Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Invalid Backweb

Reply
Thread Tools

Invalid Backweb

 
 
Mike Doherty
Guest
Posts: n/a
 
      01-30-2004
How can I get rid of the message "Invalid Backweb Application id7288971
appearing on my desktop everytime I startup my Home XP computer.
Also ... what does it mean?

--
Mike Doherty


 
Reply With Quote
 
 
 
 
Gareth Slee
Guest
Posts: n/a
 
      01-30-2004
"Mike Doherty" <(E-Mail Removed)> wrote in message
news:bvdn8p$61$(E-Mail Removed)...
> How can I get rid of the message "Invalid Backweb Application id7288971
> appearing on my desktop everytime I startup my Home XP computer.
> Also ... what does it mean?
>




Googled and came up with this

"Use MSConfig, got to the Startup Tab and look for a reference to Backweb
and
uncheck any entry relating to this application. Backweb is often installed
by Compaq, HP, Logitech and some other software houses to enable remote
support and updating of their product. You may also find that you have an
entry in Add/Remove Programs that relates to Backweb such as "Service
Connection (BackWEB)". It is possible that you have already
uninstalled/removed Backweb but failed to remove the entry in the start-up
axis that is attempting to launch this application each time you boot your
PC."

HTH
Gareth


 
Reply With Quote
 
 
 
 
Harrison
Guest
Posts: n/a
 
      01-30-2004
Download, install, update, and run the following programs:
Adaware - http://www.lavasoftusa.com/
Spybot Search and Destroy - http://security.kolla.de/
Spyware Blaster - http://www.wilderssecurity.net/spywareblaster.html

The first two find and root out spyware, adware, hijackers, and
dialers.
The third one will protect your system from further infection by such
diseases.

Optionally: Download and run hijackthis from
http://mjc1.com/mirror/hjt/
and paste the results here for further review.

On Fri, 30 Jan 2004 13:47:05 +0000 (UTC), "Mike Doherty"
<(E-Mail Removed)> wrote:

>How can I get rid of the message "Invalid Backweb Application id7288971
>appearing on my desktop everytime I startup my Home XP computer.
>Also ... what does it mean?


 
Reply With Quote
 
Mike Doherty
Guest
Posts: n/a
 
      01-30-2004
Logfile of HijackThis v1.97.7
Scan saved at 19:39:48, on 30/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\PersMan\VBTDiaryMonitor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\BTopenworld\DialBTIAnytime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.meshcomputers.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.hotbar.com/dyn/hotbar/3.0...chPageHome.htm
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program
Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program
Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
Money\System\Activation.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
5.0 Home Edition\CAgent.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
Favorites\pbmarks.exe /S
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - Global Startup: Diary Monitor.lnk = C:\Program
Files\PersMan\VBTDiaryMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
Files\Kodak\Picture Easy Software\Program\PezDownload.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
(IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
http://www.phonicfriend.co.uk/PhonicFriend.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
NameServer = 213.1.119.99 213.1.119.100

Logfile of HijackThis v1.97.7
Scan saved at 19:39:48, on 30/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\PersMan\VBTDiaryMonitor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\BTopenworld\DialBTIAnytime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.meshcomputers.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.hotbar.com/dyn/hotbar/3.0...chPageHome.htm
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program
Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program
Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
Money\System\Activation.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
5.0 Home Edition\CAgent.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
Favorites\pbmarks.exe /S
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - Global Startup: Diary Monitor.lnk = C:\Program
Files\PersMan\VBTDiaryMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
Files\Kodak\Picture Easy Software\Program\PezDownload.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
(IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
http://www.phonicfriend.co.uk/PhonicFriend.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
NameServer = 213.1.119.99 213.1.119.100

Logfile of HijackThis v1.97.7
Scan saved at 19:39:48, on 30/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\PersMan\VBTDiaryMonitor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\BTopenworld\DialBTIAnytime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.meshcomputers.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.hotbar.com/dyn/hotbar/3.0...chPageHome.htm
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program
Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program
Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
Money\System\Activation.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
5.0 Home Edition\CAgent.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
Favorites\pbmarks.exe /S
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - Global Startup: Diary Monitor.lnk = C:\Program
Files\PersMan\VBTDiaryMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
Files\Kodak\Picture Easy Software\Program\PezDownload.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
(IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
http://www.phonicfriend.co.uk/PhonicFriend.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
NameServer = 213.1.119.99 213.1.119.100

