ok i got a question

[duckingzebra]

i got to icons on my desktop that my brother got there. he said he downloaded them. one is a "key generator" for some game he plays and the other i have no clue. I try to delete them and it says "cannot delete, it is being used by anoher program." i tried to look in windows task manager for any program that might be running that looked like it had the same names, but couldnt find any. how can i delete them?

[Dr. V]

The first thing you should always do is boot up in SAFE MODE and then try deleting them.

Try that then repost.

Good luck man!

[Capper]

download "Hijack This" and "CCleaner", and report back

[Banditman]

Another solution to your problem is an app called Wholockme. It is not as advanced as Hijackthis but it will let you select files that are in use to be deleted automaticly upon reboot.

|MG| Free Download - WhoLockMe 1.04 Beta

[duckingzebra]

ok so i tried booting in safe mode, didnt work so now ill try those programs, is there a link on the site to them, i guess i can just google them.

ok i ran HijackThis and since im stupid it told me to show my log to knowledgeable folks so here...

Logfile of HijackThis v1.99.1
Scan saved at 2:10:56 AM, on 7/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Glass2k\Glass2k.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\steam\steam.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MySpace
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = Play Games, Free Online Games at AddictingGames
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SDWin32 Class - {31822611-3879-4A74-A9AA-416B6AB0F09A} - C:\WINDOWS\System32\dpylg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [Glass2k] C:\Program Files\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\ServicePackFiles\i386\msconfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxdm006DWUS
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {019330B9-6CF3-42F9-81AF-3712198EBB1A} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1172524800968
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: Microsoft DirectXb - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Ocbeck32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sprint PCS v3 Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Ok and i tried to install WhoLockMe and a Ms Dos screen showed up for like half a second and nothing happened...so ya.

Ok and i also installed CCleaner and it got rid of a little more than 2 gigs of crap but didnt fix my original problem.

[halutzparilla]

CCleaner should help you get rid of those... run cleaner then run for issues it will help you delete those things including the registry they inputed. then check with the ccleaner at tools options in uninstall everything that is installed, you should only have your basic necessity there... any other unknown program google it first if you need it... if not uninstall it...

[Panda Man]

Beat your brother for using illegal serials, then try restarting explorer. Go to the task manager, close explorer.exe, go to File>New Task and type "explorer." See if that helps, if not, grab unlocker and use that.

UNLOCKER 1.8.5 BY CEDRICK 'NITCH' COLLOMB

I use unlocker all the time.

[Dr. V]

Yea definitely beat the brother, and that unlocker isn't bad either - you should be up and running soon enough!

[screwballl]

you have a Trojan:

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

I would suggest getting rid of eTrust anti-virus and getting Avira ( AntiVir PersonalEdition Classic - More than Security ) and also getting a-squared to help with the trojan.

Once these are installed then go to safe mode and run full system scans with both


A few things I saw that may need some cleaning out, this mostly spyware and other problematic junk:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = Play Games, Free Online Games at AddictingGames
O2 - BHO: SDWin32 Class - {31822611-3879-4A74-A9AA-416B6AB0F09A} - C:\WINDOWS\System32\dpylg.dll (file missing)
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

[duckingzebra]

ok i ran hijackthis again and selected and fixed the problems u mentioned, rescanned and they didnt come up again, so no more trojans? i also dloaded and installed antivir and deleted etrust and when a-squared is done dloading im gonna reboot in safe mode and scan my comp with antivir, a-squared, sb search and destrtoy, and adaware se. so that might take a while, so when i can get rebooted again in normal mode, cause it wont let me access the internet in safe mode, ill report back and have u walk me through getting rid of those to programs on my desktop, cause there still there. nice catch on those trojans though screwball. ok so ill talk to you guys in a little while, which will probably be a lot while cause my comp is slow...lol

Updade:
ok i rebooted in safe mode and ran antivir, a-squared, sb s&d, and adaware se, and got rid of a lot of crap including a couple of trojans. and i had hijackthis delete those programs on a reboot and there gone, so i think problem solved.