# [Resolved] Ad-aware find?



## vreyens (Oct 25, 2001)

Hi 
Can any one tell me what this is that Ad-aware found and can't delete (IndHide3.dll) I just installed wireless INTERNET. 
Thanks for any help.
Barry


----------



## TonyKlein (Aug 26, 2001)

Iadhide.dll or Iadhide3.dll is a file that comes bundled in the Logitech Desktop Messenger. It is also found on Compaq and HP PCs

It's part of the Backweb application.

Would you please go to http://www.spywareinfo.com/downloads.html , and download 'Startuplist' (in the "Startup Program Management" section).

Unpack, doubleclick it, and it will generate a text file that will list all running processes, _all_ applications that are loaded automatically when you start Windows, and more.

Go to Edit > select all, copy it and post the contents here.


----------



## vreyens (Oct 25, 2001)

Hi Tony,
My wireless was down.
Here is the startuplist.

C:\DOCUME~1\DEFAUL~1.COM\LOCALS~1\Temp\StartupList.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\WINDOWS\SYSTEM32\ZONELABS\MINILOG.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Wireless\Client Manager\CMAGS.EXE
C:\Program Files\LetterBox\LetterBox.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\DOCUME~1\DEFAUL~1.COM\LOCALS~1\Temp\StartupList.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
APVXDWIN = "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
MMTray = C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>IEPerUser] *
StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\NewDotNet\newdotnet3_70.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Maintenance-Defragment programs.job
Maintenance-Disk cleanup.job

--------------------------------------------------

Enumerating Download Program Files:

[Win32 Classes]

[{0335A685-ED24-4F7B-A08E-3BD15D84E668}]
CODEBASE = http://www.photoparade.com/autoinstall/phpsetup.cab

[sys Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPITSTOP.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[CoDetectDigitalRiver Class]
CODEBASE = http://ebot.digitalriver.com/v2.0-doc/dlwizard/wizard3.0.4.3.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a224.g.akamai.net/7/224/52/2...apple.com/qt503/us/win/QuickTimeInstaller.exe

[VoilaXctl Class]
InProcServer32 = C:\PROGRAM FILES\BELARC\ADVISOR\SYSTEM\BAVOILAX.DLL
CODEBASE = http://www.belarc.com/Programs/advisor.exe

[InstallShield International Setup Player]
InProcServer32 = c:\windows\DOWNLO~1\isetupml.dll
CODEBASE = http://ftp.hp.com/pub/automatic/player/isetupML.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/2002060602/housecall.antivirus.com/housecall/xscan53.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNPUPLD.DLL
CODEBASE = http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab

[CV3 Class]
InProcServer32 = C:\WINDOWS\System32\wuv3is.dll
CODEBASE = http://windowsupdate.microsoft.com/R815/V31Controls/x86/mil/en/actsetup.cab

--------------------------------------------------
End of report, 7,118 bytes
Report generated in 0.190 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## TonyKlein (Aug 26, 2001)

Well, there it is:

*LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe *

It starts up from both the HKLM and the HKCU registry run keys.

Go to Start > Run > Msconfig, and examine the Startup tab.

You should find 2 LDM entries there.

Uncheck them, click OK, close Msconfig, and reboot.

Now run Ad-Aware. It will probably now be able to delete Iadhide3.dll

If unexpectedly still no joy, start up in Safe Mode, and run Ad-Aware there.

Cheers,


----------



## vreyens (Oct 25, 2001)

Thanks for the help Tony.
Barry


----------



## TonyKlein (Aug 26, 2001)

No prob!


----------



## koolbuddy (Dec 11, 2002)

Hello Tony,
I have tw LDM entries that pointed to backweb-8876480.exe in my STARTUP tab in the SYSTEMINFO/SOFTWARE ENVIRONMENT.

How can I delete these two entries from the STARTUP since MSCONFIG doesn;t work in WIN 2K?

regards,

arun


----------



## TonyKlein (Aug 26, 2001)

Hi Arun, and welcome to the board.

