Brute Force Deletion needed...

Status
Not open for further replies.
Nubius

Nubius

Golden Master
Messages
11,599
I got this file which I suspect might be behind me getting lag on servers in multiplayer games which used to never happen. The ping fluctuates so I attribute it to something trying to access the internet. I scanned with Spybot, adaware, all with updated definitions, used www.pc-cillin.com and zone-alarm to try and see if something was up, or trying to access the internet. Nothing found anything on my computer.

I have this file I cannot delete that says it's 1kb in size, but 4kb in size on disk..like the file isn't finished or something, but I've already run it and it's a DOS Prompt (which with this file I knew it was going to be) and it seemed as if everything was OK. Now I can't delete that file off my secondary HD so this is mainly why I suspect it of foul play.

I keep getting the 'this program is in use...close application before trying to delete' I even booted in safe mode and it gives me that. I can't for the life of me figure out what program it's attached to. I need to be able to delete this crap. Plus I've had it happen before in the past, so does anyone have any programs that'll just DELETE something regardless if it's being used by another program? Because this is getting REALLY annoying
 
it's called hl2fix.exe was supposed to stop this error message that I kept getting that would say A.I. Disabled when I loaded a level. Now it just keeps saying it's in use by another program. I downloaded both those programs and dont see any reference to that file. Also there's no network activity being shown, so I'm not sure if it's the game or what, because I've noticed no lag in downloading or anything of that sort, so this seems kind of weird. Also it lags for my friend when he plays on another computer that I KNOW can't possibly be infected with anything cause it hasn't been used on the internet except for today. So this has got me perplexed.
 
Nubius, Download and run HiJack This and in the morning when my eyes aren't about to seal shut, I'll read your log. Make sure you post it in the HiJack Forum, ok? Liz
 
Thanks Liz, I'll have to give that a go. I just downloaded a program called Shredder95 and it was able to delete the program regardless of the 'It's in use', but I think I need to get that hijack this log just to make sure nothing else is running.
 
Aright here's my log:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner\RivaTuner.exe" /T
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [FreeMem Pro] "C:\Program Files\FreeMem Standard\freemem.exe" Startup
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098614801093
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{26D68BFE-63A3-45A0-A0D8-14DF71DAC5B9}: NameServer = 24.205.1.62,24.205.1.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{26D68BFE-63A3-45A0-A0D8-14DF71DAC5B9}: NameServer = 24.205.1.62,24.205.1.14
O17 - HKLM\System\CS2\Services\Tcpip\..\{26D68BFE-63A3-45A0-A0D8-14DF71DAC5B9}: NameServer = 24.205.1.62,24.205.1.14


I used this Hijack This tutorial from Major Geeks:

http://forums.majorgeeks.com/showthread.php?t=38752


to understand what exactly Hijack this was finding. I didn't see anything out of the ordinary, but since this is my first time perhaps I overlooked something. Yes I did purposely download the google toolbar :p
 
Nubius, you're missing the top half of the log which *I* NEED and can we move this to the hijack forum please? Liz
 
Yeah sorry for not putting it in this forum in the first place. It was about 3:30am when I did it after trying other things on the computer and yeah my brain wasn't all there =/ Here's the log again:

Logfile of HijackThis v1.98.2
Scan saved at 3:41:32 AM, on 12/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\RivaTuner\RivaTuner.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\FreeMem Standard\freemem.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Josh\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner\RivaTuner.exe" /T
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [FreeMem Pro] "C:\Program Files\FreeMem Standard\freemem.exe" Startup
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098614801093
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{26D68BFE-63A3-45A0-A0D8-14DF71DAC5B9}: NameServer = 24.205.1.62,24.205.1.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{26D68BFE-63A3-45A0-A0D8-14DF71DAC5B9}: NameServer = 24.205.1.62,24.205.1.14
O17 - HKLM\System\CS2\Services\Tcpip\..\{26D68BFE-63A3-45A0-A0D8-14DF71DAC5B9}: NameServer = 24.205.1.62,24.205.1.14

Thanks again for your help SouthernLady :)
 
Nubius, Click here: http://www.spyware911.net/downloads.htm to download About Buster.

Unzip it to your desktop.

Then reboot into Safe Mode by tapping F8 key repeatedly during bootup.

Double click aboutbuster.exe, click Update, click OK, click Start, then click OK.
This will scan your computer for the bad files and delete them.. Liz
 
Status
Not open for further replies.

Similar threads

J
Deleting files on my iphone
Replies
2
Views
757
Joe C
Joe C
R
Deleted a needed file
Replies
1
Views
774
tehnokraat
T
P
Blue screen error again?
2
Replies
16
Views
2K
phantom555
P
S
Home network dropping
Replies
0
Views
758
Spud5437
S
B
Multiple Seagate External Drives Not Working(Windows+Mac)
Replies
2
Views
432
Joe C
Joe C
Back
Top Bottom