Over 1 million tech questions and answers.

A few leftover's that I can't seem to shake??

Q: A few leftover's that I can't seem to shake??

I got some kind of malware last week. I kept getting tons of pop-ups, which never bothered me before, and other things. One of those fake anti-spyware sites that took over my computer till I shut it down, etc.

So in the past week I have done the following:

I ran Stinger, Ad-Aware, Malicious Removal Tool, CC Cleaner, Housecall, HS Remove, cwshredder, Kill2Me, all of which found nothing, and did a System Restore which had no effect..

Then I ran Malwarebytes and Stopzilla both of which found some Trojans, Malwares, Ad cookies etc and deleted them. (No worms that I could see.)

Since then I still have the following problems:

When I load Firefox - before the page loads in the upper left hand corner I get the following box:

"Java Application Type Error: spElement is null." (A search of "spElement is null" on Google turns up nothing.)

When I click OK, the message box disappears and Firefox loads. Sometimes a few different pages load, Ask.Com, My * 10.Com, etc. A couple pages sometime try to load but there is a message box that says the locations couldn't be found. I click off those pages, I seem to be able to use Firefox without any further problems.

If I try and load Internet Explorer, a bunch pf pages try to load, all with the same internet address with numbers, letters, and symbols that I have never seen before (not a foreign language, but symbols which aren't on my keyboard, letters, etc) Luckily for each page that tries to load, a message box comes up that says something like: That location could not be found.

Usually it is so bad that I just click off IE and give up on using that.

Since first running MalwareBytes and Stopzilla, I have run the following:

Updated HijackThis and had it analyze the list, and nothing came back checked. I ran Updated SpyBot-Search and Destroy, Updated SuperAntiSpyware in Safe Mode, Stopzilla again, and nothing found.

I loaded SpyWareBlaster today.

I deleted Firefox and reloaded it, and I am still getting the message box before Firefox will load, and my Internet Explorer page still tries to load tons of pages for that mysterious site.

I am afraid to go on Ebay/Paypal in case there is something serious on my computer that just can't be found yet.

Also, I am pretty much a neophyte when it comes to anything like ComboFix, or Root repeal, DDs logs Etc etc, All the things that most of the folks on this site seem to take for granted.

My questions are:

Any chance that my "problems" are just leftover traces from the malware and not really a serious problem? I have run so many updated scans and they keep coming back clean...............

Since alot of these cures seems to be very technical in nature, should I hire somebody like Computer Geeks that may have alot more experience in finding/correcting these problems, or would that be a waste of money???

Maybe just keep scanning/updating till the anti-virus/anti-malware programs catches up with whatever problem I have???

I will appreciate any info you can give me and I'll try and do any instructions you might have to get to the bottom of this.


Preferred Solution: A few leftover's that I can't seem to shake??

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: A few leftover's that I can't seem to shake??

I would do the following.....Use Rkill to stop the rootkit processes that start when the computer comes on. Then I run the Malwarebytes and SUPERAntiSpyware. Here are some DL links for the Rkill....LINK 1LINK 2LINK 3LINK 4Save it to your desktop and then double click to launch it (With Vista you need to right click and select run as administrator). You should see a little black window open and then close. If you see that box then it worked. If you don't see the black box then delete the file and use another download link and repeat the steps.After running Rkill update and run MBAM. Next I would install AFT Cleaner check the box for select all and then run it. Finally, I would run SUPERAntiSpyware. If you have more than one username then you will need to scan each user account seperately with this.

Read other 1 answers

hey guys. I have peerguardian 2 and everytime i start my computer someone called offeroptimizer.com/static.callinghome.biz[spy], st. also i was looking with spysweeper at my items that startup with windows and i noticed there is something called ShowWnd.exe and i googeld it and some things said it was malicious and some said it was not. Maybe you could help me out. Heres my Hijackthis log. Thanks.Logfile of HijackThis v1.99.1Scan saved at 4:20:18 PM, on 5/25/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files&#... Read more


Welcome leftover to Bleeping Computer.*Restart the computer.*as soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.*Use the arrow keys to select the Safe mode menu item*press Enter.***We need to make sure all hidden files are showing so please:* Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View Tab. * Under the Hidden files and folders heading select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK.***Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exeClick on Fix Checked when finished and exit HijackThis.***Open Windows Explorer.Find and delete this file:C:\Windows\System32\ShowWnd.exe***Reboot the computer to normal mode.Please post back in this topic with a fresh log using HijackThis.

Read other 16 answers

hi my name is dan and recently my comp caught a bug
i've downloaded mcaffee and norton antivirus and ran them (seperately of course) and had them delete anything they found

this didn't fix my problem so i downloaded a few add and spy killers
these removed alot of stuff but it keeps coming back

at first an add-w-a-r-e site pops up then outerwrapper gets loaded on my comp, then vbouncer and some other unwanted programs then finally i get vundo viruses (which my virus scanners catch)

any help would be greatly appreciated as i'm about at the end of my rope
i've posted my hijackthis log

Logfile of HijackThis v1.98.2
Scan saved at 2:37:12 AM, on 12/15/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\PR... Read more

A:can't seem to shake this

Before doing anything, MAKE SURE that you can keep your computer on (at least until we get it fixed). This infection requires us to detect and remove it without rebooting or restarting your computer. If you can't keep your computer on today, then I suggest that you don't get the logs yet until you are ready. With that said (when ready):

Please download the following programs required for the removal process:

Kill2Me http://www.greyknight17.com/spy/Kill2Me.exe
PV http://www.greyknight17.com/spy/pv.zip
VX2Finder(126) http://www.greyknight17.com/spy/VX2Finder(126).exe
Hoster http://www.greyknight17.com/spy/Hoster.exe
CleanUp! http://cleanup.stevengould.org/ or http://www.greyknight17.com/spy/Cleanup.exe
KillBox http://www.greyknight17.com/spy/KillBox.exe
notify.bat http://www.greyknight17.com/spy/notify.bat

Please follow the steps below:

1. Run Kill2Me.

2. Unzip the pv.zip files contents to your Desktop (NOTE: It MUST be on your Desktop!).
a) Open that folder on your Desktop and double click on the runme.bat file.
b) Type in 3 and hit your Enter key. Save the log file.
c) Type in 5 and hit your Enter key. Save the log file.
d) Remember to copy and paste both of these log files in the forum AFTER you are finished with the rest of the steps below.

3. Run notify.bat and it should open up a notify.txt Notepad file. Copy and paste this in the forum later.

4. Run VX2Finder(126) and click on the Find VX2.BetterInternet button. Click Make Log and po... Read more

Read other 3 answers

Hi, I've performed the suggested procedures before posting and am not able to get rid of the pop-ups. I'm not showing any problems on any of my adware software scans. Please help. I use Norton Antivirus, run MS Antispyware beta, and routinely run Spybot SD, and AdAware. I was not able to run the Panda or Tend Micro online scans but was able to run BitDefender online scan. Thanks in advance for your help.Logfile of HijackThis v1.99.1Scan saved at 12:14:27 PM, on 12/10/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\tpop\tpopservice.exeC:\Program Files\ewido security suite\ewidoctrl.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEC:\WINDOWS\system32\regsvc.exeC:\WINDOWS\system32\MSTask.exeC:\WINDOWS\System32\WBEM\WinMgmt.exeC:\Program Files\Citrix\ICA Client ... Read more

A:Can't Shake Pop-ups

Run Ewido after check for updatesDownload L2mfix from one of these two locations:http://www.atribune.org/downloads/l2mfix.exehttp://www.downloads.subratam.org/l2mfix.exeSave the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!* Note: If you receive an error while running option #1 like: ''C:\windows\system32\cmd.exeC:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications, choose close to terminate the application.."...then do one of the following:1: Click on the l2mfix.bat again and choose option # 5 for Fix Autoexec.nt/cmd.exe error.2: Alternatively, you can click the fixautont.html link in the l2mfix folder and follow the directions there to fix it manually.Do not run the fix portion without fixing the error first.After you have performed the procedures to fix the error, repeat the steps above to run option #1 for Run Find Log.

Read other 1 answers

Hello and thanks for taking the time out.
A month ago I started to get redirected on IE. Avg says all is fine or fixed problems. Housecall says its fine. A few days ago avg wont run (tried to run in safe mode too) and I keep getting booted off IE by a false microsoft secrity saying I have 30 infections (I end task, not touching a thing). I had a virus before and used other posts to fix the problem (I think it fixed it, pc ran fine). Now I cant download malware nor anything else from cnet.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:16:28 PM, on 3/28/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\Program ... Read more

A:something i cant shake

Read other 16 answers

hey whatsup guys i'm having a hard time shaking this conhook virus and its really giving me a hard time so someone please help a brother out!!!!

A:Can't Shake This Guy!

Sure thing.. Please tell us your operating system,antivirus amd spyware tools.Also run this...Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with th... Read more

Read other 4 answers

After finally getting the Windows 10 Anniversary Update to install, as expected, I had a WIndows.0ld file. Following instructions posted here and elsewhere, I used Disc Cleanup to remove most of that file.

There are still two folders remaining in Windows.old from System32, one in Drivers (IntcDaud.sys) and one in DriverStore (intcdaud.info.amd64xxxxx.) When I go directly to System32, both drivers appear in the same folders where they show in Wndows.old. Disc Cleanup no longer even recognizes Windows.old, so I cannot run it again to remove what appear to me to be extraneous entries.

Can I safely use Unlocker to try to remove the remaining Windows.old file, which likely would only work after a reboot? If not, is there some other method, short of using the Jaws of Life or a ten-pound sledge hammer to remove the leftover Windows.old file?

A:Windows.old leftover

Hello Not Myself,

Unlocker should work for you. If you like, OPTION THREE below should work as well.

Windows.old Folder - Delete in Windows 10

Read other answers

Can anyone tell me if there is such a progamme that can detect leftover programmes on the pc. By that I mean, when you have installed a programme and then decide you don't want it, you delete it from the add/remove control but it always seems to leave some file behind.

