Invalid Backweb

Discussion in 'Computer Support' started by Mike Doherty, Jan 30, 2004.

  1. Mike Doherty

    Mike Doherty Guest

    How can I get rid of the message "Invalid Backweb Application id7288971
    appearing on my desktop everytime I startup my Home XP computer.
    Also ... what does it mean?

    --
    Mike Doherty
    Mike Doherty, Jan 30, 2004
    #1
    1. Advertising

  2. Mike Doherty

    Gareth Slee Guest

    "Mike Doherty" <> wrote in message
    news:bvdn8p$61$...
    > How can I get rid of the message "Invalid Backweb Application id7288971
    > appearing on my desktop everytime I startup my Home XP computer.
    > Also ... what does it mean?
    >




    Googled and came up with this

    "Use MSConfig, got to the Startup Tab and look for a reference to Backweb
    and
    uncheck any entry relating to this application. Backweb is often installed
    by Compaq, HP, Logitech and some other software houses to enable remote
    support and updating of their product. You may also find that you have an
    entry in Add/Remove Programs that relates to Backweb such as "Service
    Connection (BackWEB)". It is possible that you have already
    uninstalled/removed Backweb but failed to remove the entry in the start-up
    axis that is attempting to launch this application each time you boot your
    PC."

    HTH
    Gareth
    Gareth Slee, Jan 30, 2004
    #2
    1. Advertising

  3. Mike Doherty

    Harrison Guest

    Download, install, update, and run the following programs:
    Adaware - http://www.lavasoftusa.com/
    Spybot Search and Destroy - http://security.kolla.de/
    Spyware Blaster - http://www.wilderssecurity.net/spywareblaster.html

    The first two find and root out spyware, adware, hijackers, and
    dialers.
    The third one will protect your system from further infection by such
    diseases.

    Optionally: Download and run hijackthis from
    http://mjc1.com/mirror/hjt/
    and paste the results here for further review.

    On Fri, 30 Jan 2004 13:47:05 +0000 (UTC), "Mike Doherty"
    <> wrote:

    >How can I get rid of the message "Invalid Backweb Application id7288971
    >appearing on my desktop everytime I startup my Home XP computer.
    >Also ... what does it mean?
    Harrison, Jan 30, 2004
    #3
  4. Mike Doherty

    Mike Doherty Guest

    Logfile of HijackThis v1.97.7
    Scan saved at 19:39:48, on 30/01/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\ZipToA.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
    C:\Program Files\Washer\washer.exe
    C:\Program Files\PersMan\VBTDiaryMonitor.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\Program Files\BTopenworld\DialBTIAnytime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
    hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.meshcomputers.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
    Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
    Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
    Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program
    Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [CTAvTray] C:\Program
    Files\Creative\SBLive\Program\CTAvTray.EXE
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
    Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
    Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
    Money\System\Activation.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
    5.0 Home Edition\CAgent.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
    Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
    Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
    Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    O4 - HKLM\..\Run: [windows auto update] msblast.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
    Files\Iomega\AutoDisk\AD2KClient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
    Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
    Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
    Favorites\pbmarks.exe /S
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
    Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
    O4 - Global Startup: Diary Monitor.lnk = C:\Program
    Files\PersMan\VBTDiaryMonitor.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
    C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
    Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
    Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
    Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O8 - Extra context menu item: &Download with &DAP -
    C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP -
    C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Money Viewer (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
    http://www.phonicfriend.co.uk/PhonicFriend.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_7.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
    NameServer = 213.1.119.99 213.1.119.100

    Logfile of HijackThis v1.97.7
    Scan saved at 19:39:48, on 30/01/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\ZipToA.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
    C:\Program Files\Washer\washer.exe
    C:\Program Files\PersMan\VBTDiaryMonitor.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\Program Files\BTopenworld\DialBTIAnytime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
    hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.meshcomputers.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
    Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
    Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
    Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program
    Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [CTAvTray] C:\Program
    Files\Creative\SBLive\Program\CTAvTray.EXE
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
    Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
    Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
    Money\System\Activation.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
    5.0 Home Edition\CAgent.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
    Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
    Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
    Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    O4 - HKLM\..\Run: [windows auto update] msblast.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
    Files\Iomega\AutoDisk\AD2KClient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
    Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
    Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
    Favorites\pbmarks.exe /S
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
    Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
    O4 - Global Startup: Diary Monitor.lnk = C:\Program
    Files\PersMan\VBTDiaryMonitor.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
    C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
    Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
    Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
    Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O8 - Extra context menu item: &Download with &DAP -
    C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP -
    C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Money Viewer (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
    http://www.phonicfriend.co.uk/PhonicFriend.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_7.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
    NameServer = 213.1.119.99 213.1.119.100

