When I run an deep scan on my system it shows three alarms: pos id <adv>: Possible webDownloader in C:\documents and settings\all users\documents\ss.exe pos id; Demo.Leaktest 1.1 (not a trojan): File: C:\documents and settings\monty\my documents\my received files\leaktest.exe susicious filename: Dual extensions File: C:\program files\kazaa\my shared folder\procreate knockout v.2.0.exe What do I do to run the advanced analysis on the possible webdownloader? Do i just delete the demo.leaktest? What about the dual extensions? Most importantly though, the Memory Mutex scan shows no mutex trojans. However, when I use SysInternals Process Explorer it shows several svchost.exe processes that show Mutant entries. Also, when I pull up the properties a few of them show a Logon SID (S-1-5-5-0-616890 under the Group entry, not to mention the NT AUTHORITY\Authenticated users. I have been working on this for weeks now because originally my system was acting funny and it showed a lot of processes running. However, no amount of scans could find anything. Nor could anyone at the pcpitstop forums. Can you help me? Thanks!