Howdy folks! Just got done cleaning one nasty one off my wife's PC. Looks like it came from hijack of dailykos.com Trail: If you have these in C:\windows\system32: hajutuki.dll jihayefo.dll tahalopu.dll sumonibe.dll Those 4 I had to clean out, winpatrol kept popping up asking to allow them to RUN at startup and BillP's website had 0 info on any of them, another good sign they are malware/virus. Look up winpatrol if you are confused. 8) All 4 were read only, and couldn't delete even in safe mode, except 1 (tahalopu.dll) I pulled her HD, hooked it up to my system, replaced all 4 with 3 byte files with attributes: Read Only/System, so they won't be overwritten, and cleaned ALL the registry entries with the 4 files, once I rebooted with it back in her system, there were over a dozen entries total. Her PC is now clean... Oh yeah: Looks like they tried to phone home to 188.8.131.52 which is in Belgium. I have prevent in for that evil stuff also, fortunately. 8) I ran my anti-virus scan on C:\windows (inclusive) and it picked up nothing, 8( Forgot to mention this was via Firefox 3.5, we quit using IE, since about Firefox .92 beta.