Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help, What is this xxx.exe app on my desktop


  • This topic is locked This topic is locked

#1
Ravyn001

Ravyn001

    Member

  • Member
  • PipPip
  • 10 posts
I’ve got a application sitting on my desktop that I don’t know where it came from or what it is.



The properties are:
File type: Application
xxx.exe
"C:\Documents and Settings\Greg Glidden\Desktop\xxx.exe"

When I tried to delete it I got the following message:
Cannot delete xxx: It is being used by another person or program. Close any programs that might be using the utility and try again.

I’ve tried turning off all unnecessary services, but terminal server is still showing as started.
I've got several unkown processes still running that I "end process" in task manager and they still come back.

I’ve run Hijack and cleaned what I found and this is the current report.

Logfile of HijackThis v1.99.1
Scan saved at 10:07:01 PM, on 4/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Hijack This\HijackThis.exe

O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1144367666156
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

I’ve also run ewido and these are the reports.
---------------------------------------------------------
ewido anti-malware - Process report
---------------------------------------------------------

+ Created on: 9:54:24 PM, 4/6/2006
+ Report-Checksum: 8FB5518F

0: System Process
4: System Process
260: C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
272: C:\Program Files\Trend Micro\Tmas\Tmas.exe
440: \SystemRoot\System32\smss.exe
496: \??\C:\WINDOWS\system32\csrss.exe
520: \??\C:\WINDOWS\system32\winlogon.exe
564: C:\WINDOWS\system32\services.exe
576: C:\WINDOWS\system32\lsass.exe
724: C:\WINDOWS\system32\svchost.exe
780: C:\WINDOWS\system32\svchost.exe
844: C:\WINDOWS\System32\svchost.exe
916: C:\Program Files\Norton AntiVirus\navapsvc.exe
976: C:\WINDOWS\System32\nvsvc32.exe
1012: C:\WINDOWS\System32\svchost.exe
1192: C:\WINDOWS\Explorer.EXE
1312: C:\WINDOWS\system32\LEXBCES.EXE
1336: C:\WINDOWS\system32\spoolsv.exe
1384: C:\WINDOWS\system32\LEXPPS.EXE
1476: C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
1484: C:\PROGRA~1\NORTON~1\navapw32.exe
1508: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
1524: C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
1540: C:\WINDOWS\BCMSMMSG.exe
1556: C:\WINDOWS\System32\MsPMSPSv.exe
1632: C:\Program Files\QuickTime\qttask.exe
1672: C:\WINDOWS\System32\svchost.exe
1712: C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
1740: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
1748: C:\Program Files\Messenger\msmsgs.exe
1824: C:\WINDOWS\system32\RUNDLL32.EXE
1924: C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
1948: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
2068: C:\Program Files\ewido anti-malware\ewidoguard.exe
2140: C:\Program Files\Microsoft Office\Office\WINWORD.EXE
2312: C:\WINDOWS\system32\wscntfy.exe
2560: C:\WINDOWS\System32\alg.exe
2632: C:\WINDOWS\system32\wuauclt.exe
2788: C:\Program Files\Microsoft Works\MSWorks.exe
2872: C:\Program Files\ewido anti-malware\ewidoctrl.exe
3196: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3700: C:\WINDOWS\System32\CTsvcCDA.exe
3828: C:\Program Files\ewido anti-malware\SecuritySuite.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:52:55 PM, 4/6/2006
+ Report-Checksum: 42A818FF

+ Scan result:

:mozilla.21:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Greg Glidden\Application Data\Mozilla\Firefox\Profiles\mgv74ioh.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Greg Glidden\Cookies\greg glidden@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup


::Report End

---------------------------------------------------------
ewido anti-malware - Connection report
---------------------------------------------------------

+ Created on: 9:55:03 PM, 4/6/2006
+ Report-Checksum: 95BC0678

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1027 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1039 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5001 127.0.0.1:1028 CLOSE_WAIT
TCP 192.168.1.100:139 0.0.0.0:0 LISTENING
TCP 192.168.1.100:3537 207.46.0.100:1863 ESTABLISHED
UDP 0.0.0.0:445
UDP 0.0.0.0:500
UDP 0.0.0.0:4500
UDP 127.0.0.1:123
UDP 127.0.0.1:1034
UDP 127.0.0.1:1900
UDP 192.168.1.100:123
UDP 192.168.1.100:137
UDP 192.168.1.100:138
UDP 192.168.1.100:1900

I still can’t delete or remove this xxx.exe application. What is it and how can I get rid of it?
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP