Hello, I've seemed to have gotten these 3 viruses & can't seem to get rid of them. I've used the following programs: Adaware: I made sure it is UpToDate & have checked the tweak area. Spybot. I've used an online virus checker as well as the AVG that is installed on my computer but it will not remove the four infected files. Thanks in advance for any assistance Here's my HiJackThis log: Logfile of HijackThis v1.97.7 Scan saved at 8:13:02 PM, on 2/13/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\MSTASK.exe C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.exe C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe C:\WINDOWS\SYSTEM\TABLET.exe C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe C:\WINDOWS\EXPLORER.exe C:\WINDOWS\TASKMON.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.exe C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.exe C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.exe C:\WINDOWS\SYSTEM\WMIEXE.exe C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.exe C:\WINDOWS\SYSTEM\PRINTRAY.exe C:\WINDOWS\SYSTEM\LXSUPMON.exe C:\WINDOWS\SYSTEM\LEXBCES.exe C:\WINDOWS\SYSTEM\SPOOL32.exe C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.exe C:\WINDOWS\SYSTEM\WTABLET\TABUSERW.exe C:\WINDOWS\SYSTEM\RPCSS.exe C:\UNZIPPED\HIJACKTHIS1977\HIJACKTHIS.exe R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.exe O4 - HKLM\..\Run: [LexStart] Lexstart.exe O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.exe RUN O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.exe -r O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe -service O4 - HKLM\..\RunServices: [Tablet] C:\WINDOWS\SYSTEM\Tablet.exe O4 - Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM\WTablet\TabUserW.exe O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O9 - Extra button: Real.com (HKLM) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031010/qtinstall.info.apple.com/mickey/us/win/QuickTimeFullInstaller.exe O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab

Hi Liz I dont see any of the files you indicated by your antivirus running. i do see you are running windows me which makes me think the infected files are in your system restore folder ( C:\_RESTORE\big long number\another number.exe) windows locks out the restore from any programs modifying it including antivirus. To remove the virus in the restore folder you will need to turn off system restore, reboot the system, and then run another scan...if all clean then turn system restore back on again. This procedure will remove ALL restore points and the virus. How to Disable/Enable System Restore on Windows ME You can also help protect yourself from these bad downloads by downloading and installing "SpywareBlaster". Once installed; check for and install all updates, click the "select all" button, click the "protect from checked items" button. You can download it from here: SpywareBlaster If I am wrong about the location of infected files please let me know. ________________________ I never give up!

That did the trick! Being unable to remove those four files from the restore folder was driving me nuts. Much thanks for the help.

Liz Thanks for posting back...Glad that worked! Good luck and take care! ___________________________ I never give up!