|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
07-31-2004, 07:27 PM
|
#1 |
|
Member (9 bit)
Join Date: Feb 2004
Location: somewhere on this planet (I think)
Posts: 268
  |
Can't delete file
I think this stupid thing downloaded when I downloaded this program it is this stupid search tool thing, I ran adaware a million times and when it picked it up It couldn't delete it. So then I went in and tried to delete it myself and it sayed I don't have permission. It is called msbb.exe it has tried to access the internet a million times but my firewall has stopped it. What can I do?? Oh yeah and then my video card did something weired and had to switch to software rendering instead of hardware but then it went back to normal, it has never done this before, don't know if this is normal or what. Please Help.
__________________
http://www.danasoft.com/sig/mymod.jpg  My Forum |
|
|
|
07-31-2004, 08:12 PM
|
#2 |
|
energetech
Join Date: Sep 2003
Location: Tampa, FL
Posts: 260
|
Have you booted into safe mode and then tried to delete it?
-LW |
|
|
|
|
07-31-2004, 09:31 PM
|
#3 |
|
Folding For PCMech
Join Date: Jun 2003
Location: San Dimas, CA
Posts: 3,136
|
Try deleting in safe mode, if that doesn't work, try MoveOnBoot.
|
|
|
|
|
07-31-2004, 09:41 PM
|
#4 |
|
Member (14 bit)
Premium Member
Join Date: Jan 2002
Location: The Great NorthWest
Posts: 12,594
|
|
|
|
|
|
08-01-2004, 06:31 PM
|
#5 |
|
Member (9 bit)
Join Date: Feb 2004
Location: somewhere on this planet (I think)
Posts: 268
|
how do I boot in safe mode.
|
|
|
|
|
08-01-2004, 06:50 PM
|
#6 |
|
Folding For PCMech
Join Date: Jun 2003
Location: San Dimas, CA
Posts: 3,136
|
Press F8 while your computer is booting up.
|
|
|
|
|
08-01-2004, 06:58 PM
|
#7 |
|
Member (9 bit)
Join Date: Feb 2004
Location: somewhere on this planet (I think)
Posts: 268
|
I tried that nothing happened, well I'll go try again. I am using a wireless keyboard would that have any problem?
|
|
|
|
|
08-01-2004, 07:03 PM
|
#8 |
|
Folding For PCMech
Join Date: Jun 2003
Location: San Dimas, CA
Posts: 3,136
|
That might be a problem. Try using a standard PS2 keyboard, or a regular USB keyboard should be fine too.
|
|
|
|
|
08-01-2004, 07:21 PM
|
#9 |
|
Member (9 bit)
Join Date: Feb 2004
Location: somewhere on this planet (I think)
Posts: 268
|
I got it in safe mode but still couldn't delete it and also there is some search assistant toolbar on my taskbar how can I get rid of it?
|
|
|
|
|
08-01-2004, 08:34 PM
|
#10 |
|
Member (14 bit)
Premium Member
Join Date: Jan 2002
Location: The Great NorthWest
Posts: 12,594
|
Here's a couple of more links for you (it's not as easy as just deleting a file...)
http://www.neuber.com/taskmanager/process/msbb.exe.html http://support.microsoft.com/?kbid=317714 or just Google msbb and you find lots of info. |
|
|
|
|
08-02-2004, 04:59 AM
|
#11 |
|
Member (7 bit)
Join Date: Aug 2004
Location: Urbana, Ohio
Posts: 113
|
Try this and see if it helps.
