Can Not Delete!!!!

I dont doubt the killbox deleting dos automatically. If fenis' suggestions dont work humor me and try out my idea. Also have you broached this topic at any other forums? Computercops.biz for example? More opinions and minds could help you find the right answer. Peace.

 

Wow.....seems more people are having the EXACT same problem i had..or should i say have.. still got it.. and i hate it..thinking seriously of reformatting.. I tried what that shandari on the other can not delete post said by going to the searchweb2.com site and downloading their uninstaller.....lol IT WONT LET ME!! says my security settings wont allow the download.. which is bull.. I turned ALL my security off and says the same thing..and it doesn't look like a warning from any of my security programs.. just a generic pop up.. from them no doubt..I dont know... any new ideas?..
tnx..

 

Frank, have you tried running AdAware or Microsoft's AntiSpyware? Run either one and then post your HijackThis log.

 

i just installed and ran microsoft antispyware.. seemed to do good things but 1 inch bar still pops up at bottom and my favorites are filled with crap that i cant right click on still...8( here is my log..
Logfile of HijackThis v1.98.2
Scan saved at 12:09:24 PM, on 13/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\frank rizzo\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enzxgictvgihbtaluqfhxtq....3OzgLtb35l8lKBBndPTY0cCfClE_Nk1bx702qy4s.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [logbrowseblahwin] C:\Documents and Settings\All Users\Application Data\Dupe Wma Log Browse\Creative Way.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [acid dead] C:\DOCUME~1\FRANKR~1\APPLIC~1\NOUNOP~1\itchstop.exe
O4 - Startup: DLHelperEXE.exe
O4 - Global Startup: DN.pif = C:\PROGRA~1\SMARTC~1\DN\cemu.exe
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v48/haunted/haunted.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_229/webolr/OCX/FlashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab

 

You must have something running that isn't being detected. Remove these items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enzxgictvgihbtaluqfhxtq....1bx702qy4s.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKCU\..\Run: [acid dead] C:\DOCUME~1\FRANKR~1\APPLIC~1\NOUNOP~1\itchstop.ex e
O4 - Startup: DLHelperEXE.exe
O4 - Global Startup: DN.pif = C:\PROGRA~1\SMARTC~1\DN\cemu.exe
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v4...ted/haunted.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhe...n7/dlhelper.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/m...OCX/FlashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/gam...aploader_v6.cab

 

ok i deleted those... no change...i know exactly where they are...C:/documents and settings/all users/application data/dupe wma log browse.. and then there are two in there... one is application file called creative way.. and the other is file called debugonceloud...cant delete either of them..unless i use killbox and delete on reboot..i have deleted them before, they have been deleted and come back about 5 times, they are always called somthing different when they come back but they do exactly the same things.. how can i find out where these keep coming from...
tnx..

 

ok, I just put the dupe wma log browse file on killbox for delete on reboot... did the boot and went to the location... it was still there.. even the two files .. they were still there too... so i quickly tried deleting them.. and it worked.. i guess they hadn't started up the programs that they run or somthing.. so now im hoping! that the microsoft antispyware program that I installed the other day will detect when these try to install themselves as they always do, like it detected itchstop trying to install itself to my registry, which is what gave me the idea to try this....I'll let you guys know what happens.......
thanks....Good things...

 

ah [email protected]#$%&*[email protected] its all back again....ffs im gonna reformat i think..any last minute ideas?
lol thnks all.

 

Have you cleaned out your temp files?

C:\WINDOWS\Temp
C:\Documents and Settings\User Name\Local Settings\Temp
C:\Documents and Settings\User Name\Local Settings\Temporary Internet Folder
C:\Documents and Settings\User Name\Local Settings\History

any others. I heard theres one in System32

 

Sorry to say it but I would probably back up any important data and burn some discs and reformat. I have no other suggestions. The DOS is my silverbullet. I was hoping all had gone well since we hadnt heard from you in a while.

 

Ok I've reformatted..... fresh and clean...norton running and microsoft antivirus running and windows firewall..hopefully this will stop any threats that come my way this time..plz delete this post..and thanks for all the help everyone.. 8)
frank.

 

Where are........??

:? What are the *handy tools* and *quick links* that are mentioned here?? I can't seem to find 'em........Thanks

 

At the top of this page in white it says Quick Links. Handy Tools will be located in this menu.

 

DoH!!

Thanks *sheesh