Recently two programs have come up when i hit Alt+Ctrl+Delete, Mssearchnet.exe and Nvctrl.exe, and i get a warning from my computer telling me that there is a trojan called iworm_attck_v122.02a on my computer. i click the warning and it takes me to some page called spytrooper or skytrooper, which it opens an Internet Explorer window to go to(default browser is Mozilla Firefox). Any help to remove this stuff would be very appreciated. If you need any further info please post what you need and i will be more than happy to pull it up and post it. Isn't Microsoft Works and oxymoron?

Bobobo1, Run this free online scan from Panda If you think you have vundo or winfixer download SpySweeper from this link http://www.spywaredb.com/remove-win32-vundo-522752trojan/ Choose download SpySweeper from this line: Delete Win32/Vundo.522752!Trojan automatically >>> Get PestPatrol or Download SpySweeper at the above link Then download and run ccleaner to clean out all your temp files. Make sure there is not anything in the recycle bin that you need as ccleaner will delete recycle bin items unless checked not to do so.. Then download,update and run these spyware removal programs Adaware SE and once you get it updated go back to the link and install the vx2 cleaner and follow the directions to install it the run it. This updated tool will remove most vx2 infections including Look2Me. Spybot cwshredder use the stand alone version. You will most likely need to post a Hijack This log so that the files associated with the virus can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed. Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor. Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Here is my HJT info to see if it helps, i did all you said and this is what came up from HJT. Logfile of HijackThis v1.99.1 Scan saved at 9:32:02 PM, on 11/5/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\nvctrl.exe C:\WINDOWS\system32\mssearchnet.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeper.exe C:\Program Files\EarthLink TotalAccess\Spyware Blocker\WRSSSDK.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Documents and Settings\Shawn Payne\Start Menu\Programs\My Documents\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.syserrors.com/ O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} - C:\WINDOWS\system32\hp1826.tmp O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\AIM.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{10702DA0-02FD-4464-BA97-6D5E919D81DB}: NameServer = 207.69.188.185,207.69.188.186 O17 - HKLM\System\CCS\Services\Tcpip\..\{8831DE2F-C682-4783-8A54-FD5B757F8B6F}: NameServer = 207.69.188.185,207.69.188.186 O17 - HKLM\System\CS2\Services\Tcpip\..\{10702DA0-02FD-4464-BA97-6D5E919D81DB}: NameServer = 207.69.188.185,207.69.188.186 O17 - HKLM\System\CS3\Services\Tcpip\..\{10702DA0-02FD-4464-BA97-6D5E919D81DB}: NameServer = 207.69.188.185,207.69.188.186 O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\EarthLink TotalAccess\Spyware Blocker\WRSSSDK.exe Isn't Microsoft Works an oxymoron?

Bobobo1,I know the is a little long,might help to print it.And remember once you get into safe mode stay in it intil you finish these steps. Download SmitRem.exe and save the file to your desktop. Doubleclick it and choose install. This will create a new folder on your desktop with the name smitrem. Don't run it yet. Please download this trial version of Ewido Security Suite Please read Ewido Setup Instructions Install it, and update the definitions to the newest files. Do not run a scan yet. Reboot into Safe Mode. To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key. Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following then press "fix checked": R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.syserrors.com/ do you know what this is O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} - C:\WINDOWS\system32\hp1826.tmp O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) Navigate to the following folder and delete it if found: C:\PROGRA~1\COMMON~1\System\MOSearch Go to add/remove programs and uninstall "Weatherbug". * Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. Now open Ewido Security Suite Click on scanner Click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK When the scan is finished, look at the bottom of the screen and click the Save report button. Save the report to your desktop Close Ewido Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab > uncheck and delete everything you find in there. (except for "My current home page") Reboot back into Windows. Run this free online scan from Panda

Ok heres what you do. Boot into Safe mode. Go to windows\system32 delete mssearchnet delete everything in your prefetch folder so it doesn't come bach { windows prefetch } run spybot at next boot run ccleaners regcleanup, reboot, I had it, got it with spyaxe and had to get an uninstaller special from their site. think this is <h1>it</<h1>. www.spyaxe.com\download\uninstall1.zip I'm luke i'm 5 and my dad's Bruce Lee. We're holding up the bypass. Me and my dad having a top laugh. And I'm sitting on the toolbox. While im glad im not at school.