HELP PLEASE.........not only did one burn up but got up this morning to work and this one would only go online. Attempted to run AVG and it would not work. Downloaded and reinstalled, came up with 14 virus's along with trojans in msdos.exe. Trojan remover would not work either. re-downloaded it also, computer is still not working. Programs will not open or run, only thing that will work is internet. I have ran test several times and nothing else is showing up. Ran Ad aware and nothing showed up. THis is the list of what AVG pulled out and supposedly fixed: BackDoor.Jeemp.A, Killav.F, BackDoor.Avstral.I, Downloader.Stubby.A, Dropper.Small.EJ, Downloader.Istbar.V, Dropper.small.FD, Downloader.Dyfica.T and Downloader.Dyfica.V. Several repeats of the above in other files. Reports that it Healed OK, but now keep getting msgsrv.32 message and hangs, dll failures and a bunch of other stuff. Short of a sledge hammer can anyone help...None of my programs will work, they go to opening screen and hang, cannot even load one from cd rom....desperate........Thanks in advance.

Good grief, where all have you been surfing and what have you downloaded? Have you tried running Housecall from TrendMicro? It may be able to help you. You say programs will not run, well, how did you get Ad-Aware to run? Or did you run it before all this started happening?

Okay things are getting really weird here. Something jumped into the other message, have no idea what, it happened when I was posting about what House call found. Will try this again: Housecall found 2 Uncleanables: JS NOCLOSE E in an internet temp file somewhere and Troj TARNO.A\msin32.dll Any help would be appreciated. I downloaded and ran Hijack this, but don't want to post that yet from what happened while it was running with previous post. I have never had this kind of crap happen. By the way Ad Aware runs on boot up automatically, that is how I got it to run. Any help would be appreciated.....

With uncleanable files, you usually have to just delete them, but not always I don't think. What happened to HijackThis? I definately think you're going to have to post the log so we can see just what in the world is going on.

Hijack this log: Logfile of HijackThis v1.97.7 Scan saved at 8:43:28 PM, on 1/29/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\MSTASK.exe C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.exe C:\WINDOWS\SYSTEM\PTUDFAPP.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.exe C:\WINDOWS\SYSTEM\RPCSS.exe C:\WINDOWS\SYSTEM\RNAAPP.exe C:\WINDOWS\SYSTEM\TAPISRV.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe C:\WINDOWS\TASKMON.exe C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.exe C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.exe C:\WINDOWS\LOADQM.exe C:\PROGRAM FILES\ELABORATE BYTES\CLONECD\CLONECDTRAY.exe C:\WINDOWS\SYSTEM\BMUPDATE.exe C:\PROGRAM FILES\INTERNET EXPLORER\MMX.exe C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe C:\PROGRAM FILES\SCANSOFT\PAPERPORT\CONFIG\EREG\REMIND32.exe C:\PROGRAM FILES\SBS\SMART ATTORNEY PRO\WORDPRO\LTSSTART.exe C:\PROGRAM FILES\MSAC-FD1\MSSTAT.exe C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.exe C:\WINDOWS\SYSTEM\WMIEXE.exe C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.exe C:\WINDOWS\SYSTEM\SPOOL32.exe C:\WINDOWS\SYSTEM\LEXBCES.exe C:\WINDOWS\SYSTEM\LEXPPS.exe C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.exe C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe C:\WINDOWS\SYSTEM\PSTORES.exe C:\WINDOWS\SYSTEM\DDHELP.exe C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.exe C:\PROGRAM FILES\WINZIP\WINZIP32.exe C:\WINDOWS\TEMP\HIJACKTHIS.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.voodoocreations.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.voodoocreations.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.voodoocreations.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.voodoocreations.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - Default URLSearchHook is missing O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.exe" +c O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\SYSTEM\BMUpdate.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [XiD] "C:\PROGRAM FILES\INTERNET EXPLORER\mmx.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background O4 - HKCU\..\RunOnce: [AVGW] C:\PROGRA~1\GRISOFT\AVG6\avgw.exe /RUNONCE O4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.exe O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Lotus QuickStart.lnk = C:\Program Files\SBS\Smart Attorney Pro\wordpro\ltsstart.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Startup: Memory Stick Monitor.lnk = C:\Program Files\MSAC-FD1\MSstat.exe O4 - Startup: PowerReg Scheduler.exe O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.exe O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {0C3F7D74-ADA5-4976-8908-A8189590DAFA} (3DGreetings.com Player 2.0) - http://www.expressit.com/Plugin/3DGreetings/vroom.CAB O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/16971d12e7e7207d0c20/netzip/RdxIE.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v40/wordcube/wordcube.cab O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaversion/005/latest/twophase.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://www.rimfiremedia.com/code//PWActiveXImgCtl.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37601.5759375 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/246293c5761c3f78b219/netzip/RdxIE601.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: Dice Derby by pogo.com - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = sitestar.net O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 205.160.234.1,205.160.234.10

Hi Lyn, Run HijackThis again and check the following item. Next, close all browser Windows, and have HT 'fix checked'. You Must restart your computer when you're done. O4 - HKCU\..\Run: [XiD] "C:\PROGRAM FILES\INTERNET EXPLORER\mmx.exe" After restarting delete the following file: C:\PROGRAM FILES\INTERNET EXPLORER\mmx.exe (http://securityresponse.symantec.com/avcenter/venc/data/trojan.analogx.html)

I had the same problem with DyFica.t. Tried adware removers and AVG. Kept coming back. Hit on this solution that I saw somewhere else and it worked. Win XP- went to system, system restore, checked 'turn of system restore on all drives', clicked yes to warning, closed it and rebooted. Gone! Then I undid all the above and am now running a clean machine. Hope this helps.