CWS and trj/Startpage.DI and ED This is the trickiest spyware/CWS/virus/trojan I've ever had to deal with. I need serious expert help here! What happens is that every day (24hr cycle?) my Panda Titanium pops up saying it neutralized trj/Startpage.DI. And it won't happen again until the next day. You can read up on trj/Startpage.DI all you want, but there is something else that is still here, that keeps reinfecting me. Here are the strait facts of what I've noticed: 1. It infects upon opening of a browser or pressing the home page button. Panda will catch it about 2 seconds after opening a browser. 2. It creates 1 random DLL in Windows\System32. 3. It also creates a BHO object which is the DLL and which Panda deletes. But also it creates various entries linking IE to the DLL. 4. Also, after Panda deletes it, and I remove about 6 or 7 items from HJT, CWShredder will find and remove "CWS.Searchx". 5. Now, just as I started this message, Panda caught 2 trj/Startpage.DE one after the other (about 1min apart). 6. It comes only once each day, but if I set my clock ahead one day and reopen the browser, I can get it to reinfect. 7. After using HJT, BHO captor, CWShredder, Diamond TDS-3, various anti-spyware "restricted sites" lists, a program called "pv" to reset Hosts files and a couple other things, resetting winsock with an LSP fix tool, doing multiple and different online virus scans from Panda, Bitdefender, and TrendMicro, looking through my running processes and system startups, I CAN'T FIND THE FREAKING THING! I'm sure I've done even more than that too. Note that I do run a web server and SQL server, but I keep my startups and so forth clean. I am behind a firewall to the Internet but often will have "questionable" or even dirty machines on the same internal network. However this has been happening for a while and those internal machines are always changing. The infection is on my machine somewhere. This thing shows itself as a virus and as CWS. But where does it come from? It can't be in the winsock because I've reset it with WinsockXPFix. I suppose it could be hijacked right into IE itself, but then why wouldn't it reinfect more often than once a day? I open and close browsers many many times a day, but it only catches it once a day. I will post some logs in new threads.