|
Windows XP Problem solving for the Windows XP Operating System |
|
Topic Tools |
#1
|
|||
|
|||
invalid Backweb application id 1940576, +
Every time I start up my computer I get a "Runner error" that states "invalid Backweb application id 1940576"
I've seen some of the instructions here that have advised running Hijack This. I have done this but haven't made any changes. I noticed a few other things in the log that was created by Hijack this -- like references to www.blazefind.com, this was somehow changed to my homepage today. I changed it back to www.google.com, but then I noticed these things in the Hijack This log. I also noticed iefeaturesversion.exe (I just recently deleted this from my system32 folder); 01 SECT SUPPORT.exe & uzsgzpeq.exe (I see both of these in task manager, but don't know what they are). Can anyone help me with the Hijack This log? The program suggests that I get expert help before fixing anything. Thanks. |
#2
|
|||
|
|||
Post the whole log here
If this is the error you are getting....... C:\Program Files\xxxxxxxx\1940576\Program\BackWeb-1940576.exe It means that the actual file has been removed but the registry entry has stayed behind for some reason Click Start >Run >type Regedit >Edit >find > 1940576.exe when it finds it hit the delete key Last edited by Pancake; March 22nd, 2004 at 03:51 AM. |
#3
|
|||
|
|||
Quote:
Scan saved at 9:13:15 PM, on 3/21/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Utilities\NPROTECT.EXE C:\Program Files\Softex\OmniPass\Omniserv.exe C:\Program Files\Speed Disk\nopdb.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\HitQ\HitQ.exe C:\PROGRA~1\WindowFragPeak\01 SECT SUPPORT.exe C:\WINDOWS\System32\uzsgzpeq.exe C:\WINDOWS\System32\59455507.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM\aim.exe C:\Palm\HOTSYNC.EXE C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE C:\Program Files\Norton Utilities\SYSDOC32.EXE C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe C:\hjt\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = "http://=" R1 - HKCU\Software\Microsoft\Internet Explorer,Search Page = http://= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http:// R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HitQ] C:\Program Files\HitQ\HitQ.exe O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load O4 - HKLM\..\Run: [MSVersion] C:\WINDOWS\System32\iefeaturesversion.exe O4 - HKLM\..\Run: [stop dog] C:\PROGRA~1\WindowFragPeak\01 SECT SUPPORT.exe O4 - HKLM\..\Run: [exrevjhf] C:\WINDOWS\System32\uzsgzpeq.exe O4 - HKLM\..\Run: [82351320.exe] C:\WINDOWS\System32\82351320.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\iSearch\toolbar.dll/SEARCH.HTML O9 - Extra button: iSearch Toolbar (HKLM) O9 - Extra 'Tools' menuitem: iSearch Toolbar (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: MoneySide (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: *.msn.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - http://toolbar.isearch.com/general/isearch.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.6.exe O16 - DPF: {1EEC3C99-7AA3-4F6E-B381-AF6942B51618} (pup.setup) - http://www.lazychestnuts.net/0015/ph/pup.CAB O16 - DPF: {73385481-56A3-49C9-8A1A-A9C4C8FB6900} (hitQ Control) - http://nav.hitq.com/hitQX.cab O16 - DPF: {7B461720-5910-45A3-B617-3B53A972F209} (Pixami-PhotoWorks Upload UI Control) - http://services.photoworks.com/Pixam...FWUploader.cab O16 - DPF: {85EF7519-1571-4388-B670-0E84827CC2C3} (TopBest Control) - http://topbest.com/TopBestX.cab O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/bridge.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} (ShellInstaller Control) - http://download.buddylinks.net/ShellInstaller.cab |
#4
|
|||
|
|||
Download LspFix:
http://www.cexx.org/LSPFix.exe RUn LspFix , that`s all you have to do . Don`t click on any thing else. Then click on "FINISH" |
#5
|
|||
|
|||
Run HJT again and get these fixed. And then have another look at it.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com O4 - HKLM\..\Run: [MSVersion] C:\WINDOWS\System32\iefeaturesversion.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file) |
#6
|
|||
|
|||
Hi Dan_DB,
Move HijackThis.exe into its own folder, You may have removed some entries already. I`ve included them all. Close ALL browser Windows, only have HijackThis running. In HiJackThis, Check the boxes beside the below entries, then click on "Fix checked" . R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = "http://=" R1 - HKCU\Software\Microsoft\Internet Explorer,Search Page = http://= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about_:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http:// R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file) c:\progra~1\iesearchbar\iesearchbar.dll O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load O4 - HKLM\..\Run: [MSVersion] C:\WINDOWS\System32\iefeaturesversion.exe O4 - HKLM\..\Run: [exrevjhf] C:\WINDOWS\System32\uzsgzpeq.exe O4 - HKLM\..\Run: [82351320.exe] C:\WINDOWS\System32\82351320.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\iSearch\toolbar.dll/SEARCH.HTML O9 - Extra button: iSearch Toolbar (HKLM) O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - http://toolbar.isearch.com/general/isearch.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.6.exe O16 - DPF: {1EEC3C99-7AA3-4F6E-B381-AF6942B51618} (pup.setup) - http://www.lazychestnuts.net/0015/ph/pup.CAB O16 - DPF: {73385481-56A3-49C9-8A1A-A9C4C8FB6900} (hitQ Control) - http://nav.hitq.com/hitQX.cab O16 - DPF: {85EF7519-1571-4388-B670-0E84827CC2C3} (TopBest Control) - http://topbest.com/TopBestX.cab O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/bridge.cab O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} (ShellInstaller Control) - http://download.buddylinks.net/ShellInstaller.cab Reboot into Safe Mode.....( tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key) Make sure you can see Hidden files and Folders: http://www.xtra.co.nz/help/0,,4155-1916458,00.html Then delete the below files and Folders: C:\WINDOWS\Downloaded Program Files\bridge.dll <--- delete this file C:\WINDOWS\System32\iefeaturesversion.exe <--- delete this file C:\WINDOWS\System32\uzsgzpeq.exe <--- delete this file C:\WINDOWS\System32\82351320.exe <--- delete this file c:\progra~1\iesearchbar <--- delete this folder Reboot computer and Download the latest version of Ad-Aware from: http://www.lavasoftusa.com/support/download/ After installing Ad-aware, and before running the program, update by using the "Check for Updates Now" button. Run Ad-aware and remove what it finds. Reboot computer. post back a new HJT log to this thread, please. I don`t know the below: C:\Program Files\HitQ\HitQ.exe C:\PROGRAfiles\WindowFragPeak\01 SECT SUPPORT.exe Do you recognise them. Cheers. |
#7
|
|||
|
|||
Quote:
Thanks Mike. The newest HijackThis log is below. I did all you suggested. A couple of the files you said to delete (bridge.dll and 82351320.exe) were not found when I looked for them. No, I don't know what 01 SECT SUPPORT.exe or HitQ.exe is either. Logfile of HijackThis v1.97.7 Scan saved at 9:00:31 PM, on 3/22/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Utilities\NPROTECT.EXE C:\Program Files\Softex\OmniPass\Omniserv.exe C:\Program Files\Speed Disk\nopdb.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\HitQ\HitQ.exe C:\PROGRA~1\WindowFragPeak\01 SECT SUPPORT.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM\aim.exe C:\Palm\HOTSYNC.EXE C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE C:\Program Files\Norton Utilities\SYSDOC32.EXE C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe C:\hjt\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HitQ] C:\Program Files\HitQ\HitQ.exe O4 - HKLM\..\Run: [stop dog] C:\PROGRA~1\WindowFragPeak\01 SECT SUPPORT.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O9 - Extra button: AIM (HKLM) O9 - Extra button: MoneySide (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: *.msn.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {7B461720-5910-45A3-B617-3B53A972F209} (Pixami-PhotoWorks Upload UI Control) - http://services.photoworks.com/Pixam...FWUploader.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab |
#8
|
|||
|
|||
http://www.stopdog.com/ = 01 SECT SUPPORT.exe
http://hitq.com/search.html =C:\Program Files\HitQ\HitQ.exe |
#9
|
|||
|
|||
Help
Hello, I am new to this site and really don't know what I am doing. We purchased a new computer in Dec 03 and logged into DSL. So far we have had nothing but PROBLEMS!!!!! I have 2 teenagers who are constantly on and recently my computer has been moving as a slow crawl. I have downloaded HIJACKTHIS but have no clue what to do with my log file. I would greatly appreciate anyone who knows what they are doing to let me know what needs to be removed from my computer. I too suffer from the invalid backweb application id 1940576 at my start up. Please help!!!:frown:
Logfile of HijackThis v1.97.7 Scan saved at 8:07:47 PM, on 4/1/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Norton Personal Firewall.lnk = C:\Program Files\Norton Personal Firewall\nisfirst.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe O9 - Extra button: AIM (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: MoneySide (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart.com/photo/upload/XUpload.ocx |
#10
|
|||
|
|||
STACY 15
Can you post this as a seperate thread so as not to get confused with this one..thanks |
#11
|
|||
|
|||
I'm also getting similar runtime startup errors:
"Could not load the target dll ("C\Program Files\BackWeb\BackWeb Client\6.1.0.153\Program\BackWeb.dll", error code 126)" I tried to uninstall the program,but failed at that. Any suggestions on this one? |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
invalid backweb application | neanderthal | Internet / Browsers | 3 | November 13th, 2005 08:52 AM |
invalid backwed application 1940576 | stele_moore | Applications | 1 | September 9th, 2005 09:51 AM |
Invalid backweb application problem | bartsbike | Windows XP | 2 | August 26th, 2005 02:14 AM |
Invalid Backweb Application Error Message | rem30 | Malware Removal | 4 | May 29th, 2004 04:43 AM |
Invalid BackWeb application id "1940576" | jmontague11854 | Windows XP | 1 | May 3rd, 2004 11:18 PM |
All times are GMT +1. The time now is 10:23 AM.