Over 1 million tech questions and answers.

wwwcoolsearch.leftover Hijack log

Q: wwwcoolsearch.leftover Hijack log

Need some help with this log please, guys. I have broadband but the last day or so the connection was extremely slow and sluggish. I then ran a Spybot search and came up with the wwwcoolsearch.leftover virus. I deleted it from Spybot but the system remained slow - sometimes taking 5 minutes or so to load a page. I then performed a system restore to three days ago and so far that seems to have solved the problem - speed of the broadband connection seems to be much faster now. I just want to make sure there's nothing in my HJT log that should warrant further investigation. If it's of any interest, on Monday I upgraded from ME to XP.



Logfile of HijackThis v1.99.1
Scan saved at 00:07:13, on 31/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Desktop\Antivirus files\hijackthis\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://register.iol.ie/cgi-bin/dslcd?affiliate=IB143001
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acmilan.com/
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S18D.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Product Registration Reminder] C:\WINDOWS\Temp\RegModule.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\E_SRCV02.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Win32 Classes -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...44/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/activeX/SpeedUploader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

RELEVANCY SCORE 200
Preferred Solution: wwwcoolsearch.leftover Hijack log

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: wwwcoolsearch.leftover Hijack log

OK, seems I typed too soon. System is back to slow this AM. HELP!

Read other 2 answers
RELEVANCY SCORE 56.8

There's been a lot of trojans/malware on this pc in the past and although I've usually managed to eliminate most of the threats, I'm pretty sure there are still some leftover bits and pieces, so I figured I'd try posting this log to see if anyone could help me clean it up a bit, as it's not my computer, obviously I don't want to go messing about in the registry by myself. Take your time, no rush ;)Logfile of Trend Micro HijackThis v2.0.4Scan saved at 03:36:58, on 27/07/2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDevice... Read more

A:Hijack This / Looking For Leftover Narsties

Hi,Please do the following:Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. NEXTPlease download aswMBR ( 511KB ) to your desktop.Double click the aswMBR.exe icon to run itClick the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Read other 18 answers
RELEVANCY SCORE 48.8

just got this bug a few days ago and can't get rid of it just like the others. read the other posts on the forum and got the hjt here are the results...thank you in advance for anyone who can help

Logfile of HijackThis v1.99.1
Scan saved at 8:07:15 AM, on 3/13/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AOL Companion\companion.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Jason\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\... Read more

A:wwwcoolsearch help please

Hi Spywarehater and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

Read other 3 answers
RELEVANCY SCORE 48.8

I just got this problem a day ago and have read and tried almost everything in this link
http://forums.techguy.org/malware-removal-hijackthis-logs/305605-solved-wwwcoolsearch.html

I ran Ad-aware SE, update..Shredder Updated, my virus scan Symantec, and Spybot Search and Destroy. Each time they all find something and delete, but always show up again when i perform the search again.
This is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:36:00 AM, on 7/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\444.471
C:\WINDOWS\system32\uoyzsydz.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless N... Read more

Read other answers
RELEVANCY SCORE 48.8

HJT Log

--------------------------------------------------------------------------------

I am looking for help. Can someone more knowledgeable than me review the HJT log generated off my computer and advise me on what is safe (and unsafe) to delete. Some appear obvious but others are unclear. I don't want to make a fatal errror by guessing!!

Logfile of HijackThis v1.98.2
Scan saved at 4:59:28 PM, on 11/8/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associat... Read more

A:Help with HJT Log / WWWcoolSearch et al

Hello and welcome to TSF-

You have several problems that we need to address. We will be using several anti-spyware, anti-adware and anti-hijack programs. I recommend that you keep these programs on your system permanently.
Only use HiJackThis under the guidance of an expert! Accidentally deleting something can disable your operating system. Print out these instructions so you may reference them without any programs open. It is very important that no programs (especially internet browsers) are running when implementing these fixes. [You may leave your firewall and virusscanner running.]
----------------------------------------------------------------
To show hidden files instructions
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
----------------------------------------------------------------
* Your HiJackThis program is in a temporary folder or on the Desktop. It is important that this program reside in a permanent folder. I recommend c:/program files/HJT/. You should save each log with a name that you can recognize, like HJT 11-8-04a.log. The 'a' is in case we make multiple logs in one day. HiJackThis is a single file program. You may freely cut/paste it to whereever you want and it will not affect HiJackThis's functionality.
------------------------------... Read more

Read other 4 answers
RELEVANCY SCORE 48.8

Iwish to thank eveyone in advance for there help. I seem to have a problem with coolsearch like so many other people do and I would like to fix it . I dont know where to start.

A:wwwcoolsearch

Please download HijackThis. Create a folder at C:\HJT and move HijackThis.exe there. Run a scan and save the log file. Post the whole log file here. Do not fix anything since most of them listed there are harmless (some are system required). This program will help us determine if there is any spyware/malware on your computer.

Read other 9 answers
RELEVANCY SCORE 48

Hello everyone.

Today I was infected with some for of wwwcoolsearch. This trojan/spyware/whatever is scary. Not only does it redirect my internet pages but closes Notepad, restricts access to Windows Explorer, and keeps coming back!

I've tried following the help posted for WinXP, but it doesn't seem to work for WIN98. Below is a copy of my HJT log. (And below that, my about:buster logs.)

