Just a newbie question. Would those funny.vxd files exist in windows or systems directory be part of the culprit? Those are working as "driver" would be able to hide itself from file system and hence any all higher level processes such as antivirus wouldn't be able to find them?