Logfile of HijackThis v1.94.0
Scan saved at 21:59:01, on 10-6-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL=http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://s32196.tdak.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=c31318.tdak.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.the-exit.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://s32196.tdak.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.the-exit.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.the-exit.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://s32196.tdak.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.the-exit.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.the-exit.com
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Activater - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - C:\Program Files\CommonName\Toolbar\CNBarIE.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_80.dll
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: BabeIE - {A6475E6B-3C2E-4B1F-82FD-8F1C0B1D8AD0} - C:\Program Files\CommonName\Toolbar\BabeIE.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\bin\apuc.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: CommonName - {A3E3F04C-F98C-4295-95EF-41C57425B077} - C:\Program Files\CommonName\Toolbar\CNBarIE.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp
"C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [Zip Driver Loader] C:\WINDOWS\ZipLoad32.exe
O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINDOWS\System\WinStart001.EXE -b
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [msbb] C:\Program Files\n-CASE\msbb.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [yrbrv] C:\DOCUME~1\KEESEN~1\APPLIC~1\craeoajy.exe -QuieT
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: >>> HARDCORE MOVIES <<< - javascript:{document.location='http://neosexvideo.com/webmasters/df052/access.htm';}
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\Toolbar\createnote.htm
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
O8 - Extra context menu item: Ontvang alles met FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: Ontvang met FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Ebates (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O11 - Options group: [CommonName] CommonName
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) -
http://quickfix.chello.nl/sdccommon/download/tgctlins.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {5DD7B3BE-FDEC-4563-B038-FF80F2345B89} (Fswinst Control) -
http://www.newtopsites.com/fswinst.cab
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} -
http://www.terra.es/personal9/centuryrules/wrn/mp3_plugin.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37604.0395833333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = K15702.tdak.com
O17 - HKLM\Software\..\Telephony: DomainName = K15702.tdak.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{40D34F1D-9037-49B0-867D-224178D8C8F0}: Domain = K15702.tdak.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{772BF807-6378-4693-BD57-23B93CC1CA65}: Domain = K15702.tdak.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E896BA53-42C8-443C-B69F-2EE1888339E7}: Domain = K15702.tdak.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = K15702.tdak.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{40D34F1D-9037-49B0-867D-224178D8C8F0}: Domain = K15702.tdak.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = K15702.tdak.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{40D34F1D-9037-49B0-867D-224178D8C8F0}: Domain = K15702.tdak.com