Logfile of HijackThis v1.98.2
Scan saved at 12:30:00 AM, on 9/18/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PDESK.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\WINDOWS\SYSTEM\SSDBG.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\HOTTRAY.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SPYDOCTOR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\NMAIN.EXE
C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OPERA7\OPERA.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\IAMAPP.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISSERV.EXE
C:\MAY2004\HIJACK\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://aifind.cc/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ultralinks.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://bad-url.com/start.php?
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
http://bad-url.com/start.php?
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://aifind.cc/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://aifind.cc/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://aifind.cc/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://bad-url.com/start.php?
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://aifind.cc/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 24.112.33.4:8080
F1 - win.ini: run=C:\WINDOWS\svcinit.exe
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.geocities.com/fenrirlancer/darkangel.html"); (C:\Program Files\Netscape\Users\default\prefs.js)
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_7.DLL (file missing)
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [couponsandoffers] wjview /cp

"C:\Program Files\couponsandoffers\System\Code" Main lp: "C:\Program Files\couponsandoffers"
O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [stubport] C:\WINDOWS\SYSTEM\stubport.exe
O4 - HKLM\..\Run: [Internal] 1
O4 - HKLM\..\Run: [Control] rundll32.exe C:\WINDOWS\SYSTEM\ctrlpan.dll,Restore ControlPanel
O4 - HKLM\..\Run: [ssdbg] C:\WINDOWS\SYSTEM\ssdbg.exe
O4 - HKLM\..\Run: [MsCheckout] C:\WINDOWS\FASTFIND.EXE
O4 - HKLM\..\Run: [ServicePack1] C:\WINDOWS\SP1UPDATE.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [jex] C:\WINDOWS\jex.exe
O4 - HKLM\..\Run: [000win32] C:\WINDOWS\SYSTEM\restorecrashwin32.bat
O4 - HKLM\..\Run: [WinLsass] C:\WINDOWS\SERVICEC.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SVC Service] C:\WINDOWS\SYSTEM\svcinit.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Startup: Keylogger Hunter.lnk = C:\Program Files\Keylogger Hunter\KeyloggerHunter.exe
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: Yahoo! PageBuilder -
http://pagebuilder.yahoo.com/members/tools/pagebuilder/prod/client.2.60.18/code/client.cab
O16 - DPF: ChatSpace Full Java Client 2.0.0.66 -
http://cgi.gamefaqs.com/chat/Java/cs4fs066.cab
k i did what u told me to do, is this right? o_o