Logfile of HijackThis v1.97.7
Scan saved at 12:09:01 AM, on 12/6/2004
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\IEJE.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\WINDOWS\DESKTOP\ABOUTBUSTER\ABOUTBUSTER.EXE
D:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\WINWORD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\qmfrr.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\qmfrr.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\qmfrr.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\qmfrr.dll/sp.html#28129 ... Read more

A:NEED HELP: wwwcoolsearch on win98

Maple Syrup, welcome.

Please print this out and follow ALL these directions carefully.

This is a new CoolWebSearch (CWS) hijack infection and is hard to remove.

Note: Every time you reboot the files multiply and change names.
This process is like exterminating cockroaches.

Please download the tool called about:buster from
http://www.downloads.subratam.org/AboutBuster.zip
or
http://www.majorgeeks.com/download4289.html
http://www.atribune.org/downloads/AboutBuster.zip

Unzip it to your desktop.

Double click aboutbuster.exe, click Update, click OK, click Start, then click OK.
This will scan your computer for the bad files and delete them.

Download the latest v1.98.2 version of HijackThis to post your new log:
http://aumha.org/downloads/hijackthis.exe
or
http://tools.radiosplace.com/HijackThis.exe

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.

Move HijackThis.exe into this folder as you do not want the HijackThis backup logs all over your Desktop.

When you run HijackThis from C:\HJT folder by double clicking on it and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Make sure 'show all files' is enabled:
http://service1.symantec.com/SUPPORT...&osv=&osv_lvl=

Boot into Safe Mode by tapping F8 key repeatedly at b... Read more

Read other 9 answers
RELEVANCY SCORE 48

Guys
Any help with this is really appreciated. I have wwwcoolsearch on my laptop and a process called winmine.exe that will not end when i try to shut down. I have used adaware and removed it with that, rebooted, done the scan but it says Im clean. Here is my HJT log file:

Logfile of HijackThis v1.98.2
Scan saved at 18:56:29, on 30/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\SYSTEM32\HOTKEY.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEeng.exe
C:\WINDOWS\Qbrowse.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\NISUM.EXE
... Read more

A:wwwcoolsearch and winmine HELP ME PLEASE.

Download CWShredder and click on Fix (it will automatically fix anything it finds for you). If it asks if you want to delete a certain random file, choose No and post that filename here.

Please post a fresh Hijack This log so that we can check if your system is clean.

I do not subscribe to threads so please PM me the link when you have posted your new log. Please do not post your log in the PM, only the link

Read other 16 answers
RELEVANCY SCORE 48

i need help with this

Logfile of HijackThis v1.99.0
Scan saved at 9:02:22 PM, on 2/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Messenger Plus! 3\MsgPlus.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
D:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [T... Read more

A:problems with wwwcoolsearch

Welcome to TSF.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Reboot into Safe Mode (hit F8 key until ... Read more

Read other 5 answers
RELEVANCY SCORE 48

computer gets this wwwcoolsearch with spybot. It says it removes it but then i scan again and it is there. I tried also cwshredder and it seems to be still there. here is my hijackthis log

If i reboot the computer it is fine and then gradually slows down to a crawl. it sucks


Logfile of HijackThis v1.98.2
Scan saved at 11:35:59 PM, on 12/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\ULTRAVNC\WINVNC.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\USBSTORAGE\USBDETECTOR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\K6SJ92GYONGWTHD.EXE
C:\WINDOWS\SYSTEM\181U3ZUKTK1SE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\SECOND NATURE\SNSICON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\MY DOCUMENTS\JASON HIJACK\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=31130123321001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://win-eto.com/sp.htm?id=31130123321001
R1 - HKCU\Software\Microsoft\Internet Explore... Read more

A:Solved: wwwcoolsearch

http://forums.techguy.org/t110854.html

Download SpyBot Search and Destroy and AD-Aware Se UPDATE and do a scan with both of them getting rid of all they find

It looks like you do not have an on board anti virus program

Download AVG 7 and install

Do a scan with Housecall and Panda

After doing ALL the above post another log here please
 

Read other 2 answers
RELEVANCY SCORE 47.2

First of all, a big thanks to any and all involved with this great site.

I've been fighting some whacky variant of wwwcoolsearch for many, many days now with little success.

1. SpyBot Search and Destroy finds several wwwcoolsearch entries, but is unable to clean them. Here is a picture of the SpyBot results that will not successfully clean:


[img=http://img74.exs.cx/img74/7222/98-spybot.th.jpg]

2. After booting up in Safe Mode, I ran Kaspersky anti-virus program. It cleaned out several downloader trojans.

3. Still in Safe Mode, I ran the latest CWShredder program. It removed a file called CWS.Bootconf.

4. Still in Safe Mode, I ran Spy Bot Search and Destroy. It ran clean and found no wwwcoolsearch entries.

5. I ran Ad-aware SE and cleaned out its findings.

6. I restarted my machine in regular mode, and the wwwcoolsearch components reappear (UGH!!)... and I continue to get pop-ups, etc.

I'm at the end of my ideas... I have read your "Read Me First" entry in this board and have complied.