    Logfile of HijackThis v1.97.7
    Scan saved at 19:39:48, on 30/01/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\ZipToA.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
    C:\Program Files\Washer\washer.exe
    C:\Program Files\PersMan\VBTDiaryMonitor.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\Program Files\BTopenworld\DialBTIAnytime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
    hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.meshcomputers.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
    Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
    Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
    Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program
    Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [CTAvTray] C:\Program
    Files\Creative\SBLive\Program\CTAvTray.EXE
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
    Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
    Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
    Money\System\Activation.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
    5.0 Home Edition\CAgent.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
    Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
    Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
    Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    O4 - HKLM\..\Run: [windows auto update] msblast.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
    Files\Iomega\AutoDisk\AD2KClient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
    Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
    Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
    Favorites\pbmarks.exe /S
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
    Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
    O4 - Global Startup: Diary Monitor.lnk = C:\Program
    Files\PersMan\VBTDiaryMonitor.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
    C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
    Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
    Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
    Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O8 - Extra context menu item: &Download with &DAP -
    C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP -
    C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Money Viewer (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
    http://www.phonicfriend.co.uk/PhonicFriend.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_7.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
    NameServer = 213.1.119.99 213.1.119.100

    Logfile of HijackThis v1.97.7
    Scan saved at 19:39:48, on 30/01/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\ZipToA.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
    C:\Program Files\Washer\washer.exe
    C:\Program Files\PersMan\VBTDiaryMonitor.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\Program Files\BTopenworld\DialBTIAnytime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
    hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.meshcomputers.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
    Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
    Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
    Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program
    Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [CTAvTray] C:\Program
    Files\Creative\SBLive\Program\CTAvTray.EXE
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
    Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
    Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
    Money\System\Activation.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
    5.0 Home Edition\CAgent.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
    Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
    Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
    Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    O4 - HKLM\..\Run: [windows auto update] msblast.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
    Files\Iomega\AutoDisk\AD2KClient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
    Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
    Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
    Favorites\pbmarks.exe /S
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
    Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
    O4 - Global Startup: Diary Monitor.lnk = C:\Program
    Files\PersMan\VBTDiaryMonitor.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
    C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
    Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
    Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
    Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O8 - Extra context menu item: &Download with &DAP -
    C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP -
    C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Money Viewer (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
    http://www.phonicfriend.co.uk/PhonicFriend.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_7.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
    NameServer = 213.1.119.99 213.1.119.100

    Logfile of HijackThis v1.97.7
    Scan saved at 19:39:48, on 30/01/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\ZipToA.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
    C:\Program Files\Washer\washer.exe
    C:\Program Files\PersMan\VBTDiaryMonitor.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\Program Files\BTopenworld\DialBTIAnytime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
    hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.meshcomputers.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
    Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
    Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
    Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program
    Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [CTAvTray] C:\Program
    Files\Creative\SBLive\Program\CTAvTray.EXE
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
    Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
    Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
    Money\System\Activation.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
    5.0 Home Edition\CAgent.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
    Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
    Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
    Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    O4 - HKLM\..\Run: [windows auto update] msblast.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
    Files\Iomega\AutoDisk\AD2KClient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
    Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
    Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
    Favorites\pbmarks.exe /S
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
    Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
    O4 - Global Startup: Diary Monitor.lnk = C:\Program
    Files\PersMan\VBTDiaryMonitor.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
    C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
    Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
    Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
    Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O8 - Extra context menu item: &Download with &DAP -
    C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP -
    C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Money Viewer (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
    http://www.phonicfriend.co.uk/PhonicFriend.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_7.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
    NameServer = 213.1.119.99 213.1.119.100

