Tech Support Forum banner
Status
Not open for further replies.

downloaded program

1K views 1 reply 1 participant last post by  mordin69 
#1 ·
I downloaded a wolf3d from utorrent it is resident on my desk top and when I click on it a command box apears and at the top it says C:\docume~1\minemi~1\desktop\wolf3d.exe. I try to delete it ands it says cannot delete wolf3d:it is being used by another person or program. Close any programsthat might be using the file and try again. here is the log from dss Deckard's System Scanner v20071014.68
Run by Mine Mine on 2008-06-13 08:00:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Mine Mine.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:17 AM, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Mine Mine\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MINEMI~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ForceField Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\Components\TrustCheckerIEPlugin.dll
O3 - Toolbar: ForceField Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\Components\TrustCheckerIEPlugin.dll
O3 - Toolbar: (no name) - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - (no file)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /start_mode="auto"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198742802968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5837 bytes

-- Files created between 2008-05-13 and 2008-06-13 -----------------------------

2008-06-13 07:55:38 0 d-------- C:\Program Files\Trend Micro
2008-06-13 07:10:10 0 d-------- C:\Program Files\SpywareBlaster
2008-06-11 14:53:56 0 d--h----- C:\WINDOWS\PIF
2008-06-11 14:51:59 0 d-------- C:\Program Files\Wolfenstein 3D
2008-06-11 14:36:11 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-06-11 13:54:47 0 d-------- C:\Program Files\speed-bit
2008-06-09 19:54:11 0 d-------- C:\Documents and Settings\Mine Mine\Downloads
2008-06-09 19:37:04 0 d-------- C:\Documents and Settings\Mine Mine\Application Data\CheckPoint
2008-06-09 19:36:09 128 --a------ C:\WINDOWS\system32\pdfl.dat
2008-06-09 19:36:09 144 --a------ C:\WINDOWS\system32\lkfl.dat
2008-06-09 19:36:09 80 --a------ C:\WINDOWS\system32\ibfl.dat
2008-06-09 19:35:59 0 d-------- C:\Program Files\CheckPoint
2008-06-08 02:58:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-06-08 01:22:07 0 dr-h----- C:\Documents and Settings\Mine Mine\Recent
2008-06-08 00:52:29 0 d-------- C:\Program Files\Uniblue
2008-06-08 00:02:27 0 d-------- C:\Documents and Settings\Mine Mine\Application Data\Uniblue
2008-06-05 14:32:58 0 d-------- C:\Documents and Settings\Mine Mine\Application Data\LimeWire
2008-06-03 01:30:44 0 d-------- C:\Program Files\Lavasoft
2008-06-03 01:29:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2008-06-13 07:42:41 0 d-------- C:\Documents and Settings\Mine Mine\Application Data\Skype
2008-06-13 05:55:01 0 d-------- C:\Documents and Settings\Mine Mine\Application Data\uTorrent
2008-06-13 04:21:24 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-13 03:38:13 0 d-------- C:\Documents and Settings\Mine Mine\Application Data\skypePM
2008-06-12 15:32:01 0 d-------- C:\Program Files\Common Files
2008-06-12 15:31:59 0 d-------- C:\Documents and Settings\Mine Mine\Application Data\U3
2008-06-09 00:02:44 0 d-------- C:\Program Files\Diablo II
2008-06-08 23:58:19 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-08 01:16:04 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-08 00:41:42 0 d-------- C:\Program Files\Torrent Harvester
2008-06-03 19:20:23 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-01 19:56:31 0 d-------- C:\Program Files\Common Files\supportsoft
2008-06-01 19:47:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-06 10:28:48 0 d-------- C:\Program Files\LG Electronics
2008-05-06 10:27:53 0 d-------- C:\Program Files\Verizon Wireless
2008-05-05 22:26:37 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-05-05 22:24:33 0 d-------- C:\Program Files\DivX
2008-05-05 20:06:27 0 d-------- C:\Documents and Settings\Mine Mine\Application Data\ArcSoft
2008-04-30 09:17:25 0 d-------- C:\Program Files\Photo Viewer
2008-04-28 11:04:09 0 d-------- C:\Program Files\Bethesda Softworks
2008-04-28 10:53:38 0 d-------- C:\Program Files\Alcohol Soft
2008-04-26 11:20:56 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-25 15:52:29 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-25 15:52:17 0 d-------- C:\Program Files\Common Files\Real
2008-04-25 02:05:35 0 d-------- C:\Documents and Settings\Mine Mine\Application Data\Adobe
2008-04-25 00:34:45 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-24 23:33:11 0 d-------- C:\Program Files\Godlike Developers
2008-04-24 23:32:19 0 d-------- C:\Program Files\WinAce
2008-04-24 16:10:00 0 d-------- C:\Documents and Settings\Mine Mine\Application Data\Sun
2008-04-24 16:08:23 0 d-------- C:\Program Files\Java
2008-04-24 16:06:24 0 d-------- C:\Program Files\Common Files\Java
2008-04-23 14:36:32 0 d-------- C:\Program Files\Hero Editor
2008-04-23 14:35:31 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-23 14:12:06 0 d-------- C:\Program Files\Common Files\iS3
2008-04-23 07:56:36 0 d-------- C:\Program Files\Return to Castle Wolfenstein
2008-04-17 16:21:07 0 d-------- C:\Program Files\PokerStars
2008-04-17 13:11:37 35703 --a------ C:\WINDOWS\DIIUnin.dat
2008-04-17 13:10:05 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-04-17 13:10:04 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-04-17 13:10:04 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-04-17 02:21:28 0 d-------- C:\Documents and Settings\Mine Mine\Application Data\Real
2008-04-17 02:15:09 0 d-------- C:\Program Files\Real
2008-04-13 17:50:01 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-04-13 17:50:01 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-04-12 19:23:36 551 --a------ C:\WINDOWS\checkip.dat
2008-04-12 19:16:23 1225 --a------ C:\WINDOWS\ipconfig.dat
2008-03-21 00:47:16 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-03-21 00:47:16 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
05/03/2008 02:26 AM 453904 --a------ C:\Program Files\CheckPoint\ZAForceField\TrustChecker\Components\TrustCheckerIEPlugin.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"= C:\Program Files\CheckPoint\ZAForceField\TrustChecker\Components\TrustCheckerIEPlugin.dll [05/03/2008 02:26 AM 453904]

