Help needed!

Hi, first posting.

In my haste to delete residue files not uninstalled. I think I have upset something.

I am getting "Cannot delete TheKing:Access is denied. Make sure the disk is not full or write protected and that the file is not currently in use" error message when I try to runn CC. If I press ok I can run CC but it's annoying

I think It was a download demo from yahoo games "Chess Challenge". I'm thinking it leaves something embedded to stop you from reloading the same demo over and over again after the free trial expires. (It was a free 1 hour trial)

I have searched all files with the text "TheKing" and have found a file "User.dat" in C:\WINDOWS.

It is a DAT file (which means nothing to me.) Can I manually delete it by right clicking? I thought I would ask first on this forum before I do any further damage!

Any help would be most appreciated

Regards

Robert

Can you post a Hijack This log (I want to see what processes you have running).

Download this:

http://www.download.com/HijackThis/3000-80...tml?tag=lst-0-1

Unzip it, then double click on it and choose "scan and save log file". Text pad will open up cut and paste the whole thing here for me to look at.

Can you post a Hijack This log (I want to see what processes you have running).

Download this:

http://www.download.com/HijackThis/3000-80...tml?tag=lst-0-1

Unzip it, then double click on it and choose "scan and save log file". Text pad will open up cut and paste the whole thing here for me to look at.

As requested,hope you can help?

Logfile of HijackThis v1.99.1

Scan saved at 00:23:39, on 19/08/05

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

c:\windows\SYSTEM\KB891711\KB891711.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE

C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE

C:\PROGRAM FILES\TIGHTVNC\WINVNC.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\FREESERVE\FREESERVECONNECTIONKIT\ATDIALLER1.EXE

C:\WINDOWS\SYSTEM\TRAYICON.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\PROGRAM FILES\SPEEDTOUCH\DR SPEEDTOUCH\DRST.EXE

C:\PROGRAM FILES\ABIT\COMMON\BIN\WINCINEMAMGR.EXE

C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\PROGRAM FILES\BOONTYGAMES\CHESSMASTER? CHALLENGE\ENGINE\THEKING.EXE

C:\PROGRAM FILES\FREE REGISTRY FIX\REGFIXF.EXE

C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaul...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/defaul...://my.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_0_2_7.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_0_2_7.DLL

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\WANADOO\WSBAR\WSBAR.DLL

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\Run: [MicroDialler] C:\Freeserve\FreeserveConnectionKit\atdialler1.exe

O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System\TrayIcon.exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE

O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

O4 - HKLM\..\RunServices: [iSSVC] "c:\Program Files\Norton Internet Security\ISSVC.exe"

O4 - HKLM\..\RunServices: [ccProxy] c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [WinVNC] "C:\PROGRAM FILES\TIGHTVNC\WINVNC.EXE" -service

O4 - HKCU\..\Run: [sTManager] C:/PROGRAM FILES/SPEEDTOUCH/DR SPEEDTOUCH/DRST.EXE -b

O4 - HKCU\..\RunServices: [sTManager] C:/PROGRAM FILES/SPEEDTOUCH/DR SPEEDTOUCH/DRST.EXE -b

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe

O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE

O4 - Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\ABIT\Common\Bin\WinCinemaMgr.exe

O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe

O4 - Startup: Down2Home.lnk = C:\Program Files\Down2Home\Down2Home.exe

O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\WANADOO\WSBAR\WSBAR.DLL/VSearch.htm

O9 - Extra button: Dell Home - {F0E6AC40-AD04-11D3-83EB-A00855C1042A} - http://www.dell.com/ (file missing) (HKCU)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_0_2_7.cab

O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/...303/mcfscan.cab

O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1037639.exe

O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn1181.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O18 - Protocol: spinware - {B15A890F-1059-11D2-ABF9-DD1614E90B2A} - (no file)

In hijack this put a check mark next to the following entry:

C:\PROGRAM FILES\BOONTYGAMES\CHESSMASTER? CHALLENGE\ENGINE\THEKING.EXE

Now click fix checked. Next run CCleaner and see if you get the error.

Edit

Ignore above (Sorry :( ) I'm doing to many things at one time.

Here is what you need to do.

