More HJT Help

My latest log follows>
remove items from msconfigLogfile of HijackThis v1.97.7
Scan saved at 11:17:31 AM, on 5/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\PROLOG~1\PropelAC.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\MemoKit\memokit2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\DOCUME~1\Joe\LOCALS~1\Temp\bwgo000067fa.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Installation Files\HijackThis.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Installation Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ptd.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref( "browser.startup.homepage ", "http://my.netscape.com/index2.psp "); (C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\default\pd5dchcv.slt\prefs.js)
N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_02.src "); (C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\default\pd5dchcv.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Propel Accelerator] C:\PROGRA~1\PROLOG~1\PropelAC.exe
O4 - HKCU\..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /A "C:\WINDOWS\System32\E_SA.tmp "
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\ProLogX5 Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\ProLogX5 Accelerator\pac-image.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - https://www.lifescan.com/otdms/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37825.3716203704
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{841CA08C-F141-4A97-BFD4-93A7DE404582}: NameServer = 207.44.96.129 204.186.0.202

Also, note the running process in Doc/settings, There are 10 or more in a Temp file all with different last 4 digits

Joe R

 

Not too bad really. Scan again and fix these.

R3 - Default URLSearchHook is missing
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

After you read thru this (it will explain those strange processes), you may want to fix these also.

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

Check out the info under the realsched.exe (TkBellExe 0) entry here. You may want to consider uninstalling Realone Player. If you do, and any of these entries are left over, fix them also. Might want to at least do the renaming as suggested in the description.

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Are you having any specific problems? Or were the processes your primary concern?

 

More THJ Help

Dave: Thanks for the reply. I just read it but have not taken any action yet. I was on the YOYO site getting ready to add his HOST file to the one I downloaded earlier this week. Will check out your info and get back to you.
Joe R

 

More HJI Help

Dave: Log will follow. I read about the serange processes-Think it has to do with my Logitech cam. Gives me something to investigate
Fixed R3-016-04 (2) and am going to get rid of Realone

??Rename what as suggested where??

Logfile of HijackThis v1.97.7
Scan saved at 3:17:04 PM, on 5/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\PROLOG~1\PropelAC.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\MemoKit\memokit2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\DOCUME~1\Joe\LOCALS~1\Temp\bwgo000067fa.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Installation Files\HijackThis.exe
C:\Program Files\Tickle\Tickle.exe
C:\Installation Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ptd.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
N3 - Netscape 7: user_pref( "browser.startup.homepage ", "http://my.netscape.com/index2.psp "); (C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\default\pd5dchcv.slt\prefs.js)
N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_02.src "); (C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\default\pd5dchcv.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Propel Accelerator] C:\PROGRA~1\PROLOG~1\PropelAC.exe
O4 - HKCU\..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /A "C:\WINDOWS\System32\E_SA.tmp "
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\ProLogX5 Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\ProLogX5 Accelerator\pac-image.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - https://www.lifescan.com/otdms/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37825.3716203704
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{841CA08C-F141-4A97-BFD4-93A7DE404582}: NameServer = 207.44.96.129 204.186.0.202
Joe R

Lonny told someone to delete 3 Temp files -those strange processes are in
a Temp file. Should I do the same??

 

If you have stuff running from a temp folder, that is usually not a good thing.

 

Looks like the backweb thing running from the temp.No big deal, fallow
noahdfear suggestions to disable it

meaning fix this
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

then in logitechs options there probaly is an option to not have it update automaticly.

and yes you can del anything in a temp folder, might have to reboot first.

fix this then reboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
then before using real player rename that file to realsched.Old
it not needed
If you do Please just periodicly check for updates
Real Player Struck By Massive Security Hole:
http://forums.net-integration.net/index.php?showtopic=10413

Regards

 

Hi joeskys,

Sorry about that. In the link I provided, a search for filename realsched.exe would produce this result.


realsched.exe TkBellExe 0 (Real Networks) Real Networks Scheduler which gets installed with RealOne Player. Under Win9x/ME this task shows as TKBELLEXE, and as EVNTSVC under Windows 2000/XP or REALSCHED depending on which version of RealOne Player you have installed. From our experience, everything that applies to EVNTSVC below, also applies to REALSCHED. RNDAL elsewhere in these Task List pages is a good starting point to read about RealOne Player. Next, a 15-Jun-2002 extract from the RealOne Player License Agreement that is specific to EVNTSVC (the said License Agreement was updated on 25-Nov-2002 by Real Networks and EVNTSVC was replaced by REALSCHED in that version of the License Agreement) : An application Scheduler, known as "evntsvc.exe," is installed along with RealOne Player. Once installed, it runs independently of RealOne Player. The Scheduler does not collect personal information or communicate with RealNetworksÂf servers. It is used to remind AutoUpdate and Message Center to perform their tasks at pre-scheduled intervals. The Scheduler is also used to automatically launch RealNetworksÂf Media Type Helper. The Media Type Helper ensures the system is configured for correct operation of the RealOne Player with Multi-Purpose Internet Mail Extensions ( "MIME ") types, file extensions, Internet protocols and other media types. If a media type has been assigned a different action by a different application, Media Type Helper may override the association and substitute its own association. Recommendation : If reading about RNDAL did not put you off, then read on. RealPlayer Classic used to be one of the most needed pieces of software on a PC. Its successor, RealOne Player, is vying for the title of the most hated piece of software. For a start, on many PCs EVNTSVC slows down boot-ups unacceptably, using up to 90% of CPU time at times. There have also been reports of EVNTSVC dropping advertising shortcuts onto the desktop during idle times. Next, if you try to disable EVNTSVC via Startup Manager or MSCONFIG, RealOne Player checks to see if it has been deleted from the Registry and re-instates it as a startup item ! To be fair, there is a facility within RealOne Player to "only perform automatic services while RealOne Player is in use ". As stated in our write-up for RNDAL, our recommendation is to de-install RealOne Player and either use the classic RealPlayer, or something else such as WinAmp. If you absolutely want to keep RealOne Player, we suggest you rename EVNTSVC.EXE to EVNTSVC.EXE.OLD (or REALSCHED.EXE to REALSCHED.OLD) as that is the only way to make absolutely certain that it never runs, and RealOne Player works fine.

As you see, the last line says to do what Lonny suggested and rename the file.

Log looks good. the only other thing I would recommend is end task on msmsgs.exe (Windows Messenger) and disable it or even uninstall it, unless you use it. And yes, empty ALL temp folders.

I also meant to tell you, since you asked about it in the other thread, the 017 entries are your ISP's and necessary.

 

Thanks Y'all for your help and replys. I did a lot of house cleaning.
Renamed Realsched.exe, as was suggested, after I reinstalled
RealOne Played as I use it and could not get Winamp or Windows Media Player to get my radio stations.Also got some good info here>http://www.spywareinfo.com/~merijn/htlogtutorial.html#o1. Maybe I'll become an expert . Also downloaded Plug Ins for Ad-aware and disabled
msmsgs.exe-I think-If not I'll unstall it the way you suggested. Also, deleted the Temp files. 2 of the 4 Plug Ins for Ad-aware would not install- message said
file was not as large as expected-??? I have contacted support,waiting for their reply. Anyway, right now I'm a happy camper til I ***** something up
Joe R

 

Good news. Thanks for posting back!