Honest1 - Hijackthis log.

[Vape]

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 12:11:26 AM, on 4/16/05

 

 

 

Platform: Windows 98 SE (Win9x 4.10.2222A)

 

 

 

MSIE: Internet Explorer v5.00 (5.00.2614.3500)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\SYSTEM\KERNEL32.DLL

 

 

 

C:\WINDOWS\SYSTEM\MSGSRV32[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\MPREXE[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\MSTASK[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\MESSENGERPLUS! 3\MSGPLUS[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\mmtask.tsk

 

 

 

C:\WINDOWS\EXPLORER[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\TASKMON[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\SYSTRAY[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\ATICWD32[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\ATITASK[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\EASY KEYBOARD\EASYKEY[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\LOADQM[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\WMIEXE[Caution: ExecutableFile]

 

 

 

C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\DDHELP[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oinkhepohkatzvlmhkvhy.com/qF ... mbLBY.html

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uvsgvljgebyvxxhxxsotgdj.net/ ... nP3PU.html

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.e4me.com/start.html

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com

 

 

 

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL

 

 

 

O2 - BHO: (no name) - {B265B4E5-5905-B2F1-5F4A-ED8AA1FDBAB9} - C:\WINDOWS\APPLICATION DATA\RULE WMA\MEOW WAIT[Caution: ExecutableFile]

 

 

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

 

 

 

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL

 

 

 

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw[Caution: ExecutableFile] /autorun

 

 

 

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [systemTray] systray[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32[Caution: ExecutableFile] powrprof.dll,LoadCurrentPwrScheme

 

 

 

O4 - HKLM\..\Run: [AtiCwd32] Aticwd32[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [AtiKey] Atitask[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Easykey] C:\Program Files\Easy Keyboard\Easykey[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [sBWatchDog[Caution: ExecutableFile]] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog[Caution: ExecutableFile] /l

 

 

 

O4 - HKLM\..\Run: [soundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd

 

 

 

O4 - HKLM\..\Run: [LoadQM] loadqm[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [internetIsoLicenseVc] C:\WINDOWS\Application Data\ford type internet iso\gluedraw[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32[Caution: ExecutableFile] powrprof.dll,LoadCurrentPwrScheme

 

 

 

O4 - HKLM\..\RunServices: [schedulingAgent] c:\windows\SYSTEM\mstask[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus[Caution: ExecutableFile]"

 

 

 

O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - HKCU\..\Run: [Nurb Window] C:\WINDOWS\APPLIC~1\TIMESH~1\BlahStupid[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager[Caution: ExecutableFile] -quiet

 

 

 

O4 - Startup: WinZip Quick Pick.lnk = C:\My Documents\WinZip\WZQKPICK[Caution: ExecutableFile]

 

 

 

O4 - Startup: eWare Startup.lnk = C:\Program Files\eWare\iWareStart[Caution: ExecutableFile]

 

 

 

O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem[Caution: ExecutableFile]

 

 

 

O4 - Startup: Wireless-B PCI Adapter Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

 

 

 

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

 

 

 

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

 

 

 

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

 

 

 

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

 

 

 

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

 

 

 

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

 

 

 

O14 - IERESET.INF: START_PAGE_URL=www.e4me.com

 

 

 

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab

 

 

 

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab

[Hannibal]

First of all, visit Windows update. Your version of IE is out of date. Very out of date.

 

 

 

 

 

 

 

Fix:

 

 

 

 

 

 

certainly:

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oinkhepohkatzvlmhkvhy.com/qF ... mbLBY.html

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uvsgvljgebyvxxhxxsotgdj.net/ ... nP3PU.html

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.e4me.com/start.html

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com

 

 

 

O2 - BHO: (no name) - {B265B4E5-5905-B2F1-5F4A-ED8AA1FDBAB9} - C:\WINDOWS\APPLICATION DATA\RULE WMA\MEOW WAIT[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [sBWatchDog.e3e (CAUTION - executable file)] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.e3e (CAUTION - executable file) /l

 

 

 

probably:

 

 

 

O4 - HKLM\..\Run: [internetIsoLicenseVc] C:\WINDOWS\Application Data\ford type internet iso\gluedraw.e3e (CAUTION - executable file)

 

 

 

certainly:

 

 

 

O4 - HKCU\..\Run: [Nurb Window] C:\WINDOWS\APPLIC~1\TIMESH~1\BlahStupid.e3e (CAUTION - executable file)

 

 

 

O4 - Startup: eWare Startup.lnk = C:\Program Files\eWare\iWareStart.e3e (CAUTION - executable file)

 

 

 

O14 - IERESET.INF: START_PAGE_URL=www.e4me.com

 

 

 

 

 

 

 

 

 

 

Not sure if I got it all. There's some weird stuff on there, and I presume the 'eWare' stuff is not wanted.

[Hannibal]

I just realized, you may want to keep those Yahoo homepage things. You should also try to remove the SBWatchdog stuff using the Control Panel, before trying to do it 'bluntly' by using Hijackthis.