cant remove spyware

Hijackthis although an excellent diagnostic tool, enumerator/registry editor it is not  a standalone program. It needs other tools to remove infections.
For example;
Hijackthis can't remove vundo infection, look2me infections etc on its own, it needs other tools. But it is an excellent diagnostic tool because it can tell us what malware infections are present in your system.

Please let us see your hijackthis log, we will then be able to tell you what infection is showing in your log and give you the right tool for it.
You can either;
Paste your Hijackthis log to this site -->  http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:

Or copy and paste the log to this site --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Post the link to the saved list here.

http://www.rafb.net/paste/results/sbnDS414.html

http://www.hijackthis.de/logfiles/269739805ac5a8d395c0eac82b1d2776.html

I already tried removing using hijackthis.. but it doesnt work.  Hoping you see something that will help it clean up!  Thank you again.

Your hijackthis looks bad but we can fix that, i have to go now but I'll be back in an hour or so, unless someone will help you before I get back.

I hope someone helps me before then... I have tried cleaning it with hijackthis, even in safe mode, but those critters still keep coming back... and no firewall will run on the PC either.  HELP.. Desparate in Virginia (grin).

OK back.

Hijackthis is not a standalone tool, it needs other tools to fix entries or get rid of a certain infection.
Normal bad entries it can take care of but when its an infection like vundo, look2me, qoologic etc it needs other tool.

1. Your log is showing qoologic infection and purityscan among others.
If you do not see any icon for "OIN" or "(program) by OIN" in Add/Remove Programs, please download their stand-alone uninstaller.
http://www.outerinfo.com/OiUninstaller.exe.

In Add/Remove programs also uninstall these if present:
Winfixer
SurfsideKick 3
Zeno

After uninstalling, make sure these folders are gone:
C:\Program Files\WinFixer
C:\Program Files\SurfSideKick 3


2. Download Killbox:
http://www.atribune.org/downloads/KillBox.exe
*Select the "Delete on Reboot" option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINNT\system32\pwinoqaf.exe
C:\winnt\system32\pndsregn.exe
C:\WINNT\system32\yatnw.exe
C:\WINNT\system32\w00a71c4.dll
C:\WINNT\system32\slk8x2peu.exe
C:\WINNT\system32\ejrwx8drl.dll

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt. If the computer doesn't restart, just restart manually.

3. a) Download Brute Force Uninstaller to your C:\
http://www.merijn.org/files/bfu.zip
Unzip it to a folder of its own (C:\BFU). So BFU should be on your root directory.

b) Download qoofix.bat
http://downloads.subratam.org/Lon/qooFix.bat
Place qoofix.bat in your C:\BFU - folder. (Important!)
Doubleclick "qooFix.bat", Close all browsers and explorer folders.
Choose option 1 (Qoolfix autofix) and follow the prompts.
Please be patient, it will take about five minutes.

C:\documents and settings\david\local settings\temp <-- make sure you empty this folder. You can also use CCleaner or CleanUp to empty your temp folders.


After that, run hijackthis and put a check next to these entries if they are still present:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)  
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\system32\yatnw.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,jvbrhog.exe  
O2 - BHO: Yvakt Class - {98B9F201-C701-41F1-B338-7E5E0E6D768F} - C:\WINNT\system32\ejrwx8drl.dll (file missing)
O4 - HKLM\..\Run: [WFk2] C:\documents and settings\david\local settings\temp\WFk2.exe  
O4 - HKLM\..\Run: [7z6Ns] C:\documents and settings\david\local settings\temp\7z6Ns.exe  
O4 - HKLM\..\Run: [5PvHb] C:\documents and settings\david\local settings\temp\5PvHb.exe
O4 - HKLM\..\Run: [FNI.WFX5AS_0001_0818] "C:\DOCUME~1\DAVID\LOCALS~1\Temp\WFX9A.exe"  
O4 - HKLM\..\Run: [WinFixer helper] C:\Program Files\WinFixer\wfxcwr.exe
O4 - HKLM\..\Run: [w00a71c4.dll] RUNDLL32.EXE w00a71c4.dll,I2 0001ee91000a71c4
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe G
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINNT\system32\pwinoqaf.exe FI002  
O4 - HKLM\..\Run: [gjZC2XV] "C:\WINNT\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [{E6-6B-B5-5B-ZN}] C:\winnt\system32\pndsregn.exe FI002
O4 - HKCU\..\Run: [Hdcld] C:\WINNT\system32\?ttrib.exe  
O4 - HKCU\..\Run: [Arma] "C:\PROGRA~1\COMMON~1\WNSXS~1\scanregw.exe" -vt rbnd
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe  
O4 - Startup: Zeno.lnk = C:\WINNT\system32\pwinoqaf.exe
O18 - Filter: text/html - {0FA7FD6B-47C3-425B-AE30-36383F1C4503} - C:\WINNT\system32\ejrwx8drl.dll

Let us see a new hijackthis log after you've done those.

It looks like I need to do a repair of the OS now...
I was able to look up and remove the ssk by following directions in another post.  Everything looked fine, I then installed antivirus and adaware (again) as well as the firewall.  Everything was working fine until I reboot.  Over half the icons have 'incorrect' icons, and no system/program files can be found when I try to run anything.  YIKES.

no repair...re-install?

Did you run the BFU? that should've taken care of qoologic, and the Purityscan uninstaller takes care of purityscan files, while Killbox takes care of the others.

Try rolling back to a date before you got infected by using System Restore console.

Start > All Programs > Accessories > System Tools > System Restore
and pick a date before you got infected.

Bear in mind that any programs you installed, updates or drivers that you've installed after this date would need to be reinstalled.

I tried system restore, but it said the system file was not there to perform that operation.  Something 'ate' up my system files.  I am now doing a repair of the OS.  Luckily, not much but Office is installed on this PC.  I backed up data/personal files, .pst, etc to another drive I had on the network (early on, before attempting to clean it).  Will iit still be infected after the repair?

Now I am getting kicked out of the install with the error:
windows cannot open this file, rundll.exe...
SHould I format the drive and start from scratch... this is terrible!  Will lead me to a glass of wine!

ooops rundll32.exe is the file it doesnt know what to do with.

I just turned off the power button on that dang computer... format and reinstall I hope!  Suggestions?

Yes, that is some tough malware. If you are quite sure that important files are backed up to a safe place then a re-format may be in order. Don't overlook things like e-mail, IE favorites etc.

If you want to try something in-between, you can do a clean install of XP, i.e. install it to a new folder (e.g. to c:\WINDOWS instead of C:\WINNT). Then when you're sure everything is running OK you can delete the old infected c:\WINNT folder. This will preserve your own files and put them at less risk, though a good backup is still highly recommended.

Also, don't forget to apply SP2 and all other updates from the Windows Update web site after reinstall.