adaware SE plus

mcmso · December 20, 2005, 05:40:52 PM

I need help with my Adaware SE Plus. everytime I run a scan on my computer Adaware finds a critical and then my computer shuts down, and restarts. I have other anti spyware installed and none of them have any problems. The others are Noadware, and winpatrol. Can someone help me figure this out plz....

michael

mitch · December 20, 2005, 06:33:46 PM

if you are doing a manual scan.......
the other programs can affect aaw ,and aaw can affect the other programs

it is like running two anti-virus programs, and two firewalls
they don't play nice ;-D

so try a manual scan with your other programs disabled !!!
i have seen problems with a/v to, so just shut down all, be offline and try a scan and let us know what happens
if it works, you can find out which one doesn't want to play nice

GR@PH;<'S · December 20, 2005, 09:13:00 PM

mcmso,
Apart forom trrying the things that mitch has said can you please make sure that you are using Ad-aware SE Build 106 plus with the latest Definition file (SE1R82.19.12.2005)
if you are not using Ad-aware SE Build 106 plus then I recommend that you get a fresh download of it then after installing it update it

(Note you will need the details that were sent to you when getting your fresh download of Ad-aware SE Build 106 plus

GR@PH;<'S :breakkie:

mcmso · December 20, 2005, 11:16:46 PM

I shut the others down and made sure i have the latest definitions: It worked once and now it freezes on me. I know there is a post about the freezing so i will try and read those. Any comments still welcome and thanks for the help.

Michael

GR@PH;<'S · December 20, 2005, 11:19:48 PM

mcmso,
Once you have tried that then if needed post your Adaware log file here

GR@PH;<'S :breakkie:

mcmso · December 22, 2005, 01:10:42 PM

still freezes on me, here is my log file

Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, December 22, 2005 8:03:20 AM
Using definitions file:SE1R82 19.12.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Deactivate Ad-Watch during Ad-Aware scans
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Reanalyze results after scanning before displaying results lists
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Show detail tooltips in results lists
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects

12-22-2005 8:03:20 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : S-1-5-21-220523388-1580436667-682003330-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : S-1-5-21-220523388-1580436667-682003330-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-220523388-1580436667-682003330-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-220523388-1580436667-682003330-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-220523388-1580436667-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-220523388-1580436667-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-220523388-1580436667-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-220523388-1580436667-682003330-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 664
ThreadCreationTime : 12-21-2005 10:21:35 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 720
ThreadCreationTime : 12-21-2005 10:21:38 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 744
ThreadCreationTime : 12-21-2005 10:21:39 PM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 792
ThreadCreationTime : 12-21-2005 10:21:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 804
ThreadCreationTime : 12-21-2005 10:21:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 956
ThreadCreationTime : 12-21-2005 10:21:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1124
ThreadCreationTime : 12-21-2005 10:23:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1220
ThreadCreationTime : 12-21-2005 10:23:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1392
ThreadCreationTime : 12-21-2005 10:23:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1424
ThreadCreationTime : 12-21-2005 10:23:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1544
ThreadCreationTime : 12-21-2005 10:23:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1828
ThreadCreationTime : 12-21-2005 10:23:16 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [point32.exe]
FilePath : C:\Program Files\Microsoft Hardware\Mouse\
ProcessID : 1892
ThreadCreationTime : 12-21-2005 10:23:17 PM
BasePriority : Normal

#:14 [acmonitor_x83.exe]
FilePath : C:\PROGRA~1\LEXMAR~1\
ProcessID : 2024
ThreadCreationTime : 12-21-2005 10:23:17 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Jetsoft Development Company ACMonitor
CompanyName : Jetsoft Development Company
FileDescription : ACMonitor
InternalName : ACMonitor
LegalCopyright : Copyright © 2000
OriginalFilename : ACMonitor.exe
Comments : By: Alan S Hong

#:15 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 332
ThreadCreationTime : 12-21-2005 10:23:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:16 [ctsysvol.exe]
FilePath : C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\
ProcessID : 452
ThreadCreationTime : 12-21-2005 10:23:19 PM
BasePriority : Normal
FileVersion : 1.3.8.0
ProductVersion : 1.0.0.0
ProductName : Creative Volume Control
CompanyName : Creative Technology Ltd
FileDescription : CTSysVol.exe
LegalCopyright : Copyright (c) Creative Technology Ltd., 2002-2003. All rights reserved.
OriginalFilename : CTSysVol.exe

#:17 [ctdvddet.exe]
FilePath : C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\
ProcessID : 460
ThreadCreationTime : 12-21-2005 10:23:19 PM
BasePriority : Normal
FileVersion : 1.0.3.0
ProductVersion : 1.0.3.0
ProductName : CTDVDDET
CompanyName : Creative Technology Ltd
FileDescription : CTDVDDET
InternalName : CTDVDDET
LegalCopyright : Copyright (c) Creative Technology Ltd., 2002-2003. All rights reserved.
OriginalFilename : CTDVDDET.EXE

