pesky undeletable desktop icon or file!

This section is for XP operating system problems and requests for help.
Essexboy
Administrator
Administrator
Posts: 903
Joined: Wed Sep 14, 2005 11:20 am
Location: Helston - Cornwall
Contact:

Re: pesky undeletable desktop icon or file!

Post by Essexboy » Fri Jul 20, 2007 6:42 pm

The possibility does exist

Please download the OTMoveIt http://download.bleepingcomputer.com/ol ... MoveIt.exe by OldTimer.
Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\basesrvvvv.dll
C:\Program Files\TrustIn Contextual
C:\WINDOWS\AUTOLNCH.REG
C:\WINDOWS\system32\apphelpa.dll
C:\WINDOWS\system32\atmfdb.dll
C:\WINDOWS\system32\avifil32s.dll
C:\WINDOWS\system32\atmfdb.dll
C:\WINDOWS\system32\ciadminb.dll
C:\WINDOWS\system32\Awdenc32a.dll
C:\DOCUME~1\CLIF&J~1\APPLIC~1\ezpinst.exe
C:\DOCUME~1\CLIF&J~1\APPLIC~1\pcouffin.sys
C:\WINDOWS\system32\47B7E4AA04.dll


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply with a new Hijack log.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Download and then run SuperAntispyware
  • On the first page select Check for Updates
  • On completion select SCAN YOUR COMPUTER
  • On the next page select COMPLETE SCAN and tick ALL your drives
  • The next stage will take a while as your entire drive(s), memory and registry are scanned
  • When it has completed click NEXT
  • The next screen shows the problems found click OK
  • On the next screen place a tick against all items and select NEXT
  • Now to get the log Go to the PREFERENCES button on the right bottom
  • Select the STATISTICS/LOG tab
  • Highlight the scan just completed and click VIEW LOG
  • This will open a notepad text file copy and paste this to your next reply
VISTA
XPsp2
Avast (of course)
Image


http://spaces.msn.com/members/essexboymkn/

If ignorance is bliss  why aren't more people happy?

Clif
Contributor
Contributor
Posts: 20
Joined: Wed Jul 18, 2007 6:25 pm

Re: pesky undeletable desktop icon or file!

Post by Clif » Fri Jul 20, 2007 8:17 pm

C:\WINDOWS\system32\basesrvvvv.dll unregistered successfully.
C:\WINDOWS\system32\basesrvvvv.dll moved successfully.
C:\Program Files\TrustIn Contextual moved successfully.
C:\WINDOWS\AUTOLNCH.REG moved successfully.
C:\WINDOWS\system32\apphelpa.dll unregistered successfully.
C:\WINDOWS\system32\apphelpa.dll moved successfully.
C:\WINDOWS\system32\atmfdb.dll unregistered successfully.
C:\WINDOWS\system32\atmfdb.dll moved successfully.
C:\WINDOWS\system32\avifil32s.dll unregistered successfully.
C:\WINDOWS\system32\avifil32s.dll moved successfully.
File/Folder C:\WINDOWS\system32\atmfdb.dll not found.
C:\WINDOWS\system32\ciadminb.dll unregistered successfully.
C:\WINDOWS\system32\ciadminb.dll moved successfully.
C:\WINDOWS\system32\Awdenc32a.dll unregistered successfully.
C:\WINDOWS\system32\Awdenc32a.dll moved successfully.
C:\DOCUME~1\CLIF&J~1\APPLIC~1\ezpinst.exe moved successfully.
C:\DOCUME~1\CLIF&J~1\APPLIC~1\pcouffin.sys moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\47B7E4AA04.dll
C:\WINDOWS\system32\47B7E4AA04.dll NOT unregistered.
C:\WINDOWS\system32\47B7E4AA04.dll moved successfully.

Created on 07/20/2007 15:14:10

Clif
Contributor
Contributor
Posts: 20
Joined: Wed Jul 18, 2007 6:25 pm

Re: pesky undeletable desktop icon or file!