Tools > Internet Options > Advanced > Browsing Uncheck the Enable 3rd party browser extensions Whether it works or not, do the following to clean the cause from your system: It is a good rule of thumb that, when you have a problem with some form of junkware on your system, that you make a clean sweep with all programs to be sure there are no others lurking on your system to show up as well. It is simply good protection maintenace for your machine. Download and install, then you *MUST* update the programs prior to running to be sure they have the latest definitions, then run the programs below. They are free and very effective. Be sure to run both SpyBot and Adaware, as what one does not detect the other may. It is important that you do all the steps and follow all directions carefully: #########IMPORTANT######### Before you try to remove spyware using any of the programs below, download a copy of LSPFIX from any of the following sites: http://www.cexx.org/lspfix.htm http://www.spychecker.com/program/winsockxpfix.html (if your OS is Win2k or XP) The process of removing certain malware may kill your internet connection. If this should occur, this program, LSPFIX, will enable you to regain your connection. #########IMPORTANT######### Also, get a copy of WINSOCKFIX available at: http://www.spychecker.com/program/winsockxpfix.html It is important that you run the programs in the order that they are listed here. The first three programs will clear your machine of all other items so that you can have a clear HiJackThis Log for the experts to read and analyze for you. (NOTE: If you can not download these programs from the Internet, if your PC has CD read capabilities, go to another computer with CD-ROM burning capabilities. Create a folder on the hard drive of the other computer called HOLD, download the programs to that folder, then burn that folder to a CD. Copy the HOLD folder to your HD and then install the programs from there and run them. After you have IE access again, update all programs where possible to get the latest definitions and run them again to be sure there are no lingering items on the system. CWShredder: Free http://tinyurl.com/2l9kl SpyBot Search & Destroy: Free http://download.com.com/3000-8022-10...ml?tag=lst-0-2 AdAware: Free http://www.lavasoftusa.com/support/download/ HiJackThis: - Free Unzip the Download file in a NEW FOLDER that you can create before you start the download. DO NOT install in your Desktop folder. DO NOT use any of the TEMP folders that are presently in your computer. Double-click "HijackThis.exe" and Press "Scan". Go to: http://computercops.biz/downloads-cat-14.html , or http://www.aumha.org/a/parasite.php#hjt (If you get a 404 error or Access denied, try: http://216.180.252.218/~spywareinfo....hijackthis.zip) and download HiJackThis to the new folder. Unzip to a folder other than your Desktop or the Temp folder, doubleclick HiJackThis.exe, and hit "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log some place you remember where it is. Most of what it lists will be harmless or even required, so DO NOT fix anything yet. Open the copy of your log in NotePad and make a copy. Then you can go to one of the following to post your log: Spyware and Hijackware Removal Support, here: http://216.180.233.162/~swicom/forums/ or Net-Integration here: http://www.net-integration.net/cgi-b...ST;f=27;t=6949 or Tom Coyote here: http://forums.tomcoyote.org/index.php?act=idx < You will need to register to open a new thread to post you log. It is free, and no one will Spam you, it is one of many that provides this service. Once registered, go to the HiJackThis section on the forum list and click to open. Then start a new post and post your log. The experts there will analyze the log and report back the results. Please allow at least a few hours or a days time for a response, depending on when you post the log Remember, you must return to the HJT site to get your answer. It is a good idea to click the "Notify" box so that you will get an electronic notification by e-mail to let you know when a response has been posted. But, you must still return to the site of your answer HJT Tutorial http://www.bleepingcomputer.com/foru...howtutorial=42 Hope this helps. |
|
|
|
|
08-02-2004, 05:36 AM
|
#12 |
|
Member (10 bit)
Join Date: Mar 2004
Location: California
Posts: 936
|
wow thats is overkill billstur you don't need all that
Just do this so we know what were Dealing with First, create a folder for HijackThis in the root folder of your hard drive so it can make proper backups example C:/HJT/ C:/hijackthis/ next Click here to download Hijack This. Save it to the folder you have just created Close all open windows and open HIJACK THIS. Click “Scan” . When the scan is finished (it only takes a second), the scan button will change to“Save Log”. Click on“Save Log” and save it to NotePad. Copy the entire log and paste it here. DO NOT FIX ANYTHING YET , most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise. If you have anything disabled by MSConfig or any other startup manager, please re-enable it before scanning to post we can see a little better whats going on with your computer Lobos |
|
|
|
|
08-02-2004, 11:31 AM
|
#13 |
|
Member (7 bit)
Join Date: Aug 2004
Location: Urbana, Ohio
Posts: 113
|
You're probably right about overkill in this case, Lobos. But it never hurts to know all the tools at your disposal.
|
|
|
|
|
08-02-2004, 12:37 PM
|
#14 |
|
Member (9 bit)
Join Date: Feb 2004
Location: somewhere on this planet (I think)
Posts: 268
|
Logfile of HijackThis v1.98.1
Scan saved at 10:42:57 AM, on 8/2/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common files\updater\wupdater.exe C:\WINDOWS\wt\updater\wcmdmgr.exe C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\bundle.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\WINDOWS\System32\tqnsursb.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\WindUpdates\WinUpdt.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\WindUpdates\WinKA.exe C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\LVComS.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\AIM\aim.exe C:\Program Files\Folding@Home\winFAH.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Folding@Home\FahCore_65.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\William Hockey\Desktop\hijackthis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing) F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe, O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing) O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll (file missing) O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll (file missing) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\bundle.exe O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load O4 - HKLM\..\Run: [dbtdamcvqpri] C:\WINDOWS\System32\tqnsursb.exe O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe O4 - HKLM\..\Run: [WebSavingsfromEbates] C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbatesrun.exe /cp  "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Startup: Folding@home 4.00.lnk = ? O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\HOTSYNC.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...e11ed2adb8ceb0 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_41.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.madonion.com/global/msc34.cab Thanks for all of the help guys! Last edited by willboy; 08-02-2004 at 12:43 PM. |
|
|
|
|
08-02-2004, 01:40 PM
|
#15 |
|
Member (8 bit)
Join Date: Jul 2003
Location: Great Falls, MT
Posts: 149
 |
If all else fails, try to delete it from the command line. I have had troublesome files that would not cooperate and delete. This always works. Try booting to the windows command line to make sure the program doesnt run that your trying to delete. Just cd to the folder where the file is, and type in "delete xxxfile.blah," or "delete C:\blah\xxxfolder\" Kinda a brute force way to do it, but it works.