#:18 [cthelper.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 472
ThreadCreationTime : 12-21-2005 10:23:19 PM
BasePriority : Normal
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper MFC Application
InternalName : CtHelper
LegalCopyright : Copyright (C) 2002-03
OriginalFilename : CtHelper.EXE

#:19 [bdswitch.exe]
FilePath : C:\progra~1\softwin\bitdef~1\
ProcessID : 572
ThreadCreationTime : 12-21-2005 10:23:21 PM
BasePriority : Normal

#:20 [bdnagent.exe]
FilePath : C:\progra~1\softwin\bitdef~1\
ProcessID : 608
ThreadCreationTime : 12-21-2005 10:23:22 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 0, 0, 0, 0
ProductName : BitDefender News Agent
CompanyName : SOFTWIN S.R.L
FileDescription : BitDefender News Agent
InternalName : News Agent
LegalCopyright : © 2005 SOFTWIN S.R.L.
OriginalFilename : BDNewsAgent.exe

#:21 [rcman.exe]
FilePath : C:\Program Files\Creative\MediaSource\RemoteControl\
ProcessID : 768
ThreadCreationTime : 12-21-2005 10:23:28 PM
BasePriority : Normal
FileVersion : 2.0.0.3
ProductVersion : 2.0.0.0
ProductName : Creative MediaSource 2 Remote Control System
CompanyName : Creative Technology Ltd
FileDescription : Remote Control Manager
InternalName : RcMan
LegalCopyright : Copyright (c) Creative Technology Ltd.,2003. All rights reserved.
OriginalFilename : RcMan.EXE

#:22 [ad-watch.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\
ProcessID : 876
ThreadCreationTime : 12-21-2005 10:23:29 PM
BasePriority : High
FileVersion : 3.1.2.17
ProductVersion : 3.2
ProductName : Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Watch System Protector
InternalName : Ad-Watch.exe
LegalCopyright : 1999-2004 Team Lavasoft
OriginalFilename : Ad-Watch.exe

#:23 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1292
ThreadCreationTime : 12-21-2005 10:24:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:24 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1308
ThreadCreationTime : 12-21-2005 10:24:14 PM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright (c) Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:25 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1368
ThreadCreationTime : 12-21-2005 10:24:14 PM
BasePriority : Normal
FileVersion : 6.14.10.7801
ProductVersion : 6.14.10.7801
ProductName : NVIDIA Driver Helper Service, Version 78.01
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 78.01
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:26 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1632
ThreadCreationTime : 12-21-2005 10:24:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:27 [xcommsvr.exe]
FilePath : C:\Program Files\Common Files\Softwin\BitDefender Communicator\
ProcessID : 1960
ThreadCreationTime : 12-21-2005 10:24:18 PM
BasePriority : Normal
FileVersion : 1, 8, 9, 0
ProductVersion : 1, 8, 9, 0
ProductName : Softwin BitDefender Communicator Server
CompanyName : Softwin
FileDescription : BitDefender Communicator Server
InternalName : XCOMMSVR
LegalCopyright : Copyright © 2003-2004 Softwin
OriginalFilename : xcommsvr.exe
Comments : Manages communication between BitDefender components

#:28 [wzqkpick.exe]
FilePath : C:\PROGRA~1\WINZIP\
ProcessID : 2400
ThreadCreationTime : 12-21-2005 10:54:47 PM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 10.0 (6595)
ProductName : WinZip
CompanyName : WinZip Computing LP
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright (c) WinZip International LLC 1991-2005 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip International LLC
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:29 [l2wind.exe]
FilePath : C:\Program Files\Lineage II\System\
ProcessID : 3152
ThreadCreationTime : 12-21-2005 11:02:45 PM
BasePriority : Normal

#:30 [livesrv.exe]
FilePath : C:\Program Files\Common Files\Softwin\BitDefender Update Service\
ProcessID : 3044
ThreadCreationTime : 12-22-2005 11:35:32 AM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : BitDefender 9
CompanyName : SOFTWIN S.R.L.
FileDescription : BitDefender Security Service
InternalName : LiveSrv
LegalCopyright : © 2005 SOFTWIN S.R.L.
OriginalFilename : livesrv.exe

#:31 [bdss.exe]
FilePath : C:\Program Files\Common Files\Softwin\BitDefender Scan Server\
ProcessID : 560
ThreadCreationTime : 12-22-2005 11:35:35 AM
BasePriority : Normal

#:32 [vsserv.exe]
FilePath : C:\Program Files\Softwin\BitDefender9\
ProcessID : 2200
ThreadCreationTime : 12-22-2005 11:35:39 AM
BasePriority : Normal
FileVersion : 9, 0, 0, 9
ProductVersion : 9, 0, 0, 9
ProductName : BitDefender 9
CompanyName : SOFTWIN S.R.L.
FileDescription : BitDefender Security Service
InternalName : VSServ
LegalCopyright : © 2005 SOFTWIN S.R.L.
OriginalFilename : vsserv.exe