Post by Clif » Fri Jul 20, 2007 8:18 pm

Logfile of HijackThis v1.99.1
Scan saved at 3:14:51 PM, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Documents and Settings\Clif & Jenny\My Documents\volumouse\volumouse.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Clif & Jenny\Desktop\OTMoveIt.exe
C:\Documents and Settings\Clif & Jenny\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKCU\..\Run: [$Volumouse$] "C:\Documents and Settings\Clif & Jenny\My Documents\volumouse\volumouse.exe" /nodlg
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: Stardust Screen Saver Control 2003.lnk = ?
O4 - Global Startup: Stardust Wallpaper Control 2003.lnk = ?
O4 - Global Startup: taskbar icon.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7514859640
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - http://www.autodesk.com/global/dwfviewe ... rSetup.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{385D0FDA-7B7D-4C14-8DBE-4769C2EBB492}: NameServer = 192.168.1.254,192.168.1.255
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

Essexboy
Administrator
Administrator
Posts: 903
Joined: Wed Sep 14, 2005 11:20 am
Location: Helston - Cornwall
Contact:

Re: pesky undeletable desktop icon or file!

Post by Essexboy » Fri Jul 20, 2007 10:03 pm

Please re-open HiJackThis and scan.  Check the boxes next to all the entries listed below.

O4 - Global Startup: Stardust Screen Saver Control 2003.lnk = ?
O4 - Global Startup: Stardust Wallpaper Control 2003.lnk = ?
O4 - Global Startup: taskbar icon.lnk = ?
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe

Now close all windows other than HiJackThis, then click Fix Checked.  Close HiJackThis. 

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
[Win32 Services - Non-Microsoft Only]
YY -> (FreezeScreenSaver) FreezeScreenSaver [Win32_Own | Auto | Stopped] -> %System32%\FreezeScreenSaver.exe
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer. Could you now try to delete the icon
VISTA
XPsp2
Avast (of course)
Image


http://spaces.msn.com/members/essexboymkn/

If ignorance is bliss  why aren't more people happy?

Clif
Contributor
Contributor
Posts: 20
Joined: Wed Jul 18, 2007 6:25 pm

Re: pesky undeletable desktop icon or file!

Post by Clif » Sat Jul 21, 2007 5:40 pm

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/20/2007 at 04:01 PM

Application Version : 3.9.1008

Core Rules Database Version : 3271
Trace Rules Database Version: 1282

Scan type      : Complete Scan
Total Scan Time : 00:40:04

Memory items scanned      : 339
Memory threats detected  : 0
Registry items scanned    : 6986
Registry threats detected : 17
File items scanned        : 39564
File threats detected    : 38

Adware.TrustInCash
HKCR\tisa.MyBHO
HKCR\tisa.MyBHO\Clsid
HKCR\TrustInContext.ContextualAds
HKCR\TrustInContext.ContextualAds\CLSID
HKCR\TrustInContext.ContextualAds\CurVer
HKCR\TrustInContext.ContextualAds.1
HKCR\TrustInContext.ContextualAds.1\CLSID
HKU\S-1-5-21-1055807568-2947824476-3507495814-1006\Software\TrustIn
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Contextual Ads
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Contextual Ads#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Contextual Ads#UninstallString
HKCR\InetLoader.WeeklyExecuter
HKCR\InetLoader.WeeklyExecuter\CLSID
HKCR\InetLoader.WeeklyExecuter\CurVer
HKCR\InetLoader.WeeklyExecuter.1
HKCR\InetLoader.WeeklyExecuter.1\CLSID

Unclassified.PC MightyMax
HKU\S-1-5-21-1055807568-2947824476-3507495814-1006\Software\PC MightyMax

Trojan.URLChanger-Gen
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\47B7E4AA04S.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\ACCTRESV.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\ACLUIB.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\ACLUIS.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\ACTIVEUTILSB.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\ACTXPRXYV.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\ADMPARSEA.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\ADSNTA.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\ADVAPI32V.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\ATLV.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\ATMFDBA.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\AU3305ADCA.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\AUTODISCA.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\AUTODISCV.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\AVMETERV.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\BASESRVV.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\BASESRVVV.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\BASSMODB.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\BASSMODVB.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\BJAXSECURITYMANAGERB.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\BJINSTALLERS.DLL
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\CCFGNTB.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP243\A0043666.DLL
C:\WINDOWS\SYSTEM32\AUDIOSRVS.DLL
C:\WINDOWS\SYSTEM32\BASSMODA.DLL
C:\WINDOWS\SYSTEM32\BASSMODV.DLL
C:\WINDOWS\SYSTEM32\BATMETERB.DLL
C:\WINDOWS\SYSTEM32\BITCOMETRESB.DLL
C:\WINDOWS\SYSTEM32\BMAPIA.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\APPHELPA.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\ATMFDB.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\AVIFIL32S.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\AWDENC32A.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\BASESRVVVV.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\CIADMINB.DLL

Trojan.Downloader-Bot
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\MSCORIEZB.DLL

Adware.Agent-XMLHelp
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\XMLHELPER4.DLL

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\CLIF & JENNY\FAVORITES\ONLINE SECURITY TEST.URL

Clif
Contributor
Contributor
Posts: 20
Joined: Wed Jul 18, 2007 6:25 pm

Re: pesky undeletable desktop icon or file!

Post by Clif » Sat Jul 21, 2007 5:52 pm

After clicking "fix checked" on hijackthis I got the following message:



Unexpected error occurred!
Error #52 (Bad file name or number) in Sub GetLongPath(?.exe).

Please send a report to merijn@spywareinfo.com, mentioning what you were doing, and what version of Windows you have.

This message has been copied to your clipboard.

Clif
Contributor
Contributor
Posts: 20
Joined: Wed Jul 18, 2007 6:25 pm

Re: pesky undeletable desktop icon or file!

Post by Clif » Sat Jul 21, 2007 5:54 pm

then this message:



Unexpected error occurred!
Error #52 (Bad file name or number) in Sub GetLongPath(?.exe).

Please send a report to merijn@spywareinfo.com, mentioning what you were doing, and what version of Windows you have.

This message has been copied to your clipboard.






Unexpected error occurred!
Error #52 (Bad file name or number) in Sub GetLongPath(?.exe).

Please send a report to merijn@spywareinfo.com, mentioning what you were doing, and what version of Windows you have.

This message has been copied to your clipboard.


Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:48:29 PM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Documents and Settings\Clif & Jenny\My Documents\volumouse\volumouse.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Clif & Jenny\Desktop\Antispyware and more\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [$Volumouse$] "C:\Documents and Settings\Clif & Jenny\My Documents\volumouse\volumouse.exe" /nodlg
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Stardust Screen Saver Control 2003.lnk = ?
O4 - Global Startup: Stardust Wallpaper Control 2003.lnk = ?
O4 - Global Startup: taskbar icon.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7514859640
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - http://www.autodesk.com/global/dwfviewe ... rSetup.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{385D0FDA-7B7D-4C14-8DBE-4769C2EBB492}: NameServer = 192.168.1.254,192.168.1.255
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

Essexboy
Administrator
Administrator
Posts: 903
Joined: Wed Sep 14, 2005 11:20 am
Location: Helston - Cornwall
Contact:

Re: pesky undeletable desktop icon or file!

Post by Essexboy » Sat Jul 21, 2007 7:01 pm

You now appear to be clean SAS caught the bits that I didn't. Hijackthis was just saying that it couldn't action the deletion (SAS killed it )

Double click OTMoveIt once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself



Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done

Can you delete the ICON now ?
VISTA
XPsp2
Avast (of course)
Image


http://spaces.msn.com/members/essexboymkn/

If ignorance is bliss  why aren't more people happy?

Clif
Contributor
Contributor
Posts: 20
Joined: Wed Jul 18, 2007 6:25 pm

Re: pesky undeletable desktop icon or file!

Post by Clif » Sat Jul 21, 2007 8:43 pm

just tried to delete the icon using normal methods, but had no luck. i will try in safe mode now, and let you know how that works...

Essexboy
Administrator
Administrator
Posts: 903
Joined: Wed Sep 14, 2005 11:20 am
Location: Helston - Cornwall
Contact:

Re: pesky undeletable desktop icon or file!

Post by Essexboy » Sat Jul 21, 2007 10:06 pm

If that doesn't work try this. 

Please download the OTMoveIt http://download.bleepingcomputer.com/ol ... MoveIt.exe by OldTimer.
Save it to your desktop.
Please double-click OTMoveIt.exe to run it.

Right click the icon and select rename.  When it highlights right click again and select copy.

Right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply with a new Hijack log.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
VISTA
XPsp2
Avast (of course)
Image


http://spaces.msn.com/members/essexboymkn/

If ignorance is bliss  why aren't more people happy?

Clif
Contributor
Contributor
Posts: 20
Joined: Wed Jul 18, 2007 6:25 pm

Re: pesky undeletable desktop icon or file!

Post by Clif » Sun Jul 22, 2007 5:35 pm

prior to reply #24, I restarted my computer in safe mode to attempt to delete the icon. I couldn't delete it still, so while still in safe mode, I tried to use Tuneup Utilities 2006's File shredder to delete it. Well, this is where my problem got worse. I opened file shredder, and chose the icon for deletion. When I did that, it asked me if I wanted to delete the folder "desktop" to which I replied no, because I didn't want to delete the desktop, just the icon. For whatever reason, it starting deleting desktop anyway, and I lost many files saved there in folders. I did the system restore, but it appears that only the folders the files were in came back, but the files are no longer in the folders (they're now empty). I wish I had a recent CD Rom backup of this, as I had many photos from my camera on here. Not to mention other important files. Unfortunately this file shredder program is one of those secure deletion method things, so I wonder about being able to recover anything now.... any suggestions? I will try Tuneup Utilities "undelete" in the mean time...

Essexboy
Administrator
Administrator
Posts: 903
Joined: Wed Sep 14, 2005 11:20 am
Location: Helston - Cornwall
Contact:

Re: pesky undeletable desktop icon or file!

Post by Essexboy » Sun Jul 22, 2007 9:33 pm

Unfortunately I have no idea if that would work, although I use tuneup utilities I have never used that function
VISTA
XPsp2
Avast (of course)
Image


http://spaces.msn.com/members/essexboymkn/

If ignorance is bliss  why aren't more people happy?

Clif
Contributor
Contributor
Posts: 20
Joined: Wed Jul 18, 2007 6:25 pm

Re: pesky undeletable desktop icon or file!

Post by Clif » Mon Jul 23, 2007 4:31 pm

Even though I lost many files, I was actually able to delete that icon when that happened. Tuneup utilities undelete restore several, but not all of the files I lost. Guess thats the danger of a file shredder, when it's gone it's gone.... thanks for your help with the trojans and everything. Is there anything that I should do to keep them from getting back on my computer? That superantispyware programs icon is in my taskbar, but should I activiate the active protection feature? I already use spyware doctor, and I don't want to have too many of them running as this would likely slow my pc down....

Squeezebox
Administrator
Administrator
Posts: 1647
Joined: Sat Sep 24, 2005 9:51 pm
Location: UK

Re: pesky undeletable desktop icon or file!

Post by Squeezebox » Tue Jul 24, 2007 7:15 am

I recommend these:

Realtime monitoring from:

Windows Defender, Spyware Blaster (protect browser), a good antivirus program and a good firewall.

Keep up to date with critical patches and updates.

Occasional scanning tools : Superantispyware & Spybot Search & Destroy.

Final protection is yourself. Be cautious and aware of where you are surfing and emails you open.
Image

Essexboy
Administrator
Administrator
Posts: 903
Joined: Wed Sep 14, 2005 11:20 am
Location: Helston - Cornwall
Contact:

Re: pesky undeletable desktop icon or file!

Post by Essexboy » Tue Jul 24, 2007 6:23 pm

My standard end of fix spiel.  I would only have ONE active anti-spyware programme with the other as an on demand scanner.  Spybot S&D is getting a bit long in the tooth now 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

Double click OTMoveIt once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself



Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
  • SpywareBlaster to help prevent spyware from installing in the first place.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe  :wave:
VISTA
XPsp2
Avast (of course)
Image


http://spaces.msn.com/members/essexboymkn/

If ignorance is bliss  why aren't more people happy?

Post Reply