Is there anything that would clean all those files up? Hope I am making sense.


A:Leftover files?

Read other 14 answers

Hi I need help getting rid of some trojan/malware remains. Malwarebytes and tdsskiller don't find anything but I am still getting internet explorer redirects, windows firewall turned off & will not turn on and need help because it looks like I may have a rootkit hiding somewhere. I have included my dds files. Also avast is showing alot of "malicious URL blocked" messages and the process is C:\Windows\System32\ping.exe. I have ESAT, MBAM, SAS & HiJackThis logs. I have combofix, aswMBR & minitoolbox dl'd & ready to run but don't want to use them without your direction. I have windows 7 32 Thanks!

A:Win7Antispyware leftover fix

Update......running eset fixed the redirects but I wonder if I still have the rootkit. Eset said I had a variant of the Win32/Sirefef.DN trojan.

Read other 19 answers

HI, i removed a security program,and i now find that i have leftover files, i went into task manager found file location, but when i try to delete them, a popup say's i need permission. i am the only user on the pc and also administrater how do i obtain permision or is the another way to delete. i have vista premium 32-bit...thanks

A:Get rid of leftover files

Hi patch41, Take ownership of that file and then delete it.

Read other 5 answers

thank you for helping me,

Here is where we were working on Internet Explorer issues before I was told there was leftover malware items> http://forums.techguy.org/windows-xp/949714-internet-explorer-problem.html#post7597460

i ran the uninstaller then did the hijack this scan again.
i didn't see the two items you said i should check mark on the list.. so i looked back at the first log and they are listed, but now after the uninstall they are gone. because im not sure what to do, i didn't do the Norton uninstaller part yet.. this it the latest file after the uninstall.

i also noticed that when i would open any file the Search Settings v1.2.3 tried to open every time, and i had to hit the cancel button several times to close it. now that I've done the uninstall, it no longer does this. im guessing they are related somehow and i hope that this new information doesn't come too late..
thank you again for your help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:46, on 9/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\... Read more

A:Leftover infection

Search Settings seems to be gone alright.

As for Norton, it should be removed since you should never run more than one antivirus software at the time. They will work one against the other (Avira and Norton), cause your system to be slow and even freeze. Your computer will be even more vulnerable.

Your log is showing traces of past or present infection. After we're done here, we'll need to get you transfered to the Virus & Other Malware Removal forum.

Read other 1 answers

Hi there. I have one of those annoying redirect viruses that I can't seem to get rid of. A McAfee scan turned up nothing. MBAM scan turned up nothing. Yet I know there is something there because when I do searches they are redirected. I recently had one of those stupid Fake Virus Software viruses. Got rid of that. But then my computer messed up on me, so I went back to a restore point. Now I have this stupid redirect problem. Please help me fix this so I don't have to completely wipe my computer.

Here is my most current MBAM scan.
Malwarebytes' Anti-Malware 1.41
Database version: 3239
Windows 5.1.2600 Service Pack 2

11/27/2009 6:25:08 AM
mbam-log-2009-11-27 (06-25-08).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 153120
Time elapsed: 2 hour(s), 4 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Read other answers

Hi, I would like to begin by stating that in no way am I a trained IT guy. I am a lisenced electrician working for a reputable company. However, the company has asked me to design a network for data collection. This data would be stored somewhere so that any computer can access it in excel. I have approximatly 38 machines each with ethernet ports.

Where do I start!!!!

I can do basic ip addressing (all machines were addressed by me a few years ago), but setting up a new network without doing harm to the existing networks will be a challenge!

Wish me luck!

Read other answers

I have Ran malwarbytes and it detects a trogan, asks me to restart but its there again everytime i reboot and rerun malwarebytes, it says its running in my memory

Its called Trogan.agent c://windows/svchost.exe

20:09:12.0123 3300 TDSS rootkit removing tool Jul 24 2012 13:16:32
20:09:12.0465 3300 ============================================================
20:09:12.0465 3300 Current date / time: 2012/07/30 20:09:12.0465
20:09:12.0465 3300 SystemInfo:
20:09:12.0465 3300
20:09:12.0465 3300 OS Version: 6.1.7601 ServicePack: 1.0
20:09:12.0465 3300 Product type: Workstation
20:09:12.0465 3300 ComputerName: HIDAIAN-PC
20:09:12.0465 3300 UserName: Hidaian
20:09:12.0465 3300 Windows directory: C:\Windows
20:09:12.0465 3300 System windows directory: C:\Windows
20:09:12.0465 3300 Running under WOW64
20:09:12.0465 3300 Processor architecture: Intel x64
20:09:12.0465 3300 Number of processors: 4
20:09:12.0465 3300 Page size: 0x1000
20:09:12.0465 3300 Boot type: Normal boot
20:09:12.0465 3300 ============================================================
20:09:13.0150 3300 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:09:13.0154 3300 ============================================================
20:09:13.0154 3300 \Device\Harddisk0\DR0:
20:09:13.0154 3300 MBR partitions:
20:09:13.0154 3300 \Devic... Read more

A:Trogan i cant seem to shake

DownloadsystemlookLaunch it and copy this script and paste in the BOX
{25bbb843-78d7-f71c-3ba3-1c5560fd8569}Click on LOOK,post the generated logDownloadhttp://www.techspot.com/downloads/4716-malwarebytes-anti-malware.htmlInstall,update and run a full scan Click on SHOW results.Select all infections and remove itReboot the PC and scan MBAM once in regular mode until you get a clean logDownloadmini toolboxCheckmark following boxes: Flush DNSReport IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory sizeClick Go and post the result.DownloadFSS Checkmark all the boxesClick on "Scan".Please copy and paste the log to your reply.Downloadadware cleanerLaunch it click on Deletepost the generated log

Read other 14 answers


I'm working on a PC that was heavily infected. When I got it it had 53 viruses. It is now down to 7 but I can't shake them.

Any help would be greatly appreciated.


A:7 infections I can't seem to shake

In order to assist you effectively, we need more specific information. Please read:Before you post about a problem, Some simple guidelinesHow To Not Get or Give Technical Assistance on Usenet and Web ForumsWhat OS (Windows 7, Vista, XP) are you using? What issues/symptoms of infection do you have?What actions (security tools, scans have you taken so far?

Read other 1 answers

I just installed Norton 360 on my PC whjch is running windows XP. Before doing this I was told to remove all other antivirus programs that would interfear with Nortons 360. But for the life of me I can not remove the Yahoo online protection, or the AV icon that is always flashing down in the right hand corner. When I click on it a warning pops up that it failed to launch. The Verizon Yahoo online icons says "that one or more matters require my attention " If the Norton 360 covers all of that can I remove both programs and icons so I don't have to watch that blinking all the time? I looked in the add and remove program but it is not ther or its named something I don't know, Please help!

Read other answers

I have a Viewsonic A90f. The screen image does not shake only when it is at 60 Hz. I have a Radeon 9800 Pro 128MB. I have the latest drivers though windows shows my monitor as Plug and Play rather than Viewsonic A90f.

A:Jitter/Shake unless at 60 Hz

Read other 9 answers

I have looked everywhere and cannot find instructions on removing js/joke-shake. Can anyone help me? I'm running windows xp.

Read other answers

I am running Spykiller, AVG, and Pest Patrol and can not clean this Trojan Virus.

Trojan horse dialer.8.u found in C:\Windows\CWShredder01062004.exe

Trojan horse Backdoor.Hacdef.C

I don't know what to do. I tried sytem restore and it won't restore. Also if I search the internet for solutions my internet explorer closes automatically. I get the feeling I'm screwed.

In addition my browser has been hijacked by : http://aqwfgr.outhost.info/

WTF??!!?? Help me please. I am currently on the road and away from all my system discs so any help is greatly appreciated

A:Trojan I can't shake

Read other 12 answers

How r yas?

Im havin some promblems gettin rid of a virus! I am getting the following message in a warning pop-up :

Trojan horse Downloader.keenval.b found in

c:\system volume information\_restore{c8b5e980-fe68-4d4e-b8f7-bdeec166a6d4}-\rp66\a0019043.exe

To remove this virus please run AVG for windows.
Zone alarm is reporting this message around the same time as the warning pop-up :

The firewall has blocked internet access to your computer (HTTP) from ACBFF5F9.ipt.aol.com ( ( TCP Port 1301 ) TCP Flags: S ).

Maybe its not related and just chance im not sure?
Avg cant find the virus when i do a scan
Online scans report all clear
Adaware has been run several times
Spybot is clean and just about every other prog u can think of reports no errors.

Is it just a matter of locating the file under safe mode and deleting it or do u advise somethin else?

Heres my hijack log if this is any help :

Logfile of HijackThis v1.97.7
Scan saved at 12:11:35 AM, on 6/26/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Zone... Read more

A:Help me shake this Virus!!

The virus is located in one of your older System Restore points, which is likely why AVG doesn't see it. To delete your System Restore points, do this:

To clear existing restore points

1. Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore.

2. Click to add a check mark beside Turn off System Restore on all Drives, and click Apply.

3. When you are warned that all existing Restore Points will be deleted, click Yes to continue.

All system restore points are deleted. Now you should manually create a restore point.

1. Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore.

2. Click Create a Restore Point, and then click Next.

3. Name your restore point. (I use the date as well as a descriptive term such as "After Restore Point Deletion.")

Read other 2 answers

Hey Guys,
My computer contracted a host of bad stuff about a week ago. I ran VundoFix and switched from (the apparently worthless) McAfee to Panda. I think most everything is fixed, but Internet Explorer still has some symptoms. I keep getting unwanted pop-ups and redirected to crazy websites, especially to WinAnti-Virus Pro 2007, which the culprits apparently want me to purchase. I'm out of ideas. I hope you you can help!

