Hello. And thank you in advance for help with this. It is driving me crazy. This forum looks great and I am excited as well as gracious to have found it. Below is my Hijack This log:

Logfile of HijackThis v1.98.2
Scan saved at 8:39:39 AM, on 8/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\documents and settings\knox\local settings\temp\mjwOwZ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\documents and settings\knox\local settings\temp\6.exe
C:\documents and settings\knox\local settings\temp\mjwOwZ.exe
C:\documents and settings\knox\local settings\temp\6.exe
C:\WINDOWS\vmmreg32.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Documents and Settings\knox\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\knox\Local Settings\Temp\xM.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [mjwOwZ] C:\documents and settings\knox\local settings\temp\mjwOwZ.exe
O4 - HKLM\..\Run: [AutoLoaderrxt11IMjXLKJ] "C:\WINDOWS\System32\faxsic.exe" /PC="AM.WILD" /HideUninstall
O4 - HKLM\..\Run: [r22j36R] faxsic.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [6] C:\documents and settings\knox\local settings\temp\6.exe
O4 - HKLM\..\Run: [mjwOwZ.exe] C:\documents and settings\knox\local settings\temp\mjwOwZ.exe
O4 - HKLM\..\Run: [6.exe] C:\documents and settings\knox\local settings\temp\6.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [vmmreg32] C:\WINDOWS\vmmreg32.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: BOINC.lnk = D:\BOINC\boinc_gui.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

Thanks again,
Knox

Hello,
Close all browser windows, restart Hijack This and put a checkmark next to the following entries:
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\knox\Local Settings\Temp\xM.dll
O4 - HKLM\..\Run: [mjwOwZ] C:\documents and settings\knox\local settings\temp\mjwOwZ.exe
O4 - HKLM\..\Run: [AutoLoaderrxt11IMjXLKJ] "C:\WINDOWS\System32\faxsic.exe" /PC="AM.WILD" /HideUninstall
O4 - HKLM\..\Run: [r22j36R] faxsic.exe
O4 - HKLM\..\Run: [6] C:\documents and settings\knox\local settings\temp\6.exe
O4 - HKLM\..\Run: [mjwOwZ.exe] C:\documents and settings\knox\local settings\temp\mjwOwZ.exe
O4 - HKLM\..\Run: [6.exe] C:\documents and settings\knox\local settings\temp\6.exe
O4 - HKCU\..\Run: [vmmreg32] C:\WINDOWS\vmmreg32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

The following are optional fixes:
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
Updater for Sun Java, can be run manually and not needed

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Resource hog that launches common MS Office components to help speed up the launch of Office programs. Some users claim there's no difference with or without it but it isn't required anyway. Different filenames used for different variants

Click Fix Checked

Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

Delete the following files:
C:\WINDOWS\System32\faxsic.exel
C:\WINDOWS\vmmreg32.exe

Then go to C:\documents and settings\knox\local settings\temp\ and once in the folder, click Edit>Select All and press the delete key. When you have finished, the folder should be empty. Don't delete the folder itself though.

Then reboot and post a fresh log

Thank you so very much for your help. I took care of everything on your list except I couldn't find C:\WINDOWS\System32\faxsic.exe. I am posting the new log below. I appreciate the help, once again.

Knox

Logfile of HijackThis v1.98.2
Scan saved at 10:26:22 AM, on 8/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Documents and Settings\knox\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: BOINC.lnk = D:\BOINC\boinc_gui.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE