I'm having problems with my desktop settings changing by itself. Ad-aware picked up a worm and I found the file (C:\_RESTORE\TEMP\A0116164.1) and tried to delete it but couldn't as I got an error message: source may be in use.....Please help me! 
Logfile of HijackThis v1.99.1
Scan saved at 12:42:17 a.m., on 8/10/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
THIS IS MY AD-AWARE QUARANTINE LOG:
ArchiveData(auto-quarantine- 2005-10-07 23-52-08.bckp)
Referencefile : SE1R69 05.10.2005
======================================================
MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\WINDOWS\Application Data\microsoft\office\recent\Desktop.LNK
obj[1]=MRU FileReference : C:\WINDOWS\Application Data\microsoft\office\recent\Yngwie Malmsteen farewell.LNK
obj[2]=MRU FileReference : C:\WINDOWS\Application Data\microsoft\office\recent\Pdfs.LNK
obj[3]=MRU FileReference : C:\WINDOWS\Application Data\microsoft\office\recent\Yngwie Malmsteen farewell 2.LNK
obj[4]=MRU FileReference : C:\WINDOWS\Application Data\microsoft\office\recent\Teaching practice - task one analysis.LNK
obj[5]=MRU FileReference : C:\WINDOWS\Application Data\microsoft\office\recent\Removable Disk (E).LNK
obj[7]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[8]=MRU RegReference : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[9]=MRU RegReference : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs\.DUN
obj[10]=MRU RegReference : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs\.doc
obj[11]=MRU RegReference : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
obj[12]=MRU RegReference : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs\.JPG
obj[13]=MRU RegReference : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
obj[28]=MRU RegReference : .DEFAULT\software\realnetworks\realplayer\6.0\preferences\MostRecentSkins1
obj[60]=MRU RegReference : .DEFAULT\software\realnetworks\realplayer\6.0\preferences\MostRecentClips1
obj[61]=MRU RegReference : .DEFAULT\software\realnetworks\realplayer\6.0\preferences\MostRecentClips2
obj[53]=MRU RegReference : .DEFAULT\software\realnetworks\realplayer\6.0\preferences\LastSaveAsDir
obj[40]=MRU RegReference : .DEFAULT\software\realnetworks\realplayer\6.0\preferences\LastLoginTime
obj[65]=MRU RegReference : .DEFAULT\software\microsoft\windows media\wmsdk\general computername
WIN32.P2P-WORM.ALCAN.A
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[15]=File : C:\_RESTORE\TEMP\A0116164.1
Sign In
Create Account