A:Can't shake spyware

Read other 16 answers

Hello. Recently I contracted the virtumonde virus/malware and I've been having trouble deleting it from my system, pre-post I've tried nearly all the methods I found through Google hits and nothing seems to work. I've been using Spybot S+D and although it detects the trojan and (seemingly) "fixes" it every-time, after a reboot or 20 minutes or so pass, the virus merely re-establishes itself and sets-up shop again(introduces DLL and registry files I cannot deny). I'm pretty much comp-illiterate so please excuse my ignorance. I've followed the instructions laid out by you guys so if there's anything else you need just tell me and I'd be more than happy to oblige. Any help would be immensely appreciated.Here are the logs asked for:LOG.TXT:Logfile of random's system information tool 1.04 (written by random/random)Run by Taylor at 2008-12-06 05:13:28Microsoft Windows XP Home Edition Service Pack 3System drive C: has 29 GB (38%) free of 76 GBTotal RAM: 511 MB (7% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 05:13:54, on 12/6/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\windows\System32\smss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\windows\system32�... Read more

A:Cannot shake Virtumonde, Please HELP!

Hello TomWeaver402,I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with the fixes. So please disable TeaTimer by doing the following:1) Run Spybot-S&D2) Go to the Mode menu, and make sure "Advanced Mode" is selected3) On the left hand side, choose Tools -> Resident4) Uncheck "Resident TeaTimer" and OK any promptsYou can reenable TeaTimer once your system is clean.This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

Read other 38 answers

I've got 2 adware programs (I think) that I can't seem to get rid of. They are Expresso Menu and Text Enhance. I have a laptop running windows 7 home premium. I've searched on here for how to remove text enhance and followed the instructions that worked for another person. It seemed to fix it for a day and then it came back. Any help getting rid of these for good would be greatly appreciated.

Thanks in advance.

A:Adware I can't seem to shake

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 7 answers

I was searching for something online via Google Images, and when I went to click on one of the pictures, McAfee popped up with an alert that it attempted but failed to block something called "JS/Joke-Shake" from installing on to my computer.

McAfee failed to quarantine and/or delete it, and I attempted to delete the it from the location that McAfee said it was at (i.e., .../AppData/Local/Mozilla/Firefox/Profiles/lxjozmi9.default/Cache/1ACE9675dol), but that did not work, either.

I have no idea what to do. Advice would be much appreciated. Not sure if this info is necessary or not, but I'm on a HP laptop and I'm running Windows Vista.
Here is my HJT log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:16 AM, on 8/30/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\P... Read more

Read other answers

hi everyone.thanks for your help. a non responsive uipopuphidden appears when i shut my computer off. i have searched the issue and am providing my hjt log for someones knowledgeable interpretation. i've run atf cleaner, super anti-spywr, and verizon security suite anti virus and spy. any help will be greatly appreciated. cheers! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:43:13 PM, on 6/22/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exeC:\Program Files\CA\PPRT\bin\ITMRTSVC.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Raxco\PerfectDisk\... Read more

A:Can't Shake Uipopuphidden

HelloApologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one will be maximizedextra.txt <- this one will be minimizedIf not, they both can be found in the C:\Deckard\System Scanner folder.Please copy (Ctrl+C) and paste (Ctrl+V) the c... Read more

Read other 2 answers

I keep getting a McAfee pop-up window whenever I turn on my computer. It says:

"McAfee has blocked a potentially unwanted program (PUP) on your computer. If you do not recognize it, we recommend that you remove the program.

About this Potentially Unwanted Program
Name: JS/Joke-Shake
Location: C:\Documents and Settings\Ms.Miko\Local Settings\Application Data\Mozilla\Firefox\Profiles\lhtgry6t.default\Cache\_CACHE_003_

Spyware, adware, and other potentially unwanted programs can harm your computer, compromise its security, and damage valuable files."

McAfee is unable to remove it (of course). MBAM and SAS logs come up clean. I tried uninstalling and reinstalling Mozilla. When I took Mozilla off, it went away. As soon as I put it back, it popped back up again. Is Mozilla just unsafe now? It was the latest version of Firefox (version 3.6.3, I believe).

Thanks guys!


Hmmm soundslike a rootkit. Download this Utility and save it to your Desktop.Double-click the Utility to run it and and let it finish.When it states Finished! Press any key to exit, press any key to close the program.It will save a .txt file to your desktop automatically. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as part of the reply in the topic you will create below..

Read other 7 answers

Hi - this is my first post here, so please go easy on a "newb"! I have used the search function and looked through hundreds of threads here, but I can't seem to find anything that will help my plight. So here goes...

My problems started a couple of days ago when something popped up in the middle of my screen that looked very similar to the AVG screen, saying "Warning - virus detected" etc, with the usual "click here to clear the threat". Before I could click anything, another box opened, suspiciously similar to the Windows "shield" that pops up from the right hand side of the Start bar with another "click here to resolve the problem" etc. This was clearly a fake. Before I knew it, my screen was littered with stuff, mainly something called Defense Center, which was claiming to scan my PC to get rid of any threats.