I have done the following:

1. Configured the latest version of Ad-aware SE per your instructions.
2. Ran Ad-aware scan and cleaned all findings
3. Rebooted machine
4. Ran virus check at housecall.trendmicro.com
5. Unhid file extensions and made all system folders visible
6. Ran the latest version of Hijackthis
7. Ran Hijack_This_Analyzer

Here is the resulting LOG:

========================================================
Log was analyzed u... Read more

A:WWWCOOLSEARCH Variant - Kicking my Butt!

Hi...
I am afraid there is not little we can do for you at this time as you have a new bug. These O1 - Hosts: 69.20.16.183 are the culprit and they are being worked on to find a fix.....

I will post back to you when the fix is found...

Read other 18 answers
RELEVANCY SCORE 39.6

hey guys. I have peerguardian 2 and everytime i start my computer someone called offeroptimizer.com/static.callinghome.biz[spy], st. also i was looking with spysweeper at my items that startup with windows and i noticed there is something called ShowWnd.exe and i googeld it and some things said it was malicious and some said it was not. Maybe you could help me out. Heres my Hijackthis log. Thanks.Logfile of HijackThis v1.99.1Scan saved at 4:20:18 PM, on 5/25/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files&#... Read more

A:HJT-Leftover

Welcome leftover to Bleeping Computer.*Restart the computer.*as soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.*Use the arrow keys to select the Safe mode menu item*press Enter.***We need to make sure all hidden files are showing so please:* Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View Tab. * Under the Hidden files and folders heading select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK.***Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exeClick on Fix Checked when finished and exit HijackThis.***Open Windows Explorer.Find and delete this file:C:\Windows\System32\ShowWnd.exe***Reboot the computer to normal mode.Please post back in this topic with a fresh log using HijackThis.

Read other 16 answers
RELEVANCY SCORE 39.2

After finally getting the Windows 10 Anniversary Update to install, as expected, I had a WIndows.0ld file. Following instructions posted here and elsewhere, I used Disc Cleanup to remove most of that file.

There are still two folders remaining in Windows.old from System32, one in Drivers (IntcDaud.sys) and one in DriverStore (intcdaud.info.amd64xxxxx.) When I go directly to System32, both drivers appear in the same folders where they show in Wndows.old. Disc Cleanup no longer even recognizes Windows.old, so I cannot run it again to remove what appear to me to be extraneous entries.

Can I safely use Unlocker to try to remove the remaining Windows.old file, which likely would only work after a reboot? If not, is there some other method, short of using the Jaws of Life or a ten-pound sledge hammer to remove the leftover Windows.old file?

A:Windows.old leftover

Hello Not Myself,

Unlocker should work for you. If you like, OPTION THREE below should work as well.

Windows.old Folder - Delete in Windows 10

Read other answers
RELEVANCY SCORE 39.2

I got some kind of malware last week. I kept getting tons of pop-ups, which never bothered me before, and other things. One of those fake anti-spyware sites that took over my computer till I shut it down, etc.

So in the past week I have done the following:

I ran Stinger, Ad-Aware, Malicious Removal Tool, CC Cleaner, Housecall, HS Remove, cwshredder, Kill2Me, all of which found nothing, and did a System Restore which had no effect..

Then I ran Malwarebytes and Stopzilla both of which found some Trojans, Malwares, Ad cookies etc and deleted them. (No worms that I could see.)

Since then I still have the following problems:

When I load Firefox - before the page loads in the upper left hand corner I get the following box:

"Java Application Type Error: spElement is null." (A search of "spElement is null" on Google turns up nothing.)

When I click OK, the message box disappears and Firefox loads. Sometimes a few different pages load, Ask.Com, My * 10.Com, etc. A couple pages sometime try to load but there is a message box that says the locations couldn't be found. I click off those pages, I seem to be able to use Firefox without any further problems.

If I try and load Internet Explorer, a bunch pf pages try to load, all with the same internet address with numbers, letters, and symbols that I have never seen before (not a foreign language, but symbols which aren't on my keyboard, letters, etc) Luckily for each page that tries to loa... Read more

A:A few leftover's that I can't seem to shake??

I would do the following.....Use Rkill to stop the rootkit processes that start when the computer comes on. Then I run the Malwarebytes and SUPERAntiSpyware. Here are some DL links for the Rkill....LINK 1LINK 2LINK 3LINK 4Save it to your desktop and then double click to launch it (With Vista you need to right click and select run as administrator). You should see a little black window open and then close. If you see that box then it worked. If you don't see the black box then delete the file and use another download link and repeat the steps.After running Rkill update and run MBAM. Next I would install AFT Cleaner check the box for select all and then run it. Finally, I would run SUPERAntiSpyware. If you have more than one username then you will need to scan each user account seperately with this.

Read other 1 answers
RELEVANCY SCORE 39.2

HI, i removed a security program,and i now find that i have leftover files, i went into task manager found file location, but when i try to delete them, a popup say's i need permission. i am the only user on the pc and also administrater how do i obtain permision or is the another way to delete. i have vista premium 32-bit...thanks

A:Get rid of leftover files

Hi patch41, Take ownership of that file and then delete it.