Download Msconfig for Windows 2000 here:

http://www2.whidbey.net/djdenham/Msconfig.htm

Cheers,


----------



## koolbuddy (Dec 11, 2002)

I thank you very much sir...............

Have a good Holidays,

arun


----------



## TonyKlein (Aug 26, 2001)

You're welcome, thank you, and the same to you and yours!


----------



## pyritechips (Jun 3, 2002)

> Iadhide.dll or Iadhide3.dll is a file that comes bundled in the Logitech Desktop Messenger. It is also found on Compaq and HP PCs





> It's part of the Backweb application.


FYI:

I know this is a resolved thread but I just discovered this thread.

Iadhide.dll looked suspiciously familiar to me so I checked back through my notes. I had that .dll in my computer as of Oct. 21. I have never had Logitech products on my computer, including Desktop Manager. I do not have a Compaq or a HP. I have never had the Backweb application.

My only conclusion is that this is also bundled with other products. The only recent (as of Oct. 21) installation I had made was Google Search Bar on Oct. 18.


----------



## TonyKlein (Aug 26, 2001)

Well, it _is_ a Backweb file.

Do you have any Kodak software?

And I'm sure there are more products that include the Backweb application.


----------



## pyritechips (Jun 3, 2002)

> Do you have any Kodak software?


AHA! Master Tony wins another cigar!

I had Kodak software belonging to our digital camera, and it caused all kinds of grief with my Win98se. Thanks to Davey I dumped all of it and got a Sandisk card reader.

Thx again for clearing up that little mystery Tony


----------



## TonyKlein (Aug 26, 2001)

You're welcome!


----------



## conradmurray (Dec 19, 2002)

Hi Guys, new to the forum.

Was looking for a specific answer and found it on this thread. I am extremely impressed with TonyKlein. Thanks for doing such a great job.


----------



## TonyKlein (Aug 26, 2001)

Hi, and welcome to the board! 

Glad we were able to help.

Cheers,


----------



## footypedia (Feb 10, 2003)

gerday all,

i'm also new, just signed on as a google search for iadhide.dll threw this board up as #1 result

i followed the instructions above (the DOS startup check) but don't have any LDM's at all!

yet ad-aware is still telling me that I've got iadhide.dll

any other ideas?

Cheers,

Kev


----------



## Steppinstone (Aug 18, 2002)

This was in the original posters start-ups. I was under the impression that this is one of those entries that need to be removed in add/ remove programs,before running spybot . Of course I could be wrong!

(no name) - C:\Program Files\NewDotNet\newdotnet3_70.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} 

Chari


----------



## TonyKlein (Aug 26, 2001)

New.Net is not running, as there's no Startup entry visible, so the BHO is effectively harmless.

If New.Net is still installed, it's certainly not a bad idea to remove it.


----------



## JuhaJ (Feb 25, 2003)

Hi everyone

Just to let you know that you can find Backweb products with F-Secure products, because they use it to update Virus definitions.

I've mentioned this to F-Secure representative, who didn't take it "seriously" at that time. He just said that they are using BackWeb Lite/Light?.

What I'm wondering is that, is it safe for those updates to work if iadhide.dll is removed from the system, as Backweb might need that.

I don't know if there's a tool for checking if any part of Backweb needs it to work.

Of course I can remove it temporarely...

Cheers to all, let's see what we'll find out.


----------



## Dizzee (Dec 30, 2002)

I run Ad-aware regularly and always I have to Re-start before IAdhide.dll can be removed. it is my nemesis


----------



## gaz5 (Mar 7, 2003)

Hi, I just installed Ad-aware and run a scan and it found iadhide3.dll but it cannot delete it. I read about someone else with the same problem and followed the advice given of copying the startup list and sending it to you. Please help! StartupList report, 07/03/2003, 22:19:41
StartupList version: 1.52
Started from : C:\Documents and Settings\Owner\Desktop\startuplist\StartupList.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Owner\Desktop\startuplist\StartupList.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

hpsysdrv = c:\windows\system\hpsysdrv.exe
IgfxTray = C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
KBD = C:\HP\KBD\KBD.EXE
StorageGuard = "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
dla = C:\WINDOWS\system32\dla\tfswctrl.exe
Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE
NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
nwiz = nwiz.exe /install
PS2 = C:\WINDOWS\system32\ps2.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
NAV Agent = c:\PROGRA~1\NORTON~1\navapw32.exe
AVG_CC = C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
TrojanScanner = C:\Program Files\Trojan Remover\Trjscan.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
Microsoft Works Update Detection = c:\Program Files\Microsoft Works\WkDetect.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssstars.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
NAV Helper - c:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - c:\Program Files\Microsoft Money\System\mnyviewer.dll - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}

