Easy enough Thanx because i have the fax dialog box open and there's a preference setting that allows me to turn on and off the sent and received items so i did that but i will just unplug it thanx.

I ran the hijack this and didn't find that 20 line ITS GONE!!!! Hopefully!!!

Thank You for all your help. I have to run some errands for a little while I'll be back on here later to check o n the status of the virus and will post a new hijack this log along with a spy sweeper log then.

Thank you
Greatly appreciate the work that you do. And the work that you did and are doing for me.

when i said it keeps moving around i meant that the virus or whatever literaly was moving, like to a different folder or somewhere.

It is quite likely that trojan agent winlogonhook is the reinfection agent responsible for what is happening.

That trojan was recently listed by Webroot as one of their top 10 trojan infections (March 2006):
http://www.webroot.com/resources/spy...s-march06.html (#7)

Trojan Agent Winlogonhook is a Trojan horse that may allow a hacker to gain unrestricted access to your computer when you are online.

You need to consider yourself potentially very compromised (passwords, banking info, etc.) and vulnerable (e.g. - identity theft or corporate espionage). You may want to consider backing up all important users files and doing a clean install (with all new passwords). You may never be able to be sure that the PC isn't forever compromised in some way.

Thank You I'll keep that in mind most definately while surfing. but i'm here to report that i think its gone !!!!!!!!!!!! Here are the log files for spy sweeper before the virus was gone and spy sweeper file 2 and hackthis, which is after the virus appears gone. Thank You for all your help i've been anxcious to get that off the computer thank you.
LOG_1
********
6:08 PM: | Start of Session, Thursday, April 27, 2006 |
6:08 PM: Spy Sweeper started
6:08 PM: Sweep initiated using definitions version 665
6:08 PM: Starting Memory Sweep
6:09 PM: Memory Sweep Complete, Elapsed Time: 00:01:09
6:09 PM: Starting Registry Sweep
6:09 PM: Registry Sweep Complete, Elapsed Time:00:00:22
6:09 PM: Starting Cookie Sweep
6:09 PM: Found Spy Cookie: 2o7.net cookie
6:09 PM: jadyne@coxhsi.112.2o7[1].txt (ID = 1958)
6:09 PM: Found Spy Cookie: tribalfusion cookie
6:09 PM: jadyne@tribalfusion[2].txt (ID = 3589)
6:09 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
6:09 PM: Starting File Sweep
6:32 PM: File Sweep Complete, Elapsed Time: 00:22:45
6:32 PM: Full Sweep has completed. Elapsed time 00:24:21
6:32 PM: Traces Found: 2
6:36 PM: Removal process initiated
6:36 PM: Quarantining All Traces: 2o7.net cookie
6:36 PM: Quarantining All Traces: tribalfusion cookie
6:36 PM: Removal process completed. Elapsed time 00:00:00
********
6:06 PM: | Start of Session, Thursday, April 27, 2006 |
6:06 PM: Spy Sweeper started
6:08 PM: | End of Session, Thursday, April 27, 2006 |


LOG_2
********
6:45 PM: | Start of Session, Thursday, April 27, 2006 |
6:45 PM: Spy Sweeper started
6:45 PM: Sweep initiated using definitions version 665
6:45 PM: Starting Memory Sweep
6:49 PM: Memory Sweep Complete, Elapsed Time: 00:04:28
6:49 PM: Starting Registry Sweep
6:50 PM: Registry Sweep Complete, Elapsed Time:00:00:19
6:50 PM: Starting Cookie Sweep
6:50 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
6:50 PM: Starting File Sweep
7:24 PM: File Sweep Complete, Elapsed Time: 00:34:12
7:24 PM: Full Sweep has completed. Elapsed time 00:38:35
7:24 PM: Traces Found: 0
********
2:20 AM: | Start of Session, Thursday, April 27, 2006 |
2:20 AM: Spy Sweeper started
2:20 AM: Sweep initiated using definitions version 665
2:20 AM: Starting Memory Sweep
2:20 AM: Sweep Canceled
2:20 AM: Memory Sweep Complete, Elapsed Time: 00:00:13
2:20 AM: Traces Found: 0
********
2:20 AM: | Start of Session, Thursday, April 27, 2006 |
2:20 AM: Spy Sweeper started
2:20 AM: | End of Session, Thursday, April 27, 2006 |

and finally. . .

Logfile of HijackThis v1.99.1
Scan saved at 7:36:40 PM, on 4/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Common Files\ISPCOMP\InstallService.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe
C:\Program Files\CompuServe 2000\cstray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Documents and Settings\Jadyne\Desktop\xili\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rhodeisland.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\Jadyne\Application Data\Mozilla\Profiles\default\eaj2cx9g.slt\prefs.j s)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Cs earchplugins%5Cgoogle.src"); (C:\Documents and Settings\Jadyne\Application Data\Mozilla\Profiles\default\eaj2cx9g.slt\prefs.j s)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Netscape\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -a
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CompuServe 2000 Tray Icon.lnk = C:\Program Files\CompuServe 2000\cstray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...ad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Thank you so very much for your inputit was extremely helpful. I will put 1 more post up tomorrow afternoon if everythings all well to let you know that its finally off. Thank you again and have a great year.

Sorry, I was in a car accident. I just got back on the computer today. but my girl says she's been using it and she believes it to be gone, she hasn't seen a pop-up or had a serious bog down or lag on the computer. Thank you once again. I will be posting a new thread in a week or so from my sisters computer. I've praised this site and now that this computer is fine she's beggin me to come over and get hers up and running. So thank you very much everyone over here appriciates what you do very much. Have a great year!!!!