I so I am cleaning this computer that had a bunch of spy ware installed on it, included auora/nail I ran thorugh the removal steps in the forms (thanks guys) and was able to clean most of it off. I dont see any abnormal services running on boot but some how I still getting spyware activity. Couple of things that are happening: 1) I am still reciving cookies related to Look2Me and SurfSideKick. 2) under some unknown cirumstances AppWrap.exe ends up reappearing in the IE temporary internet folder. 3) HTTP requests are being redirected to ports 1052-1100 > 80. I have pretty much ran every removal tool I can think of and Im thinking my only solution is to run a System File replace in windows xp. I was wondering if anyone has heard of the proxy thing and if there was a way to remove it, because I think thats were I am receiving the infections. Any help would be appericated. I Will post my HiJackThis logs when I get to the location shortly.