Did you ensure that all hidden files are viewable (see post #4)? Did you try searching for (Start>Search)?

gimmysmileys.exe
tDpi.dll




Please download, install, update and scan your system with the free (trial) version of Ewido trojan scanner:

1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.

REBOOT.




Please do an online scan (scan only tool) with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  • Scan using the following Anti-Virus database:
    - Extended (if available otherwise Standard)
  • Scan Options:
    - Scan Archives
    - Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

here is the log for Ewido trojan scanner

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:11:26 PM, 3/7/2006
+ Report-Checksum: 4AFB197D

+ Scan result:

[1308] C:\WINDOWS\system32\dnsenh.dll -> Adware.Look2Me : Error during cleaning
[2004] C:\WINDOWS\system32\dnsenh.dll -> Adware.Look2Me : Error during cleaning
[948] C:\WINDOWS\win3208421-2141475.exe -> Downloader.VB.tw : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\ggxbk3e1.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\ggxbk3e1.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\ggxbk3e1.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\ggxbk3e1.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\ggxbk3e1.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\ggxbk3e1.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\ggxbk3e1.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\ggxbk3e1.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\ggxbk3e1.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\ggxbk3e1.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\ggxbk3e1.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\ggxbk3e1.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\ggxbk3e1.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\ggxbk3e1.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\ggxbk3e1.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
C:\WINDOWS\ms05475421-21412006.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\system32\fp0u03d9e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\fpr2039oe.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\g240lchm1f4a.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\gp8ul3l91.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\h8j4li1q18.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\win3208421-2141475.exe -> Downloader.VB.tw : Cleaned with backup


::Report End

Originally Posted by VopThis

Did you ensure that all hidden files are viewable (see post #4)? Did you try searching for (Start>Search)?

gimmysmileys.exe
tDpi.dll

yes and yes

Please download the latest version of Look2Me-Remover.exe to your desktop.
http://www.atribune.org/ccount/click.php?id=7

* Close all windows before continuing.
* Double-click Look2Me-Remover.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Remover will close and re-open in approximately 10 seconds. Click OK
* When Look2Me-Remover re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Remover will now shutdown your computer, click OK.
* Your computer will then shutdown.
* Turn your computer back on.
* Please post the contents of C:\Look2Me-Remover.txt and a new HiJackThis log.

If you receive a message from your firewall about this program accessing the Internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/im...WINSCK.OCX



Please run the Kaspersky scan requested in post #11.



Post your latest HijackThis log and any current observations.