--------------------------------------------------

Enumerating Task Scheduler jobs:

easy Internet sign-up.job
Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37653.5490625

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: c:\documents and settings\owner\local settings\temp\iadhide3.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 5,411 bytes
Report generated in 0.157 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## TonyKlein (Aug 26, 2001)

Go to Start > Run > Regedit, and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager

Select the *PendingFileRenameOperations* value in the right hand pane and press Delete.

Reboot, and delete the ENTIRE contents of your c:\documents and settings\owner\local settings\*temp* folder.

Cheers,


----------



## gaz5 (Mar 7, 2003)

hi tony,
I did the first part of what you said to do but after rebooting I don't know how to delete the entire contents of c:\documents and settings\owner\local settings\temp folder because I don't know where it is! I tried a search for it but it did'nt detect it.
Please could you help me out again! Cheers.


----------



## TonyKlein (Aug 26, 2001)

Well, it's your Temp folder.

Open Windows Explorer, and navigate there by expanding the branches.

You have that folder, as Hijack This detects it.


----------



## PuncturE_ (Mar 9, 2003)

Nice one.

I closed BackWeb and iTouch and the file were gone before I got to delete it. (?).. Now the sad thing is, that when I press my keyboard buttons, like caps lock and numpad, "play / stop" etc. I used to get a message on the screen with "NumLock activated" etc.

Don't get that anymore. Do you know if there is a way to still get those messages, without having to live with that file? I haven't had the file before, and the messages on my screen has always been there, untill I disabled those to LDM processes.

Otherwise I'll just have to live with it. Nice job Tony.


----------



## Dizzee (Dec 30, 2002)

I have a HP
and have searched my registry for PendingFileRenameOperations but I do not have this value, I have a folder 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations
containing

default: REG_SZ value not set)

As the closest option.
Do I delete this and continue as described?
Thank you


----------



## helenac (Mar 20, 2003)

I have F-Secure installed as well as Logitech Mouseware. Does that mean I just have to accept this thing hogging up all of my resources?

*Helena*


----------



## TonyKlein (Aug 26, 2001)

No, you dont.

Usually you can simply disable it using the Msconfig/Startup applet.

Please do this:

Go to Start/run, and type Msinfo32, followed by OK.
Go to Software Environment/Startup Programs.
Click Edit/'Select all', and then 'copy'
Now paste the contents here.


----------



## helenac (Mar 20, 2003)

Here's what I found:

BuzMe	Startup Group	"C:\Program Files\RingCentral\BuzMe\BMUI.exe"
RealDownload	Startup Group	"C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE" -hidden
F-Secure BackWeb	Common Startup Group	"C:\Program Files\F-Secure\BackWeb\7681197\Program\backweb-7681197.exe" -startup
Taskbar Display Controls	Registry (Per-User Run)	RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
ScanRegistry	Registry (Machine Run)	c:\windows\scanregw.exe /autorun
TaskMonitor	Registry (Machine Run)	c:\windows\taskmon.exe
SystemTray	Registry (Machine Run)	SysTray.Exe
LoadPowerProfile	Registry (Machine Run)	Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
TCASUTIEXE	Registry (Machine Run)	TCAUDIAG -off
SxgTkBar	Registry (Machine Run)	SxgTkBar.exe
Adaptec DirectCD	Registry (Machine Run)	C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
F-Secure Manager	Registry (Machine Run)	"C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
zBrowser Launcher	Registry (Machine Run)	C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
HPDJ Taskbar Utility	Registry (Machine Run)	C:\WINDOWS\SYSTEM\hpztsb04.exe
QuickTime Task	Registry (Machine Run)	C:\WINDOWS\SYSTEM\QTTASK.EXE
SaveNow	Registry (Machine Run)	C:\Program Files\SaveNow\SaveNow.exe
MULTIMEDIA KEYBOARD	Registry (Machine Run)	C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
RapidBlaster	Registry (Machine Run)	c:\program files\RapidBlaster\rb32.exe
LoadPowerProfile	Registry (Machine Service)	Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
3Com DMI Agent	Registry (Machine Service)	C:\WINDOWS\SYSTEM\3com_dmi\3CDMINIC.EXE
fsaa	Registry (Machine Service)	C:\Program Files\F-Secure\Common\fsaa.exe
F-Secure Management Agent	Registry (Machine Service)	C:\Program Files\F-Secure\Common\FSMA32.EXE
SchedulingAgent	Registry (Machine Service)	mstask.exe


