Can Not Delete!!!!

Hi all, this is my first post......

I started getting popups a few days ago.... I dont know where this came from noone who lives here will admit they did it... but I'm guessing someone went to some website or something and now I have a program running on my system that I can't delete or stop from running.... I noticed it when restarted and went to task manager to stop a few programs that I don't want running and there they were... two files running iexporer.exe which never were there before...I tried to end process them and nothing.. they wont stop.. I dug deeper and found where the actuall program is on my computer... documents and settings, all users, application data, dup wma log browse, and there it is...CORNBONE! I tried to delete it and it will not... says it is in use by another person or program..I then tried going to msconfig and unchecking it( it did show up on start up files as well), and restarting but it still runs.. when I open my internet explorer a search bar with links on it pops up on the bottom of screen everytime.. I found the file and entered it in my address bar and it goes to a webpage with nothing but the same search bar at the top of a grey screen....I ran reg supreme and it isnt even listed in there... I don't know what to do... can someone help me out?
tnx franky:shock

 

Update Virus Definitions and make sure your virus scanner is running.

In the "handy tools" section (under quick links) look for Adaware and Spybot S&D. Download them, run them, and enjoy . Also, run spybot before adaware because sometimes spybot thinks that parts of adaware are bad.

What could also help is if you download "hijackthis" from the handy tools section and post the log.

And welcome to BD!!! :clap

 

If RD2DG's post doesn't help you, you can download Killbox With this program you can select it to delete a program as the computer shutdowns and it isn't in use.

 

Srry, forgot to say that I ran both spybot and adaware and neither found it... and the link on c5mel's post I couldnt see anything called killbox anywhere..... here is the log from hijackthis...
thanks.
frank
Logfile of HijackThis v1.98.2
Scan saved at 10:11:42 AM, on 29/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\frank rizzo\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.npjavtbfdwspoylwwszdtwl....usqkAyhRUATxbhIlA0gUyT5lwYWSHBQOVeFRncdv.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tibia.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {75D4EC53-802C-E868-3983-2D6557E41098} - C:\DOCUME~1\FRANKR~1\APPLIC~1\MPEGSL~1\four locks.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [acid dead] C:\DOCUME~1\FRANKR~1\APPLIC~1\NOUNOP~1\itchstop.exe
O4 - Global Startup: DN.pif = C:\PROGRA~1\SMARTC~1\DN\cemu.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} - http://www.mydailyhoroscope.net/mdh/install.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-ca/4,0,0,83/mcinsctl.cab
O16 - DPF: {683DFF0F-331F-44D2-B69B-46D7BFB58F32} (VacPro.canada_ver3) - http://www.advnt01.com/dialer/canada_ver3.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-ca/1,0,0,20/mcgdmgr.cab

 

I pm'ed you a link to a download location... the only place i could find a link is on another forum so i won't advertise for that forum here.

 

YES!!!!! its gone! thanks so much you guys, really appreciate it..
Frank (aka not frank).... lol

 

Glad we could help!

 

Glad to hear that you got rid of it. You can always go into DOS and delete it there too. Maybe for next time.

 

ok 8( same thing is now back but called dup log....where is this coming from?
how do I delete in dos? but finding the cause would be better since it keeps coming back...:shock

 

What do you have installed, free applications? Can you list them?

 

Do you have up to date virus definitions? There is a virus called "Download.Trojan" and it downloads more trojans while you are infected... so you need to delete the source file if your Anti-Virus program can locate it.

 

Is it still the ieexpore exe you originally had trouble in? Boot into dos mode(f8 at startup and choose dos). Then type. This will work for a single file. Check its properties for its dos name.

DEL (ERASE) [d:][path]filename [/P]

Deletes (erases) files from disk

Try HS Cleandisk Pro it is a trial download available at this link. Good stuff and it cleans at all your index dats in dos at startup or shutdown depending on how you configure it. Try this out if you arent sure about the dos. Let us know what happens.

http://www.utilitygeek.com/showfiles.php?view=normal&catid=18

 

my free programs are: adaware SE, spybot search and destroy, winamp , win rar, resupreme, I have mcafee virus scan installed and it updates like everyday..and it is still called the same iexplore.exe as if i have a web page open, but it is actually dupedog, the only programs that I just installed are the adaware, spybot and regsupreme, I installed them to try to get rid of this problem.... I didnt install anything new when it happened..BUT my wife started goin on this program called myspace, one of her friends said " oh you have to go and try this its so cool" .. nono we cant just chat on msn like normal people frickin idiots... so that might be it I dont know..... oh and I went to run killbox again and its gone?... would adaware or spybot have deleted it thinking its spyware or somthing? tnx

 

Possible. If it shows up again try and delete it in dos. Keep us posted.

 

ok I deleted it again with killbox.. now it is back and it is called boob rule. where is this coming from?

 

Can you run AdAware in safe mode, then reboot and run HijackThis, and post the log here again?

 

ok i did all that here is the log..
Logfile of HijackThis v1.98.2
Scan saved at 10:48:56 AM, on 02/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\frank rizzo\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cwncjvtiuzeajmdvw.com/Zt...3OzgLtb35l8lKBBndPQhhgbJ/Wwd/E1bx702qy4s.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tibia.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {75D4EC53-802C-E868-3983-2D6557E41098} - C:\DOCUME~1\FRANKR~1\APPLIC~1\MPEGSL~1\four locks.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [logbrowseblahwin] C:\Documents and Settings\All Users\Application Data\Dupe Wma Log Browse\BurnTrust.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [acid dead] C:\DOCUME~1\FRANKR~1\APPLIC~1\NOUNOP~1\itchstop.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: DN.pif = C:\PROGRA~1\SMARTC~1\DN\cemu.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} - http://www.mydailyhoroscope.net/mdh/install.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-ca/4,0,0,83/mcinsctl.cab
O16 - DPF: {683DFF0F-331F-44D2-B69B-46D7BFB58F32} (VacPro.canada_ver3) - http://www.advnt01.com/dialer/canada_ver3.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-ca/1,0,0,20/mcgdmgr.cab

 

Check these and reboot:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cwncjvtiuzeajmdvw.com/Zt...1bx702qy4s.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tibia.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
2 - BHO: (no name) - {75D4EC53-802C-E868-3983-2D6557E41098} - C:\DOCUME~1\FRANKR~1\APPLIC~1\MPEGSL~1\four locks.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [logbrowseblahwin] C:\Documents and Settings\All Users\Application Data\Dupe Wma Log Browse\BurnTrust.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [acid dead] C:\DOCUME~1\FRANKR~1\APPLIC~1\NOUNOP~1\itchstop.ex e
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: DN.pif = C:\PROGRA~1\SMARTC~1\DN\cemu.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} - http://www.mydailyhoroscope.net/mdh/install.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared...83/mcinsctl.cab
O16 - DPF: {683DFF0F-331F-44D2-B69B-46D7BFB58F32} (VacPro.canada_ver3) - http://www.advnt01.com/dialer/canada_ver3.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared...,20/mcgdmgr.cab
then reboot, and try to remove the files you want.

 

ok so am I checking these on hijack this then hitting fix selected?... or just check them and hit nothing and reboot comp? and then you said reboot again and remove the files you want..?? isnt having these checked going to remove them? I dont quite understand your directions. o.0

 

Check the ones I've marked above. Then click 'Fix Selected'. Reboot. Run AdAware again.
You're done. Its simple.