I been working on getting rid of some stuf left on my PC after going to a music Lyric page. I got a few things there but I have not bee able to get rid of Elite Tool bar and Wildapp. here is my hijack log..
thanks for any help.

Logfile of HijackThis v1.99.0
Scan saved at 1:28:19 PM, on 2/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\fyzdosip\fyzdosip.exe
C:\windows\system32\msnavc32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\sysmonnt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\winifgk32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Sinister\Desktop\Zip\hijackthis\HijackThi s.exe

R3 - URLSearchHook: URL Search Hook - {AA460422-2CEF-400f-AA05-F63368E04706} - C:\WINDOWS\System32\sh.dll
O2 - BHO: (no name) - {05111539-DF04-4250-8E1B-F28F46C2DEB4} - C:\Program Files\fyzdosip\fyzdosip.dll
O2 - BHO: (no name) - {4D5772F1-DA07-4813-B2DB-A5A31B376911} - C:\Program Files\fyzdosip\fyzdosip.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {556D15F9-BCB9-486B-986D-761B72BB18B5} - C:\Program Files\fyzdosip\fyzdosip.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: (no name) - {8D51FB01-E7C8-4A51-A8DD-DA1666EB11FC} - C:\Program Files\fyzdosip\fyzdosip.dll
O2 - BHO: (no name) - {A157530F-FB64-4E51-948D-9E3F0FB33CDA} - C:\Program Files\fyzdosip\fyzdosip.dll
O2 - BHO: (no name) - {AB2DE955-8386-4E3A-B501-DBF482FA024E} - C:\Program Files\fyzdosip\fyzdosip.dll
O2 - BHO: (no name) - {E1F1C412-3ADC-4AB0-B697-9E49ED3070B8} - C:\Program Files\fyzdosip\fyzdosip.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [fyzdosip] C:\Program Files\fyzdosip\fyzdosip.exe
O4 - HKLM\..\Run: [bdacgy] c:\windows\system32\bdacgy.exe
O4 - HKLM\..\Run: [vcmpin] C:\windows\bundles\adl_mteststub.exe
O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
O4 - HKLM\..\Run: [antiware] C:\windows\system32\eliteyfd32.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [msidle] C:\WINDOWS\System32\msidle.exe
O4 - HKCU\..\Run: [gor8RUcFR] lfbnv.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106428335796
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://www.anonymizer.com/anti-spyware/2.6/freescanner/WebAAS.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe

O4 - HKLM\..\Run: [antiware] C:\windows\system32\eliteyfd32.exe


This is related to dddd.exe, which is new spyware. There is no fix for it yet. I'm trying something on another log. If it works we can try it here if not you may need to reinstall Windows. Stay tuned..........Jim :eww

Well Elite toolbar seems to be gone now. I now have something called DSO Exploit is this the dddd.exe thing you were talking about? here is my new hijack log.
thanks

Logfile of HijackThis v1.99.0
Scan saved at 9:38:27 AM, on 2/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\fyzdosip\fyzdosip.exe
C:\windows\system32\msnavc32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\sysmonnt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\winifgk32.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Sinister\Desktop\Zip\hijackthis\HijackThi s.exe

R3 - URLSearchHook: URL Search Hook - {AA460422-2CEF-400f-AA05-F63368E04706} - C:\WINDOWS\System32\sh.dll
O2 - BHO: (no name) - {05111539-DF04-4250-8E1B-F28F46C2DEB4} - C:\Program Files\fyzdosip\fyzdosip.dll
O2 - BHO: (no name) - {4D5772F1-DA07-4813-B2DB-A5A31B376911} - C:\Program Files\fyzdosip\fyzdosip.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {556D15F9-BCB9-486B-986D-761B72BB18B5} - C:\Program Files\fyzdosip\fyzdosip.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: (no name) - {8D51FB01-E7C8-4A51-A8DD-DA1666EB11FC} - C:\Program Files\fyzdosip\fyzdosip.dll
O2 - BHO: (no name) - {A157530F-FB64-4E51-948D-9E3F0FB33CDA} - C:\Program Files\fyzdosip\fyzdosip.dll
O2 - BHO: (no name) - {AB2DE955-8386-4E3A-B501-DBF482FA024E} - C:\Program Files\fyzdosip\fyzdosip.dll
O2 - BHO: (no name) - {E1F1C412-3ADC-4AB0-B697-9E49ED3070B8} - C:\Program Files\fyzdosip\fyzdosip.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [fyzdosip] C:\Program Files\fyzdosip\fyzdosip.exe
O4 - HKLM\..\Run: [bdacgy] c:\windows\system32\bdacgy.exe
O4 - HKLM\..\Run: [vcmpin] C:\windows\bundles\adl_mteststub.exe
O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [msidle] C:\WINDOWS\System32\msidle.exe
O4 - HKCU\..\Run: [gor8RUcFR] lfbnv.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106428335796
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://www.anonymizer.com/anti-spyware/2.6/freescanner/WebAAS.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe

DSO Exploits that are found on Spybot are usually nothing, Just Ignore them.

That dddd.exe does not show on your log yet. But If I delete more bad stuff I think it will. I see something else here I deleted on another log. After I deleted it on his computer, His log doubled with bad stuff, got funny icons on his desktop. Lots of Popups. Best to leave it alone until a Fix is found. Either that or Reinstall Windows.

This is the worst Ive seen, Its criminal if you ask me........Jim :eww