I tried to see what unusual processes were running via Task Manager, but received the message "Task Manager disabled by Administrator". Unable to stop the constant pop ups, and with the PC filling up with Trojans, I switched off.

I then did some research (via Google) on my laptop re: Defense Center, and discovered that it is a pretty nasty virus. I followed all the manual instructions I could find (even though my main PC wouldn't let me open Notepad etc.) and it was a real battle - everytime I tried to run any Malware software, the virus popped up warning that my system was "under threat&qu... Read more

A:Help - can't shake off this Trojan!

Read other 8 answers

I have some critters running around in my PC. I have used Norton Anti Virus, HouseCall, Lavasoft Adaware, CWShredder and HiJack This. In most of these cases the programs detected bugs (detected bugs varied from scan to scan) but could not delete them because of a sharing violation / program in use messages (even in SafeMode). CWShredder did not detect anything. I have updated Windows OS and Explorer, still no luck. Originally Norton Virus popped up a window that said I had been infected with a virus. I was getting advertising pop ups regarding "win an x box", "search result for sport betting" and "WARNING: PC UPDATE" window that wanted me to download Spy Ware software from them (no I didn't fall for it). In addition to the pop ups my browser window was modified with links to gambling, drugs, anti spyware etc. I updated Norton, ran a scan and it supposedly quarentined the files. Still had problems. The web browser was back to normal but the pop ups were still comming up, sometimes blank.Next, I ran TrendsMicro HouseCall. Found a bunch of things and supposedly deleted them. Still having the pop ups.Then I ran Lavasoft AdAware, same result as HouseCall.Then I ran HiJack This and, with the help of my dad, deleted some files.Tried to log onto Merijn.org and was blocked (even using alternate IP address) but was able to go onto the main page and navigate to CWShredder. Tried it and it said no CW varients.The following is my most recent HiJack this log. ... Read more

A:HiJack This Log - Can't shake this bug

Print out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:O4 - HKLM\..\Run: [etbrun] C:\winnt\system32\elitevty32.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - your computer into Safe ModeThen delete these files or directories (Do not be concerned if they do not exist)C:\winnt\system32\elitevty32.exeReboot your computer to go back to normal mode and This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:Step 1:Delete Temp FilesTo clean out your temp files, click on Start and then run, and type %temp% and press the ok button.This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.Step 2: Delete Temporary Int... Read more

Read other 1 answers

Hey folks,

I've been struggling for a week with this problem now and finally am turning to some help from the pros here at BleepingComputer. Thanks so much in advance for any help you guys can give me. This really sucks, and I'd prefer not to reformat and reinstall Windows.

Out of the blue I was infected with Antimalware Doctor about 7-14 days ago. I found removal instructions and followed them, but it didn't seem to get rid of the program. I tried again the other day and now Antimalware Doctor seems to be gone. I'm running Windows Vista Home Edition with AVG and Spybot S&D installed. I've run Malwarebytes' Anti-Malware numerous times, and it's no longer reporting any infections.

However, now I have new problems. Here are my symptoms.

1) While browsing the web, I new tabs will pop up every once in a while with a page seeming based on what I've been surfing and searching for.
2) I will sometimes click on search results and be redirected to an unrelated site.
3) Google Chrome has ceased to work. I get a blank screen and can't load any pages.
4) When I bring up the Start menu, Open dialogues, etc. my computer freezes up for 1-2 minutes.

Here's the Malwarebytes log from a scan I just ran. I'm ready to follow instructions if you guys can help me out here!

Malwarebytes' Anti-Malware 1.46

Database version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

06/05/2010 1:22:45 PM... Read more

A:Can't shake this infection

If somebody could even point me to a thread with the instructions I might be looking for that would help... It seems like a lot of people are having similar problems.

Read other 8 answers

I have been getting this error message from Trend Micro as of this week.

Infected file: H:\System Volume Information\_restore{283C2FC7-7AEA-428E-95F9-CDA495BE65C3}\RP401\A0029255.exe


It has been a variation of numbers for the file name.

How do I rid myself of this?

I also have a known program on my computer that is not a virus but is flagged by Trend Micro as a virus. It is also listed as Virus name: TROJ_AGENT.AOFU. Is this other virus I started getting a byproduct of the other program?



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:12 PM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
H:\Cisco Systems\VPN Client\cvpnd.exe
... Read more

A:Trojan that I can't shake.


Read other 2 answers

[FONT=Times New Roman][SIZE=7][COLOR=Black]
http://searchmeup.com/index.php?aid=33953 is displayed when I start internet explorer. When I try to display properties on the C (Hard) drive, nothing happens.

Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


Logfile of HijackThis v1.99.1
Scan saved at 8:43:34 PM, on 04/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidese...2208416&id=5.0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidese...2208416&id=5.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://daosearch.com/index.php?id=186
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidese...2208416&id=5.0
R1 - HKLM\Software\Micr... Read more

A:Cannot shake the malware!

Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed..These instructions only apply to HJT v1.99.1

Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes.

Download any of the required programs before attempting to start any of the fixes.

Please do NOT run Hijack This in a TEMPorary folder or on the Desktop. I recommend c:/program files/HJT/

Turn off System Restore instructions (WinXP)
Rightclick My Computer | Properties | System Restore | check ?Turn off System Restore?, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point.

To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK

Download and run Adaware,SpyBot & CWShredder (check for updates) for a preliminary cleanup first.Some files below may not be present after running the above programs.Full instructions below.

How to setup Ad-Aware

Download Ad-Aware
Save aawsepersonal.exe into its own directo... Read more

Read other 7 answers

I followed DeanP's advice to get rid of some BSOD's and now after booting up from the computer sitting overnight I am getting constant BSOD. Can you please review the dumps and let me know what it is this time.

A:Can't shake these BSOD's

I'm seeing bad pool headers and memory corruption.
Did dean have you check the memory?
RAM - Test with Memtest86+

It should run for 5 to 7 passes, it will take a bit of time.

Read other 5 answers

I'm on window 7 starter.
how do u turn cascading window on?
I guess...accidentally turned it off.

A:shake window, and...?

Welcome to the Seven Forums, plum001. To cascade your windows, you can right click on the task bar at the bottom of your screen, and then click on "Cascade windows".

Read other 7 answers

when your windows are cascading,

how do you turn on or off seven feature,
that you hold the edge of a window with a pointer, and shake this window, and maximize this?

A:shake a window and max this?

Aero Shake - Enable or Disable

How to Disable Aero Shake Feature in Windows 7 and Later? - AskVG

Minimize windows on the desktop using Shake

Disable Aero Shake in Windows 7

Read other 1 answers

Windows 7 all updated and machine running good.

But when ever I open a video to watch, whether on Facebook or a news video, even you tube video's, they all have a shaking to them.

Any thoughts or ideas...


A:Video's shake

You might state which and if all browsers act the same way ?

Read other 9 answers

Windows 7 all updated and machine running good.

But when ever I open a video to watch, whether on Facebook or a news video, even you tube video's, they all have a shaking to them.

Any thoughts or ideas...


A:Video's shake

You might state which and if all browsers act the same way ?

Read other 9 answers

I am on the verge of nuking my entire HD. About six days ago my computer's CPU was being used through the roof so I checked out my processes and weirdly, nothing strange except IPconfig.exe temporarily popping up for about 0.50 seconds every 10 or so secs. I ran norman and found nothing, ran Trend Micro and found nothing. Shortly thereafter something ELSE, nbtstat.exe started launching itself, then i lost internet connection. No matter what i did, winsock rebuild or whatnot could get me back online.

I gave up at this time, and put in my winxp disc for a reinstall. I ran my second OS, (professional) without removing my old one so i now have 2 OS. It ran fine for two days, at which point Ipconfig began calling itself once again. I lost internet connection but got fed up. I downloaded some more virus scanners onto my usb drive and put it in. My new virus scanner (updated Trend Micro) found a virus and removed it. Upon winsock rebuild and reboot i was able to get online, so now i'm searching for assistance before I reformat. What would you do?

Read other answers

Where do I enable it?Debbie

A:aero shake

It's already enabled.
Provided, of course, that Aero is enabled (which, of course, requries that the hardware (and drivers) will run Aero.)  ;)[If this post helps to resolve your issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. By marking a post as Answered, or Helpful you help others find the answer faster.]

Read other 8 answers

One of my client's computers has got a lingering infection that I just can't seem to puzzle out and can't dedicate too much more diagnostic time.  Sort of here as a last ditch before just telling him his business isn't worth the time it's taking and cut my losses.
Attached are the FRST and Addition logs.
Thanks in advance,

A:Astromenda that just won't shake

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.start


HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1608735238-1190979878-325445184-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1608735238-1190979878-325445184-1000 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL =
SearchScopes: HKU\S-1-5-21-1608735238-1190979878-325445184-1000 -> {6A28AFCB-D7B6-4628-8EA2-D66964A22F01} URL =
SearchScopes: HKU\S-1-5-21-1608735238-1190979878-325445184-1000 -> {8214ADD5-AD05-4B67-BD93-C3BB6003BCCF} URL =
SearchScopes: HKU\S-1-5-21-1608735238-1190979878-325445184-1000 -> {9CB96984-43C3-4D44-90EF-0... Read more

Read other 2 answers

I had some help with a problem a couple months ago and thought I fixed it, but it seems like new problems have come up. Comp running slow, homepage changing, popups, and tons of errors to name a few. Adaware and Spybot haven't helped in the least.

Any help at all would be greatly appreciated. Thank you in advance.

