Hi again. Sorry , i bet you're sick of seeing me around! Well, the problem is this: I was searching on google for the price of a dvd product and i clicked on a website. It was some warez site and before i knew it, it downloaded something and me being me didn't notice until it was too late. Now i keep getting random pop ups. Just wondering if anyone can help, here is my log: (thanks!)

Logfile of HijackThis v1.99.1
Scan saved at 00:44:44, on 02/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\program files\topthemesxp\txp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Si\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 195.13.63.187 irc.westwood.com
O1 - Hosts: 195.13.63.187 servserv.westwood.com
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\Wireless\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86"
O4 - HKLM\..\Run: [EPSON Stylus C86 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P32 "EPSON Stylus C86 Series (Copy 1)" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [TXP] c:\program files\topthemesxp\txp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: sfklg.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Wireless Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Hello again bizarrebob


1. Copy and paste this bold box text into a text editor such as Notepad.



2. Save this text as ResetAppInit.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop. Include the word REGEDIT4

3. Double-click on ResetAppInit.reg. When it asks you to merge the information to the registry click Yes.


4.
Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O4 - HKLM\..\Run: [TXP] c:\program files\topthemesxp\txp.exe
O20 - AppInit_DLLs: sfklg.dll

Close ALL windows and browsers except HijackThis and click "Fix checked"

Delete these Files if listed:
C:\program files\topthemesxp\txp.exe


5.Empty Recycle Bin

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

thanks for helping. Just before i restarted i got a few pop ups saying about ''Win Antivirus''. I've not had any since the last restart. Here is latest log file:

Logfile of HijackThis v1.99.1
Scan saved at 02:05:08, on 02/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Documents and Settings\Si\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 195.13.63.187 irc.westwood.com
O1 - Hosts: 195.13.63.187 servserv.westwood.com
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\Wireless\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86"
O4 - HKLM\..\Run: [EPSON Stylus C86 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P32 "EPSON Stylus C86 Series (Copy 1)" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Wireless Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

That looks good there.

Lets give it some time and see if all is still OK

great. Thanks LDTate

So far, i've only had one. But i think the pop up problem is still here. It seems very rare until they come up, but i'll run some anti-spyware software, see if that makes a difference. If you've got any other ideas i'd be very grateful.

Cheers

just bumping this back up

Still keep getting the odd pop up. Smiley central has came up, and a few other random things. I haven't downloaded smiley central, but i think whatever i did download is getting all these pop ups to pop up...

This post has been edited by bizarrebob: Jan 2 2007, 01:37 PM

Download AVG Anti-Spyware from HERE and save that file to your
desktop.
This is a 30 day trial of the program

1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop
   and double-click it to launch the set up program.
2. Once the setup is complete you will need run ewido and update the definition
   files.
3. On the main screen select the icon "Update" then select the "
   Update now" link.
   • Next select the "Start Update" button, the update will start and a
     progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of
   the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then
   select ""Quarantine".".
6. Under "Reports"
   • Select "Automatically generate report after every scan"
   • Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

1. Reboot your computer into SafeMode. You can do this by restarting
   your computer and continually tapping the F8 key until a menu appears.
   
   Use your up arrow key to highlight SafeMode then hit enter.
   IMPORTANT: Do not open any other windows or
   programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab
   then click on "Complete System Scan".
4. ewido will now begin the scanning process, be patient this may take a little
   time.
   Once the scan is complete do the following:
5. If you have any infections you will prompted, then select "Apply all
   actions"
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower left hand of the
   screen and save it to a text file on your system (make sure to remember where
   you saved that file, this is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the
   results of the AVG Anti-Spyware report scan along with a new HijackThis log.

Im scanning now but i thought i'd let you know. My Norton Anti-virus keeps saying i've got some trojans. one of them was described as a Trojan.Vundo, here is the explanation for it:

Discovered: November 20, 2004
Updated: August 25, 2006 10:17:14 AM GDT
Also Known As: Vundo [McAfee], Vundo.dldr [McAfee]
Type: Trojan Horse
Infection Length: varies
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Trojan.Vundo is a component of an adware program that downloads and displays pop-up advertisements. It is known to be installed by visiting a Web site link contained in a spammed email.

Note: Virus definitions released prior to November 20, 2004 may detect this threat as Adware.VirtuMonde.

Protection

* Virus Definitions (LiveUpdate™ Weekly) November 23, 2004
* Virus Definitions (Intelligent Updater) November 20, 2004

Threat Assessment
Wild

* Wild Level: Medium
* Number of Infections: 50 - 999
* Number of Sites: More than 10
* Geographical Distribution: Medium
* Threat Containment: Easy
* Removal: Difficult

Damage

* Damage Level: Medium
* Degrades Performance: Degrades virtual menory and runs unauthorized processes.
* Compromises Security Settings: Download a file from the internet

Distribution

* Distribution Level: Low

Writeup By: John ParkSergei Shevchenko


And thats what i'm getting. Random pop-ups! Right i'll do the scan and let you know the results soon

Hopefully the scan will show it. If not we'll try some others.

Sorry it took so long, the scan took about 3 hours 30 mins! Here is the Hijack this log and then the report scan:

Logfile of HijackThis v1.99.1
Scan saved at 15:30:26, on 03/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Si\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 195.13.63.187 irc.westwood.com
O1 - Hosts: 195.13.63.187 servserv.westwood.com
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\Wireless\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86"
O4 - HKLM\..\Run: [EPSON Stylus C86 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P32 "EPSON Stylus C86 Series (Copy 1)" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Wireless Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:23:27 03/01/2007

+ Scan result:



C:\System Volume Information\_restore{72A08AE4-2E1A-43F3-874B-47217ED7316B}\RP62\A0009942.exe -> Backdoor.Bifrose.aas : No action taken.
C:\System Volume Information\_restore{72A08AE4-2E1A-43F3-874B-47217ED7316B}\RP69\A0010619.exe -> Dropper.Agent.azn : No action taken.
C:\System Volume Information\_restore{72A08AE4-2E1A-43F3-874B-47217ED7316B}\RP69\A0010533.exe -> Dropper.Zlob : No action taken.
C:\System Volume Information\_restore{72A08AE4-2E1A-43F3-874B-47217ED7316B}\RP70\A0010876.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : No action taken.
C:\Program Files\WinRAR\WinRAR v3.51_Patch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
:mozilla.301:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.253:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.427:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.89:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.91:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Si\Cookies\si@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.117:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.118:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.119:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.120:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.121:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.180:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.181:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Si\Cookies\si@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.94:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.95:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.374:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.378:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.184:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.185:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.186:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.190:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.191:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.379:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Adviva : No action taken.
:mozilla.65:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Si\Cookies\si@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.384:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.187:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.188:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.189:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.345:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.346:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.347:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.348:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.349:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.350:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.107:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Si\Cookies\si@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.55:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Si\Cookies\si@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.196:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.197:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.211:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.212:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.383:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.385:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.386:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.387:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.228:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.229:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.230:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.35:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.36:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.37:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.38:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.39:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.40:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.41:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.42:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.43:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.219:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.220:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.221:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.261:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.425:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.390:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.304:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Hotlog : No action taken.
:mozilla.85:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.86:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Si\Cookies\si@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.314:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.315:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
C:\Documents and Settings\Si\Cookies\si@data2.perf.overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Si\Cookies\si@overture[1].txt -> TrackingCookie.Overture : No action taken.
:mozilla.83:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.84:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.164:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.165:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.166:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.167:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.168:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.169:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.170:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.171:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.173:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.174:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Si\Cookies\si@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.312:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Spylog : No action taken.
C:\Documents and Settings\Si\Cookies\si@h.starware[2].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\Si\Cookies\si@try.starware[2].txt -> TrackingCookie.Starware : No action taken.
:mozilla.143:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.144:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.145:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.146:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.147:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.148:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.435:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.436:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.437:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Si\Cookies\si@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.395:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.396:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Si\Cookies\si@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.434:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Trafic : No action taken.
:mozilla.182:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.154:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.305:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.19:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.20:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.21:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.22:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.23:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.24:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.25:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.26:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.27:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Si\Cookies\si@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.283:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.284:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.285:C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\16nwnvvs.default\cookies.txt -> TrackingCookie.Zedo : No action taken.


::Report end

Open the HijackThis Folder. Find the file HijackThis.exe, Right Click on the file and Select Rename. Rename Hijackthis.exe to Spyware.exe.

Post a new HijackThis Log.

Logfile of HijackThis v1.99.1
Scan saved at 18:17:16, on 03/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\FlashGet\flashget.exe
C:\Documents and Settings\Si\Desktop\Spyware.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 195.13.63.187 irc.westwood.com
O1 - Hosts: 195.13.63.187 servserv.westwood.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2771D8F7-933D-4D4E-B79F-DEF857511A82} - C:\WINDOWS\system32\opnlmli.dll
O2 - BHO: (no name) - {2D5AF631-3B7F-4BF8-9299-0B1C664BB396} - C:\WINDOWS\system32\gebca.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\rawwypgu.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\Wireless\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86"
O4 - HKLM\..\Run: [EPSON Stylus C86 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P32 "EPSON Stylus C86 Series (Copy 1)" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: opnlmli - C:\WINDOWS\SYSTEM32\opnlmli.dll
O20 - Winlogon Notify: winghy32 - C:\WINDOWS\SYSTEM32\winghy32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Wireless Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Yep, it was hidden

* Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.