Yep, you got it right. It will open the process information window. I will need the type of file, description and location.

I actually cant get it to show up anymore but if it does ill post the info here. I also had a question. My Idiot friend installed a backdoor on my computer called Posion Ivy. He says he uninstalled it but im not sure i belive him, any way i can make sure. Apparantly its injected into the winlogon process and is undetected by bitdefender, nod32 and any adware software i have used. any ideas?

I've done a bit of reading on this on the web.

• Run Registry Editor (Start Button -> Run, then type 'regedit' and click OK) and find the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components

• .. and look for any sub-Key(s) that have only a StubPath entry in the Name column (legitimate entries typically have Version, Locale, or ComponentID at the very least).

• Make note of the name & location of any files that are pointed to in the 'Data' column of the StubPath, typically in either the C:\Windows\System32 directory (default), or in C:\Windows)
• Do a file Search, locate and verify the authenticity of any file(s) mentioned in the above StubPath
• Look for a similar filename to the above, but with no file extension (this is typically the keylogging/activity-tracking data file)

tip: Sort your files by 'Type', and then look for files of the generic 'File' type (no extension). Though the server (& logfile) could use *any* filename, confirmed reported filenames have included: - RegMen.exe - lssas.exe (Note: do not confuse with legitimate file, 'lsass.exe') - svlchost.exe (Note: do not confuse with legitimate file, 'svchost.exe')

Did you find anything?


Note:
This Trojan may open a port on your computer that may enable one to gain remote control of your computer. It is recommended that you change all of your passwords even if it was your friend who put it in. If you bank online, you might consider changing your credit card and bank account numbers. You should also monitor your credit card and bank statements carefully over the next several months for signs of fraudulent activity.

RunDLL32 is back and i got the properties from hijack this:

Process Name: rundll32.exe
Type of File: Application
Description: Run a DLL as an app
Location: C:/WINDOWS/System32

And as for the Backdoor i followed those instructions before and i thinki got rid of it i just wanted to knwo if there was any other way to make sure.

Looks good to me.

If you want to check if there are any remnants of the backdoor I would suggest running some online scanners. You will not have to install any new programs on your computer.

Here are a few online scanners that you can possibly run:
Panda ActiveScan – Free online antivirus to combat viruses, spyware and other Internet threats.
Trend Micro - Free online virus Scan



If they detect anything other than the typical tracking cookies, I'll be happy to have a look at it. I'll keep this thread open for now.

alright thanks alot