1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: My Hijack This Log Please

Discussion in 'Virus & Other Malware Removal' started by JAYBART, Jan 28, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. JAYBART

    JAYBART Thread Starter

    Joined:
    Jan 28, 2005
    Messages:
    4
    Logfile of HijackThis v1.99.0
    Scan saved at 10:47:51 AM, on 1/28/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\Microsoft.NET\remove me.exe
    C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    C:\PROGRA~1\COMMON~1\AOL\110104~1\EE\AOLHOS~1.EXE
    C:\PROGRA~1\COMMON~1\AOL\110104~1\EE\AOLServiceHost.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\America Online 9.0b\waol.exe
    C:\Program Files\America Online 9.0b\shellmon.exe
    C:\Program Files\Corel\WordPerfect Office 2002\Programs\QPW.exe
    C:\Program Files\CallWave\IAM.exe
    C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = www.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = www.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.msn.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.10.2:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;localhost
    F3 - REG:win.ini: run=C:\WINDOWS\System32\services\wmplayer.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
    O2 - BHO: Yahoo! Companion BHO - {02478D28-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_0_8_6.dll
    O2 - BHO: CATLEvents Object - {02F96FB7-8AF6-439B-B7BA-2F952F9E4800} - C:\DOCUME~1\Owner\LOCALS~1\Temp\em evomer.dat
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O2 - BHO: Local Spool Net support DLL - {E0000D50-8DE9-4FCB-9284-22EC06851B37} - c:\windows\system32\localsplnet.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_0_8_6.dll
    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [*acc] C:\WINDOWS\Config\acc.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101045647\EE\AOLHostManager.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [*remove me] C:\WINDOWS\Microsoft.NET\remove me.exe
    O4 - HKLM\..\RunOnce: [*remove me] C:\WINDOWS\Microsoft.NET\remove me.exe rerun
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/3_0_0_816/sdcregie.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1100193107078
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
    O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Spyware Protection Service - Unknown - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: WAN Miniport (ATW) Service - Unknown - C:\WINDOWS\wanmpsvc.exe (file missing)
     
  2. mjack547

    mjack547 Malware Specialist

    Joined:
    Sep 1, 2003
    Messages:
    3,181
    Download and unzip or install these programs/applications if you haven't already got them. If you have them, then make sure they are updated and configured as described


    CWshredder from http://www.subratam.org/?page=removal
    Spybot - Search & Destroy from http://security.kolla.de
    Download Adaware SE http://www.lavasoftusa.com/support/download/

    then
    Run CWSHREDDER,

    Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing.
    and make sure you have all of Microsoft security updates

    then reboot &

    Run Sybot S&D

    After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

    Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

    then reboot &


    Run ADAWARE

    Install the program and launch it.

    First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

    From main window :Click Start then under Select a scan Mode tick Perform full system scan.

    Next deselect Search for negligible risk entries.

    Now to scan just click the Next button.

    When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)


    Restart your computer.
    then post a new hijackthis log
     
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download the Pocket KillBox

    Unzip the files to your desktop.

    Run KillBox.exe.

    Select the Delete on Reboot option.
    In the Full Path of File to Delete field copy and paste each path listed below, click the red circle with the white X in it, when it asks you to reboot, click No.

    C:\WINDOWS\System32\services\wmplayer.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\em evomer.dat

    C:\WINDOWS\Config\acc.exe

    C:\WINDOWS\Microsoft.NET\remove me.exe

    C:\WINDOWS\system32\hostx.exe

    c:\explorer.cab


    Run HJT again and put a check in the following:

    F3 - REG:win.ini: run=C:\WINDOWS\System32\services\wmplayer.exe
    O2 - BHO: CATLEvents Object - {02F96FB7-8AF6-439B-B7BA-2F952F9E4800} - C:\DOCUME~1\Owner\LOCALS~1\Temp\em evomer.dat
    O2 - BHO: Local Spool Net support DLL - {E0000D50-8DE9-4FCB-9284-22EC06851B37} - c:\windows\system32\localsplnet.dll
    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O4 - HKLM\..\Run: [*acc] C:\WINDOWS\Config\acc.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [*remove me] C:\WINDOWS\Microsoft.NET\remove me.exe
    O4 - HKLM\..\RunOnce: [*remove me] C:\WINDOWS\Microsoft.NET\remove me.exe rerun
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab

    Close all applications and browser windows before you click "fix checked".

    Go to Start, Run, type %temp%, click OK
    Delete the entire contents of this folder.

    Empty Temporary Internet files, including offline content.

    Empty your recycle bin.

    Reboot and post another log.
     
  4. JAYBART

    JAYBART Thread Starter

    Joined:
    Jan 28, 2005
    Messages:
    4
    %temp% deleted everything in this folder but on "IadHide.dll" said access denied.

    Logfile of HijackThis v1.99.0
    Scan saved at 1:11:03 PM, on 1/28/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    C:\PROGRA~1\COMMON~1\AOL\110104~1\EE\AOLHOS~1.EXE
    C:\PROGRA~1\COMMON~1\AOL\110104~1\EE\AOLServiceHost.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = www.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = www.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.msn.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.10.2:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;localhost
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
    O2 - BHO: Yahoo! Companion BHO - {02478D28-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_0_8_6.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_0_8_6.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101045647\EE\AOLHostManager.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/3_0_0_816/sdcregie.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1100193107078
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
    O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Spyware Protection Service - Unknown - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: WAN Miniport (ATW) Service - Unknown - C:\WINDOWS\wanmpsvc.exe (file missing)
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    I merged your new post into this existing thread.

    Any problems?
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    "IAdHide.dll" belongs to BackWeb. It is installed with the software for e.g. Logitech products. It checks for software upgrades from Logitech.
    It's present under Software => Logitech Desktop Manager, where it can be uninstalled.
     
  7. JAYBART

    JAYBART Thread Starter

    Joined:
    Jan 28, 2005
    Messages:
    4
    Should I uninstall BacKWeb, and my IE is still pulling up about blank
     
  8. JAYBART

    JAYBART Thread Starter

    Joined:
    Jan 28, 2005
    Messages:
    4
    Nevermind, I'm an idiot, I hadn't switched the web address in internet options back to msn yet. It's working fine now. Thank you guys sooo much you rock, I've been trying to fix this by myself since 05/04 to no avail. THANK YOU AGAIN
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Some people like BackWeb, it's not necessary. Uninstall it in add/remove programs if you choose to.

    My pleasure! :)
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/324342

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice