Ok- I did all of the above steps for spyware removal. My computer has been acting up, locking for no reason, cdrom drive making random noises, etc. So I followed all of the above directions. Could someone please check over my log and let me know if anything is out of the ordinary.
Thanks- I am computer un-savy. I can get along just fine and fix some monir things, but when it comes to this stuff, I have no idea!
Thanks for all help.
Wendy
Logfile of HijackThis v1.99.1
Scan saved at 5:12:39 PM, on 3/29/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORMWATCHER.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\NETGEAR\MA101 USB ADAPTER CONFIGURATION UTILITY\WLANMONITOR.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://hp.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://hp.yahoo.com
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboFormWatcher.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Yahoo HP Reminder 1.0] C:\PROGRAM FILES\YAHOO!\YIP2\HP\ENCWAR\PROGRAM\YR.EXE
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: MA101 Configuration Utility .lnk = C:\Program Files\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe
O4 - Startup: SpywareGuard.lnk = SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &2 Customize Menu - res://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL/ComCustomIEMenu.html
O8 - Extra context menu item: &5 Fill from Identity - res://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL/ComFillIdent.html
O8 - Extra context menu item: &7 Fill Forms - res://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL/ComFillForms.html
O8 - Extra context menu item: &8 Save Forms - res://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL/ComSavePass.html
O8 - Extra context menu item: &9 Robo Toolbar - res://C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL/ComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: RF toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL
O9 - Extra 'Tools' menuitem: &9 Robo Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOFORM.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\MY DOCUMENTS\AIM.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp...23/cpbrkpie.cab
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/v...can/mcasupd.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
Full Version: ok- followed spyware removal here is log
I can't really speak to a lot of this, but I do know that if you are not using roboform, you really ought to uninstall it...
What's this?
What's this?
QUOTE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
get rid of anything that has to do with weatherbug
you can get rid of this also
and what Narc said, get rid of anything that has to do with backweb
backweb is adware.
QUOTE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
you can get rid of this also
QUOTE
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp...23/cpbrkpie.cab
and what Narc said, get rid of anything that has to do with backweb
backweb is adware.
Link
QUOTE
backWeb.exe is an adware by Backweb Technologies which offers news and entertainment services in exchange for personal usage information regarding the PC being sent back to BackWeb's servers for analysis. Many high range computer manufactorers have entered into an agreement with backweb to install this product by default on work-stations in exchange for other services from the backweb application. This program is a registered security risk and should be removed immediately. Please see additional details regarding this process
Thanks- got rid of those things- wasn't too sure how to get rid of
QUOTE
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp...23/cpbrkpie.cab
, so I search for cpbrkpie and deleted that one thing.
Backweb always caused me problems, but I didn't realize it was adware- glad to be rid of that.
I dumped weatherbug- comes in handy in the winter, but really just gets me depressed with the cold temp showing- lol
And I do use Roboform, so I will keep that.
Let's hope this has done the trick!
Thanks again everyone. If anyone notices anything else wacky, lmk.
Wendy
QUOTE
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp...23/cpbrkpie.cab
, so I search for cpbrkpie and deleted that one thing.
Backweb always caused me problems, but I didn't realize it was adware- glad to be rid of that.
I dumped weatherbug- comes in handy in the winter, but really just gets me depressed with the cold temp showing- lol
And I do use Roboform, so I will keep that.
Let's hope this has done the trick!
Thanks again everyone. If anyone notices anything else wacky, lmk.
Wendy
you can do a GOOGLE search on anything that ends with ".exe"
Read several comments before deleting
How much memory do you have???????/
Read several comments before deleting
How much memory do you have???????/
Weatherbug isn't bad. Just block access for ads with Zone Alarm. I run the bug on 4 machines (Win98SE,ME and XP Home) with no problems. If you are strapped for RAM just turn it off when needed.
Since you are running ME there is a new problem if you are running Windows Update. There is an update that is downloading and installing in Win98, 98SE and ME systems that is really meant for Win2000,NT and XP systems. It will load an exe file at startup and will cause lockups and the dreaded blue screen of death. Per Microsoft it can be left on the system but you should go to Start/Run/msconfig/Startup and uncheck the box for KB891711. There is no need to uninstall the update, if you do it will just reinstall next time.
Since you are running ME there is a new problem if you are running Windows Update. There is an update that is downloading and installing in Win98, 98SE and ME systems that is really meant for Win2000,NT and XP systems. It will load an exe file at startup and will cause lockups and the dreaded blue screen of death. Per Microsoft it can be left on the system but you should go to Start/Run/msconfig/Startup and uncheck the box for KB891711. There is no need to uninstall the update, if you do it will just reinstall next time.
Somebody has the latest release of Norton Internet Security coming to her in a care package 
QUOTE
My computer has been acting up, locking for no reason, cdrom drive making random noises, etc.
Mine had been doing that for the last week or so...cdrom light would come on green, turn orange...sometimes the tray would open by itself...I thought the thing was haunted...then my internet connection would slow way down and finally lock up. The only way to get back up to speed was to totally reboot. DS, the computer whiz couldn't find anything out of the ordinary other than maybe the machine was dying a slow death. Then this morning I got some Virus Updates, and Norton found one in a temporary internet file (even though I've been clearing them daily)...quarantined it, and the machine's been working like a dream.
The virus it found was a trojan....Adwaheck...
QUOTE(kar522 @ 3-31-05, 1:40pm)
Mine had been doing that for the last week or so...cdrom light would come on green, turn orange...sometimes the tray would open by itself...I thought the thing was haunted...then my internet connection would slow way down and finally lock up. The only way to get back up to speed was to totally reboot. DS, the computer whiz couldn't find anything out of the ordinary other than maybe the machine was dying a slow death. Then this morning I got some Virus Updates, and Norton found one in a temporary internet file (even though I've been clearing them daily)...quarantined it, and the machine's been working like a dream.
The virus it found was a trojan....Adwaheck...
The virus it found was a trojan....Adwaheck...
Thanks for the tip Kar. That sounds just like what mine was doing- the cdrom door opening was freaky. And having to reboot every 1/2 hour was getting to be a pain. I first ran virus scan and found nothing. I even updated everything. I just did a search for Adwaheck and found nothing. Things do seem to be better now that I ran all the adware stuff.
Now if I could just figure out what is wrong with my printer. It quit on me mid-print on Saturday. I am going to try uninstall it and then re=instal it.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.