A friend of mine came over the other night and was on my computer while I was sleeping.
I wake up the next morning and he says "Yo, I don't know what happened but I was watching videos and talking to this chick on myspace when all of a sudden I got all these popups and now your computer's like this..."
I got this new icon I haven't gone into on my desktop called "TagASaurus" and a new "game" in my start menu called "Yazzle Sodoku".
I ran spybot and it comes up with "wwwcoolsearch" and also "SurfSideKick".
I choose to fix all and it gives me an error on the "Surfsidekick" saying it is still in memory so it can't delete it.
It even does this when I set spybot to scan on system startup.

On normal startup when I Control/Alt/Delete it shows a ton of things under applications and when I close one it just reopens itself

I'll restart my pc after this post and get someone of names of these.

I managed to download "Hijack This" and it tells me to post the log at some forums before "fixing" anything but I couldn't get those forums to load so I came here.

This is the logfile if it helps.

Please do not post HJT Logs in your post, but add them as an attachement.
I've done that this time for you. (Bluefish)

These are the programs under the Ctl/Alt/Delete "Applications".
I'm unsure if there were other programs because it wouldn't let me scroll up and down.

wuauclt.exe
e9c5.tmp
nowby.exe
logopod.exe
xegwyu.exe
spoolsv.exe
naigjc32.exe
wmiprvse.exe
shellbn.exe

Hi eb1920!

As mentioned, please do not post HJT Logs in your post.
Please wait until on of our Security Team members is online to take a look at your Log

Blue

Spybot says "Surfsidekick" is still running.
And when I try and close things in Ctl/Alt/Dlt it just reopens

Hya Eb1920 , welcome to PCHF.

I highly doubt that you are being honest here.. This pc is infected with dozens infections and no AV , no firewall , and no service packs installed...

Please follow the SSK removal instructions here:

http://www.bleepingcomputer.com/forums/topic9549.html

Then do a Panda AV scan here:

http://www.pandasoftware.com/products/activescan

And save the log from it , post that later.

Download Smitrem to your desktop:
http://noahdfear.geekstogo.com/click...click.php?id=1
Run the installer and then press Start to Extract the
files to the desktop, Do not run it yet.

Reboot into safe mode (Reboot and keep tapping F8 , then
choose safe mode from the list)

Run SmitRem:
Open the SmitRem folder and double click the "RunThis.bat" file to start the tool. Follow the prompts on screen , wait for the tool to complete , and disk cleanup to finish.

The tool will create a log named smitfiles.txt on the drive that you ran Smitrem on, eg; "C:\smitfiles.txt" , or the partition where your operating system is installed on.
Please attach this log to your next reply.

Note: XP users using the XP theme may ex-perience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.


You will need to reload your wallpaper as the SmitRem
tool will reset it, you can do this by right clicking
desktop and choosing properties, First check Theme and
set it to Windows XP then click the Desktop tab and
choose the one you want to use and press apply.

Then follow the instructions in the "Prework" link below and when done post the Ewido log , the Smitrem log , the Panda log , and a new Hjt log.