can someone take a looksie at this one?

...and see if there is anything nasty or pressing to get rid of? I have not noticed anything performance-wise in my PC running, but I had a nasty case of SpywareQuake that I had to remove yesterday. Just seeing if there may be any traces or remnants, in addition to things I have not found.

Have run AdAware, Spybot with VX2Cleaner, and CWShredder all in safe mode and cleaned what I have found there, which was not very much. Did a Panda online virus scan, which came up with some cookies and mention of ShowSearch...

Here is the log - any help is appreciated...

 

Welcome to MajorGeeks.com!

Running processes:
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe <<===The installed version of Java on this compter is out-date. Install version 1.5.0_07 available from http://www.java.com/en/download/manual.jsp. Make sure you uninstall all older version that are on your computer.

C:\Program Files\Messenger\msmsgs.exe <<=== This is Windows Messeger, and represents a security risk. Disable Windows Messenger by running Shoot The Messenger. If you are using this as your IM client then replace it with MSN Messenger.

C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe <<=== Are you sure you want this running on your computer. There are Provacy concerns with BackWeb and BackWeb-Lite.

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <<=== Uninstall
c:\Program Files\Norton AntiVirus\navapsvc.exe <<=== Uninstall
c:\Program Files\Norton AntiVirus\SAVScan.exe <<=== Uninstall
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <<=== Uninstall

Now Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

• Bitdefender
• Panda Scan
• HijackThis

 

Just started the process...yet have some questions....

Where can I go to uninstall this? BackWeb and BackWeb-Lite do not show up in my Add/Remove Programs list...

Ditto on these as well - no shows in the Add/Remove Programs feature.

Thanks for your swift reply...let me know re: the above....

 

Ok, so I have left BackWeb by the wayside for the time being, uninstalled Norton AV through the fix they supply on their website. Java is now updated per the link you supplied...

Ran through all the HJT corrections above, as well as the multi-part "Read Me and Run Me" fixes, and cleaned everything that each of those programs found. I was unable to run BitDefender or Panda Active Scans in Safe Mode with Networking - for some reason, it would not allow me to connect to the internet, so I ran them in regular XP...

Attached are the BitDefender scan, Panda scan, and a new HJT Log...please advise if there is any remaining residue to be rid of...

 

OK, I need to collect a little bit of information on backweb-lite; before I give you cleaning instructions,

Follow the directions for Using GetRunKey.

Post runkeys.txt when finished.

 

I did manage to locate BackWeb on my computer- apparently it is in the Updates from HP folder. I do have the ability to remove "Updates from HP" from the Add/Remove Programs menu - is it a safe bet that this is Backweb?

Will provide the GetRunKey log when I get back to my main computer (at a friend's house now)...

Thanks!

 

Yes, the downside is you will have to manually update your HP devices.

 

Well, weighing the pros and cons of keeping BackWeb...if it's legitimately linked to Updates with HP, I guess I can leave it for the time being...but if it is a serious security risk, I can manage to keep up to date on my own accord.

In the meantime, here is my RunKey log...

 

It's not so much a security risk. The vendor claims that they don't collect information on users, but backweb is used to display targeted ads when the computer is considered idle. Tracks keyboard and mouse movements, to determine if a system is idle or not. In all the time I have used hardware from vendors such as Logitech and HP, I can't honestly remember when backweb ever told me of an update for my hardware drivers

Runkeys didn't show what I was hoping for, mainly which registry key is starting backweb at system start.

 

True - it mainly pops up an annoying window from time to time, wanting to steer me towards "how to share your digital photos" or "new products from HP." Nothing I ever bother with - I will check HP's website from time to time and see if anything essential is needed driver-wise...

In the meantime, does the second Hijack This log and the RunKey log show anything else? Or can I assume I am clean and malware/spyware/adware free?

 

Your logs are clean.