Hi I have just reformated my hard drive and have come accorss some files that i have never seen ot hurd of before, IExplore326.exe, xxtra32.exe, run.exe, smtp32.exe and spoolvse.exe. The all start on startup and i cant remove them, no anti virus or spyware programs detect them and i have just removed this worm 'w32.spybot.worm'. Has anyone had the same problem? My spec is: AMD64 3200 CPU ASUS A8V Deluxe mobo 512meg PC3200 RAM GForce 4MX 128meg GFX card

I doubt if they are just reminants of the worm. Try an online scan with Trendmicro You will most likely need to post a Hijack This log so that the files associated with the hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed. Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor. Do not fix anthing yet. Let someone review your log. ---jabuck

Ahh, to late i fixed most of the problems before you posted your reply with Ad-Aware. But i still have the file 'run.exe' in the task manager which i cant remove it. I found it in 'C:\WINDOWS\system32'. Have your got this file? I'll try Hijack and post as seoon as i get results.

I've done the scan with Hijack This and this is what it has come up with, Logfile of HijackThis v1.99.1 Scan saved at 20:23:38, on 22/02/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\SOUNDMAN.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\LVCOMSX.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\System32\smsse.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\NISUM.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\run.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.exe C:\Program Files\Internet Explorer\iexplore.exe C:\unzipped\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toolbar.google.com/done F2 - REG:system.ini: Shell=Explorer.exe smsse.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.exe O4 - HKLM\..\Run: [runs] run.exe O4 - HKLM\..\RunServices: [runs] run.exe O4 - HKLM\..\RunServices: [IExplorer6 Java Scripting] IExplore326.exe O4 - HKLM\..\RunServices: [mark the service] xxtra32.exe O4 - HKLM\..\RunServices: [Windows Compliant] lzrdsy.exe O4 - HKLM\..\RunServices: [SMTP32 Mailing Protocol] smtp32.exe O4 - HKLM\..\RunServices: [start extracting] spoolvse.exe O4 - HKCU\..\Run: [runs] run.exe O4 - HKCU\..\RunServices: [start extracting] spoolvse.exe O4 - Startup: Internet ADSL.lnk = ? O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{3E655CE2-574C-41C2-BBA1-B1EC16901145}: NameServer = 212.74.114.129 212.74.114.193 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Take note of the 'system32' processes. Cheers

My apologies for the delay. The reason for running the virus scan is because it looks as though you have a virus and this scan will find it plus some malware if you them. Usually always a first step. After running the av boot into Safe Mode Next configure the computer to show hidden files: Configure to view hidden files and folders: 1. Close all programs so that you are at your desktop. 2. Double-click on the My Computer icon. 3. Select the Tools menu and click Folder Options. 4. After the new window appears select the View tab. 5. Put a checkmark in the checkbox labeled Display the contents of system folders. 6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. 7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types. 8.Remove the checkmark from the checkbox labeled Hide protected operating system files. 9.Press the Apply button and then the OK button. Now run adaware (make sure to update it and remove all that it finds. While still in safe mode run HT again and delete these items: F2 - REG:system.ini: Shell=Explorer.exe smsse.exe O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe O4 - HKLM\..\Run: [runs] run.exe O4 - HKLM\..\RunServices: [runs] run.exe O4 - HKLM\..\RunServices: [IExplorer6 Java Scripting] IExplore326.exe O4 - HKLM\..\RunServices: [mark the service] xxtra32.exe O4 - HKLM\..\RunServices: [Windows Compliant] lzrdsy.exe O4 - HKLM\..\RunServices: [SMTP32 Mailing Protocol] smtp32.exe O4 - HKLM\..\RunServices: [start extracting] spoolvse.exe O4 - HKCU\..\Run: [runs] run.exe O4 - HKCU\..\RunServices: [start extracting] spoolvse.exe Then navagate to these files and delete them: C:\WINDOWS\System32\smsse.exe C:\WINDOWS\System32\run.exe C:\Program Files\DeskAd Service\DeskAdServ.exe Go to control panel, then add/remove programs and remove "DeskAdServ" if found. Delete your: Temp file Temporary internet files History Empty the recycle Bin. Reboot and post a new log

i got "smsse.exe" file not found messege every time i boot the system i.e the drive is scanned i also couldn't open any website despitehaving connection