Can Not Delete!!!!

Discussion in 'System Security & Infection Support' started by frankrizzo, Oct 29, 2004.

  1. frankrizzo

    ruslanb76 pivo prosim VIP Member

    Joined:
    Jul 17, 2004
    Messages:
    442
    Likes Received:
    5
    Location:
    usa
    I dont doubt the killbox deleting dos automatically. If fenis' suggestions dont work humor me and try out my idea. Also have you broached this topic at any other forums? Computercops.biz for example? More opinions and minds could help you find the right answer. Peace.
     
    ruslanb76, Dec 10, 2004
    #41
    1. Advertisements

  2. frankrizzo

    frankrizzo

    Joined:
    Oct 29, 2004
    Messages:
    42
    Likes Received:
    1
    Location:
    vancouver
    Wow.....seems more people are having the EXACT same problem i had..or should i say have.. still got it.. and i hate it..thinking seriously of reformatting.. I tried what that shandari on the other can not delete post said by going to the searchweb2.com site and downloading their uninstaller.....lol IT WONT LET ME!! says my security settings wont allow the download.. which is bull.. I turned ALL my security off and says the same thing..and it doesn't look like a warning from any of my security programs.. just a generic pop up.. from them no doubt..I dont know... any new ideas?..
    tnx..
     
    Last edited: Jan 13, 2005
    frankrizzo, Jan 13, 2005
    #42
    1. Advertisements

  3. frankrizzo

    James Photojournalist

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    Frank, have you tried running AdAware or Microsoft's AntiSpyware? Run either one and then post your HijackThis log.
     
    James, Jan 13, 2005
    #43
  4. frankrizzo

    frankrizzo

    Joined:
    Oct 29, 2004
    Messages:
    42
    Likes Received:
    1
    Location:
    vancouver
    i just installed and ran microsoft antispyware.. seemed to do good things but 1 inch bar still pops up at bottom and my favorites are filled with crap that i cant right click on still...8( here is my log..
    Logfile of HijackThis v1.98.2
    Scan saved at 12:09:24 PM, on 13/01/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\RDSHOST.exe
    C:\WINDOWS\system32\sessmgr.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    c:\progra~1\intern~1\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\frank rizzo\My Documents\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enzxgictvgihbtaluqfhxtq....3OzgLtb35l8lKBBndPTY0cCfClE_Nk1bx702qy4s.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
    O4 - HKLM\..\Run: [logbrowseblahwin] C:\Documents and Settings\All Users\Application Data\Dupe Wma Log Browse\Creative Way.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [acid dead] C:\DOCUME~1\FRANKR~1\APPLIC~1\NOUNOP~1\itchstop.exe
    O4 - Startup: DLHelperEXE.exe
    O4 - Global Startup: DN.pif = C:\PROGRA~1\SMARTC~1\DN\cemu.exe
    O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
    O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v48/haunted/haunted.cab
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_229/webolr/OCX/FlashAX.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
     
    frankrizzo, Jan 13, 2005
    #44
  5. frankrizzo

    James Photojournalist

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    You must have something running that isn't being detected. Remove these items:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enzxgictvgihbtaluqfhxtq....1bx702qy4s.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKCU\..\Run: [acid dead] C:\DOCUME~1\FRANKR~1\APPLIC~1\NOUNOP~1\itchstop.ex e
    O4 - Startup: DLHelperEXE.exe
    O4 - Global Startup: DN.pif = C:\PROGRA~1\SMARTC~1\DN\cemu.exe
    O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
    O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v4...ted/haunted.cab
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhe...n7/dlhelper.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/m...OCX/FlashAX.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/gam...aploader_v6.cab
     
