incomplete torrent downloads
Hello, everyone, I am a newbie on here so bear with me, if I am in the wrong place please feel free to move me.
I am having troubles with incomplete downloads being stuck on my desktop, no matter what I do I cannot delete them, they delete and then when re-start they appear before my eyes. tried deleting in safe mode but to no avail. Any help would be great cause its driving me round the bend. :icon_salu
Alvin.And.The.Chipmunks[2007]DvDrip[Eng]-aXXo
Bee Movie avi
elliminate stress
trojan.remover.EXE
these are the ones in questions.
PLEASE HELP BECAUSE I AM GOING NUTTY TRYING TO SORT IT,
many thanks
OK, I am not sure if you know this, but number one, I would stay away from anything saying - aXXo. <-- That guy is a fake. aXXo does not have a minus sign in front of his name, and he doesn't password or .rar his files.
Next, download Unlocker (this link goes straight to the author's site) and see if that will remove it.
If that doesn't work, try Killbox.
Good luck.
P. S. Also, try to avoid at ALL cost (just don't do it) downloading a trojan remover or anti virus/malware apps. They have viruses approximately 97% of the time unless you are in a secure private tracker... though even if God uploaded it, I still wouldn't DL.
ALWAYS read the comments left by other users before dl'ing.
Try (just do it) to stay away from passworded files, too. There are too many without one, and it goes against the purpose of P2P (sharing). Most of the time they are scam sites that want your money (and you still won't get the pass)or are infested with little gifts that keep on giving...
Trust me. I know this stuff for my day job.
The most Beautiful thing we can experience is the mysterious.
It is the source of all true art and science.
~ Albert E.
One more thing (Snap!), don't ever, I mean EVER download anything from a torrent site that is an executable file. Ever. Especially an executable anti virus/ malware app.
I am half asleep and suppose I was preoccupied with the fake aXXo (the real one is a friend) when I should have been focusing on your trojan.remover.EXE. Could be the cause of your misfortune.
The most Beautiful thing we can experience is the mysterious.
It is the source of all true art and science.
~ Albert E.
ok, thanks for the advice, I have already tried unlocker to no avail. I have just tried killbox and it says deleting directory and all looks hunky dory until I come to re-boot and they appear again, oh my god, its so frustrating
Wow. That sucks. Hopefully someone will be able to help and you will not have to reformat.
Did you try it in safe mode as well, and have you run your anti virus?
Also, you may want to do everything on this page-
http://wiki.castlecops.com/Malware_R...tion:_Overview
If it still does not delete, I would suggest Trend Micro's Sysclean which can be found here-
http://www.trendmicro.com/download/dcs.asp
Follow ALL instructions to the letter, running in safe mode. You will probably want to go somewhere for 3-4 hours, unless you have another computer to work on as it takes that long to run.
If it's a virus (hope that's all it is), it will kill it. If it's a worm however...that will be bad and probably require sending to "The Shop."
You will know if it's a worm when you get home. Just by looking at the screen. It will be doing not pretty things. Like....flipping.
Sorry. I regressed for a moment...
The most Beautiful thing we can experience is the mysterious.
It is the source of all true art and science.
~ Albert E.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:14:05, on 23/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\AOL\1209200015\ee\AOLSoftware.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe " -startup
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1209200015\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \EOK01CA3\ACTIVI~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \BMNJKUW1\ADS_1_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \EOK01CA3\START_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \EOK01CA3\ADS_1_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \1PE2TTA2\ADS_1_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \W4KSEEUX\START_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \4CUM1EC1\ACTIVI~2.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \4CUM1EC1\ADS_1_~1.SH!
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [ares master edition] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZK
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE4\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/...aderMediaX.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Yahtzee/Images/armhelper.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{183B18F0-0D10-482A-AF6E-7500E97BD293}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{183B18F0-0D10-482A-AF6E-7500E97BD293}: NameServer = 205.188.146.145
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Compingo License Service - Compingo - C:\Program Files\Common Files\Compingo Shared\Service\CompingoLicSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 16359 bytes
This is my log if that means anything to anyone,
Looks like you could kill probably these two (Check them, the Click-> "Fix Checked")-
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
This looks way weird-
\TEMPOR~1\Content.IE5 \EOK01CA3\ACTIVI~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \BMNJKUW1\ADS_1_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \EOK01CA3\START_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \EOK01CA3\ADS_1_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \1PE2TTA2\ADS_1_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \W4KSEEUX\START_~1.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \4CUM1EC1\ACTIVI~2.SH! C:\DOCUME~1\TANIAL~1\LOCALS~1\TEMPOR~1\Content.IE5 \4CUM1EC1\ADS_1_~1.SH!
What is this for? Do you know?
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/...aderMediaX.cab
If you need to, at the bottom of the HJT window is a button that says, "Analyze This" and will upload it to Trend Micro. There you will get more info on each item, or items that you do not know what they are for.
Another tip is to rename your HJT to something else (I renamed mine "shell.exe"), as some malware looks for HJT to be scanning.
Sorry I cannot be of more help...
The most Beautiful thing we can experience is the mysterious.
It is the source of all true art and science.
~ Albert E.
Hi, I have kill the 2 files 02, and 03, like you said although I don't actually know what was supposed to happen, I really don't understand all these numbers and letters lol, also in you asking what is O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/...aderMediaX.cab
I have no idea at all,
when you say it looks weird, is that weird as in weird or weird as in I have a major problem
Do you have more than 1 hard drive? If yes, I would suggest get a copy of Acronis True Image for next time anything happened. Backup your C: drive as image file to another hard drive, so you can restore your C: drive in less than 10 mins. or so!
CPU: AMD Athlon 64 x2 (2x3.20Ghz)
CPU Fan: Zalman NT
Power Supply: ATX 750W Power & Cooling
MB: Asus M2N32-SLI Deluxe Wi-Fi
RAMs: 2x1GB Consair DDR2-667
Video Card: PCX EVGA 8800GT 512MB
Sound Card: SB X-FI Fatal1ty
OS: WinXP Pro SP2
HDDs: 1-WDC Raptor 150GB, 1-WDC 120GB 1-WDC My Book Essential 500GB, 2-Maxtor 2x250GB 1 - WDC Caviar 1TB
Nothing except get extra crap off that you don't need.Originally Posted by carpwife30
There is a tutorial on the HJT site (Trend Micro) that will tell you what all those numbers mean (I think. There used to be, befre Trend Micro bought it, so I don't know).
Weird as in you don't know what it is weird. Use the button at the bottom of the HJT window that I told you about above.
I'm leery to say "delete it" just yet (If it were MY computer I would, but I don't want to tell you too, then feel responsible if it were some kinda I-don't-know-what...
You might (I would) want to DL Systernal's Rootkit Revealer. See if anything shows up...
The most Beautiful thing we can experience is the mysterious.
It is the source of all true art and science.
~ Albert E.
thanks, I have done rootkit revealer and it has shown up some things, now I don't know what they are or what to do about them, lol
HKLM\SECURITY\Policy\Secrets\SAC* 11/08/2004 02:23 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 11/08/2004 02:23 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{692B8041-F1C5-4881-82E9-4F94BBA34AC2} 24/06/2008 09:05 0 bytes Hidden from Windows API.
HKLM\SOFTWARE\Classes\Interface\{0FC93E03-7B64-4969-AA46-F1E7F3C47614} 24/06/2008 09:05 0 bytes Hidden from Windows API.
HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E} 24/06/2008 09:05 0 bytes Hidden from Windows API.
HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A} 24/06/2008 09:05 0 bytes Hidden from Windows API.
HKLM\SOFTWARE\Classes\webcal\URL Protocol 24/10/2005 11:57 13 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 12/01/2008 10:58 0 bytes Access is denied.
C:\Documents and Settings\Tania Linge\Local Settings\Temporary Internet Files\Content.IE5\QUBCVYR8\GetMessages[3].htm 24/06/2008 09:15 2 bytes Hidden from Windows API.
C:\WINDOWS\Temp\sqlite_uckvanZQimQmxur 24/06/2008 09:22 0 bytes Visible in directory index, but not Windows API or MFT.
Damn dude. I have never found anything with the rootkit revealer.
So I would suggest you run the Sysclean, like asap...(follow instructions exactly as they are written.)
Then again, I am just a girl. Perhaps someone else can give you a better idea. I haven't seen any though...
Please go here-
http://www.trendmicro.com/download/dcs.asp
Read towards the bottom- Follow directions carefully.
Again, this virus clean up may take 3 or more hours...
(Download what I have typed in red)-
"If you are not a Trend Micro customer please download the following file.
Sysclean Package 4.5MB
MD5 checksum: dc4245497ae15779d658e5cbc947a213 *SysClean.com
NOTE:
For instructions on how to use this package, consult the "How to Use" section of the readme file, readme_sysclean.txt. This file also contains the description and the different features of this package.
Note that for the Trend Micro Sysclean Package to be effective, you must download and place the latest pattern file in the same folder as the Trend Micro Sysclean Package.
DCT CONTROL RELEASE
Download Latest DCT Control Release
The Damage Cleanup Template (DCT) Control Release is a pre-release version of Damage Cleanup Template (DCT) and is updated by TrendLabs almost as often as new samples come in. Since it is designed to clean registries and system files from 'in-the-wild' malware infections, DCT Control release receives only preliminary testing. DCT Control Release also must be deployed manually to your product.
Click the link above for additional information and deployment instructions. Users are advised to read the succeeding disclaimer carefully before downloading the current DCT Control Release."
The most Beautiful thing we can experience is the mysterious.
It is the source of all true art and science.
~ Albert E.
will you stop saying that!
err, i have a few questions:
1. how did you download the files? torrent?what client are you using?
2. i'm guessing you're using ares, have you canceled the downloads in ares?
3. (completely unrelated)why are you using 2 AV programs? it only has disadvantages. i'd choose mcafee over avast(between the two you have installed), but thats just me.
just wanted to confirm. let us know.
that's ok, cause I am a girl to.................
the files where from Utorrent, or Bittorrent, can't remember which is which,
I put on avast because it was recommend by someone, and I couldnt, get on with it, so took it of so I thought but am left with bits still in there, obviously its not running and working just left parts in registry that cant delete. Mcafee was a deal that AOL are running for an extra 2.99 a month so I have gone with that.
I am quite aware that I could look silly in certain areas as I put my hands in the air and state I am quite a novice. I thought I was fairly ok computer terms but I am getting baffled by certain things so I go back to labelling me a novice.
Posting Permissions
Reply With Quote
Bookmarks