Post by: Mr Bell on July 29, 2007, 07:08:49 PM
Java is outdated can you send me link for the latest version on this thread please.
Here is my hyjack list so we can start cleaning all the junk left on it. I would also like if you can provide me with that clean up! program.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:36 PM, on 6/29/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Documents and Settings\Chris Miears\Desktop\HiJackThis.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eightballclan.branzone.com/ (http://\"http://eightballclan.branzone.com/\")
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: (no name) - {E4ECB9B6-FC52-4756-9D55-9CB9C87FFEC5} - (no file)
O3 - Toolbar: (no name) - {C7AA56EC-B7F9-4EFD-953A-601FF66213BE} - (no file)
O3 - Toolbar: (no name) - {422716D9-6836-442D-8C1A-7EF90AA34B9A} - (no file)
O3 - Toolbar: (no name) - {B6321B6E-F37B-49DB-A46E-195E9094930D} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201
O8 - Extra context menu item: Power Search - res://C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll//iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\TD.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\TD.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} - http://install.global-netcom.de/ieloader.cab (http://\"http://install.global-netcom.de/ieloader.cab\")
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 (http://\"http://go.microsoft.com/fwlink/?linkid=58813\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580 (http://\"http://go.microsoft.com/fwlink/?LinkId=82580\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183157948081 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183157948081\")
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...ron/install.cab (http://\"http://install.wildtangent.com/bgn/partners/nike/nikegridiron/install.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab\")
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggerne...oaderSigned.cab (http://\"http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab\")
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 5874 bytes
Post by: guestolo on July 29, 2007, 08:22:47 PM
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Post by: Mr Bell on July 29, 2007, 09:40:31 PM
Adobe Acrobat - Reader 6.0.2 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop 7.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
Advanced Networking Pack for Windows XP
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
InterVideo MP3 + DVD XPack
j2 Messenger Plus 3.3
Java 2 Runtime Environment, SE v1.4.1_03
Java Web Start
K-Lite Codec Pack
LiveUpdate 1.90 (Symantec Corporation)
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Office 2003 Resource Kit
Microsoft Office XP Professional with FrontPage
Microsoft Windows Journal Viewer
Mozilla Firefox (1.0PR)
NeroVision Express 2 SE
QuickTime
RealOne Player
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Shockwave
Software Update Manager
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
USB Storage Device Disk Driver ver1.06
Viewpoint Manager (Remove Only)
Viewpoint Toolbar
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See KB837272 for more information]
Windows Media Player Hotfix [See wm828026 for more information]
Windows XP Hotfix - KB820291
Windows XP Hotfix - KB821253
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB822603
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB826942
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883357
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892944
Windows XP Hotfix - KB911567
Windows XP Hotfix - KB918439
Windows XP Hotfix - KB918899
Windows XP Hotfix - KB925486
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q322011
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q328310
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q331953
Windows XP Hotfix (SP2) Q810565
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q811493
Windows XP Hotfix (SP2) Q814033
Windows XP Hotfix (SP2) Q814995
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q815485
Windows XP Hotfix (SP2) Q817606
Post by: guestolo on July 29, 2007, 09:57:37 PM
Viewpoint Manager (Remove Only)
Viewpoint Toolbar
Java 2 Runtime Environment, SE v1.4.1_03
Java Web Start
You don't appear to have other Symantec software installed, you should be able to remove the following also
LiveUpdate 1.90 (Symantec Corporation)
Reboot the computer and post a new log
Let's see what it looks like after all the windows Updates
Post by: Mr Bell on July 29, 2007, 10:31:39 PM
Here is new list:
Adobe Acrobat - Reader 6.0.2 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop 7.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
Advanced Networking Pack for Windows XP
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
InterVideo MP3 + DVD XPack
j2 Messenger Plus 3.3
K-Lite Codec Pack
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Office 2003 Resource Kit
Microsoft Office XP Professional with FrontPage
Microsoft Windows Journal Viewer
Mozilla Firefox (1.0PR)
NeroVision Express 2 SE
QuickTime
RealOne Player
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Shockwave
Software Update Manager
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
USB Storage Device Disk Driver ver1.06