[-HKEY_CLASSES_ROOT\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}]
[HKEY_CLASSES_ROOT\CheckPoint.ForceFieldToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}]
[HKEY_CLASSES_ROOT\CheckPoint.ForceFieldToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 02:05 PM]
"ISW"="C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" [05/03/2008 02:26 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 10:56 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 05:22 PM]
"RAMSaverPro"="C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe" [04/16/2008 04:38 AM]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [02/22/2008 08:58 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [08/16/2007 09:02 AM]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [04/02/2008 09:50 AM]

C:\Documents and Settings\Mine Mine\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [5/6/2008 10:27:54 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoSecCpl"=0 (0x0)
"DisableChangePassword"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)
"NoDispCpl"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktop"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"HideClock"=0 (0x0)
"NoManageMyComputerVerb"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"StartmenuLogoff"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinters"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoRun"=0 (0x0)
"NoFind"=0 (0x0)
"NoClose"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mine Mine^Start Menu^Programs^Startup^MEMonitor.lnk]
backup=C:\WINDOWS\pss\MEMonitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtcMaestro]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX8400 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\DOCUME~1\MINEMI~1\LOCALS~1\Temp\E_SD.tmp" /EF "HKCU"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
Rundll32 P17.dll,P17Helper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-06-13 08:03:54 ------------

Please help. I have tried various virus scanners. Also tried task manager to shut down all possible processes except one that are vital to running the system. I have also gone into msconfig and looked for any startup programs that should not be ther and alsoo in the services tab. I can usually fix a problem but this one is driving me nuts.
 
See less See more
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top