005 Share Posted April 16, 2005 I just realized, you may want to keep those Yahoo homepage things. You should also try to remove the SBWatchdog stuff using the Control Panel, before trying to do it 'bluntly' by using Hijackthis. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now