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See KB837272 for more information]
Windows Media Player Hotfix [See wm828026 for more information]
Windows XP Hotfix - KB820291
Windows XP Hotfix - KB821253
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB822603
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB826942
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883357
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892944
Windows XP Hotfix - KB911567
Windows XP Hotfix - KB918439
Windows XP Hotfix - KB918899
Windows XP Hotfix - KB925486
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q322011
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q328310
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q331953
Windows XP Hotfix (SP2) Q810565
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q811493
Windows XP Hotfix (SP2) Q814033
Windows XP Hotfix (SP2) Q814995
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q815485
Windows XP Hotfix (SP2) Q817606
Hang on I forgot to install the rest of the updates dang it. Be right back with a new list
Post by: guestolo on July 29, 2007, 10:39:04 PM
Quote
OK did that. Do I need K lite codec pack and j2 messenger plus 3.3
Nope you don't need them
I would uninstall them, also your version of Firefox is outdated
I would remove it too
I'll give you links to updated versions later
Reboot afterwards
Come back here and post a fresh hijackthis log please, that's what I wanted to see earlier, sorry about that
Post by: Mr Bell on July 29, 2007, 10:50:21 PM
Post by: guestolo on July 29, 2007, 10:58:03 PM
Can i see a fresh hijackthis log
Post by: Mr Bell on July 29, 2007, 11:35:52 PM
This is a Intel Pentium Proc, 597 MHz, w/ only 224 Ram lol.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:02 AM, on 6/30/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\macromed\flash\GetFlash.exe
C:\Documents and Settings\Chris Miears\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eightballclan.branzone.com/ (http://\"http://eightballclan.branzone.com/\")
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {E4ECB9B6-FC52-4756-9D55-9CB9C87FFEC5} - (no file)
O3 - Toolbar: (no name) - {C7AA56EC-B7F9-4EFD-953A-601FF66213BE} - (no file)
O3 - Toolbar: (no name) - {422716D9-6836-442D-8C1A-7EF90AA34B9A} - (no file)
O3 - Toolbar: (no name) - {B6321B6E-F37B-49DB-A46E-195E9094930D} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201
O8 - Extra context menu item: Power Search - res://C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll//iemenu
O9 - Extra button: (no name) - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\TD.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\TD.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} - http://install.global-netcom.de/ieloader.cab (http://\"http://install.global-netcom.de/ieloader.cab\")
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 (http://\"http://go.microsoft.com/fwlink/?linkid=58813\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580 (http://\"http://go.microsoft.com/fwlink/?LinkId=82580\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183157948081 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183157948081\")
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...ron/install.cab (http://\"http://install.wildtangent.com/bgn/partners/nike/nikegridiron/install.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab\")
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggerne...oaderSigned.cab (http://\"http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab\")
--
End of file - 4775 bytes
Post by: Mr Bell on July 30, 2007, 07:37:48 AM
Waiting for what is next to do.
ILogfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:47 AM, on 6/30/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris Miears\Desktop\HiJackThis.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eightballclan.branzone.com/ (http://\"http://eightballclan.branzone.com/\")
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {E4ECB9B6-FC52-4756-9D55-9CB9C87FFEC5} - (no file)
O3 - Toolbar: (no name) - {C7AA56EC-B7F9-4EFD-953A-601FF66213BE} - (no file)
O3 - Toolbar: (no name) - {422716D9-6836-442D-8C1A-7EF90AA34B9A} - (no file)
O3 - Toolbar: (no name) - {B6321B6E-F37B-49DB-A46E-195E9094930D} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201
O8 - Extra context menu item: Power Search - res://C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll//iemenu
O9 - Extra button: (no name) - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\TD.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\TD.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} - http://install.global-netcom.de/ieloader.cab (http://\"http://install.global-netcom.de/ieloader.cab\")
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 (http://\"http://go.microsoft.com/fwlink/?linkid=58813\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580 (http://\"http://go.microsoft.com/fwlink/?LinkId=82580\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183157948081 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183157948081\")
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...ron/install.cab (http://\"http://install.wildtangent.com/bgn/partners/nike/nikegridiron/install.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab\")