#:33 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Plus\
ProcessID : 3900
ThreadCreationTime : 12-22-2005 1:02:53 PM
BasePriority : Normal
FileVersion : 6.2.0.237
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\psguard.com

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 13

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
<STOP>

GR@PH;<'S · December 22, 2005, 02:27:20 PM

mcmso,
I recommed that you try doing a thorough Disk Defrag and follow it with Check or Scan Disk depending upon your version of Windows.
Now it may take a few scans to complete, but it should work for you. Reboot after each scan
please can you clear out your cache folder ie: temporary internet folder also
please can you make sure that you still have "Ticks by these :
"Unload recognized processes during scanning",
"Let Windows remove files in use after reboot."
to do this Open Ad-aware SE
Click "settings" (the Gear)
then Click "Tweaks",
then click "Scanning Engine"
Tick ."Unload recognized processes during scanning"
Then Click "Cleaning Engine"
And Tick
"Let Windows remove files in use after reboot."
then Click "proceed".
now use the WebUpDate
(to make sure you are upto date) if you want to clean your PC then scan by doing a
"Full Scan" then and once the scan has finished
Highlite one items that there seems to be a bunch of.
Right click and choose the command to highlite all of those entries.
Then remove them.
then Reboot (ie: Re-start your PC)
(Do this with all of the items with multiple objects then When you are reduced to just the others items with one or a few, remove them. )
Then re-scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .
GR@PH;<'S :breakkie:

Corrine · December 22, 2005, 11:28:57 PM

Hi, mcmso. There was enough of a logfile to show up the problem. That psguard is part of the W32.Sinnaka.A@mm. I've been dealing with it daily at another site.

Follow these instructions carefully. You may want to print them so you don't miss a step.

First, please right click on the Ad-Watch icon in your system tray and make sure that "Automatic" is turned OFF. Since you will be scanning in safe mode, there is no need to disable the real time monitors. However, please accept any prompts for changes to the registry after you restart in normal mode.

A. Download and/or update the following programs. Install them but do NOT run them yet.

smitRem.exe© noahdfear. Save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop.
Place a shortcut to Panda ActiveScan on your desktop.
Download the trial version of Ewido Security Suite here: http://www.ewido.net/en/download/, following the setup instructions here: Ewido Security Suite (Trial) Instructions. Install Ewido and update the definitions to the newest files.
Download CCleaner from the link at the upper right of this page: http://www.filehippo.com/download_ccleaner.html .
Check Ad-Aware for updates.

B. Enter the Windows Control Panel and double-click on Add/Remove Programs. When the installed programs list appears, double-click on any of the following entries that appear, and allow them to uninstall ... no worries if you don't see some/all of them:

Security IGuard
Virtual Maid
Search Maid
PSGuard

Then exit the Add/Remove Programs screen and the Control Panel.

C. Instructions for using CCleaner
Before first use, check under Options > Advanced > UNcheck "Only delete files in Windows Temp folder older than 48 hours".
A pop up box will appear advising this process will permanently delete files from your system.
To protect logon cookies that you wish to retain, under Options > Cookies. Select and using the arrow move those cookies to the "Cookies to keep" column.
Then select the items you wish to clean up:

In the Windows Tab:

Clean all entries in the "Internet Explorer" section.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.

In the Applications Tab:

Clean all in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.
Click the "Run Cleaner" button and it will scan and clean your system.
Click exit.

D. Next, please reboot your computer in SafeMode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

E. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

F. Open Ad-Aware and do a full scan. Before scanning, UNcheck "Search for negligible risk entries". Remove all it finds.

G. Shutdown/Restart in SafeMode as instructed above. Run Ewido:
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop.
Now close ewido security suite.

H. Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.

I. Reboot back into Windows and click the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
  Post the contents of the Panda scan report, along with a new Ad-Aware SE Log run in Normal Mode (without MRU's, please), the contents of smitfiles.txt and the Ewido Log by using Add Reply.
  
  Let us know if any problems persist.

Corrine · December 23, 2005, 01:09:46 PM

Note: An alternate download site has been added for the smitRem© fix. If you cannot get it from the link above, please use this site: smitRem.exe.

Thank you.

mcmso · January 10, 2006, 01:43:24 PM

I finally got around to fixing my computer and every thing worked out great. Thanks so much for all your help. Its always great when you have the right people who know what there doing to help you. If i can ever help in anyway I hope to return the favor one day...

Thanks again,

Michael

:gwave:

GR@PH;<'S · January 10, 2006, 02:58:37 PM

mcmso,
Glad to here that you have got your PC sorted out :gwave:
Now Do not forget where we are and ofcause feel free to join in if you want

(we not bite well most of us dont :hysterical:)

GR@PH;<'S :breakkie: