Hello, everyone, I am a newbie on here so bear with me, if I am in the wrong place please feel free to move me.

I am having troubles with incomplete downloads being stuck on my desktop, no matter what I do I cannot delete them, they delete and then when re-start they appear before my eyes. tried deleting in safe mode but to no avail. Any help would be great cause its driving me round the bend. :icon_salu

Alvin.And.The.Chipmunks[2007]DvDrip[Eng]-aXXo
Bee Movie avi
elliminate stress
trojan.remover.EXE

these are the ones in questions.

PLEASE HELP BECAUSE I AM GOING NUTTY TRYING TO SORT IT,

many thanks

OK, I am not sure if you know this, but number one, I would stay away from anything saying - aXXo. <-- That guy is a fake. aXXo does not have a minus sign in front of his name, and he doesn't password or .rar his files.

Next, download Unlocker (http://ccollomb.free.fr/unlocker/) (this link goes straight to the author's site) and see if that will remove it.

If that doesn't work, try Killbox (http://killbox.net/).

Good luck.

P. S. Also, try to avoid at ALL cost (just don't do it) downloading a trojan remover or anti virus/malware apps. They have viruses approximately 97% of the time unless you are in a secure private tracker... though even if God uploaded it, I still wouldn't DL.

ALWAYS read the comments left by other users before dl'ing.

Try (just do it) to stay away from passworded files, too. There are too many without one, and it goes against the purpose of P2P (sharing). Most of the time they are scam sites that want your money (and you still won't get the pass)or are infested with little gifts that keep on giving...

Trust me. I know this stuff for my day job.

One more thing (Snap!), don't ever, I mean EVER download anything from a torrent site that is an executable file. Ever. Especially an executable anti virus/ malware app.

I am half asleep and suppose I was preoccupied with the fake aXXo (the real one is a friend) when I should have been focusing on your trojan.remover.EXE. Could be the cause of your misfortune.

ok, thanks for the advice, I have already tried unlocker to no avail. I have just tried killbox and it says deleting directory and all looks hunky dory until I come to re-boot and they appear again, oh my god, its so frustrating

Wow. That sucks. Hopefully someone will be able to help and you will not have to reformat.

Did you try it in safe mode as well, and have you run your anti virus?

Also, you may want to do everything on this page-
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Overview

If it still does not delete, I would suggest Trend Micro's Sysclean which can be found here-
http://www.trendmicro.com/download/dcs.asp

Follow ALL instructions to the letter, running in safe mode. You will probably want to go somewhere for 3-4 hours, unless you have another computer to work on as it takes that long to run.

If it's a virus (hope that's all it is), it will kill it. If it's a worm however...that will be bad and probably require sending to "The Shop."

You will know if it's a worm when you get home. Just by looking at the screen. It will be doing not pretty things. Like....flipping.

Sorry. I regressed for a moment...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:14:05, on 23/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\AOL\1209200015\ee\AOLSoftware.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1209200015\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \EOK01CA3\ACTIVI~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \BMNJKUW1\ADS_1_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \EOK01CA3\START_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \EOK01CA3\ADS_1_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \1PE2TTA2\ADS_1_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \W4KSEEUX\START_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \4CUM1EC1\ACTIVI~2.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \4CUM1EC1\ADS_1_~1.SH!
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [ares master edition] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZK
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE4\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Yahtzee/Images/armhelper.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{183B18F0-0D10-482A-AF6E-7500E97BD293}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{183B18F0-0D10-482A-AF6E-7500E97BD293}: NameServer = 205.188.146.145
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Compingo License Service - Compingo - C:\Program Files\Common Files\Compingo Shared\Service\CompingoLicSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 16359 bytes

This is my log if that means anything to anyone,

Looks like you could kill probably these two (Check them, the Click-> "Fix Checked")-
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)

This looks way weird-
\TEMPOR~1\Content.IE5 \EOK01CA3\ACTIVI~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \BMNJKUW1\ADS_1_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \EOK01CA3\START_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \EOK01CA3\ADS_1_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \1PE2TTA2\ADS_1_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \W4KSEEUX\START_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \4CUM1EC1\ACTIVI~2.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \4CUM1EC1\ADS_1_~1.SH!

What is this for? Do you know?

O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/...aderMediaX.cab

If you need to, at the bottom of the HJT window is a button that says, "Analyze This" and will upload it to Trend Micro. There you will get more info on each item, or items that you do not know what they are for.

Another tip is to rename your HJT to something else (I renamed mine "shell.exe"), as some malware looks for HJT to be scanning.

Sorry I cannot be of more help...

Hi, I have kill the 2 files 02, and 03, like you said although I don't actually know what was supposed to happen, I really don't understand all these numbers and letters lol, also in you asking what is O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/...aderMediaX.cab
I have no idea at all,
when you say it looks weird, is that weird as in weird or weird as in I have a major problem

Do you have more than 1 hard drive? If yes, I would suggest get a copy of Acronis True Image for next time anything happened. Backup your C: drive as image file to another hard drive, so you can restore your C: drive in less than 10 mins. or so!

Hi, I have kill the 2 files 02, and 03, like you said although I don't actually know what was supposed to happen...

Nothing except get extra crap off that you don't need.

... I really don't understand all these numbers and letters lol,

There is a tutorial on the HJT site (Trend Micro) that will tell you what all those numbers mean (I think. There used to be, befre Trend Micro bought it, so I don't know).

...also in you asking what is O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/...aderMediaX.cab
I have no idea at all,
when you say it looks weird, is that weird as in weird or weird as in I have a major problem

Weird as in you don't know what it is weird. Use the button at the bottom of the HJT window that I told you about above.

I'm leery to say "delete it" just yet (If it were MY computer I would, but I don't want to tell you too, then feel responsible if it were some kinda I-don't-know-what...

You might (I would) want to DL Systernal's Rootkit Revealer (http://www.download.com/RootkitRevealer/3000-2248_4-10543918.html?tag=lst-1&cdlPid=10543917). See if anything shows up...

thanks, I have done rootkit revealer and it has shown up some things, now I don't know what they are or what to do about them, lol
HKLM\SECURITY\Policy\Secrets\SAC* 11/08/2004 02:23 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 11/08/2004 02:23 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{692B8041-F1C5-4881-82E9-4F94BBA34AC2} 24/06/2008 09:05 0 bytes Hidden from Windows API.
HKLM\SOFTWARE\Classes\Interface\{0FC93E03-7B64-4969-AA46-F1E7F3C47614} 24/06/2008 09:05 0 bytes Hidden from Windows API.
HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E} 24/06/2008 09:05 0 bytes Hidden from Windows API.
HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A} 24/06/2008 09:05 0 bytes Hidden from Windows API.
HKLM\SOFTWARE\Classes\webcal\URL Protocol 24/10/2005 11:57 13 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 12/01/2008 10:58 0 bytes Access is denied.
C:\Documents and Settings\Tania Linge\Local Settings\Temporary Internet Files\Content.IE5\QUBCVYR8\GetMessages[3].htm 24/06/2008 09:15 2 bytes Hidden from Windows API.
C:\WINDOWS\Temp\sqlite_uckvanZQimQmxur 24/06/2008 09:22 0 bytes Visible in directory index, but not Windows API or MFT.

Damn dude. I have never found anything with the rootkit revealer.
So I would suggest you run the Sysclean, like asap...(follow instructions exactly as they are written.)

Then again, I am just a girl. Perhaps someone else can give you a better idea. I haven't seen any though...


Please go here-
http://www.trendmicro.com/download/dcs.asp

Read towards the bottom- Follow directions carefully.
Again, this virus clean up may take 3 or more hours...
(Download what I have typed in red)-


"If you are not a Trend Micro customer please download the following file.

Sysclean Package 4.5MB
MD5 checksum: dc4245497ae15779d658e5cbc947a213 *SysClean.com

NOTE:
For instructions on how to use this package, consult the "How to Use" section of the readme file, readme_sysclean.txt. (http://www.trendmicro.com/ftp/products/tsc/readme.txt) This file also contains the description and the different features of this package.

Note that for the Trend Micro Sysclean Package to be effective, you must download and place the latest pattern file in the same folder as the Trend Micro Sysclean Package.


DCT CONTROL RELEASE
Download Latest DCT Control Release (http://www.trendmicro.com/download/pattern-dcs.asp)

The Damage Cleanup Template (DCT) Control Release is a pre-release version of Damage Cleanup Template (DCT) and is updated by TrendLabs almost as often as new samples come in. Since it is designed to clean registries and system files from 'in-the-wild' malware infections, DCT Control release receives only preliminary testing. DCT Control Release also must be deployed manually to your product.

Click the link above for additional information and deployment instructions. Users are advised to read the succeeding disclaimer carefully before downloading the current DCT Control Release."

Then again, I am just a girl...

will you stop saying that!

err, i have a few questions:

1. how did you download the files? torrent?what client are you using?

2. i'm guessing you're using ares, have you canceled the downloads in ares?

3. (completely unrelated)why are you using 2 AV programs? it only has disadvantages. i'd choose mcafee over avast(between the two you have installed), but thats just me.

just wanted to confirm. let us know.

that's ok, cause I am a girl to.................
the files where from Utorrent, or Bittorrent, can't remember which is which,
I put on avast because it was recommend by someone, and I couldnt, get on with it, so took it of so I thought but am left with bits still in there, obviously its not running and working just left parts in registry that cant delete. Mcafee was a deal that AOL are running for an extra 2.99 a month so I have gone with that.
I am quite aware that I could look silly in certain areas as I put my hands in the air and state I am quite a novice. I thought I was fairly ok computer terms but I am getting baffled by certain things so I go back to labelling me a novice.

just a quick note I have looked at your earlier reply of running sysclean and was getting in a muddle, you said download whats in red but first part of red sysclean package 4.5mb is not highlited to download like the other 2!!!!!!

we're all novices...

what client did you use to download the files? is that client running in the background? i'm just trying to eliminate the obvious. let us know. thanks

just a quick note I have looked at your earlier reply of running sysclean and was getting in a muddle, you said download whats in red but first part of red sysclean package 4.5mb is not highlited to download like the other 2!!!!!!

I would do as w31n3r suggested first. I was jumping the gun, I suppose...

If you just go to the site-

http://www.trendmicro.com/download/dcs.asp

and read from-

"If you are not a Trend Micro customer please download the following file."

on down...

All of the links are there.

well i don't have Utorrent installed anymore but I have bittorrent, its not actually running until I tell it to, if you know what I mean, it opens when you choose your download, its not in my icons at bottom right of my screen at the moment but I can have it open if need be

see the reason we're asking this is to see if the client is creating the file. do you have ares running in the background? can you open it and check in the transfers section if these same downloads are there? same with bittorrent. but i want to be clear about ares since you have it running in the background. also, ares by default downloads to the desktop, and recreates files if the DL isn't stopped, unlike utorrent or azureus. i think that may very well be your problem.

EDIT: so what we need to do is check ares/bittorrent to see if the files that keep coming up are queued for DLing, stop them if they are, then delete the files and see how it goes. waiting to hear from you.

thanks

I wasn't aware that I have ares,

i think i saw it in your hijack log...

go to start>all programs>ares. open ares and check if it's there...

else look for it in the Program Files folder in your c:\ drive.

ok found it in the programs folder, but opened it an there is nothing there,

also, just slightly changing the subject, is there anything nasty in my hijack log, I have found my computer to be really really really slow, it never used to be like that, I have defrag and constantly cleaning up hard drives and decluttering cookies and temp folders I don't know what else to do

also, just slightly changing the subject, is there anything nasty in my hijack log, I have found my computer to be really really really slow, it never used to be like that, I have defrag and constantly cleaning up hard drives and decluttering cookies and temp folders I don't know what else to do

Did you do everything on this page-

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Overview

http://i95.photobucket.com/albums/l153/shell63/quest.jpg


...

This looks way weird-
\TEMPOR~1\Content.IE5 \EOK01CA3\ACTIVI~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \BMNJKUW1\ADS_1_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \EOK01CA3\START_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \EOK01CA3\ADS_1_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \1PE2TTA2\ADS_1_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \W4KSEEUX\START_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \4CUM1EC1\ACTIVI~2.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \4CUM1EC1\ADS_1_~1.SH!

What is this for? Do you know?

O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/...aderMediaX.cab

If you need to, at the bottom of the HJT window is a button that says, "Analyze This" and will upload it to Trend Micro. There you will get more info on each item, or items that you do not know what they are for.

Another tip is to rename your HJT to something else (I renamed mine "shell.exe"), as some malware looks for HJT to be scanning....

Did you look up the above to see what they are for and take care of them?

They were the only other things I saw. You said you deleted the the two below...

-
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)...

Just as an aside; These guys ar great-
http://forums.techguy.org/register.php

I used them a few years ago and they are very helpful...

Here is also a guide that helps you learn how to read your HJT log-

http://www.tweaksforgeeks.com/ReadHijackThisLog.html

can you try the following carpewife30?

go to Start>run, type in "msconfig" without the quotes in the run box that appears and click "ok". a new window called system configuration utility will appear.

click on the tab here that says Startup (it's the last tab), and look for Ares in the list there. uncheck the checkbox next to ares, click on apply, then ok, and restart your system.

when the system restarts you will get a message that says the startup has changed and if you want to keep the changes. say yes. i forget the exact message, but thats basically it. delete the offending files on your desktop and restart your computer.

The lowdown
your hijack this log is clean as a whistle imho, the 2 keys you deleted were BHOs from AOL, which i presume is your ISP. doesn't matter if they're there or not so no worries. ares is a running process on your system which is how i came to my conclusion.

the rest are dynamic properties framwork and temp keys, no worries there either.

as for why your system is running slow, i really don't know where to start. first of all, you still have avast update and related services running, completely unnecessary, if, as you and your log say, you're using mcafee.
then they're a host of other services that just consume memory on your system. i'd start by configuring roxio NOT to start unless you need it. i'd also uninstall powerDVD and replace it with an all in one codec pack like CCCP. and if you're not printing all the time, i'd suggest that you configure your printer driver utilities not to start up with windows. i may have missed a few more, but these are a good start.

you can google on how to get these done, or just follow the same procedure i gave above using the system configuration utility to remove them from startup.

but i'd be interested to know if removing ares from startup resolved the case of the reappearing files first. just try it out.

I knew my trying to help would bring somebody out of the woodwork!
http://i210.photobucket.com/albums/bb216/michepp/thCheerleader.gif

hey, your malware removal tips were spot on. and thanks for the techguy link, methinks i could use that...A LOT!!

i usually avoid threads that have "torrent" and "download" in the titles for obvious reasons, but this thread goes to show you cant judge a book by its cover.

hey, your malware removal tips were spot on. and thanks for the techguy link, methinks i could use that...A LOT!!

They are very good (or they were two years ago, when I last used them. They may have become overwhelmed like CastleCops). They answered me via email within the day of posting. I learned a LOT from them.

Very friendly people.


We need you at our site, if you need a job!

But you would have to deal with a few

threads that have "torrent" and "download" in the titles...

"for obvious reasons..."

Hey, guys can I say thanks for all your help, I really appreciate it, I wish I was as knowledable as you lot, I would love to be able to work all this out.
I have tried running msconfig, and got really excited, unchecked ares, (although is said access denied, log on as administrator), restarted, got rid of files in question restarted and they were gone, yippee, so I thought, but then I had the problem of message stating that was running utility in selective mode, and it would always show unless, i went on general tab and running in normal mode and undoing my previous work, so basically back to square one. Tried in start up mode that makes no difference. any suggestions,
can I also say you guys are fantastic
lol

also whilst we are on the subject of sorting my computer out I get this window that opens with aol when I sign on which is a bit bizzare, it flashes up with some words which go to quick to read, but something with a1767 in them then it stays on aol-presents-microsoft explorer. but I can't open it or anything, it just sits in bottom of screen, I can close it and thats it, any ideas

I have a suggestion - get a mac. :-)

And don't download .EXE files from BitTorrent!

I think if I was in your position and had been doing battle with this for a few weeks I'd be at the point where I'd do a complete OS reinstall. Get an external hard drive, copy over the important stuff, and then rebuild from scratch using your windows install CDs.

If you have the energy and want to avoid these kind of problems in the future then you should consider installing a virtualization package such as VMWare, and running everything from within the VMWare instance. Then you can back up your entire OS just by copying the virtual machine (it's just a big file) on to your external hard drive at reasonably regular intervals. That way if your OS gets corrupted again you can revert to a recent clean backup.

I'm serious about the mac. I was immovably DOS/Windows/Linux until about 3 years ago, when I switched, tempted by OSX, and I'll never switch back. If I need to use windows apps (which is rarely, even though I use my mac for work too,) then I do so within VMWare fusion.

Good luck!

lol, follow the same steps again to remove ares from startup, click apply, ok then restart. when you get the message you're talking about, the last line says "don't show this message or launch the system configuration utility when windows starts". check the checkbox next to that, click "ok" and you're good to go.

i should mention, that anytime ares starts, the files will appear again as long as the downloads remain queued. download CCleaner (http://www.ccleaner.com/), go to Tools and look for ares in the list of programs and uninstall it. you can always install it again if you want.

EDIT: didnt see your last post, i'm not sure how AOL works, but i've read it comes with a lot of extras, and i believe not many users take kindly to it...anyway, hopefully someone who's ISP is AOL will come along and help with that.

@ notacrime: thanks for the fan mail...

ok I have no idea how I have got there but I think the files in question have finally gone, YIPPEEEEEEE

sorry I meant to carry on, by saying, that I think I have uninstalled ares, and any other torrent, and am staying away from them for here on. I can't get rid of avast icon in my bottom icons at right hand side of my screen,

Try right clicking on your toolbar...you should be able to see something in the drop down list that says "ToolbarS." See if the Avast is in there. If it is checked, uncheck it.

There is another way...

Click--> "Start" --> "Control Panel"--> <and look for> "Taskbar and Star Menu."

Click that, then on the--> "Taskbar" tab-->"Customize" and remove it.

i managed it I found an avast uninstaller download and that worked in safe mode, Can I just say thanks for your help, its much appreciated. I am definitely staying away from torrents now, lol

there's nothing wrong with torrents, read some of the guides we have here at ZP, and follow them. torrents is actually a pretty good way for a newbie to start. join the rebellion yer land lubber :icon_pira

i managed it I found an avast uninstaller download and that worked in safe mode, Can I just say thanks for your help, its much appreciated....


http://i213.photobucket.com/albums/cc17/mememine69/welcomemarylyn.gif

This is now my log now, have I managed to sort out all my problems I wonder, and is there anything in there that I can get rid of, I would like to know how to know what is what if possible, I have been grateful for all the help so far, I am learning loads as I go along, who knows I might be working as a computer fixer soon, lol

Scan saved at 10:13:04, on 26/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\AOL\1209200015\ee\AOLSoftware.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1209200015\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \EOK01CA3\ACTIVI~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \BMNJKUW1\ADS_1_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \EOK01CA3\START_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \EOK01CA3\ADS_1_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \1PE2TTA2\ADS_1_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \W4KSEEUX\START_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \4CUM1EC1\ACTIVI~2.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \4CUM1EC1\ADS_1_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \QLHHTHOX\TIME_D~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \QLHHTHOX\ACTIVI~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \QLHHTHOX\GENERI~1.SH!
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZK
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE4\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Yahtzee/Images/armhelper.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{183B18F0-0D10-482A-AF6E-7500E97BD293}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{183B18F0-0D10-482A-AF6E-7500E97BD293}: NameServer = 205.188.146.145
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Compingo License Service - Compingo - C:\Program Files\Common Files\Compingo Shared\Service\CompingoLicSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 15494 bytes

This is now my log now, have I managed to sort out all my problems I wonder, and is there anything in there that I can get rid of, I would like to know how to know what is what if possible...

I gave you a link about how to read it in one of your precious posts.

yeah I didn't quite get that though cause I have loads of O numbers that go up t0 24 and it just said look for like you said 02 ones, I have found a few things in there that I would like to delete but not sure how, I don't seem to be able to upload it either to trend

Thanks, (did you mean previous and not precious!!! lol))

Thanks, (did you mean previous and not precious!!! lol))

i'm sure it's the latter ;)

if it ain't broke, don't fix it.

ok no worries,
thanks for the advice

I'm just going to throw in my 2 cents here. Use AVG 8.0. Best antivirus in my opinion. Check it out.

I think of the stuff you did in the past really screwed up your OS and made it where your PC isnt reliable. Im here to help.
1. Get an external drive or use your DVD/CD burner to move important documentation over and save all the stuff you actually want.
2. If you cant get a copy of windows xp that came with your system. Then download it. Its less then 700megs. Burn that to cd-r.
3. FORMAT YOUR SYSTEM And re-install.
4. Afterwards your going to notice maybe some drivers that may need to be re-installed. PRINTER, VIDEO and SOUND if its not displaying properly which you can google and re-install with NO problem. I have done it and its a life saver.
5. DROP AOL and MCAFEE.. Get high speed internet/DSL/Cable with FREE AVG.
6. Use uTorrent for torrents.
7. DONT DOWNLOAD CRAP That says VIRUS or TROJAN REMOVER.EXE.. Your asking for it.
8. USE FIREFOX instead of IE. You be happy you did.. I been using it probably over 4 years.. NO POPUPS. No VIRUS, NO ADWARE or toolbars being installed.
9. Scan each thing you download before OPENING IT!!!
10. Enjoy a faster and stable PC.

please check your computer startup memory .to use a spyware and adware remover software i preferred that

SuperAntiSpyware_pro4.15

Stop saving your torrent data to the desktop?

In fact, stop saving ANYTHING to the desktop. It is bad practice. Microsoft should be flogged for even encouraging it by telling people to do it and making a quick-find icon for it.

-- Smoovious

or you can use spybot search and destroy... it cleans the spyware very good......

please read before installing the program in forums ... you have to do a lot of work if you want to use the program ...

after you have cleaned the spyware ..

install ccleaner and clean all the unnecessary stuff .....

i hope this will help you