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggerne...oaderSigned.cab (http://\"http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab\")
--
End of file - 4757 bytes
Post by: guestolo on July 30, 2007, 08:39:27 AM
(1) Start RealOne Player (2) Tools - Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
Do a "System scan only" with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: (no name) - {E4ECB9B6-FC52-4756-9D55-9CB9C87FFEC5} - (no file)
O3 - Toolbar: (no name) - {C7AA56EC-B7F9-4EFD-953A-601FF66213BE} - (no file)
O3 - Toolbar: (no name) - {422716D9-6836-442D-8C1A-7EF90AA34B9A} - (no file)
O3 - Toolbar: (no name) - {B6321B6E-F37B-49DB-A46E-195E9094930D} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201
O8 - Extra context menu item: Power Search - res://C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll//iemenu
O9 - Extra button: (no name) - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\TD.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\TD.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} - http://install.global-netcom.de/ieloader.cab (http://\"http://install.global-netcom.de/ieloader.cab\")
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...ron/install.cab (http://\"http://install.wildtangent.com/bgn/partner...ron/install.cab\")
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggerne...oaderSigned.cab (http://\"http://pdf.forbes.com/forbesnews/triggerne...oaderSigned.cab\")
Tick the next ones also, not needed on startup and help to save system resources by disabling them
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer
Back in Windows, open your task manager
If this process is running
realevent.exe
End process on it, then navigate to the file
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
Right click on realevent.exe and rename it too realevent.old
Again, part of RealOne player, does not need to be running
Adobe>>can you try the Windows installer cleanup utility>>
Download and install from here
http://download.microsoft.com/download/e/9...1bd/msicuu2.exe (http://\"http://download.microsoft.com/download/e/9/d/e9d80355-7ab4-45b8-80e8-983a48d5e1bd/msicuu2.exe\")
Run the program from START>>All programs
Highlight the entry or entries and select Remove
Harddrive info>>Open MyComputer icon, right click on Local disk C:
Select Properties>>Should give you info of used space and free space on the drive
While your there, select Disk Cleanup>>Let if finish calculating
Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all restore points except for the last one
Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning
NOTE: I see Spybot in your hijackthis log but not in the uninstall list
Is the program actually installed?
Post back a fresh hijackthis log afterwards
Post by: Mr Bell on July 30, 2007, 04:30:04 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> It has only 1.28 GB left on it with 4.31 used. I really don't know what else to remove. Windows XP takes up the majority of space. I'm considering wiping it out and putting windows 97 on it but all I really need this thing for is to run IRC on it since I will be an Admin for TPG league hopfully very soon. But just for giggles do you know how much space 97 uses off the top of your head. If not no biggy. As far as anymore updates I think that's not happening. But here is the clean up and new hyjack reportLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:19:23 PM, on 6/30/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris Miears\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eightballclan.branzone.com/ (http://\"http://eightballclan.branzone.com/\")
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 (http://\"http://go.microsoft.com/fwlink/?linkid=58813\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580 (http://\"http://go.microsoft.com/fwlink/?LinkId=82580\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183157948081 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183157948081\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab\")
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggerne...oaderSigned.cab (http://\"http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab\")
--
End of file - 2150 bytes
Post by: guestolo on July 30, 2007, 05:45:39 PM
Take a look at the system requirements
http://www.microsoft.com/windowsxp/pro/upg...ng/sysreqs.mspx (http://\"http://www.microsoft.com/windowsxp/pro/upgrading/sysreqs.mspx\")
I would opt to do a clean install however
Format the drive full NTFS and try installing
This will wipe everything, it looks like you still have some bugs to clean anyways
If you opt to go with Windows 98, here's the system requirements
http://support.microsoft.com/kb/182751 (http://\"http://support.microsoft.com/kb/182751\")
Post by: Mr Bell on July 30, 2007, 07:10:31 PM
If that's the case what should I do next please?
Post by: guestolo on July 30, 2007, 10:57:12 PM
Download: CCleaner v1.40.520 - Slim
This will help clear temp files, cookies, etc...
http://www.ccleaner.com/download/builds.aspx (http://\"http://www.ccleaner.com/download/builds.aspx\")
Uncheck all options except for Desktop icon when prompted
Run CCleaner
Next: click Options click the Advanced button
Uncheck: "Only delete files in Windows temp folders older than 48 hrs."
NEXT: Click the Cleaner
Then click Run Cleaner (bottom right)
OK the prompt, when finished scanning, just exit the program
Also, let's see what may be hiding
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log
Post by: Mr Bell on July 31, 2007, 07:44:07 AM
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.True
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\DOWNLO~1.\temp
C:\WINDOWS\NDNuninstall4_88.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent
((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))
2007-07-01 08:27 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-06-30 15:28 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2007-06-30 15:26 <DIR> d-------- C:\Program Files\MSECACHE
2007-06-30 14:32 <DIR> d-------- C:\My Music
2007-06-30 10:52 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-29 20:01 991,232 --a------ C:\WINDOWS\system32\esent.dll
2007-06-29 19:08 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-06-29 19:08 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-06-29 19:08 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-29 18:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-29 18:15 <DIR> d-------- C:\Program Files\Common Files\Viewpoint
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-29 23:14 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-29 20:49 --------- d-------- C:\Program Files\Messenger
2007-06-29 18:44 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-04-16 23:47 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-04-16 23:45 92504 --a--c--- C:\WINDOWS\system32\cdm.dll
2007-04-16 23:45 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-16 23:45 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-16 23:45 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-04-16 23:45 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-16 23:45 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-16 23:45 1710936 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-16 22:43 208248 --a------ C:\WINDOWS\system32\muweb.dll
2004-08-08 16:08 25080 -ra--c--- C:\DOCUME~1\CHRISM~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2003-06-01 23:06 1435 --a--c--- C:\Program Files\INSTALL.LOG
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
R2 NWCWorkstation;Client Service for NetWare;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family;C:\WINDOWS\System32\DRIVERS\cben5.sys
R3 ltmodem5;LT Modem Driver;C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys
R3 Maestro;ESS Maestro2E Audio Driver (WDM);C:\WINDOWS\System32\drivers\essm2e.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\System32\drivers\msmpu401.sys
R3 NWRDR;NetWare Rdr;C:\WINDOWS\System32\DRIVERS\nwrdr.sys
R3 smimini;smimini;C:\WINDOWS\System32\DRIVERS\smiminib.sys
S0 IFP300;iRiver Internet Audio Player IFP-300;C:\WINDOWS\System32\DRIVERS\ifp300.sys
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\System32\Drivers\Brfilt.sys
S3 BrSerWDM;Brother Serial driver;C:\WINDOWS\System32\Drivers\BrSerWdm.sys
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\System32\Drivers\BrUsbMdm.sys
S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINDOWS\System32\Drivers\BrUsbScn.sys
S3 Ip6FwHlp;IPv6 Internet Connection Firewall;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 ISLP2;Intersil 802.11 Wireless LAN Driver;C:\WINDOWS\System32\DRIVERS\islp2nds.sys
S3 mf;mf;C:\WINDOWS\System32\DRIVERS\mf.sys
S3 NAVAP;NAVAP;\??\C:\WINDOWS\System32\Drivers\NAVAP.SYS
S3 Rio8Drv;Rio800 driver;C:\WINDOWS\System32\Drivers\Rio8Drv.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\System32\DRIVERS\usbprint.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\System32\DRIVERS\wanatw4.sys
S3 WPC11;Instant Wireless Network PC Card V3.0 Driver;C:\WINDOWS\System32\DRIVERS\LSWLNDS.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2007-07-01 08:34:53
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-07-01 8:37:51 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-01 08:36
--- E O F ---
Post by: guestolo on July 31, 2007, 08:02:46 AM
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Is the program actually installed?
Are things running better?
Post by: Mr Bell on July 31, 2007, 01:43:40 PM
Shall I tick it off using hyjackthis program?
Yes its running better.
Post by: guestolo on July 31, 2007, 10:51:29 PM
I'm surprised that entry was around after it was uninstalled however
Do you have any big files on the computer you can clear up that you don't need?
I noticed this folder
C:\My Music
any big files in that folder that you don't need?
You can delete this folder
C:\Program Files\Common Files\Viewpoint <-folder
Can you do the following, let's check for leftovers
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as find.bat
Code: [Select]
@echo off
cd C:\Program Files
dir > C:\find1.txt
notepad C:\find1.txt
del /q C:\find1.txtDouble click on find.batA text file will open, copy>>paste back here the contents
Post by: Mr Bell on August 05, 2007, 06:08:17 PM
Volume Serial Number is 4855-23F9
Directory of C:\Program Files
06/30/2007 03:28 PM <DIR> .
06/30/2007 03:28 PM <DIR> ..