Read other 5 answers
RELEVANCY SCORE 39.2

thank you for helping me,

Here is where we were working on Internet Explorer issues before I was told there was leftover malware items> http://forums.techguy.org/windows-xp/949714-internet-explorer-problem.html#post7597460

i ran the uninstaller then did the hijack this scan again.
i didn't see the two items you said i should check mark on the list.. so i looked back at the first log and they are listed, but now after the uninstall they are gone. because im not sure what to do, i didn't do the Norton uninstaller part yet.. this it the latest file after the uninstall.

i also noticed that when i would open any file the Search Settings v1.2.3 tried to open every time, and i had to hit the cancel button several times to close it. now that I've done the uninstall, it no longer does this. im guessing they are related somehow and i hope that this new information doesn't come too late..
thank you again for your help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:46, on 9/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\... Read more

A:Leftover infection

Search Settings seems to be gone alright.

As for Norton, it should be removed since you should never run more than one antivirus software at the time. They will work one against the other (Avira and Norton), cause your system to be slow and even freeze. Your computer will be even more vulnerable.

Your log is showing traces of past or present infection. After we're done here, we'll need to get you transfered to the Virus & Other Malware Removal forum.
 

Read other 1 answers
RELEVANCY SCORE 39.2

Hi I need help getting rid of some trojan/malware remains. Malwarebytes and tdsskiller don't find anything but I am still getting internet explorer redirects, windows firewall turned off & will not turn on and need help because it looks like I may have a rootkit hiding somewhere. I have included my dds files. Also avast is showing alot of "malicious URL blocked" messages and the process is C:\Windows\System32\ping.exe. I have ESAT, MBAM, SAS & HiJackThis logs. I have combofix, aswMBR & minitoolbox dl'd & ready to run but don't want to use them without your direction. I have windows 7 32 Thanks!

A:Win7Antispyware leftover fix

Update......running eset fixed the redirects but I wonder if I still have the rootkit. Eset said I had a variant of the Win32/Sirefef.DN trojan.

Read other 19 answers
RELEVANCY SCORE 39.2

Can anyone tell me if there is such a progamme that can detect leftover programmes on the pc. By that I mean, when you have installed a programme and then decide you don't want it, you delete it from the add/remove control but it always seems to leave some file behind.

Is there anything that would clean all those files up? Hope I am making sense.

Thanks
 

A:Leftover files?

Read other 14 answers
RELEVANCY SCORE 38.8

I am trying to clear out the last remnants of 2 spyware infections, spysherriff.exe and ibm0001.exe. I have gotten just about everything cleared out, but i still have a few items on my hijackthis log that i can not get rid of at all. I am not sure if this is related or not, but my internet just stops working after 20 minutes after i reboot. Called the ISP, they said my connection is okay, i can ping out, but i can not get a connection to anything, IE and firefox open as nothing, no page.this is the one entry that i can not get rid of.O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dllI have ran, Ewido, adaware, AVG, Spybot - Search & Destroy, kaspersky (which for some reason i can no longer get too). I run WIN XP's firewall, but i can not get to the settings, gives me an error saying "Due to an unidentified problem, Windows cannot display Windows Firewall Settings".Any help would be gladly appreciated, Thanks in advance.Logfile of HijackThis v1.99.1Scan saved at 6:20:24 PM, on 1/14/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32�... Read more

A:Hijackthis Log: Last Remnants Leftover

Hi,

Sorry for this delay. Post please a fresh hijackthis log if you still have problems.

Read other 5 answers
RELEVANCY SCORE 38.8

So my dad was using the pc and installed malware by mistake. I ran malwarebyes and removed the malware but every time he signs into his account on startup this error pops up. I tried to find it's folder but couldn't see it so how can I remove it please?

A:Cannot delete this malware leftover

Originally Posted by Edward


So my dad was using the pc and installed malware by mistake. I ran malwarebyes and removed the malware but every time he signs into his account on startup this error pops up. I tried to find it's folder but couldn't see it so how can I remove it please?



Hi Edward.
Do you have Ccleaner installed on the computer?
If so, please navigate to the TOOLS selection on the left, then go across the tabs to SCHEDULED TASKS. Look in that window for the DLL call and highlight it, and select DISABLE. Reboot the computer.

Read other 3 answers
RELEVANCY SCORE 38.8

Howdy,

Now that I seem to have removed my root-kit I now wish to figure out how to remove what is leftover from a Virumonde infection that I had last year. I am no longer infected, but have 2 calls for dll files that are left in the registry, and cause an error on system start, generating error boxes. I am simply tired of them, but had to get my other issues taken care of first.

Hijack This and MB both allow me to delete the registry entries for both dlls, but they keep reappearing. I have researched this, only to find that it has something to do with the system restore function in XP. That doesn't make sense to me as I have turned system restore off, and it still happens. That leads me to believe that this problem is coming from somewhere else, but I have no idea how to track it down.

Thanks!
 

A:Leftover Virtumonde trash

Read other 16 answers
RELEVANCY SCORE 38.8

My old EIDE WD Caviar200AA is in a box.It was in a Compaq p.o.s.that died,last march.
My new" no-name" is running NTFS. and has 80 Gb Hdd.
How much hassle to add additional" slave" drive to new machine?
what are the snafu's out there? How do I start?
btw I'm new at this

Is the ole' 5600rpm drive seemingly tons slower than my 7200 in practice?

Can any of the fat32 stuff be left on that 20Gb or does it all have to be wiped?
 

