wow, i cant post any help to anyone anywhere unless i post a thread? and even then you cant reply unless your an admin? how is this a forum? more like a dictatorship to me. cant reply by way of private message unless you post 5 times or more, lol!! bs, i posted 6 times and still cant private message this guy who could use my advice. too bad for him i guess. well ill post what i know about this thing and hopefully the admins don't pull it cause im actually tring to help someone with out reformatting. hopefully the guy sees my post. at any rate, this little nasty along with a few others took a hold of my log in file so i couldn't delete it in safe mode even. i used :hijackthis, smaudfix, vindofix,combofix,spybot,adaware, and nortons virus. nothing caught it all. 2 or 3 files none of these programs saw. dlls actually. heres a list of them. C:\WINDOWS\17PHolmes922.exe C:\WINDOWS\mrofinu922.exe C:\WINDOWS\SmFzb24gUGllcmFudG96emk\mAIWvZb0o355wAI Rx36dyA4.vbs C:\WINDOWS\system32\byxxyya.dll C:\WINDOWS\system32\dvaywcwd.dll.vir C:\WINDOWS\system32\efccaxx.dll C:\WINDOWS\system32\nnnlkjg.dll C:\WINDOWS\system32\nnnllji.dll.vir C:\WINDOWS\UpdReg.EXE C:\WINDOWS\system32\ssqrppo.dll C:\WINDOWS\system32\ddccy.dll C:\WINDOWS\NirCmd.exe C:\Program Files\WS_FTP Pro\wsbho2k0.dll ssqrppo.dll was reinstalling everything i deleted. this was the file that kept everything going. was allso embedded in the winlogin file that runs your loging in to windows, this is in safe mode as well!! Safemode did nothing for me. in the end i removed the offending .dll with my copy of wininternals. i suppose you could remove the .dlls in dos as well im thinking. BTW, just because HJT is clean dosent mean there HD is, lol!!!!!