hi,i donīt know why and from where but i got few trojans on my machin since yesterday i guess! these are the trojs which AVG tells me : DOWNLOADER.DYFICA.H DOWNLOADER.DIA.A TROJ_MSCACHE.A and i think there is one more too! can anybody tell me what to do?? iīve run AVF but it couldnīt remove it! iīve run Spyboot but it couldnīt remove it! iīve run AdAvare but it couldnīt remove it! iīve run Ontrack FixIt but it couldnīt remove it! here is my HijackThis log: Logfile of HijackThis v1.97.7 Scan saved at 19:25:09, on 06.11.2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\system32\LEXBCES.exe C:\WINDOWS.0\system32\spoolsv.exe C:\WINDOWS.0\system32\LEXPPS.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINDOWS.0\system32\crypserv.exe C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe C:\WINDOWS.0\System32\nvsvc32.exe C:\WINDOWS.0\System32\svchost.exe C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe C:\WINDOWS.0\Explorer.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\WINDOWS.0\System32\ezSP_Px.exe C:\Programme\Logitech\iTouch\iTouch.exe C:\Programme\Lexmark X5100 Series\lxbabmgr.exe C:\WINDOWS.0\System32\ctfmon.exe C:\Programme\Lexmark X5100 Series\lxbabmon.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\ARS Sales Remote\adrev_SalesRemote.exe C:\PROGRA~1\Ontrack\Fix-It\Fix-It.exe C:\Dokumente und Einstellungen\MrLoverLover\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CLG9YRK9\hijackthis[1]\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rtl.de/net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.xxl-tgp.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.lycos.de/ R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = , R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = , R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINDOWS.0\System32\n3tpa1.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: Window Shades - {B5B57F4F-EFA5-11D4-A971-444553540000} - C:\PROGRA~1\GMMCOM~1\WINDOW~1\WINDOW~1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.0\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS.0\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS.0\system32\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\Ontrack\Fix-It\MemCheck.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS.0\System32\ezSP_Px.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Programme\Lexmark X5100 Series\lxbabmgr.exe" O4 - HKLM\..\Run: [asmansr] C:\WINDOWS.0\System32\asmansr.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\ctfmon.exe O4 - HKCU\..\Run: [YAW starten] "c:\programme\yaw 3.5\fast.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.exe" /background O4 - HKLM\..\RunOnce: [WSFTPRebootAction1] C:\WINDOWS.0\System32\regsvr32 -s "C:\Programme\WS_FTP Pro\nsftpch.dll" O4 - HKLM\..\RunOnce: [WSFTPRebootAction2] C:\WINDOWS.0\System32\regsvr32 -s "C:\Programme\WS_FTP Pro\wsbho2K0.dll" O4 - HKLM\..\RunOnce: [WSFTPRebootAction3] C:\WINDOWS.0\System32\regsvr32 -s "C:\Programme\WS_FTP Pro\wsftpsi.dll" O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - HKCU\..\RunOnce: [ICQ] C:\Programme\ICQ\Icq.exe -trayboot O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: ICQ Lite (HKLM) O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.rtl.de/net O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot4_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D} (preload control) - http://www.thepaymentcentre.com/build/preload.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/download.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{3E8AB971-F86E-45CF-A6A0-22BEF54E81D9}: NameServer = 62.225.252.16 194.25.2.129 Hope sombody can help me out of it,i go crazy,hehe! thank you very much,bye bye

Denis, Is it possible that the viruses found were on the other installation of XP on your C drive, it would appear that you have two installed on the same partition. Do you get a choice of which installation to boot at startup? Run anti virus on both. The water is getting over my head here, just some thoughts. Anyway..... These have Hijack This fix with all windows closed except HJT: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.xxl-tgp.com/ R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINDOWS.0\System32\n3tpa1.dll O4 - HKLM\..\Run: [asmansr] C:\WINDOWS.0\System32\asmansr.exe Maybe some of the brighter lights will respond. hth shep