    Logfile of HijackThis v1.97.7
    Scan saved at 19:39:48, on 30/01/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\ZipToA.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
    C:\Program Files\Washer\washer.exe
    C:\Program Files\PersMan\VBTDiaryMonitor.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\Program Files\BTopenworld\DialBTIAnytime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
    hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.meshcomputers.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
    Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
    Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
    Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program
    Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [CTAvTray] C:\Program
    Files\Creative\SBLive\Program\CTAvTray.EXE
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
    Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
    Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
    Money\System\Activation.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
    5.0 Home Edition\CAgent.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
    Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
    Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
    Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    O4 - HKLM\..\Run: [windows auto update] msblast.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
    Files\Iomega\AutoDisk\AD2KClient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
    Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
    Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
    Favorites\pbmarks.exe /S
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
    Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
    O4 - Global Startup: Diary Monitor.lnk = C:\Program
    Files\PersMan\VBTDiaryMonitor.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
    C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
    Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
    Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
    Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O8 - Extra context menu item: &Download with &DAP -
    C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP -
    C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Money Viewer (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
    http://www.phonicfriend.co.uk/PhonicFriend.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_7.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
    NameServer = 213.1.119.99 213.1.119.100

    Logfile of HijackThis v1.97.7
    Scan saved at 19:39:48, on 30/01/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\ZipToA.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
    C:\Program Files\Washer\washer.exe
    C:\Program Files\PersMan\VBTDiaryMonitor.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\Program Files\BTopenworld\DialBTIAnytime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
    hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.meshcomputers.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
    Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
    Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
    Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program
    Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [CTAvTray] C:\Program
    Files\Creative\SBLive\Program\CTAvTray.EXE
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
    Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
    Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
    Money\System\Activation.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
    5.0 Home Edition\CAgent.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
    Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
    Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
    Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    O4 - HKLM\..\Run: [windows auto update] msblast.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
    Files\Iomega\AutoDisk\AD2KClient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
    Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
    Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
    Favorites\pbmarks.exe /S
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
    Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
    O4 - Global Startup: Diary Monitor.lnk = C:\Program
    Files\PersMan\VBTDiaryMonitor.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
    C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
    Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
    Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
    Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O8 - Extra context menu item: &Download with &DAP -
    C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP -
    C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Money Viewer (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
    http://www.phonicfriend.co.uk/PhonicFriend.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_7.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
    NameServer = 213.1.119.99 213.1.119.100

    Logfile of HijackThis v1.97.7
    Scan saved at 19:39:48, on 30/01/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\ZipToA.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
    C:\Program Files\Washer\washer.exe
    C:\Program Files\PersMan\VBTDiaryMonitor.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\Program Files\BTopenworld\DialBTIAnytime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
    hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.meshcomputers.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
    Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
    Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
    Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program
    Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [CTAvTray] C:\Program
    Files\Creative\SBLive\Program\CTAvTray.EXE
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
    Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
    Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
    Money\System\Activation.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
    5.0 Home Edition\CAgent.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
    Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
    Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
    Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    O4 - HKLM\..\Run: [windows auto update] msblast.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
    Files\Iomega\AutoDisk\AD2KClient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
    Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
    Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
    Favorites\pbmarks.exe /S
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
    Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
    O4 - Global Startup: Diary Monitor.lnk = C:\Program
    Files\PersMan\VBTDiaryMonitor.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
    C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
    Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
    Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
    Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O8 - Extra context menu item: &Download with &DAP -
    C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP -
    C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Money Viewer (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
    http://www.phonicfriend.co.uk/PhonicFriend.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_7.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
    NameServer = 213.1.119.99 213.1.119.100

    Logfile of HijackThis v1.97.7
    Scan saved at 19:39:48, on 30/01/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\ZipToA.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
    C:\Program Files\Washer\washer.exe
    C:\Program Files\PersMan\VBTDiaryMonitor.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\Program Files\BTopenworld\DialBTIAnytime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
    hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.meshcomputers.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
    Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
    Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
    Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program
    Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [CTAvTray] C:\Program
    Files\Creative\SBLive\Program\CTAvTray.EXE
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
    Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
    Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
    Money\System\Activation.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
    5.0 Home Edition\CAgent.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
    Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
    Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
    Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    O4 - HKLM\..\Run: [windows auto update] msblast.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
    Files\Iomega\AutoDisk\AD2KClient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
    Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
    Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
    Favorites\pbmarks.exe /S
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
    Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
    O4 - Global Startup: Diary Monitor.lnk = C:\Program
    Files\PersMan\VBTDiaryMonitor.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
    C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
    Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
    Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
    Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O8 - Extra context menu item: &Download with &DAP -
    C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP -
    C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Money Viewer (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
    http://www.phonicfriend.co.uk/PhonicFriend.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_7.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
    NameServer = 213.1.119.99 213.1.119.100