Thanks!

*Helena*


----------



## TonyKlein (Aug 26, 2001)

I don't see any signs of BackWeb running, so the former probably doesn't apply in your case.

You do have the RapidBlaster foistware installed, and SaveNow:

http://www.doxdesk.com/parasite/RapidBlaster.html
http://www.doxdesk.com/parasite/SaveNow.html

Download Spybot - Search & Destroy

After installing, press *Online*, and search for, put a check mark at, and install *all updates*.

Next, _close_ all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all it finds.

NOTE: SSD will sometimes not be able to remove all _active_ components in the first 'run'. 
In that case you will get a dialog asking you to run SSD at next start. 
Click yes and reboot. 
Subsequently SSD will come up before the system puts these components 'in use', and it will then be able to 'fix' the rest.

Good luck,


----------



## helenac (Mar 20, 2003)

Thanks a bunch Tony! Ironically I had already dowloaded SpyBot a few days earlier but you reminded me to go ahead and install it. I have gotten rid of lots of junk and manually deleted the infamous BackWeb files and thankfully they don't seem to have manifested themselves again. I waited to a while to post to be sure.

Thanks again!
*Helena*


----------



## TonyKlein (Aug 26, 2001)

No prob!


----------



## mr_bungle (May 11, 2003)

hi!
i can't delete iadhide3.dll still...
i try to follow all the instruction... but nothing
i also tried to deleting, rebooting with Xp instead of 2k but nothing.
I had iadhide3.dll in two defferent location:
1- in a folder inside F-Secure and i was able to erase it
2- in the folder winnt\temp, and i am not able to erase it

i deleted PendingFileRenameOperations, but i don't have the folder c:\documents and settings\owner\local settings\temp ( i use 2k)

this is my startupp program
Programma	Comando	Nome utente	Percorso
internat.exe	internat.exe	PCMINKIONE\Francesco	HKU\S-1-5-21-527237240-1677128483-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
internat.exe	internat.exe	.DEFAULT	HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Office	f:\progra~1\micros~2\office10\osa.exe -b -l	All Users	Esecuzione automatica (Comune)
Synchronization Manager	mobsync.exe /logon	All Users	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SoundMan	soundman.exe	All Users	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ATIPTA	f:\programmi\ati technologies\ati control panel\atiptaxx.exe	All Users	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
F-Secure Manager	"f:\programmi\f-secure\common\fsm32.exe" /splash	All Users	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NeroCheck	f:\winnt\system32\nerocheck.exe	All Users	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

By the way, now AdWare and Spybot don't report any bugs, but Iadhide3.dll is still there...
What else can i do for delete it?
thanks


----------



## kqn73 (Jun 8, 2003)

Hi Tony and group,

I just installed a Logitech Pro Webcam, and the insidious Backweb-8876480.exe is back (again!) trying to access the web/Microsoft. Can't recall how I got rid of it last time, and will try running Spybot, and checking msconfig...I have XP Pro here.
Can you fine folks let me know how I can get this out of my machine...it must have been bundled with Logitech install software...sneaky business, I say. Thanks to you all, and I love reading all the informative posts from all.

Kevin Quinn
Hayward, CA


----------