A:should I install a leftover second- harddrive,20G

Read other 8 answers
RELEVANCY SCORE 38.8

I have previously posted in this forum about my computer on this thread: http://www.bleepingcomputer.com/forums/t/239917/google-redirect/. The google redirection issue described there was resolved, but there are still a few symptoms that indicate the computer may not be completely fixed. I was working with Blade81 via private message but we were unable to solve these symptoms. They are:When I log into the "Steve" account, I see this error message:
RUNDLL
Error loading C:/DOCUME~1/Steve/protect.dll
The specified module could not be found.
(Note that the combofix in the previous thread was done to the Donna account)The antivirus program auto-update does not seem to be working. I can do a manual update, and I can see that automatic updates are enabled, but they do not seem to be executing.Uploading actions, such as sending an email or uploading pictures to Picasa, seem to take longer than they should.I have run DDS on the "Steve" account since it is the one that has the error message. Thanks in advance for any help you can provide.DDS (Ver_09-07-30.01) - NTFSx86 Run by Steve at 21:08:58.73 on Wed 09/02/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1679 [GMT -5:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k ... Read more

A:Leftover Malware from a Previous Fix

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 9 answers
RELEVANCY SCORE 38.8

This is not a big deal, but after cleaning up a mildly infected computer with Malwarebytes Professional, AdwCleaner and HitmanPro, I find I still have a running process for SearchProtect when I checked in Task Manager for anything else.  It is not showing it's using a lot of resources, but it is there.  The entry is located in the System 32 file.  I hesitate to remove anything from that file... Should I leave well enough alone or delete it?  Thanks!Edit: Topic moved from General Security to the more appropriate forum. ~ AnimalEdit: Topic moved from Am I Infected forum to the more appropriate forum. At the request of Malware Removal team member. ~ Animal

A:Leftover Conduit Entry

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

Read other 14 answers
RELEVANCY SCORE 38.8

I used the Windows Police removal procedure as shown and successfully removed the program. THANKS - got my computer back! However, every time I start up my computer or a program now I get the following window notification "name of exec file - BAD IMAGE. Then it states that "globalroot\systemroot\system32\gasfkybospyfqm.dll" is not a valid Windows image. Please check it against your installation disk." I can click on OK and everything works but it comes up everytime something loads. Any information on getting rid of this screen would be appreciated. Also - all my RESTORE points have gone, I can't even get back into yesterday or last month. RESTORE is set to work so????

A:Windows Police leftover help please

Moved from HJT to a more appropriate forum. Tw

Read other 7 answers
RELEVANCY SCORE 38.8

I am reparing a machine for a friend. After installing and updating Mcafee, I found and removed multiple viruses. However, the desktop still has a long message on a black background that reads: WARNING You Are In Danger All that you ever do on your computer...... Can anyone tell me how to get this off the Desktop? Thanks.
 

A:Desktop Virus Leftover

http://www.processlibrary.com/processscan/ this may help once you reach desktop,however i would run all the anti spy you have make sure you have spybot,adaware etc,download iobit v2 free install run then go to tools start up and look through the registry entries which are starting with windows,also microsoft malicious removal tool may be usefull
http://www.iobit.com/AdvancedWindowsCarePersonal/download.htm
http://www.microsoft.com/security/malwareremove/default.mspx
 

Read other 1 answers
RELEVANCY SCORE 38.8

Hello

I am trying to help my friend again with her PC. I removed Adware and Kazaa a few months ago but someone installed Kazaa again so now I have to clean it up again. She promised her first born if it happens again.

I have installed the latest Windows security updates, cwshredder and Spybot but the browser is still not 100%. It is usable but there 4-5 ads when you launch. Here is her Hijack this file

Logfile of HijackThis v1.97.7
Scan saved at 7:00:14 AM, on 6/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common files\updmgr\updmgr.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\WINDOWS\System32\mwvzapst.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\dhbrwsr.exe
C:\WINDOWS\odrbvzkha.exe
C:\documents and settings\user\local settin... Read more

A:Leftover Kazaa problems

Read other 11 answers
RELEVANCY SCORE 38.8

So I contracted Smitfraud-c, as named by Spybot, and like everyone else I couldn't get it off. My computer was just going nuts; adding desktop icons, opening my browser, countless prompts ostensibly notifying me of spyware removal tools, and actually running these fake programs. I tried a few smitfraud cleaners and other recommendations to no avail.
Finally I tried using HJT to "delete a file on reboot.." and deleted the dll associated with smitfraud-c. I think I determined the dll file with the SpybotSD recovery listings following a scan, or something like that. Anyway, after I did this SpybotSD was actually able to delete the Smitfraud-c object. After numerous scans with all of my clean-up tools, they are no longer picking up any more malware.
I was happy about this, however things still arent completely right: Boot-ups take a long time (malware is starting up and initiating its hijack, I think), my home page keeps changing, and I'm pretty sure I'm seeing browser hijacker entries in my HJT log.
Security and cleanup tools that I use: SpybotSD, AdawareSE, Spyware blaster, AVG, windows firewall, CCleaner, RegCleaner, Windows disk cleaner and every now and then I'll run rootkit scanners. Here's my HJT log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.e... Read more

A:smitfraud-c, leftover stuff

Read other 12 answers
RELEVANCY SCORE 38.8

I had a virus/rootkit that I thought I had cleaned up. I'm still having the following issues though:
1. Blue screen trying to boot into safe mode (can't read reason)
2. Generic Host Process for Win32 Services has encountered a problem and needs to close message
3. Can't run full antivirus scan now without getting the above error, but it pops up at other times, like right now. When I get it, I have to restart my laptop - it won't do anything else.
4. Have the occasional extra pop up with an advertisement when I open up IE.
5. I couldn't post this on my laptop - I had to borrow someone else's for a few minutes to get this to go through. It just kept saying it couldn't diplay the page after I tried hitting submit.
6. My laptop is running much slower than normal.

Hope someone can help! I'm in the middle of a big project that needs files from my only computer, so this is the worst timing ever!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Liz at 17:38:04.46 on Fri 05/13/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.894 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k ne... Read more

A:Leftover Problems from Rootkit

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you hav... Read more

Read other 3 answers
RELEVANCY SCORE 38.8

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:20:52 PM, on 4/24/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\WINDOWS\system32\ezSP_Px.exeC:\Program Files\Verizon\McciTrayApp.exeC:\Program Files\ATT-SST\McciTrayApp.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\Linksys\WUSB54GSC\WLService.exeC:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exeC:\WINDOWS\system... Read more

A:HJthis log - still have viruses leftover?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

Read other 2 answers
RELEVANCY SCORE 38.8

I downloaded a bad file on accident and got inundated with trojans and all kinds of other garbage. So I ran a full MBAM scan and cleaned it all out, mostly. When I open up my browser (Firefox) This is what I see on the top of my browserI also randomly get a page that says "CONNECTION RESET BY REMOTE SERVER. something about reasons for errors, then a link that says RUN THE COMPLETE SCAN." Obviously it's a ruse and I just hit refresh and it goes away. Any help is appreciated

A:I need some help cleaning up some leftover spyware. . .

Hello please run these as instructed and post back 2 logs. If you have SpyBot running please disable it for these.From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with... Read more

Read other 5 answers
RELEVANCY SCORE 38.8

I had been using WMP 6.4. Decided to try Version 7. Uninstalled and checked out Version 9. Wish I hadn't done either. I don't care for the extra features they added and should have just stayed with 6.4.

After searching, I've learned that those newer versions added lots of registry entry's that do not get removed with Add/Remove Programs.

When I run Spybot S&D, I still see entry's about Media Player and SDK. I have Win98SE, use Norton Windoctor and JV16 Powertools.

Is there a tool or guide to remove leftover WMP registry entries before putting 6.4 back on? I had deleted 6.4 from Explorer and ran the above before installing the other versions. I also have the Alternative versions, but need WMP for streaming.
 

A:Remove leftover WMP reg entries

Read other 8 answers
RELEVANCY SCORE 38.8

Last Thursday, I'm sure a file from WinMX while my AVG was off(that's a long story) caused a browser hijack. Anyway, I read though your and other forums and followed some of the suggestions given to others with similar ills. After a lot of trail and error I seem to no longer have browser hijacking ( i.e.. new window opening with "url.urtbk" in the address) but I'm not sure if all is well. There may still be leftovers. My browser still runs slower than normal and I fear a redirect is in my future. Here's my current HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:51 PM, on 7/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx... Read more

A:Malware leftover blues

I now have Java SE installed (files in my registry leftover fron Windows Cleanup Utility prevented installation)
 

Read other 1 answers
RELEVANCY SCORE 38.8

Ok, finally got Smitfraud-C.Core Service and Virtumonde cleaned out. DriveCleaner2006 does not seem to want to go away now. Had some WinAntiSpyware as well. The only thing that seems to be hanging on at this point is the DriveCleaner. Here is the HijackThis log. Thanks for your help!Logfile of HijackThis v1.99.1Scan saved at 3:24:28 AM, on 7/26/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exec:\program files\safeandsecure\safeandsecure\app\CurtainsSysSvcNt.exeC:\Program Files\Common Files\Command Software\dvpapi.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\ctfmon.exe... Read more

A:Leftover Stuff From Malware

Welcome to BleepingComputer, I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.I recommend that you "track this topic" to be notified when a reply has been made. At the top if this thread choose Options > Track This Topic and then select Immediate Email Notification.RegardsPOADB.

Read other 14 answers
RELEVANCY SCORE 38.8

I had a trial program loaded, the program was past the trial period and I forgot to uninstall it. When I did uninstall the program I thought all traces of it where gone. That was about a couple of months ago.
I decided that I would like to use it the program and tried to download it. The program started to download, but never finished the download. Got a message that "old version" needed to be removed.
I've done a search for the program, couldn't find any trace of the program. Went into regedit>software..found something I'm not sure if its the program or not. The program in question FakeWebCam...found in regedit>software "fwc" with 9 keys with values. The initials match the program's name.
Should I delete that folder from regedit?
 

A:Solved: Leftover Program

I just installed it into a virtual machine and it created the fwc key with 9 values so that's probably the one to delete. Always a good idea to export a copy first just in case.

HTH

Jerry
 

Read other 3 answers
RELEVANCY SCORE 38.8

Hi!
I created that XML using WSIM. However, if I leave the size field blank (partition: 4), I encounter an error during installation, claiming DiskConfiguration to be incorrect. Is there any way to do this, and how?
Also, after I fixed this, I got a message telling me drivers for HDD/SSD were missing. Since this doesn't seem to happen with the regular installer disks, how and which drivers I need to integrate?