07/04/2004 11:48 AM <DIR> Adobe
06/30/2007 08:25 AM <DIR> CleanUp!
02/15/2004 05:45 PM <DIR> ClockSync
06/30/2007 12:42 AM <DIR> Common Files
10/26/2005 08:56 PM <DIR> CyberLink
03/14/2003 12:42 AM <DIR> DIGStream
03/03/2003 04:28 PM <DIR> ESPNMotion
06/01/2003 05:42 PM <DIR> EuroTool
12/31/2003 07:41 PM <DIR> HighMAT CD Writing Wizard
06/01/2003 11:06 PM 1,435 INSTALL.LOG
10/04/2004 09:21 PM <DIR> Internet Explorer
11/29/2003 12:50 AM <DIR> InterVideo
10/07/2002 11:23 PM <DIR> Linksys
06/29/2007 08:49 PM <DIR> Messenger
10/07/2002 11:39 PM <DIR> Microsoft ActiveSync
10/07/2002 10:14 PM <DIR> microsoft frontpage
01/03/2004 07:02 PM <DIR> Microsoft Office
06/01/2003 05:46 PM <DIR> Movie Maker
06/30/2007 03:26 PM <DIR> MSECACHE
10/07/2002 10:03 PM <DIR> MSN
10/07/2002 10:03 PM <DIR> MSN Gaming Zone
04/18/2004 08:36 PM <DIR> NetMeeting
09/08/2003 07:26 PM <DIR> NetRatingsNetmeter
06/01/2003 06:18 PM <DIR> OfficeUpdate
10/07/2004 03:33 PM <DIR> OfficeUpdate11
06/29/2007 08:56 PM <DIR> Outlook Express
05/22/2003 10:12 PM <DIR> Real
10/11/2002 11:04 AM <DIR> ScanSoft
07/06/2007 06:21 PM <DIR> Spybot - Search & Destroy
06/30/2007 03:28 PM <DIR> Windows Installer Clean Up
06/01/2003 05:41 PM <DIR> Windows Journal Viewer
06/29/2007 09:26 PM <DIR> Windows Media Player
10/07/2002 10:03 PM <DIR> Windows NT
10/07/2002 10:14 PM <DIR> xerox
1 File(s) 1,435 bytes
35 Dir(s) 1,404,354,560 bytes free
I deleted my music file and a few more. However there was one called my recieved files that would not delete even though I removed the read protect.
Sorry about the delay here but I was out of town a few days.
Post by: Mr Bell on August 05, 2007, 06:22:12 PM
Also do I need to reinstall Java
Post by: guestolo on August 05, 2007, 07:38:12 PM
Also do I need to reinstall Java[/quote]
Can you do me one more favor, before you reinstall Java
I'm trying to cut down on room for you for now
I want to see a new uninstall list, but from CCleaner
Open CCleaner
Click on TOOLS
Then select "Save to text file.."
Save this to desktop then copy>paste back here the contents
Then we'll try and cleanup a bit more space on the drive
Post by: Mr Bell on August 05, 2007, 09:41:26 PM
Adobe Photoshop 7.0
Advanced Networking Pack for Windows XP
CCleaner (remove only)
CleanUp!
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
InterVideo MP3 + DVD XPack
Macromedia Shockwave Player
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage
Microsoft Windows Journal Viewer
RealOne Player
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB914798)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Shockwave
Software Update Manager
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
USB Storage Device Disk Driver ver1.06
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See KB837272 for more information]
Windows Media Player Hotfix [See wm828026 for more information]
Windows XP Hotfix (SP2) Q322011
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q328310
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q331953
Windows XP Hotfix (SP2) Q810565
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q811493
Windows XP Hotfix (SP2) Q814033
Windows XP Hotfix (SP2) Q814995
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q815485
Windows XP Hotfix (SP2) Q817606
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix - KB820291
Windows XP Hotfix - KB821253
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB822603
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB826942
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883357
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892944
Windows XP Hotfix - KB911567
Windows XP Hotfix - KB918439
Windows XP Hotfix - KB918899
Windows XP Hotfix - KB925486
Post by: guestolo on August 05, 2007, 10:22:04 PM
Ensure the firewall is enabled
Go to START>>RUN
Copy and paste the next entry in bold to the open field then hit OK
control.exe netconnections
Right click on your connection and select Properties
Open the Advanced tab, click the box to select the option to Protect my computer or network.