    Logfile of HijackThis v1.97.7
    Scan saved at 19:39:48, on 30/01/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\ZipToA.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
    C:\Program Files\Washer\washer.exe
    C:\Program Files\PersMan\VBTDiaryMonitor.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\Program Files\BTopenworld\DialBTIAnytime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
    hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.meshcomputers.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
    Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
    Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
    Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program
    Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [CTAvTray] C:\Program
    Files\Creative\SBLive\Program\CTAvTray.EXE
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
    Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
    Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
    Money\System\Activation.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
    5.0 Home Edition\CAgent.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
    Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
    Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
    Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    O4 - HKLM\..\Run: [windows auto update] msblast.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
    Files\Iomega\AutoDisk\AD2KClient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
    Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
    Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
    Favorites\pbmarks.exe /S
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
    Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
    O4 - Global Startup: Diary Monitor.lnk = C:\Program
    Files\PersMan\VBTDiaryMonitor.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
    C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
    Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
    Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
    Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O8 - Extra context menu item: &Download with &DAP -
    C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP -
    C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Money Viewer (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
    http://www.phonicfriend.co.uk/PhonicFriend.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_7.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
    NameServer = 213.1.119.99 213.1.119.100

    Logfile of HijackThis v1.97.7
    Scan saved at 19:39:48, on 30/01/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\ZipToA.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
    C:\Program Files\Washer\washer.exe
    C:\Program Files\PersMan\VBTDiaryMonitor.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\Program Files\BTopenworld\DialBTIAnytime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
    hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.meshcomputers.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
    Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
    Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
    Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program
    Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [CTAvTray] C:\Program
    Files\Creative\SBLive\Program\CTAvTray.EXE
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
    Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
    Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
    Money\System\Activation.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
    5.0 Home Edition\CAgent.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
    Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
    Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
    Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    O4 - HKLM\..\Run: [windows auto update] msblast.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
    Files\Iomega\AutoDisk\AD2KClient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
    Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
    Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
    Favorites\pbmarks.exe /S
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
    Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
    O4 - Global Startup: Diary Monitor.lnk = C:\Program
    Files\PersMan\VBTDiaryMonitor.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
    C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
    Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
    Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
    Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O8 - Extra context menu item: &Download with &DAP -
    C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP -
    C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Money Viewer (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
    http://www.phonicfriend.co.uk/PhonicFriend.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_7.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
    NameServer = 213.1.119.99 213.1.119.100

    Logfile of HijackThis v1.97.7
    Scan saved at 19:39:48, on 30/01/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\ZipToA.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
    C:\Program Files\Washer\washer.exe
    C:\Program Files\PersMan\VBTDiaryMonitor.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\Program Files\BTopenworld\DialBTIAnytime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
    hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.meshcomputers.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
    Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
    Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
    Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program
    Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [CTAvTray] C:\Program
    Files\Creative\SBLive\Program\CTAvTray.EXE
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
    Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
    Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
    Money\System\Activation.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
    5.0 Home Edition\CAgent.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
    Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
    Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
    Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    O4 - HKLM\..\Run: [windows auto update] msblast.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
    Files\Iomega\AutoDisk\AD2KClient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
    Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
    Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
    Favorites\pbmarks.exe /S
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
    Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
    O4 - Global Startup: Diary Monitor.lnk = C:\Program
    Files\PersMan\VBTDiaryMonitor.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
    C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
    Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
    Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
    Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O8 - Extra context menu item: &Download with &DAP -
    C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP -
    C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Money Viewer (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
    http://www.phonicfriend.co.uk/PhonicFriend.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_7.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
    NameServer = 213.1.119.99 213.1.119.100