1. Open hijack this.

2. Click open misc tools section.

3. Click open process manager.

4. Find this entry:

C:\PROGRAM FILES\BOONTYGAMES\CHESSMASTER? CHALLENGE\ENGINE\THEKING.EXE

5. Highlight and choose Kill process.

6. Now close hijack this and run CCleaner.

7. Tell me if you get the error

Edit Again. ;)

Do what Tarun said. My way works too but his is easier.

Sorry, I must be blind. I can see it in the log but not in the scan????

In hijack this put a check mark next to the following entry:

C:\PROGRAM FILES\BOONTYGAMES\CHESSMASTER? CHALLENGE\ENGINE\THEKING.EXE

Now click fix checked. Next run CCleaner and see if you get the error.

He can't fix checked, as you can't check that item off since it's a task.

Sorry, I must be blind. I can see it in the log but not in the scan????

Because it's not in things you can fix via HijackThis. Do a Ctrl Alt Delete, Process tab and End Task from there.

Do what Tarun said, sorry.

All fine and dandy-Thank you to you both. A credit to humanity and this forum.

Regards

Robert

I know it migt appear cheeky but does this remove all traces of that program from my system and enable me to download again???

He can't fix checked, as you can't check that item off since it's a task.

Because it's not in things you can fix via HijackThis. Do a Ctrl Alt Delete, Process tab and End Task from there.

I don't know why I keep doing that! :angry: (Its happened twice in the last three days).

I know it migt appear cheeky but does this remove all traces of that program from my system and enable me to download again???

Probably not. You can try if you want but it is more than likely just going to tell you that the trial has expired. It depends on how deeply that program went into the registry.

Thank again.

Out of interest do you know much about capturing avi files and codecs?

Thank again.

Out of interest do you know much about capturing avi files and codecs?

One last point-on searching Windoes using text containing "TheKing" I am still getting a positive back under user dat is this o.k?

One last point-on searching Windoes using text containing "TheKing" I am still getting a positive back under user dat is this o.k?

Windows

This media player plays everything (quicktime, divx, windows media player, realplayer, ANYTHING):

VLC Media player

http://www.videolan.org/vlc/

Where are you trying to get the file from?

I guess you could delete those files but be carefull with what you delete.

I wasn't looking for a media player, my fault for putting a non relating question in the same thread.

First point, regarding capturing avi files and codecs. I use Snagit to capture trailers for my video store and put them in powerpoint to run trailers. It's a low spec PC and I wondered if anyone knew what are the best codecs for Apple trailers as I am getting mixed results. I know it's not related to this thread so please feel free to delete this (moderators)

Secondly I am searching in Windows explorer to see if there are still traces of "TheKing" files data and it comes up positive, just thought that CC would clear it, that's all.

Sorry your last post was a little confusing, my fault for putting a non relating question in the same thread.

First point, regarding capturing avi files and codecs. I use Snagit to capture trailers for my video store and put them in powerpoint to run trailers. It's a low spec PC and I wondered if anyone knew what are the best codecs for Apple trailers as I am getting mixed results. I know it's not related to this thread so pleasefeelfree todelete this (moderators)

Secondly I am searching in Windows explorer to see if there are still traces of "TheKing" files data and it comes up positive, just thought that CC would clear it, that's all.

Ok, I understand what you want now (I had no clue before). About the codecs, not really my expertise. Start a new topic called video codecs or something and explain what you want to do. I know a couple of the other members here know a lot about codecs.

about "The king" files. CCleaner isnt perfect and some programs uninstall so badly that nothing will fix them but manual removal. If your going to delete them be carefull not to accidentally delete any necessary files.

Ok, I understand what you want now (I had no clue before). About the codecs, not really my expertise. Start a new topic called video codecs or something and explain what you want to do. I know a couple of the other members here know a lot about codecs.

about "The king" files. CCleaner isnt perfect and some programs uninstall so badly that nothing will fix them but manual removal. If your going to delete them be carefull not to accidentally delete any necessary files.

Will do. Am off to get some shut eye... Thanks again for all your help. Really appreciate it

"User.dat" in C:\WINDOWS

Leave "system.dat" and "user.dat" alone they're the system registry for Win98SE.