[Littan]

Aight, I've cleared the cache now usin the Java consol (java plug-in control panel).
So, now it's only left with the removin "HijackThis". I didn't not quite understand wha u meant by "using the software panel". Is this the same as removing it using Add/Remove Programs from the Control Panel?

I would love to learn some tips for the future and yeah, u can close this topic once the computer runs ok.
Thanxxx sooo much again!!

[Advertisements]

You are doing just fine

Indead, use add/remove programs to remove all of HijackThis.

Let me know if I can post you the tips and close the topic ('once the computer runs ok').

[g2i2r4]

You are doing just fine

Indead, use add/remove programs to remove all of HijackThis.

Let me know if I can post you the tips and close the topic ('once the computer runs ok').

[Littan]

Okay. I tried to remove it, but it said "An error occurred while trying to remove HijackThis 1.99.1. It may have already been uninstalled."
I don't remember uninstalling it though. Should I just assume it has been uninstalled and go ahead, or there is a way to check if it's actually in the system somewhere?

[g2i2r4]

According to your log there should be a folder on your desktop. If it's no longer there you probably removed the folder.

[Littan]

Oh yeah, it's on the desktop, but I just couldnt remove it from the Add/Remove Programs.....Should I just delete the whole folder from the desktop?

[Littan]

I deleted HijackThis folder from the desktop, even though it warned me tha some of the programs might not function well if modified or deleted. Then I rebooted the computer.
I then scaned the computer with Ad-Aware and it found Winfixer (3 of them) in the system. Then I deleted them (usin Ad-Aware) and restarted the computer.
When I scanned again after the restart, it found no winfixer. So, is it safe to assume tha the computer is now winfixer-free?

[g2i2r4]

It must have found something left behind in the Registry.

Can you post me the log?

[Littan]

Okay, here's the log I got from the quarantine list, after I scanned and deleted the winfixer. I didn't save the log before removing them. I hope this helps.

ArchiveData(auto-quarantine- 2005-10-10 14-35-12.bckp)
Referencefile : SE1R69 05.10.2005
======================================================

MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\semuye\Application Data\microsoft\office\recent\Assignments.LNK
obj[1]=MRU FileReference : C:\Documents and Settings\semuye\recent\Activescan.txt.lnk
obj[2]=MRU FileReference : C:\Documents and Settings\semuye\recent\BBC Live.ram.lnk
obj[3]=MRU FileReference : C:\Documents and Settings\semuye\recent\DW TV.ram.lnk
obj[4]=MRU FileReference : C:\Documents and Settings\semuye\recent\Geeks to Go Forums - Winfixer problem - Desperately in need of help!.htm.lnk
obj[5]=MRU FileReference : C:\Documents and Settings\semuye\recent\Not yet.doc.lnk
obj[6]=MRU FileReference : C:\Documents and Settings\semuye\recent\Personal Stuff.lnk
obj[7]=MRU FileReference : C:\Documents and Settings\semuye\recent\RBC Visa Online Payment.doc.lnk
obj[8]=MRU FileReference : C:\Documents and Settings\semuye\recent\VundoFix.lnk
obj[9]=MRU FileReference : C:\Documents and Settings\semuye\recent\vundofix.txt.lnk
obj[10]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\search assistant\acmru\5603
obj[11]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\search assistant\acmru\5604
obj[12]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[13]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs\.avi
obj[14]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs\.bmp
obj[15]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs\.doc
obj[16]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs\.htm
obj[17]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs\.jpeg
obj[18]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs\.jpg
obj[19]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs\.log
obj[20]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs\.mp3
obj[21]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs\.mpeg
obj[22]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs\.mpg
obj[23]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs\.nrg
obj[24]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs\.pdf
obj[25]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs\.ram
obj[26]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs\.rar
obj[27]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs\.txt
obj[28]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs\.wav
obj[29]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs\.wmv
obj[30]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs\.xml
obj[31]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs\.zip
obj[32]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
obj[34]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\runmru
obj[63]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\realnetworks\realplayer\6.0\preferences\MostRecentClips8
obj[56]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\realnetworks\realplayer\6.0\preferences\MostRecentClips1
obj[57]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\realnetworks\realplayer\6.0\preferences\MostRecentClips2
obj[58]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\realnetworks\realplayer\6.0\preferences\MostRecentClips3
obj[59]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\realnetworks\realplayer\6.0\preferences\MostRecentClips4
obj[60]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\realnetworks\realplayer\6.0\preferences\MostRecentClips5
obj[61]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\realnetworks\realplayer\6.0\preferences\MostRecentClips6
obj[62]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\realnetworks\realplayer\6.0\preferences\MostRecentClips7
obj[90]=MRU RegReference : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows media\wmsdk\general computername

WINFIXER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[18]=Regkey : system\controlset001\enum\root\legacy_df_kmd
obj[19]=Regkey : system\currentcontrolset\enum\root\legacy_df_kmd
obj[20]=File : C:\System Volume Information\_restore{3E12976A-0E80-4224-B2AD-4460E6D57ED0}\RP554\A0124449.dll


***Below is another scan log tha I did after running the above scan, where it said it found no winfixer***

Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, October 10, 2005 4:24:57 PM
Using definitions file:SE1R69 05.10.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


10-10-2005 4:24:57 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\semuye\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-329068152-1993962763-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 460
ThreadCreationTime : 10-10-2005 9:40:20 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 512
ThreadCreationTime : 10-10-2005 9:40:22 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 536
ThreadCreationTime : 10-10-2005 9:40:25 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 580
ThreadCreationTime : 10-10-2005 9:40:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 592
ThreadCreationTime : 10-10-2005 9:40:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 744
ThreadCreationTime : 10-10-2005 9:40:28 PM
BasePriority : Normal


#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 764
ThreadCreationTime : 10-10-2005 9:40:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 824
ThreadCreationTime : 10-10-2005 9:40:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 892
ThreadCreationTime : 10-10-2005 9:40:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [incdsrv.exe]
FilePath : C:\Program Files\Ahead\InCD\
ProcessID : 940
ThreadCreationTime : 10-10-2005 9:40:29 PM
BasePriority : Normal
FileVersion : 4, 3, 0, 5
ProductVersion : 4, 3, 0, 5
ProductName : Ahead Software AG incdsrv
CompanyName : Ahead Software AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Ahead Software AG
OriginalFilename : incdsrv.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1088
ThreadCreationTime : 10-10-2005 9:40:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1208
ThreadCreationTime : 10-10-2005 9:40:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1300
ThreadCreationTime : 10-10-2005 9:40:31 PM
BasePriority : Normal
FileVersion : 2.2.2.008
ProductVersion : 2.2.2.008
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:14 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1324
ThreadCreationTime : 10-10-2005 9:40:31 PM
BasePriority : Normal
FileVersion : 2.2.2.008
ProductVersion : 2.2.2.008
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:15 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1456
ThreadCreationTime : 10-10-2005 9:40:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:16 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1512
ThreadCreationTime : 10-10-2005 9:40:31 PM
BasePriority : Normal


#:17 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1560
ThreadCreationTime : 10-10-2005 9:40:32 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:18 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 1712
ThreadCreationTime : 10-10-2005 9:40:33 PM
BasePriority : Normal
FileVersion : 5.1.0.30
ProductVersion : 5.1.0.29
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:19 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1720
ThreadCreationTime : 10-10-2005 9:40:33 PM
BasePriority : Normal
FileVersion : 2.2.2.008
ProductVersion : 2.2.2.008
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:20 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\
ProcessID : 1968
ThreadCreationTime : 10-10-2005 9:40:33 PM
BasePriority : Normal
FileVersion : 9.0.3.1000
ProductVersion : 9.0.3.1000
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:21 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1976
ThreadCreationTime : 10-10-2005 9:40:33 PM
BasePriority : Normal
FileVersion : 0.1.0.3275
ProductVersion : 0.1.0.3275
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:22 [ssaad.exe]
FilePath : C:\PROGRA~1\Sony\SONICS~1\
ProcessID : 1984
ThreadCreationTime : 10-10-2005 9:40:33 PM
BasePriority : Normal
FileVersion : 3.0.00.13241
FileDescription : SonicStage Atrac Hard Disk Monitor
InternalName : SonicStage Atrac Hard Disk Monitor
LegalCopyright : Copyright 2005 Sony Corporation

#:23 [msgplus.exe]
FilePath : C:\Program Files\MessengerPlus! 3\
ProcessID : 2004
ThreadCreationTime : 10-10-2005 9:40:34 PM
BasePriority : Normal


#:24 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2012
ThreadCreationTime : 10-10-2005 9:40:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:25 [ypager.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 2044
ThreadCreationTime : 10-10-2005 9:40:34 PM
BasePriority : Normal


#:26 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 176
ThreadCreationTime : 10-10-2005 9:40:34 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:27 [ad-watch.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 236
ThreadCreationTime : 10-10-2005 9:40:35 PM
BasePriority : High
FileVersion : 3.1.2.17
ProductVersion : 3.2
ProductName : Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Watch System Protector
InternalName : Ad-Watch.exe
LegalCopyright : 1999-2004 Team Lavasoft
OriginalFilename : Ad-Watch.exe

#:28 [googletalk.exe]
FilePath : C:\Program Files\Google\Google Talk\
ProcessID : 252
ThreadCreationTime : 10-10-2005 9:40:35 PM
BasePriority : Normal
FileVersion : 1,0,0,72
ProductVersion : 1,0,0,72
ProductName : Google Talk
CompanyName : Google
FileDescription : Google Talk
InternalName : Google Talk
LegalCopyright : Copyright © 2005
OriginalFilename : googletalk.exe

#:29 [defwatch.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 436
ThreadCreationTime : 10-10-2005 9:40:39 PM
BasePriority : Normal
FileVersion : 9.0.3.1000
ProductVersion : 9.0.3.1000
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright 1998 - 2004 Symantec Corporation. All rights reserved.
OriginalFilename : DefWatch.exe

#:30 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 508
ThreadCreationTime : 10-10-2005 9:40:42 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:31 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 504
ThreadCreationTime : 10-10-2005 9:40:42 PM
BasePriority : Normal
FileVersion : 7.5.0299
ProductVersion : 7.5.0299
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:32 [savroam.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 956
ThreadCreationTime : 10-10-2005 9:40:42 PM
BasePriority : Normal
FileVersion : 9.0.3.1000
ProductVersion : 9.0.3.1000
ProductName : Symantec SAVRoam
CompanyName : symantec
FileDescription : SAVRoam
InternalName : SAVRoam
LegalCopyright : Copyright 2002 - 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SAVRoam.exe

#:33 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1128
ThreadCreationTime : 10-10-2005 9:40:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:34 [rtvscan.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 1284
ThreadCreationTime : 10-10-2005 9:40:45 PM
BasePriority : Normal
FileVersion : 9.0.3.1000
ProductVersion : 9.0.3.1000
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:35 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1528
ThreadCreationTime : 10-10-2005 9:40:46 PM
BasePriority : Normal
FileVersion : 1, 8, 54, 478
ProductVersion : 1, 8, 54, 478
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:36 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1616
ThreadCreationTime : 10-10-2005 9:40:47 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:37 [ssscsisv.exe]
FilePath : C:\Program Files\Common Files\Sony Shared\AVLib\
ProcessID : 2228
ThreadCreationTime : 10-10-2005 9:41:28 PM
BasePriority : Normal
FileVersion : 3.0.00.13241
ProductVersion : 3.0.00
ProductName : SonicStage
CompanyName : Sony Corporation
FileDescription : SonicStage Scsi I/F Server
InternalName : SSScsiSV
LegalCopyright : Copyright 2005 Sony Corporation
OriginalFilename : SSScsiSV.EXE

#:38 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2696
ThreadCreationTime : 10-10-2005 9:41:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:39 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3292
ThreadCreationTime : 10-10-2005 10:52:28 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:40 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1496
ThreadCreationTime : 10-10-2005 11:15:29 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:41 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 3848
ThreadCreationTime : 10-10-2005 11:21:54 PM
BasePriority : Normal
FileVersion : 6.2.0.238
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 3




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3

4:33:46 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:48.656
Objects scanned:136336
Objects identified:0
Objects ignored:0
New critical objects:0

[g2i2r4]

Thank you, I'll pass this information to the creator of the tool (Atribune).

Looks like even AdAware says you're clean now.

Shall I post you some tips for the future and close this topic then?

[Littan]

That's great! Thank you sooo much. I cannot thank you enough for everythin! And yeah, please do post some tips for the future and close the topic.

[g2i2r4]

You're most welcome.

Please follow these simple steps in order to keep your computer clean and secure:

• Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
  
  You can find instructions on how to enable and re-enable system restore here:
  
  Managing Windows Millenium System Restore
  
  or
  
  Windows XP System Restore Guide
  
  Re-enable system restore with the instructions from the tutorial above
  
  
• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
• Use an AntiVirus Software - It is very important that your computer has an anti-virus software running. This alone can save you a lot of trouble with malware in the future.
  
  See this link for a listing of some online & their stand-alone antivirus programs:
  
  Virus, Spyware, and Malware Protection and Removal Resources
  
  
• Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
  
  For a tutorial on Firewalls and a listing of some available ones see the link below:
  
  Understanding and Using Firewalls
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer always has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & Hijacker protection on your computer alongside your virus protection. You should also scan your computer with this program on a regular basis just as you would an antivirus software.
  
  A tutorial on installing & using this product can be found here:
  
  Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
  
  
• Install Ad-Aware – Download and install Ad-Aware. You should also scan your computer with this program on a regular basis just as you would an antivirus software in conjunction with Spybot.
  
  A tutorial on installing & using this product can be found here:
  
  Using Ad-aware to remove Spyware, Malware, & Hijackers from your Computer
  
  
• Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  A tutorial on installing & using this product can be found here:
  
  Using SpywareBlaster to protect your computer from Spyware and Malware
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.