Here is my problem, when I start my PC some InternetExplorer process connects automaticly without prompting a new window at web adress www.online-dialer, then when the process has established connection, it opens my Outlook express and sends some emails to @online-dialer.com without prompting any windows. Even if I kill the InternetExplorer processes they try again and again to connect. The only way to dectect this activity is by looking at the Task Manager. I've ran SpyBot, CWshredder and Ad-aware (with the latest updates) and installed all Microsoft Windows Updates Here is my HijackThis Log File Logfile of HijackThis v1.97.7 Scan saved at 19:21:16, on 2003-12-15 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\Explorer.exe D:\MATLAB6p1\webserver\bin\win32\matlabserver.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\System32\CTHELPER.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe C:\Program Files\Winamp3\winampa.exe C:\Program Files\Messenger\msmsgs.exe C:\windows\rundll32.exe D:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Internet Explorer\IEXPLORE.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\System32\taskmgr.exe D:\Mes Documents - Frédéric\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infinit.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www2.canoe.com/index.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = , O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.exe O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe /run O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [rundll32] C:\windows\rundll32.exe O4 - HKCU\..\Run: [Spyware-Cop] "D:\PROGRA~1\SPYWAR~1\Spyware-Cop.exe" /s O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.exe O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Console Java (Sun) (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37872.4709143518 O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312 O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://www.paltalk.com/prod/RegDload.CAB O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{45D246CC-7BFB-4E2D-9890-708947A53B0C}: NameServer = 24.200.243.234,24.200.243.243

"I've ran SpyBot, CWshredder and Ad-aware (with the latest updates) and installed all Microsoft Windows Updates" That was like shouting. Most recent update: MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) The version in your log: MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) They can spot something else at this site. http://www.spywareinfo.com/forums/

Run HijackThis again and place a check in the box next to the following items. Next, close all browser Windows, and have HT 'fix checked'. You Must restart your computer when you're done. O4 - HKCU\..\Run: [rundll32] C:\windows\rundll32.exe After restarting delete C:\windows\rundll32.exe

thx alot ! that was indeed the problem