|
|
|
|
|
08-02-2004, 05:08 PM
|
#16 |
|
Member (10 bit)
Join Date: Mar 2004
Location: California
Posts: 936
|
Ok do this
You may want to print this out so you dont miss anything uninstall through your control panel add/remove programs Internet Optimizer WindowsSA WindUpdates WebSavingsfromEbates Wild Tangent -------------------------------------------------------------------------- Run hijack this put a check next to these close all browsers and hit fix Make sure not to miss one . Some of them may not be ther don't worry about it They probably got taken out when uninstalling. R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing) F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe, O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing) O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll (file missing) O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file) O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll (file missing) O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\bundle.exe O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load O4 - HKLM\..\Run: [dbtdamcvqpri] C:\WINDOWS\System32\tqnsursb.exe O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe O4 - HKLM\..\Run: [WebSavingsfromEbates] C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbatesrun.exe /cp "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates" O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...de11ed2adb8ceb0 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab ----------------------------------------------------------------------------------------------------------------------------------- enable the viewing of Hidden files follow these steps: How to see Hidden files and Folders reboot into safe mode How to boot into safe mode delete these files C:\Windows\System32\wsaupdater.exe c:\temp\msbb.exe C:\WINDOWS\alchem.exe C:\WINDOWS\System32\tqnsursb.exe C:\WINDOWS\System32\bridge.dll C:\WINDOWS\twaintec.dll these folders C:\WINDOWS\wt C:\Program Files\Internet Optimizer\ C:\Program Files\Common files\updater C:\Program Files\WebSavingsfromEbates C:\Program Files\WindUpdates\WinUpdt.exe C:\Program Files\WindowsSA\omniscient.exe empty your recyle bin then go to C:\Documents and Settings\USER NAME\Local Settings\Temp and select everything in that folder and delete it as XP will not let you delete files less than 24 hours old as it thinks it might need them please also do this while in the temp folder, select view and select details. then right click a blank part and select arrange icons by, and select show in groups and modified, that will give a list of all files in date order with today at the top of the page. select all the files/folders except the today ones and delete them all. 1) Open Control Panel 2) Click on Internet Options 3) On the General Tab, in the middle of the screen, click on Delete Files 4) You may also want to check the box "Delete all offline content" 5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files 6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive empty your recyle bin reboot to normal Click here to download AdAware 6 181 Run AdAware Before you scan with AdAware, check for updates of the reference file 01R333 18.07.2004 by clicking Check for updates now, and following the prompts. Now to set it up for optimum performance... Make sure the following settings are configured. Remember that ON=GREEN. From main window click Start | Activate in-depth scan. Then click Use custom scanning options | Customize and have these options switched ON... Scan within archives Scan active processes Scan registryDeep scan registry Scan my IE Favourites for banned URLs Scan my host-files Then click the Settings button.. (the gear icon on the top row) then Tweak | Scanning engine and check.. Unload recognised processes during scanning. Cleaning engine. Let windows remove files in use at next reboot. and uncheck.. Automatically try to unregister objects prior to deletion. Then click Proceed, to save your settings. Now click the Scan button. When scan is finished, check the little box to the left of each entry to select them for removal, and get rid of them Restart your computer ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Spybot - Search & Destroy 1.3 Then go Click here and download Spybot Search & Destroy 1.3 Install the program and launch it. Before scanning press Online and Search for Updates. Put a check mark at and install all updates. Click Check for Problems and when the scan is finished let Spybot fix/remove all it finds marked in RED. Restart your computer. come back post another log and let me how you computers running Lobos |
|
|
|
|
08-02-2004, 10:46 PM
|
#17 |
|
Member (9 bit)
Join Date: Feb 2004
Location: somewhere on this planet (I think)
Posts: 268
|
Websavings and windup aren't there by the way thanks for the help
|
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
