I am not sure what this thing is called but this virus installs a search bar right below my IE address bar. The "home address" for that bar is http://lop.com. Also, when I start IE i get this bar above my taskbar on the bottom of the screen and i have to close it everytime. That is not all... somehow there are 2 instances of IE running excluding the IE I am running atm and if I try to "end task" those 2 "imaginary IEs" they just suddenly reappear. I tried Adware, cwshredder and nada. Spybot only cleared up the bad links in favorites and that is all. I used HIJACK This and here is the log: Logfile of HijackThis v1.98.0 Scan saved at 12:56:11 AM, on 7/28/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe c:\Program Files\NavNT\defwatch.exe c:\Program Files\NavNT\rtvscan.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\NavNT\vptray.exe C:\WINDOWS\System32\ctfmon.exe c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\System32\MsgSys.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\dhsvr.exe C:\Program Files\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\Documents and Settings\Shouryuujo\Desktop\stuff\hijackthis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {49856311-AC3D-F931-1A64-22647B69E3CF} - C:\PROGRA~1\COOLHO~1\Dent proc.exe O2 - BHO: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /IMEName O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe O4 - HKLM\..\Run: [Mapi Inter] C:\PROGRA~1\ARMYFACE\BallWebHold.exe O4 - HKLM\..\Run: [vptray] c:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [qcap] C:\WINDOWS\System32\qcap.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O8 - Extra context menu item: &Download the file(s) in D.S.Code - C:\Documents and Settings\Shouryuujo\Desktop\DSLite2\dl_text.html O8 - Extra context menu item: &Download the file(s) in D.S.Code-File - C:\Documents and Settings\Shouryuujo\Desktop\DSLite2\dl_url.html O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\Shouryuujo\Desktop\DSLite2\DSLite.exe (file missing) O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\Shouryuujo\Desktop\DSLite2\DSLite.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.rpi.edu/rpinfo O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {FE4BBEA8-1EFD-4B8A-BD1B-341CCDBEEAA6} (Dhsigned Control) - http://ads.dealhelper.com/updates/DealHelperNew.cab One thing for sure is that "C:\PROGRA~1\COOLHO~1\Dent proc.exe" is related to the virus but I can delete the .exes in that folder. I get "access denied" when i try to. I tried running my XP on Diagnosis mode but no luck and those IE "dummies" also appeared. Can someone help me out please? I am getting tired of these viruses. THanks a bunch!

bump. please help me out! thanks

hi sha, it is obvious that you have some spywares installed on ur pc. some are very obvious , O2 - BHO: (no name) - {49856311-AC3D-F931-1A64-22647B69E3CF} - C:\PROGRA~1\COOLHO~1\Dent proc.exe O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /IMEName O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O8 - Extra context menu item: &Download the file(s) in D.S.Code-File - C:\Documents and Settings\Shouryuujo\Desktop\DSLite2\dl_url.html O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\Shouryuujo\Desktop\DSLite2\DSLite.exe (file missing) O16 - DPF: {FE4BBEA8-1EFD-4B8A-BD1B-341CCDBEEAA6} (Dhsigned Control) - http://ads.dealhelper.com/updates/DealHelperNew.cab Then locate this folder and delete it as well: C:\PROGRAM FILES\FLASHGET\ C:\WINDOWS\dhsvr.exe i woule really recommend that you install spybot and run it. you also should do a freeonline anti virus scan. http://www.pandasoftware.com/activescan/ in case if you cant delete any of the files, try to go to safe mode and locate the files.

Hi and thanks for the response. Yeah some of them are obvious but so close yet so far as spybot doesnt pick them up AND safe mode doesnt give me permission to delete them... i got panda running last night and i will check it when i get home. The flashget btw is actually something i want- well the software at least... Any ideas people?

i understand that you like the program, it is like kazza, but u get to understand it carries spywares with it. here read this http://downloads-zdnet.com.com/FlashGet/3000-2071_2-10280660.html so this is really up to u. is ur spybot up to date? yes try to run panda and see what u can get. u also try to flush ur system restore, but make sure to enable it back. here is some tips that u should look at. http://www.annoyances.org/exec/forum/winxp/1088399353

If you re going to use Spybot and Adaware you have to update them about every three days. Safer File Sharing: http://www.spywareinfo.com/articles/p2p/ Thresher