Thanks in advance!
<?xml version="1.0" encoding="utf-8"?><unattend xmlns="urn:schemas-microsoft-com:unattend">    <settings pass="windowsPE">        <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">            <SetupUILanguage>                <UILanguage>de-DE</UILanguage>            </SetupUILanguage>            <InputLocale>de-DE</InputLocale>      &nbs... Read more

Read other answers
RELEVANCY SCORE 38.4

This computer was infected (we are pretty sure) with the "Security Protection" virus. A well meaning person ran "ComboFix" without any supervision and managed to get it somewhat usable. Then he ran the "Security Protection" Uninstall. This helped a lot, but when I try to download Avast, the download link gets hijacked, so I'm following the forum's step by step process to try and straighten things out. There is a "Nero Express Essentials" icon on my desktop, I think this is part of the problem. Thanks for your time!
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 11:13:06 on 2011-06-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3061.2578 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPE... Read more

A:"Security Protection" leftover virus(s)

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 19 answers
RELEVANCY SCORE 38.4

I removed mcafee using add/remove programs under the control panel. although i got the message that the uninstall was successful, there are still some things in the start.ini referring to this program. should i remove these using regedit. also will it help in getting rid of a conflict i'm having with other programs already on my computer?
 

A:using regedit to remove leftover files

If you are not real familiar with the registry, I suggest you download RegEditPlus.. a freeware program which provides the same service as windows regedit, but provides backup in case you make an error.
Then, in registry click 'C' and Find, enter any references to McAfee and use the delete button at the extreme top of panel on any that are found.
Download at:
http://www.pcmag.com/article2/0,4149,53887,00.asp
or -
www.zdnet.de/download/library/deAVB-wc.htm
 

Read other 2 answers
RELEVANCY SCORE 38.4

Hi, I think I have something leftover from an uninstall and I'd prefer to get rid of whatever is left if possible please.

My CPU was consistently running at 50% when using audio programs (iTunes, VLC etc) and the culprit was the System Process. I later found out it was "stdriverx64.sys" specifically, and that it is associated with NCH software. As such I've attempted to remove those programs (via Control Panel). This has solved the CPU problem and all but two of the programs seem to have been removed successfully.

The remaining programs are "Prism Video File Converter" and "Express Zip". If I log in as Admin, these are NOT present in the Control Panel uninstall screen, however they are present when logged in as my usual user account (no admin rights). Clicking uninstall does not work: for Prism nothing happens, and for Express Zip I get the message "Access denied while deleted registry contents" followed by a reboot request which does not help. The same thing happens via CCleaner. I also tried a different third party uninstaller but it was also unable to help ("Best Uninstall Tool").

Is there a way I can get rid of these?

Thanks for any help!
OS: Windows 7 Home Premium 64bit + Service Pack 1

A:Removing leftover bits of NCH software

Let's see if AdwCleaner finds and removes some of the 'left-overs'.

Download AdWareCleaner AdwCleaner Download to your desktop
1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
2.Click on Delete button.
3.Confirm each time with OK.
4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Read other 9 answers
RELEVANCY SCORE 38.4

Hi all,My computer had a virus until recently when I thought I removed it. Now the computer works fine ... for about 10 minutes before freezing. Is there anything in my logfile that shouldn't be there? Thanks in advance!ChadLogfile of Trend Micro HijackThis v2.0.3 (BETA)Scan saved at 4:27:23 AM, on 3/9/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\WISPTIS.EXEC:\WINDOWS\System32\tabbtnu.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\netdde.exeC:\Program Files\Common Files\Adobe Systems Shared\Service\... Read more

A:Random freezes, leftover virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 38.4

I installed RT Seven Lite Software for making my own Windows 7 custom ISO. I loaded official Windows 7 ISO into RT Seven lite and started editing, But for some reason i stopped working on that. The problems is i uninstalled RT Seven Lite and i thought the windows files i was working on will be delete automatically but this didn't happened. Now i have left over windows 7 setup files that i can't delete. When i delete files it gives error '' You require permission from administrators to make changes to this file/folders''. But i am on administrative account.
And even if i try to change ownership of files/folders the options are not accessible. Only Trustedinstaller have full control on files. (My English is not good so please watch video to understand my problem)

Details - YouTube

I even tried to use Linux Fedora OS to delete those files but still failed. Those files took 32GB size on my HardDrive. I don't want to format my drive.Help please

A:Can not delete RT7lite's leftover files

Have you tried this one? Add "Take Ownership" to Explorer Right-Click Menu in Win 7 or Vista
99% of times that's all that's needed here to get rid of stuff. But a (very) few times had to manually add\edit owner in 'Advanced Security Settings', info here Permissions - Allow or Deny Users and Groups

btw, in case it's something very special to your program, try a ticket on RT Seven support?

Read other 3 answers
RELEVANCY SCORE 38.4

I recently did a lossless re-install of Windows 7 on my machine, which placed my old data onto a folder called "Windows.Old", allowing me to totally restore everything. However, doing this generated a few folders that I can't seem to do anything with. I was able to remove most of them through the use of the Delete Invalid File application, but not even that is able to clear the last two folders:

My old Users folder, and my old ProgramData folder.

