\r@doubleclick[1].txt
obj[69]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][2].txt
obj[70]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][2].txt
obj[71]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][1].txt
obj[72]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][1].txt
obj[73]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][1].txt
obj[74]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][1].txt
obj[75]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][1].txt
obj[76]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][1].txt
obj[77]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][1].txt
obj[78]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][1].txt
obj[79]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][2].txt
obj[80]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][1].txt
obj[81]=IECache Entry : C:\Documents and Settings\r\Cookies\r@estat[1].txt
obj[82]=IECache Entry : C:\Documents and Settings\r\Cookies\r@fastclick[2].txt
obj[83]=IECache Entry : C:\Documents and Settings\r\Cookies\r@fastclick[3].txt
obj[84]=IECache Entry : C:\Documents and Settings\r\Cookies\r@gator[1].txt
obj[85]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][1].txt
obj[86]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][1].txt
obj[87]=IECache Entry : C:\Documents and Settings\r\Cookies\r@hitbox[2].txt
obj[88]=IECache Entry : C:\Documents and Settings\r\Cookies\r@linksynergy[2].txt
obj[89]=IECache Entry : C:\Documents and Settings\r\Cookies\r@maxserving[1].txt
obj[90]=IECache Entry : C:\Documents and Settings\r\Cookies\r@mediaplex[2].txt
obj[91]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][1].txt
obj[92]=IECache Entry : C:\Documents and Settings\r\Cookies\r@overture[1].txt
obj[93]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][1].txt
obj[94]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][1].txt
obj[95]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][1].txt
obj[96]=IECache Entry : C:\Documents and Settings\r\Cookies\r@pointroll[2].txt
obj[97]=IECache Entry : C:\Documents and Settings\r\Cookies\r@qksrv[1].txt
obj[98]=IECache Entry : C:\Documents and Settings\r\Cookies\r@questionmarket[1].txt
obj[99]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][2].txt
obj[100]=IECache Entry : C:\Documents and Settings\r\Cookies\r@realmedia[1].txt
obj[101]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][2].txt
obj[102]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][2].txt
obj[103]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][2].txt
obj[104]=IECache Entry : C:\Documents and Settings\r\Cookies\r@serving-sys[2].txt
obj[105]=IECache Entry : C:\Documents and Settings\r\Cookies\r@specificclick[1].txt
obj[106]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][1].txt
obj[107]=IECache Entry : C:\Documents and Settings\r\Cookies\r@statcounter[1].txt
obj[108]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][2].txt
obj[109]=IECache Entry : C:\Documents and Settings\r\Cookies\r@tmpad[1].txt
obj[110]=IECache Entry : C:\Documents and Settings\r\Cookies\r@trafficmp[1].txt
obj[111]=IECache Entry : C:\Documents and Settings\r\Cookies\r@tribalfusion[1].txt
obj[112]=IECache Entry : C:\Documents and Settings\r\Cookies\r@tripod[1].txt
obj[113]=IECache Entry : C:\Documents and Settings\r\Cookies\r@valueclick[2].txt
obj[114]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][1].txt
obj[115]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][2].txt
obj[116]=IECache Entry : C:\Documents and Settings\r\Cookies\[email protected][2].txt
obj[117]=IECache Entry : C:\Documents and Settings\r\Cookies\r@zedo[1].txt
obj[118]=IECache Entry : C:\Documents and Settings\su\Cookies\[email protected][2].txt
obj[119]=IECache Entry : C:\Documents and Settings\su\Cookies\su@advertising[1].txt
obj[120]=IECache Entry : C:\Documents and Settings\su\Cookies\su@atdmt[2].txt
obj[121]=IECache Entry : C:\Documents and Settings\su\Cookies\[email protected][2].txt
obj[122]=IECache Entry : C:\Documents and Settings\su\Cookies\su@doubleclick[1].txt
obj[123]=IECache Entry : C:\Documents and Settings\su\Cookies\[email protected][1].txt
obj[124]=IECache Entry : C:\Documents and Settings\su\Cookies\su@hitbox[2].txt
obj[125]=IECache Entry : C:\Documents and Settings\su\Cookies\su@mediaplex[2].txt
obj[126]=IECache Entry : C:\Documents and Settings\su\Cookies\[email protected][1].txt
obj[127]=IECache Entry : C:\Documents and Settings\su\Cookies\[email protected][1].txt
obj[128]=IECache Entry : C:\Documents and Settings\su\Cookies\su@trafficmp[2].txt
obj[129]=IECache Entry : C:\Documents and Settings\su\Cookies\[email protected][2].txt
obj[130]=IECache Entry : C:\Documents and Settings\su\Cookies\[email protected][1].txt
obj[131]=IECache Entry : C:\WINDOWS\system32\config\systemprofile\Cookies\system@2o7[2].txt
obj[132]=IECache Entry : C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
BROADCASTPC
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[137]=File : C:\Documents and Settings\b\Local Settings\Temp\GLK23.tmp
BROWSERAID
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[138]=File : C:\Documents and Settings\r\Local Settings\Temporary Internet Files\Content.IE5\OJ3RAKD9\quicklaunch154[1].cab
HIJACK THIS! Log
Logfile of HijackThis v1.99.1
Scan saved at 12:44:44 PM, on 5/16/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Applications\Internet\NISUM.EXE
C:\Applications\Internet\ccPxySvc.exe
C:\Applications\Animation\Houdini4.0\bin\hserver.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\applications\media\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
c:\windows\system32\uviirws.exe
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe
C:\Program Files\palmOne\AlarmApp.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Applications\Words+Numbers\OpenOffice.org1.0.1\program\soffice.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\b\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32\nsvB0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\applications\media\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zmoboik] c:\windows\system32\uviirws.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [uoltray] C:\Applications\Utilities\Communication\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 1.0.1.lnk = C:\Applications\Words+Numbers\OpenOffice.org1.0.1\program\quickstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\palmOne\AlarmApp.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://c:\windows\downloaded program files\GoogleToolbar_en_1.1.70-big.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.konti...current/kdx.cab
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Applications\Internet\ccPxySvc.exe
O23 - Service: HServer - Unknown owner - C:\Applications\Animation\Houdini4.0\bin\hserver.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Applications\Internet\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE