I am still having the same problems (i.e. programs remain in memory, freezing of task manager & recycle bin). Nothing is showing up once in again in any of the antiviruses I download, and to add to this list my computer now chooses to suddenly shut off just before my modem establishes a connection to the internet, sound like some keys left behind in the registry by whatever virus I had?

Do you know what the name of the virus, so you could go to CNET Downloads, Wilders.Org. Trend Micro or Syamntec to get the specialized removal tool? You could also try a 30 day trial of a trojan program like TDS ver 3.21, Agnitum's Tauscan or the free SWATIT from LOCKDOWN CORP, just in case it is a trojan running amock. It does sound more like a virus though. You could try to check you files for damage by using START>RUN> type in SFC. All the best!

hi corlen, perhaps its bad karma. you say that hacking and craking is your business on your website. anyways, if you can open up your registry and other files check out the following: Here are the 33 start up places from which a TROJAN, VIRUS, WORM, can run. 1) %windir%\Start Menu\Programs\StartUp 2) %windir%\All Users\Start Menu\Programs\StartUp 3-4) the load= and run = lines in win.ini 5-9) the Run, RunOnce, RunOnceEx, RunServices and RunServicesOnce keys under Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion 10-11) the Run and RunOnce keys under Hkey_Current_User\Software\Microsoft\Windows\CurrentVersion 12) subkeys (Static VxDs) under Hkey_Local_Machine\System\CurrentControlSet\Services\VxD\ 13-14) the [386enh] and [boot] sections of system.ini (this includes the scrnsave.exe= line in system.ini which can be used to run things on your system (like the infamous McafeeScreenScan)) 15) the IOSUBSYS folder (drivers load automatically) 16) the VMM32 folder (drivers that take precedence over those built into vmm32.vxd) 17) config.sys 18) autoexec.bat 19) winstart.bat Bonus item - files can be deleted or renamed from the wininit.ini file. 20] [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*" 21] [HKEY_CLASSES_ROOT\comfile\shell\open\command] @="\"%1\" %*" 22] [HKEY_CLASSES_ROOT\batfile\shell\open\command] @="\"%1\" %*" 23] [HKEY_CLASSES_ROOT\htafile\Shell\Open\Command] @="\"%1\" %*" 24] [HKEY_CLASSES_ROOT\piffile\shell\open\command] @="\"%1\" %*" 25] [HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command] @="\"%1\" %*" 26] [HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command] @="\"%1\" %*" 27] [HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command] @="\"%1\" %*" 28] [HKEY_LOCAL_MACHINE\Software\CLASSES\htafile\Shell\Open\Command] @="\"%1\" %*" 29] [HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell\open\command] @="\"%1\" %*" The key should have a value of Value "%1 %*". Backdoor example: [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"trojan.exe%1\" %*" With such registry entries, the trojan.exe is executed each time an exe/pif/com/bat/hta is executed. 30] system.ini [boot] Shell=Explorer.exe trojan.exe 31] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices] 32] [HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\test] "Path"="test.exe" "Startup"="c:\\test" "Parameters"="" "Enable"="Yes" 33] [HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ This key includes all the APPS which are executed IF ICQNET Detects an Internet Connection. Hope This Helps You, Corlen Like the Capt. says All the Best, cheers and good luck murve