Tech Support Guy banner
Status
Not open for further replies.
1 - 20 of 24 Posts

·
Registered
Joined
·
65 Posts
Discussion Starter · #1 ·
I've been setting myself up to do an OS install. I wanted to do by "slipstreaming" a CD with the OS and SP2 included ala Fred Langa InfoWeek 9/20/2004. To do so I have to have an extra gig on my drive. I've got my OS and aps on 15G partition of an 80G ATA drive and as I got ready to do the above I start getting low disk space warnings. After deleting a few unneeded aps to free up the space, I find I'm losing it back or rather the freed space is filling back up. I weekly use AdAware, Spybot, ZoneAlarm w/antivirus and monthly Panda, so I thought I was virus free. Maybe not!:mad: Anyway, I think I'm a candidate to ask if you folks would look at a HiJack log. What is the current method of using it? Thanks
J.
 

·
Registered
Joined
·
65 Posts
Discussion Starter · #2 ·
Logfile of HijackThis v1.99.1
Scan saved at 8:01:32 PM, on 7/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRAM FILES\RESTORE DESKTOP\RestoreDesktop.exe
C:\PROGRA~1\KEYWAL~1\KWallet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\jshepard\Application Data\U3\0000060415125798\LaunchPad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [RestoreDesktop] C:\PROGRAM FILES\RESTORE DESKTOP\RestoreDesktop.exe
O4 - HKCU\..\Run: [KeyWallet] C:\PROGRA~1\KEYWAL~1\KWallet.exe
O4 - Startup: Reboot.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: SpellChecker - {CF0D2653-57FA-482c-90A3-E1485702F0D4} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) - http://www.picturebuzz.com/common/programs/swicdad.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132407057844
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132403694518
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://216.167.69.148/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25FA07C1-D4D9-4747-A86D-7A1581F1D0D3}: NameServer = 207.177.68.2 207.177.68.1
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

Thank you for any help you can give.
J
 

·
Registered
Joined
·
62,561 Posts
Can't help with the hijack log.

But when you reboot the PC Zone Alarm makes new Tmp files so look in your C:\WINDOWS\Internet Logs folder.
Like mine is 1.2 MB so if your rebooting your PC alot it will just keep making a new TMP file each time.
You can delete them. They do not get made if you do a safe shut down and then start up your PC. Just when you do a reboot on your own it makes them.
 

·
Registered
Joined
·
65 Posts
Discussion Starter · #4 ·
Thanks, hewee, that got me 35mb. I'm looking for much more. With the only folder on this drive showing space in gigabytes being Windows at 3, I'm having trouble discovering where the other 12 is with the drive's properties showing I have only 216mb of free space, right now, later it will tell I have less and need to delete something so windows can run properly. I'm running out of stuff to delete... besides it doesn't do any good as the free space is replace by something I can't see. I have hidden files showing.
 

·
Registered
Joined
·
62,561 Posts
Wow with only 216mb of free space your PC would get very slow too I bet.

Don't know why no one looked at your log file yet.

But you do have your internet temp or cache files so better clear them alot.
Then I would look tru the day and at bootup for new files. Go to find and do a search on the last 24 hours. Clear your internet cache or temp first so the list from the search will not get so big. Then click so it showed you everything by date and time in order.
Maybe your see something showing up that can help you find out what is going on.

Also AdAware, Spybot and I guess Panda and what ever other programs that have logs and quarantined files can add up if not cleaned up.
So your want to clear older ones that are not needed.

I know in Spybot you open it and click on tools, view report and then view previous report.
It will then show you all the pass reports from your scans and if you never cleared them it adds up.
They are in the C:\WINDOWS\Application Data\Spybot - Search & Destroy\Logs folder.
On quarantined open Spybot and click on Recovery and your see that list.
They are in the C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery folder.

Ad-Aware has the options to clean things too.

Long ago I used the Panda online scan and it worked once and then I tried other times but could not get it to work.
But I did not install anything but the BHO to do the scan and I deleted it.
But later I found all these other folders and files and found out it was from Panda so I cleaned them up and there were many files all the same size too. Don't know if I had all the added files because it was not working right anymore so it never cleaned up after itself or not but there were lots and lots to clean up.

Also if you have Sun Java open it from the control panel and clear the cache. I think the default is 50 MB that it can get up too so that may help. Also you can uncheck a box so it does not cache or keep the files so theu would I guess always be temp file and get deleted when you close down IE, Netscape, Firefox or what ever.
 

·
Registered
Joined
·
62,561 Posts
I just installed Firefox on my PC the other day and noted that in the C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\idh7r95i.default\bookmarkbackups folder it makes a backup each day of your bookmarks.
I have a lot of bookmarks so the file is big but I get a new one added each day.
 

·
Registered
Joined
·
65 Posts
Discussion Starter · #7 ·
Thanks so much again, Hewee, your suggestions have produced a great reduction in my unneeded files. I'm using XP Pro which has a Documents and Settings section under the user ID that does what you discribed about Firefox bookmarks for many aps.

If you have any suggestions about how I can more efficiently get my HiJack log in front of the right willing people, please help in that regard also.
J
 

·
Registered
Joined
·
11,852 Posts
For this you will loose your restore points but you can make new ones if you turn this back on. I would like you to write down the amount of free disk space on your drive, then turn off system restore and reboot the computer when it is done and then check the free space again and post the difference.

How to Enable and Disable System Restore
http://support.microsoft.com/kb/264887/en-us
 

·
Registered
Joined
·
65 Posts
Discussion Starter · #9 ·
Thanks, ozrom1e, your suggestion shows you may be on to something. I had 473mb free before shutting SysRestore down and after booting back, I have 1.05 gb. What does this say? You sure have been busy since you joined with over 2K posts.
J
 

·
Registered
Joined
·
65 Posts
Discussion Starter · #10 ·
BTW, ozrom1e, XP Pro offers a sys restore tab under properties with a right click of My Computer.
 

·
Registered
Joined
·
11,852 Posts
Well quite an increase now are you using anything like Norton Internet Security or other Symantec products?
 

·
Gone but never forgotten
Joined
·
9,283 Posts
j0n003 said:
BTW, ozrom1e, XP Pro offers a sys restore tab under properties with a right click of My Computer.
Anyone else see this tab??
It's certainly absent on mine?

j0n003Go back to the System Restore settings and change the space allowed to something in the 500-750MB range.

Also, if you havent', download and run CCleaner to take care of some general housecleaning.

You can also use SEARCH for files created.modified TODAY to see what files are being added to your system. This may give you a hint as to where it is happening and what is doing it.
 

·
Registered
Joined
·
65 Posts
Discussion Starter · #13 ·
Thanks, ozrom1e & WhitPhil,
ozrom1e, No NAV "corrupt me once shame on u, corrupt me twice shame on me"
WhitPhil, My XP Pro is with SP2 Build 2600 that has that sys restore tab on right click of My Computer.
J.
 

·
Registered
Joined
·
11,852 Posts
I would like you to turn system restore back on

Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

And set it to the settings the last person said. then reboot and see if it is still the same and also write down the free space before and after.
 

·
Registered
Joined
·
65 Posts
Discussion Starter · #15 ·
Thanks, again ozrom1e & WhitPhil,
ozrom1e, with a 741mb range (or 6%), I left with 1.02G and came back with 1.01G and
WhitPhil, a search of files created today showed 228 files. I saved the file search and will post next as attached if you want.
J
 

·
Registered
Joined
·
65 Posts
Discussion Starter · #16 ·
BTW, it still takes 14 min for the boot to get from the BIOS screen to the MS welcome and 5 min. to the wallpaper and 5 more to be able to operate.
 

·
Registered
Joined
·
11,852 Posts
OK I think it is time to continue here and I would like you to run another HijackThis and post it at the right spot on TSG You can skip downloading it again becauseit is the right version I just would like a current date for it. Run it and psot it to the following:

Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy doing that copies the text to the clipboard, you won't see it yet....
Open a TechSupportGuy forum Reply window under Internet & Networking in Security for this thread, to have ready to paste the Hijackthis log into. Click once to place the typing cursor in the reply window.
At the top of your TSG/browser window, hit Edit then Paste
You should see your copied Hijackthis log appear in the reply space....then, submit the reply and copy and paste the link in the address bar back to the original thread you were in.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

·
Registered
Joined
·
65 Posts
Discussion Starter · #18 ·
Logfile of HijackThis v1.99.1
Scan saved at 9:10:01 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRAM FILES\RESTORE DESKTOP\RestoreDesktop.exe
C:\PROGRA~1\KEYWAL~1\KWallet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [RestoreDesktop] C:\PROGRAM FILES\RESTORE DESKTOP\RestoreDesktop.exe
O4 - HKCU\..\Run: [KeyWallet] C:\PROGRA~1\KEYWAL~1\KWallet.exe
O4 - Startup: Reboot.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: SpellChecker - {CF0D2653-57FA-482c-90A3-E1485702F0D4} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) - http://www.picturebuzz.com/common/programs/swicdad.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132407057844
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132403694518
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://216.167.69.148/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25FA07C1-D4D9-4747-A86D-7A1581F1D0D3}: NameServer = 207.177.68.2 207.177.68.1
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
 

·
Registered
Joined
·
65 Posts
Discussion Starter · #19 ·
ozrom1e & all,
It's to recharge for my 10 hr/day road job. Will stay in touch from motel room. Back home to make next moves Thur. 8/3/06.
J
 
1 - 20 of 24 Posts
Status
Not open for further replies.
Top