    James, Jan 14, 2005
    #45
  6. frankrizzo

    frankrizzo

    Joined:
    Oct 29, 2004
    Messages:
    42
    Likes Received:
    1
    Location:
    vancouver
    ok i deleted those... no change...i know exactly where they are...C:/documents and settings/all users/application data/dupe wma log browse.. and then there are two in there... one is application file called creative way.. and the other is file called debugonceloud...cant delete either of them..unless i use killbox and delete on reboot..i have deleted them before, they have been deleted and come back about 5 times, they are always called somthing different when they come back but they do exactly the same things.. how can i find out where these keep coming from...
    tnx..
     
    frankrizzo, Jan 17, 2005
    #46
  7. frankrizzo

    frankrizzo

    Joined:
    Oct 29, 2004
    Messages:
    42
    Likes Received:
    1
    Location:
    vancouver
    ok, I just put the dupe wma log browse file on killbox for delete on reboot... did the boot and went to the location... it was still there.. even the two files .. they were still there too... so i quickly tried deleting them.. and it worked.. i guess they hadn't started up the programs that they run or somthing.. so now im hoping! that the microsoft antispyware program that I installed the other day will detect when these try to install themselves as they always do, like it detected itchstop trying to install itself to my registry, which is what gave me the idea to try this....I'll let you guys know what happens.......
    thanks....Good things...
     
    frankrizzo, Jan 17, 2005
    #47
  8. frankrizzo

    frankrizzo

    Joined:
    Oct 29, 2004
    Messages:
    42
    Likes Received:
    1
    Location:
    vancouver
    frankrizzo, Jan 18, 2005
    #48
  9. frankrizzo

    Snugglez lvl.49 Bone Mage VIP Member

    Joined:
    Dec 14, 2004
    Messages:
    117
    Likes Received:
    2
    Location:
    Whittier, Ca.
    Have you cleaned out your temp files?

    C:\WINDOWS\Temp
    C:\Documents and Settings\User Name\Local Settings\Temp
    C:\Documents and Settings\User Name\Local Settings\Temporary Internet Folder
    C:\Documents and Settings\User Name\Local Settings\History

    any others. I heard theres one in System32
     
    Snugglez, Jan 18, 2005
    #49
  10. frankrizzo

    ruslanb76 pivo prosim VIP Member

    Joined:
    Jul 17, 2004
    Messages:
    442
    Likes Received:
    5
    Location:
    usa
    Sorry to say it but I would probably back up any important data and burn some discs and reformat. I have no other suggestions. The DOS is my silverbullet. I was hoping all had gone well since we hadnt heard from you in a while.
     
    ruslanb76, Jan 18, 2005
    #50
  11. frankrizzo

    frankrizzo

    Joined:
    Oct 29, 2004
    Messages:
    42
    Likes Received:
    1
    Location:
    vancouver
    Ok I've reformatted..... fresh and clean...norton running and microsoft antivirus running and windows firewall..hopefully this will stop any threats that come my way this time..plz delete this post..and thanks for all the help everyone.. 8)
    frank.
     
    frankrizzo, Jan 21, 2005
    #51
  12. frankrizzo

    moogle9859

    Joined:
    Feb 8, 2005
    Messages:
    36
    Likes Received:
    0
    Location:
    Waterloo, Ontario
    Where are........??

    :? What are the *handy tools* and *quick links* that are mentioned here?? I can't seem to find 'em........Thanks
     
    moogle9859, Feb 27, 2005
    #52
  13. frankrizzo

    Dave601 Web Guru VIP Member

    Joined:
    Jan 27, 2004
    Messages:
    1,017
    Likes Received:
    22
    Location:
    St. Paul, MN
    At the top of this page in white it says Quick Links. Handy Tools will be located in this menu.
     
    Dave601, Feb 27, 2005
    #53
  14. frankrizzo

    moogle9859

    Joined:
    Feb 8, 2005
    Messages:
    36
    Likes Received:
    0
    Location:
    Waterloo, Ontario
    DoH!!

    Thanks *sheesh
     
    moogle9859, Feb 27, 2005
    #54
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.