    Logfile of HijackThis v1.97.7
    Scan saved at 19:39:48, on 30/01/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\ZipToA.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
    C:\Program Files\Washer\washer.exe
    C:\Program Files\PersMan\VBTDiaryMonitor.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\Program Files\BTopenworld\DialBTIAnytime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
    hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.meshcomputers.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
    Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
    Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
    Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program
    Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [CTAvTray] C:\Program
    Files\Creative\SBLive\Program\CTAvTray.EXE
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
    Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
    Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
    Money\System\Activation.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
    5.0 Home Edition\CAgent.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
    Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
    Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
    Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    O4 - HKLM\..\Run: [windows auto update] msblast.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
    Files\Iomega\AutoDisk\AD2KClient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
    Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
    Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
    Favorites\pbmarks.exe /S
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
    Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
    O4 - Global Startup: Diary Monitor.lnk = C:\Program
    Files\PersMan\VBTDiaryMonitor.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
    C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
    Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
    Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
    Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O8 - Extra context menu item: &Download with &DAP -
    C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP -
    C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Money Viewer (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
    http://www.phonicfriend.co.uk/PhonicFriend.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_7.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
    NameServer = 213.1.119.99 213.1.119.100

    Logfile of HijackThis v1.97.7
    Scan saved at 19:39:48, on 30/01/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\ZipToA.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\ABBYY FineReader 5.0 Home Edition\CAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Documents and Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\Webroot\My Personal Favorites\pbmarks.exe
    C:\Program Files\Washer\washer.exe
    C:\Program Files\PersMan\VBTDiaryMonitor.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\Program Files\BTopenworld\DialBTIAnytime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for
    hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.btopenworld.com/default
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.meshcomputers.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
    Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program
    Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
    Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program
    Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [CTAvTray] C:\Program
    Files\Creative\SBLive\Program\CTAvTray.EXE
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
    Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
    Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
    Money\System\Activation.exe"
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader
    5.0 Home Edition\CAgent.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program
    Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
    Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Documents and
    Settings\MIKE\Desktop\MediaFACE 4 (E)\SetHook.exe
    O4 - HKLM\..\Run: [windows auto update] msblast.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program
    Files\Iomega\AutoDisk\AD2KClient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft
    Ad-aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-aware\"
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
    Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [Bookmarks] C:\Program Files\Webroot\My Personal
    Favorites\pbmarks.exe /S
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program
    Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
    O4 - Global Startup: Diary Monitor.lnk = C:\Program
    Files\PersMan\VBTDiaryMonitor.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
    C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
    Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program
    Files\Kodak\Picture Easy Software\Program\PezDownload.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
    Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O8 - Extra context menu item: &Download with &DAP -
    C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP -
    C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Money Viewer (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {C0B07742-6144-48B1-B93A-AD0A8AC1B14E} (PhonicFriend Control) -
    http://www.phonicfriend.co.uk/PhonicFriend.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_7.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{8611494F-80A1-416D-898E-2196CAA029D0}:
    NameServer = 213.1.119.99 213.1.119.100


    <Harrison> wrote in message
    news:...
    > Download, install, update, and run the following programs:
    > Adaware - http://www.lavasoftusa.com/
    > Spybot Search and Destroy - http://security.kolla.de/
    > Spyware Blaster - http://www.wilderssecurity.net/spywareblaster.html
    >
    > The first two find and root out spyware, adware, hijackers, and
    > dialers.
    > The third one will protect your system from further infection by such
    > diseases.
    >
    > Optionally: Download and run hijackthis from
    > http://mjc1.com/mirror/hjt/
    > and paste the results here for further review.
    >
    > On Fri, 30 Jan 2004 13:47:05 +0000 (UTC), "Mike Doherty"
    > <> wrote:
    >
    > >How can I get rid of the message "Invalid Backweb Application id7288971
    > >appearing on my desktop everytime I startup my Home XP computer.
    > >Also ... what does it mean?

    >
    Mike Doherty, Jan 30, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gunjani

    backWeb-728871.exe...What is it?

    Gunjani, Jul 12, 2003, in forum: Computer Support
    Replies:
    6
    Views:
    1,405
    Michael
    Jul 12, 2003
  2. PWB

    Backweb Lite

    PWB, Aug 13, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    489
    § GateKeeper §
    Aug 13, 2003
  3. PWB

    Backweb

    PWB, Sep 21, 2003, in forum: Computer Support
    Replies:
    5
    Views:
    640
    NewKillerStar
    Sep 21, 2003
  4. David Peterson

    Backweb error

    David Peterson, Oct 30, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    2,582
    Harrison
    Oct 30, 2003
  5. Hank Sniadoch

    Hank Sniadoch, Aug 20, 2004, in forum: Computer Information
    Replies:
    1
    Views:
    504
    Wizard
    Aug 20, 2004
Loading...

Share This Page