I believe i am suffering from a virus or trojan. To beign with i would see my mouse flicker and then the process cobpbi32.exe would appear in the task manager. a few weeks later this changed to oheooa32.exe witht he same flickering mouse as well as from time to time the task manager would close down when i was viewing it. So thinking these processes were not desireable i ran trend micro's online virus scanner: house call, and it removed about 15 trojans and saser and a few worms... but oheooa32.exe remained. So i deleted its entry in the C:\windows\prefetch folder along with cobpbi32.exe only to find a few minutes later that they were back in the prefetch folder. So i got Zone alarm firewall on top of windows xp pro firewall and it stoped oheooa.32 from aceesing the internet once. I then downloaded the program : Security task manager, and under oheooa32.exe in description it said Queenkernel, mistified by this i serached my registry for this value and found it here HKEY_CURRENT_USER\software\microsoft and found the value Queenkarton set to 13 i went onto search my hard drive and found nothing for queenkernel serching my registry for cobpbi32.exe i found it with some keys with values of "porn", "oheooa", "supanet"(my ISP),and "queen kernel" but i found it in the HKEY_CURRENT_USER\software\microsoft\search assistant\ACMru\5603 along with a and the last time my computer went wrong was becos i deleted a windows search assistant file that was a virus according to "trend micro internet security"; and i had to re-install windows Ive also looked around the net and found references that queen kernel has someting to do with trojans - PLS HELP I DONT KNOW WHATS GOING ON oh and also when im online anything from word documents to html files are taking ages to load - where as there not when im offline- and some DOS programs seem to quit themselves well hope that long bable told u what u needed to know to help me - CHRIS

Okay, Chris, do this first: http://download.nai.com/products/mcafee-avert/SystemHelpDocs/DisableSysRestore.htm That is not an option, bugs hide in the system restore files. Do not re-enable them until you are sure you are clean. Then do a google search on all your virus names. You should find plenty 'o' info on these cretins and how others have gotten rid of them, but you have to disable the system restore files as they cannot be vaulted or healed. Once you have the bugs out re-enable the system restore and set a new restore date if it hasn't automatically done so. If you re-set before it is clean you reset it with junk in it ready to re-infect you. Have you run your AV, and Spybot and Adaware from Safe Mode? If not do so. These are the settings I use for them, the two minute shut down is optional, but, it's what I do and what I recommend: Spybot: Download and Read the SpyBot tutorial here: http://s89223352.onlinehome.us/mirror/spybot/index1.php Download it, Unzip the program, and immediately check for updates, install the updates and then do the scan. Let it fix everything marked in red. Reboot but not with restart, shut it down for two full minutes. You’ve got two measely minutes and it’s worth it, and let Spybot run if it indicates. To add an item to your ‘Ignore List” click on the little ‘+’ sign next to the item and left click it to highlight it, then right click it and a menu appears, select the function you want. When you are done reboot again same way. Two full minutes shut sown is best. Tea Time discussed by designer here: http://forums.net-integration.net/index.php?showtopic=13433 Also, go to the update page. Notice 3 icons across the top. Between "Search For Updates" and "Download Updates" there is an icon for the download mirror location. After you click on ‘search for updates,’ the one in the middle will change. If it doesn't say "Spybot.US by Rootboxen.net USA" click on the dropbox arrows and click on Rootboxen, and use only that one. If you got a "checksum error" trying to download --that's why. Ad-Aware: Download AdAware from http://www.lavasoft.de/ check for updates at "webupdate". I use these settings (green check) From main window click "Start" then make sure " Activate in-depth scan" has a green check next to it. Put a black dot nest to "Use custom scanning options” and click Customize" next to it, then green check these options: "Scan within archives" ,"Scan active processes", "Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" "Scan my host-files" At the top of the “STATUS” page notice the Tweak (gear) icon. Click on it. The first setting is “Scanning Engine.” Click on the little plus sign next to it, and in the drop-down green check "Unload recognized processes during scanning", and “include basic Ad-Aware settings in log file”. Next click on the ‘+’ next to "Cleaning Engine" and in the drop-down green check "Let windows remove files in use at next reboot" and Delete quarantine objects after restoring” Click "proceed", that will save those settings. Click "Scan" When the scan finishes, mark everything for removal and delete it. Right-click the window and choose "select all" from the drop down menu, press ‘next’ and then ‘yes’ to the prompt: “remove all these entries”. However, if you have certain programs running that will give a false indicator of a browser hijack attempt, such as Script Sentry, which places a monitoring function in the registry and looks like a browser hijacker but is not, then you may want to add that to the ignore list because you want to keep it there to do it’s job. To add an item to the ignore list, put the a cursor on the file it reveals and left click it to highlight it, then right click it and a menu appears. Click on ‘ignore list.’ Shut down. I shut down for two minutes, optional. Reboot into Safe Mode and use these tools: Newest Shredder 7-1-04: http://www.downloads.subratam.org/AboutBuster.zip Unzip to desktop. Double click it > Ok > Start > Ok to start scan. The scan takes a few seconds. Once it is done save the report. Run the CWShredder twicee and make sure ot run it in FIX, not in SCAN. Use these in order: Trojan Hunter trial version: http://www.misec.net/ Trojan Scan: http://www.windowsecurity.com/trojanscan/ If you have trojans-- SWATIT: http://swatit.org/download.html reboot, back into safe mode: Then download a HijackThis log at: (Make sure it is in a C:\ files not in a temp or zip or on desktop; you'll want the backups in a C:\ file): http://www.subratam.org/?page=removal post it here: http://www.pcguide.com/vb/forumdisplay.php?s=&forumid=34 Diagnostics tools: Jason’s Browser Security Test: http://www.jasons-toolbox.com/BrowserSecurity/ Gibson tests: http://www.grc.com/default.htm I use LeakTest, DCOMbobulator, ShieldsUp, and UnplugNpray There is no need to think it terms of speed here, just thoroughness. Do them all then do the HijackThis log. Thresher

ok im doing all this at the moment but whats the importance of running these things in safemode?

It's why they call it Safe Mode, trust me, this is the way to go. Thresher