Logfile of HijackThis v1.97.7
Scan saved at 19:39:48, on 30/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\PersMan\VBTDiaryMonitor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\BTopenworld\DialBTIAnytime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.meshcomputers.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.hotbar.com/dyn/hotbar/3.0...chPageHome.htm
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program
Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program
Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
Money\System\Activation.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
5.0 Home Edition\CAgent.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
Favorites\pbmarks.exe /S
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - Global Startup: Diary Monitor.lnk = C:\Program
Files\PersMan\VBTDiaryMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
Files\Kodak\Picture Easy Software\Program\PezDownload.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
(IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
http://www.phonicfriend.co.uk/PhonicFriend.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
NameServer = 213.1.119.99 213.1.119.100

Logfile of HijackThis v1.97.7
Scan saved at 19:39:48, on 30/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\PersMan\VBTDiaryMonitor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\BTopenworld\DialBTIAnytime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.meshcomputers.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.hotbar.com/dyn/hotbar/3.0...chPageHome.htm
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program
Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program
Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
Money\System\Activation.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
5.0 Home Edition\CAgent.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
Favorites\pbmarks.exe /S
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - Global Startup: Diary Monitor.lnk = C:\Program
Files\PersMan\VBTDiaryMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
Files\Kodak\Picture Easy Software\Program\PezDownload.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
(IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
http://www.phonicfriend.co.uk/PhonicFriend.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
NameServer = 213.1.119.99 213.1.119.100

Logfile of HijackThis v1.97.7
Scan saved at 19:39:48, on 30/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\PersMan\VBTDiaryMonitor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\BTopenworld\DialBTIAnytime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.meshcomputers.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.hotbar.com/dyn/hotbar/3.0...chPageHome.htm
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program
Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program
Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
Money\System\Activation.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
5.0 Home Edition\CAgent.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
Favorites\pbmarks.exe /S
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - Global Startup: Diary Monitor.lnk = C:\Program
Files\PersMan\VBTDiaryMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
Files\Kodak\Picture Easy Software\Program\PezDownload.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
(IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
http://www.phonicfriend.co.uk/PhonicFriend.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
NameServer = 213.1.119.99 213.1.119.100

Logfile of HijackThis v1.97.7
Scan saved at 19:39:48, on 30/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\PersMan\VBTDiaryMonitor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\BTopenworld\DialBTIAnytime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.meshcomputers.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.hotbar.com/dyn/hotbar/3.0...chPageHome.htm
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program
Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program
Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
Money\System\Activation.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
5.0 Home Edition\CAgent.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
Favorites\pbmarks.exe /S
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - Global Startup: Diary Monitor.lnk = C:\Program
Files\PersMan\VBTDiaryMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
Files\Kodak\Picture Easy Software\Program\PezDownload.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
(IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
http://www.phonicfriend.co.uk/PhonicFriend.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
NameServer = 213.1.119.99 213.1.119.100

Logfile of HijackThis v1.97.7
Scan saved at 19:39:48, on 30/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\PersMan\VBTDiaryMonitor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\BTopenworld\DialBTIAnytime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.meshcomputers.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.hotbar.com/dyn/hotbar/3.0...chPageHome.htm
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program
Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program
Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
Money\System\Activation.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
5.0 Home Edition\CAgent.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
Favorites\pbmarks.exe /S
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - Global Startup: Diary Monitor.lnk = C:\Program
Files\PersMan\VBTDiaryMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
Files\Kodak\Picture Easy Software\Program\PezDownload.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
(IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
http://www.phonicfriend.co.uk/PhonicFriend.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
NameServer = 213.1.119.99 213.1.119.100

Logfile of HijackThis v1.97.7
Scan saved at 19:39:48, on 30/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\PersMan\VBTDiaryMonitor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\BTopenworld\DialBTIAnytime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.meshcomputers.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.hotbar.com/dyn/hotbar/3.0...chPageHome.htm
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program
Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program
Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
Money\System\Activation.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
5.0 Home Edition\CAgent.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
Favorites\pbmarks.exe /S
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - Global Startup: Diary Monitor.lnk = C:\Program
Files\PersMan\VBTDiaryMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
Files\Kodak\Picture Easy Software\Program\PezDownload.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
(IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
http://www.phonicfriend.co.uk/PhonicFriend.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
NameServer = 213.1.119.99 213.1.119.100

Logfile of HijackThis v1.97.7
Scan saved at 19:39:48, on 30/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\PersMan\VBTDiaryMonitor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\BTopenworld\DialBTIAnytime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.meshcomputers.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.hotbar.com/dyn/hotbar/3.0...chPageHome.htm
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program
Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program
Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
Money\System\Activation.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
5.0 Home Edition\CAgent.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
Favorites\pbmarks.exe /S
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - Global Startup: Diary Monitor.lnk = C:\Program
Files\PersMan\VBTDiaryMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
Files\Kodak\Picture Easy Software\Program\PezDownload.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
(IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
http://www.phonicfriend.co.uk/PhonicFriend.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
NameServer = 213.1.119.99 213.1.119.100

Logfile of HijackThis v1.97.7
Scan saved at 19:39:48, on 30/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\PersMan\VBTDiaryMonitor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\BTopenworld\DialBTIAnytime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.meshcomputers.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.hotbar.com/dyn/hotbar/3.0...chPageHome.htm
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program
Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program
Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
Money\System\Activation.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
5.0 Home Edition\CAgent.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
Favorites\pbmarks.exe /S
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - Global Startup: Diary Monitor.lnk = C:\Program
Files\PersMan\VBTDiaryMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
Files\Kodak\Picture Easy Software\Program\PezDownload.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
(IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
http://www.phonicfriend.co.uk/PhonicFriend.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
NameServer = 213.1.119.99 213.1.119.100

Logfile of HijackThis v1.97.7
Scan saved at 19:39:48, on 30/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\PersMan\VBTDiaryMonitor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\BTopenworld\DialBTIAnytime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.meshcomputers.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.hotbar.com/dyn/hotbar/3.0...chPageHome.htm
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program
Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program
Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
Money\System\Activation.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
5.0 Home Edition\CAgent.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
Favorites\pbmarks.exe /S
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - Global Startup: Diary Monitor.lnk = C:\Program
Files\PersMan\VBTDiaryMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
Files\Kodak\Picture Easy Software\Program\PezDownload.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
(IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
http://www.phonicfriend.co.uk/PhonicFriend.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
NameServer = 213.1.119.99 213.1.119.100

Logfile of HijackThis v1.97.7
Scan saved at 19:39:48, on 30/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\PersMan\VBTDiaryMonitor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\BTopenworld\DialBTIAnytime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.meshcomputers.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.hotbar.com/dyn/hotbar/3.0...chPageHome.htm
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program
Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program
Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
Money\System\Activation.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
5.0 Home Edition\CAgent.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
Favorites\pbmarks.exe /S
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - Global Startup: Diary Monitor.lnk = C:\Program
Files\PersMan\VBTDiaryMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
Files\Kodak\Picture Easy Software\Program\PezDownload.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
(IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
http://www.phonicfriend.co.uk/PhonicFriend.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
NameServer = 213.1.119.99 213.1.119.100

Logfile of HijackThis v1.97.7
Scan saved at 19:39:48, on 30/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\PersMan\VBTDiaryMonitor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\BTopenworld\DialBTIAnytime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.btopenworld.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.meshcomputers.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.hotbar.com/dyn/hotbar/3.0...chPageHome.htm
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program
Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program
Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
Money\System\Activation.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
5.0 Home Edition\CAgent.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
Favorites\pbmarks.exe /S
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - Global Startup: Diary Monitor.lnk = C:\Program
Files\PersMan\VBTDiaryMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
Files\Kodak\Picture Easy Software\Program\PezDownload.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
(IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
http://www.phonicfriend.co.uk/PhonicFriend.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
NameServer = 213.1.119.99 213.1.119.100


<Harrison> wrote in message
news:(E-Mail Removed)...
> Download, install, update, and run the following programs:
> Adaware - http://www.lavasoftusa.com/
> Spybot Search and Destroy - http://security.kolla.de/
> Spyware Blaster - http://www.wilderssecurity.net/spywareblaster.html
>
> The first two find and root out spyware, adware, hijackers, and
> dialers.
> The third one will protect your system from further infection by such
> diseases.
>
> Optionally: Download and run hijackthis from
> http://mjc1.com/mirror/hjt/
> and paste the results here for further review.
>
> On Fri, 30 Jan 2004 13:47:05 +0000 (UTC), "Mike Doherty"
> <(E-Mail Removed)> wrote:
>
> >How can I get rid of the message "Invalid Backweb Application id7288971
> >appearing on my desktop everytime I startup my Home XP computer.
> >Also ... what does it mean?

>





 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Compaq and BackWeb? TJ Computer Support 17 11-11-2003 02:17 PM
Backweb error David Peterson Computer Support 1 10-30-2003 03:02 PM
Backweb PWB Computer Support 5 09-21-2003 06:30 AM
Backweb Lite PWB Computer Support 2 08-13-2003 04:12 PM
backWeb-728871.exe...What is it? Gunjani Computer Support 6 07-12-2003 05:30 PM



Advertisments