No matter what I do, these files are totally locked. I was able to move them to the desktop, but beyond that, they are being stubborn. Every time I try to delete them normally, I get the following message:



This is after I get a popup to allow administrative rights on the aforementioned folder. No matter what I do, this message will always pop up and bar me from deleting the folders.

Here's a list of all the things I've tried:

Changing file ownership.
Deleting individual files within the folders.
Disabling User Account Control notifications.
Fiddling with administrative details.
Deleting the folders through the use of Delete Invalid File.
Moving the folders to new locations.

None of these work. I can't remove the files at all. They're stuck, sitting on my desktop, taunting me as they use up my already tightly constrained HDD space.


How do I get rid of these pesky old files?

A:Impossible to delete leftover folders

Try Unlocker:
Download Unlocker 1.9.2 - FileHippo.com

edit: No need to use the Direct Download link on FileHippo's website. They abandoned that. Just use the green rectangle shown in the screenshot below.
Just be sure to uncheck the other junk it offers to install:

Once installed...
...right click on the folder of interest
...select Unlocker from the context menu
Deal with the User Account Control - if needed.

Once Unlocker opens...
If nothing is locking the folder(s)...
...select Delete from the drop down menu in the lower left part of the window
...then click on the button named OK.

If something is locking the folder(s)...
...select Delete from the drop down menu in the lower left part of the window
...then click on the button named Unlock All.

Be careful. Unlocker is powerful and dangerous. You might want to uninstall it after using it.

Read other 7 answers
RELEVANCY SCORE 38.4

Hi, I don't know much about computers so please bear with me.

I've installed a cookie/files cleanup (Evidence Eliminator), which is actually a 30 day trial program. Not even a day past, I decided to uninstall it. Unfortunately, I experienced problem uninstalling it with my pc's Add/Remove Program, so crazy to say I tried to remove them manually.
Now, I've noticed that "Evidence Eliminator" items still appear on context menu list when I right-click one of the items in Start Menu or any one of the files in My Documents and Desktop Icons. So, how can I delete and stop all these items (Evidence Eliminator Safe Delete, Evid. Elim. Quick Mode, Evid. Elim. Safe Start, etc.) to appear on right-clikck (context menu) list?

Someone told me about going to Registry Editor, but did not find them. Then, I also tried to run window thorough search, and nothing found either.

Its kind of frustraing doing research about this problem and it always takes me to a dead end. I hope I expressed my problem with my computer clearly and also hope to hear from you guys, soon.

PLEASE HELP..I NEED YOUR EXPERTISE!
THANK YOU IN ADVANCE!!!!

A:Leftover Files After Program Uninstallation

Find Search assistant (the one with the yellow dog) and click "All files and folders". Right click every line it shows and choose delete. Be careful. After deleting a folder, some extra lines may show up on the Search assistant GUI. Do not delete those. Instead: run a second search to make sure.

Read other 4 answers
RELEVANCY SCORE 38.4

I like to reformat my computer periodically, it keeps everything running smooth. The time had come to reformat, so I popped in my XP Pro install disc and let it whirr. I did the usual deal, deleted my old partition, and recreated a new one using a Quick NTFS Format. The install went smoothly.

Now however, I'm looking at some registry values, and I have all kinds of entries from old programs that were installed before I formatted. There are a few games on the list (FEAR, Oblivion, etc), the only problem is, I haven't installed those programs yet. It seems as if the format I've done didn't actually clean everything off.

I have two harddrives, but I use one for all the downloads/files/pictures/documents/other OS's/etc, and I use the other one just for installing XP and my programs. Is it possible that the quick format didn't do its job? Maybe it didn't get to delete the partition tables correctly or something, I dunno.

Anyone else ever have this problem before?
 

A:Leftover registry values after reformat

Read other 6 answers
RELEVANCY SCORE 38.4

I uninstalled AOL 9.0 off of all of my computers (because it sucks). I scanned all of them with a few Registry Cleaners (Ace Utilities, System Suite, and RegScrubXP). Then I opened regedit and searched for all entries with AOL in it an got a ton of left over entries.

I was wondering why these Registry Cleaners didn't get them.

But I do have AIM and I am thinking some entries belong to that so I don't know what to delete.

Any Help?
~ Thanks, 2madre
 

A:AOL leftover registry entries after uninstall

Read other 6 answers
RELEVANCY SCORE 38.4

Hi ... I have uninstalled a software program through Add/Remove. The program did uninstall, HOWEVER, the name of the software remained in the Add/Remove list and is blank. I tried reinstalling the program and then uninstalling it again hoping it would fix the problem but it never. Now there are two name the same left in Add/Remove. The software was for a Canon camera & I have Windows XP. Hoping someone can help. Thanks
 

A:Delete leftover names in Add/Remove

To remove the invalid/orphaned entries from the Add/Remove applet manually [Windows 2000/XP]

1. Start Registry Editor (Regedit.exe).
2. Locate the following key in the registry:
3. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
4. Make sure you backup the keys by exporting them to a .reg file.
5. Look for the name of the program with the orphaned entry.
6. Delete the entire listing for the software with the orphaned entry.
7. Close the registry editor.
8. Restart your computer.
 

Read other 1 answers