==============================================================
I noticed you reinstalled CleanUp!
That's ok, to make room on your computer
You can uninstall either CCleaner or CleanUp!
You decide
Also, you can uninstall "Windows Installer Clean Up"
You can delete these folders
C:\Program Files\ClockSync
C:\Program Files\ESPNMotion
C:\Program Files\NetRatingsNetmeter
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Windows Installer Clean Up
Deciding which one of the below you removed, you can also delete the related folder
C:\Program Files\CleanUp!
OR
C:\Program Files\CCleaner
Also
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Click Yes to confirm.
* Click OK.
Delete this folder if found
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
Go back and rehide hidden files and folders
==========================================
To make more room on the computer
Manually navigate to this folder
C:\WINDOWS\Prefetch
Open the Prefetch folder and delete the whole contents, don't delete the Prefetch folder itself, just all the contents inside it
==========================================
Also, do the following
Open your Internet Options for IE via control panel
Close Internet Explorer
Under the GENERAL TAB>>under Temporary Internet Files>>Select "Delete Files"
Put a tick in "Delete Offline Content" then click OK
under Temporary Internet Files>>Select "Settings"
Under Amount of Hard drive space to use, slide it down to 50mb
Ok your way out of there
==========================================
Run either CCleaner or CleanUp!, whichever you decided to keep
Ensure Recycle bin is selected when running this cleaner
==========================================
Right click on your Recycle bin icon on the desktop and select Properties
For now can you set to the following
"Do Not Move Files to the Recycle Bin....."
Apply and OK out of there
==========================================
Also, can you do the following
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name and click Create
You will be prompted by Windows that it was successful
When that's done
Again:
Open MyComputer icon, right click on Local disk C:
Select Properties>>select Disk Cleanup>>Let if finish calculating
Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all restore points except for the last one
Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning
===========================================
RIGHT CLICK on the 'MyComputer' icon on the desktop and select PROPERTIES
Select the SYSTEM RESTORE tab
Slide the System restore disk space useage bar down to Minimum>>Should be 200mb
Apply and OK out of there
============================================
Reboot your computer
Startup will be a bit slower as the Prefetch folder will have to be rebuilt
===========================================
Defrag your harddrive
Go to START>>All Programs>>Accessories>>System Tools>>Disk Defragmenter
Run the defrag, when it's done reboot your machine again
=============================================
Now try and reinstall Service pack 2 and see if you have enough room for it
Post by: Mr Bell on August 06, 2007, 06:10:18 AM
However it would not update windows service pack 3 because it wanted a cd rom to complete it and also date and time would not let it valadate.
Post by: guestolo on August 06, 2007, 11:25:00 AM
It probably is not a legal version for the laptop and you won't be able to update
Also, ensure you correct the date/time
Ensure you keep the firewall enabled, or your asking for problems
Also, why not install an Antivirus software
Get one low on resources
Here's a link to AVG7
http://www.download.com/3000-2239_4-10703202.html (http://\"http://www.download.com/3000-2239_4-10703202.html\")
I would also reinstall Firefox, it's a safer browser
the latest version is from here
http://www.mozilla.com/en-US/firefox/ (http://\"http://www.mozilla.com/en-US/firefox/\")
Also, Put Spywareblaster on your computer, it doesn't run in the background, so it won't use up resources
SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
Here's a link to the latest version of Java
- Download the latest version of Java Runtime Environment (JRE) 6u2 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
- Scroll down to where it says "Java Runtime Environment (JRE) 6u2, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement[/i]".
- The page will refresh.
- Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (13.90 MB).
- Double click on the installer and follow the prompts
- After successful installation you can delete the installer from desktop
Set at about 5%
I hope that helps
Forgot>>You don't really need all the bells and whistles running that XP offers
I suggest that you do the following
Right click on MyComputer>>>Select Properties>>ADVANCED tab>>SETTINGS under Performance
Select Adjust for Best Performance
Then manually just tick the bottom 3 options
Use common tasks....
Use dropdown shadows...
Use visual styles....
Apply and Ok out of there, you will probably not even notice a difference in the look and style of XP
But performance but be a bit quicker
Does the laptop always lose time?
Post by: Mr Bell on August 08, 2007, 07:30:06 AM
Thank you for help.
Randy