Here's my latest log

Logfile of HijackThis v1.97.7
Scan saved at 7:58:12 PM, on 12/6/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\PROGRA... Read more

A:I can't shake this thing

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

You have an outdated version of HijackThis. Click here to get the latest version of HijackThis.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Download FixAgent and unzip it. Run FixAgent.exe. It should fix something. If nothing is fixed, skip to the next step for the HijackThis fixes. If something is found, also download home_missing_114 and unzip it. Run the Home winkey missing batch file. Remember: ONLY run home_missing_114 if FixAgent found something.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Ma... Read more

Read other 3 answers

I had a trial program loaded, the program was past the trial period and I forgot to uninstall it. When I did uninstall the program I thought all traces of it where gone. That was about a couple of months ago.
I decided that I would like to use it the program and tried to download it. The program started to download, but never finished the download. Got a message that "old version" needed to be removed.
I've done a search for the program, couldn't find any trace of the program. Went into regedit>software..found something I'm not sure if its the program or not. The program in question FakeWebCam...found in regedit>software "fwc" with 9 keys with values. The initials match the program's name.
Should I delete that folder from regedit?

A:Solved: Leftover Program

I just installed it into a virtual machine and it created the fwc key with 9 values so that's probably the one to delete. Always a good idea to export a copy first just in case.



Read other 3 answers


I am trying to help my friend again with her PC. I removed Adware and Kazaa a few months ago but someone installed Kazaa again so now I have to clean it up again. She promised her first born if it happens again.

I have installed the latest Windows security updates, cwshredder and Spybot but the browser is still not 100%. It is usable but there 4-5 ads when you launch. Here is her Hijack this file

Logfile of HijackThis v1.97.7
Scan saved at 7:00:14 AM, on 6/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common files\updmgr\updmgr.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\documents and settings\user\local settin... Read more

A:Leftover Kazaa problems

Read other 11 answers

I have previously posted in this forum about my computer on this thread: http://www.bleepingcomputer.com/forums/t/239917/google-redirect/. The google redirection issue described there was resolved, but there are still a few symptoms that indicate the computer may not be completely fixed. I was working with Blade81 via private message but we were unable to solve these symptoms. They are:When I log into the "Steve" account, I see this error message:
Error loading C:/DOCUME~1/Steve/protect.dll
The specified module could not be found.
(Note that the combofix in the previous thread was done to the Donna account)The antivirus program auto-update does not seem to be working. I can do a manual update, and I can see that automatic updates are enabled, but they do not seem to be executing.Uploading actions, such as sending an email or uploading pictures to Picasa, seem to take longer than they should.I have run DDS on the "Steve" account since it is the one that has the error message. Thanks in advance for any help you can provide.DDS (Ver_09-07-30.01) - NTFSx86 Run by Steve at 21:08:58.73 on Wed 09/02/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1679 [GMT -5:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k ... Read more

A:Leftover Malware from a Previous Fix

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 9 answers


Now that I seem to have removed my root-kit I now wish to figure out how to remove what is leftover from a Virumonde infection that I had last year. I am no longer infected, but have 2 calls for dll files that are left in the registry, and cause an error on system start, generating error boxes. I am simply tired of them, but had to get my other issues taken care of first.

Hijack This and MB both allow me to delete the registry entries for both dlls, but they keep reappearing. I have researched this, only to find that it has something to do with the system restore function in XP. That doesn't make sense to me as I have turned system restore off, and it still happens. That leads me to believe that this problem is coming from somewhere else, but I have no idea how to track it down.


A:Leftover Virtumonde trash

Read other 16 answers

So I contracted Smitfraud-c, as named by Spybot, and like everyone else I couldn't get it off. My computer was just going nuts; adding desktop icons, opening my browser, countless prompts ostensibly notifying me of spyware removal tools, and actually running these fake programs. I tried a few smitfraud cleaners and other recommendations to no avail.
Finally I tried using HJT to "delete a file on reboot.." and deleted the dll associated with smitfraud-c. I think I determined the dll file with the SpybotSD recovery listings following a scan, or something like that. Anyway, after I did this SpybotSD was actually able to delete the Smitfraud-c object. After numerous scans with all of my clean-up tools, they are no longer picking up any more malware.
I was happy about this, however things still arent completely right: Boot-ups take a long time (malware is starting up and initiating its hijack, I think), my home page keeps changing, and I'm pretty sure I'm seeing browser hijacker entries in my HJT log.
Security and cleanup tools that I use: SpybotSD, AdawareSE, Spyware blaster, AVG, windows firewall, CCleaner, RegCleaner, Windows disk cleaner and every now and then I'll run rootkit scanners. Here's my HJT log:

Running processes:
C:\WINDOWS\System32\svchost.e... Read more

A:smitfraud-c, leftover stuff

Read other 12 answers

This is not a big deal, but after cleaning up a mildly infected computer with Malwarebytes Professional, AdwCleaner and HitmanPro, I find I still have a running process for SearchProtect when I checked in Task Manager for anything else.  It is not showing it's using a lot of resources, but it is there.  The entry is located in the System 32 file.  I hesitate to remove anything from that file... Should I leave well enough alone or delete it?  Thanks!Edit: Topic moved from General Security to the more appropriate forum. ~ AnimalEdit: Topic moved from Am I Infected forum to the more appropriate forum. At the request of Malware Removal team member. ~ Animal

A:Leftover Conduit Entry

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

Read other 14 answers