not sure what I should do with this..? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:56:48 AM, on 8/23/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss[Caution: Executable File] C:\WINDOWS\system32\csrss[Caution: Executable File] C:\WINDOWS\SYSTEM32\winlogon[Caution: Executable File] C:\WINDOWS\system32\services[Caution: Executable File] C:\WINDOWS\system32\lsass[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\Program Files\Lavasoft\Ad-Aware\aawservice[Caution: Executable File] C:\WINDOWS\system32\spoolsv[Caution: Executable File] C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv[Caution: Executable File] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService[Caution: Executable File] C:\PROGRA~1\AVG\AVG8\avgwdsvc[Caution: Executable File] C:\WINDOWS\Explorer[Caution: Executable File] C:\Program Files\Bonjour\mDNSResponder[Caution: Executable File] C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer[Caution: Executable File] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm[Caution: Executable File] C:\PROGRA~1\AVG\AVG8\avgrsx[Caution: Executable File] C:\Program Files\Java\jre1.6.0_01\bin\jusched[Caution: Executable File] C:\Program Files\D-Link\AirPlus G\AirGCFG[Caution: Executable File] C:\WINDOWS\system32\carpserv[Caution: Executable File] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2[Caution: Executable File] C:\PROGRA~1\AVG\AVG8\avgtray[Caution: Executable File] C:\Program Files\Spyware Doctor\pctsAuxs[Caution: Executable File] C:\Program Files\Spyware Doctor\pctsTray[Caution: Executable File] C:\WINDOWS\system32\ctfmon[Caution: Executable File] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware[Caution: Executable File] C:\WINDOWS\system32\mjoncxel[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\PROGRA~1\AVG\AVG8\avgemc[Caution: Executable File] C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer[Caution: Executable File] C:\Program Files\Spyware Doctor\pctsSvc[Caution: Executable File] C:\WINDOWS\System32\alg[Caution: Executable File] C:\Program Files\Internet Explorer\IEXPLORE[Caution: Executable File] C:\PROGRA~1\AVG\AVG8\aAvgApi[Caution: Executable File] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy[Caution: Executable File] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat[Caution: Executable File] C:\DOCUME~1\NEPALE~1\LOCALS~1\Temp\Adobelm_Cleanup.0001 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc[Caution: Executable File] C:\DOCUME~1\NEPALE~1\LOCALS~1\Temp\Adobelm_Cleanup.0001 C:\Program Files\Microsoft Office\Office10\WINWORD[Caution: Executable File] C:\Program Files\Internet Explorer\iexplore[Caution: Executable File] C:\Program Files\Mozilla Firefox\firefox[Caution: Executable File] C:\Program Files\Trend Micro\HijackThis\HijackThis[Caution: Executable File] C:\WINDOWS\System32\wbem\wmiprvse[Caution: Executable File] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit[Caution: Executable File],C:\WINDOWS\system32\wscript[Caution: Executable File] C:\WINDOWS\system32\boot.vbs, O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {613C1E9B-077F-4679-006F-02197C172746} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched[Caution: Executable File]" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG[Caution: Executable File] O4 - HKLM\..\Run: [CARPService] carpserv[Caution: Executable File] O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2[Caution: Executable File] O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray[Caution: Executable File] O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray[Caution: Executable File]" O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3[Caution: Executable File] O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager[Caution: Executable File]" AcPro7_0_9 -reboot 1 O4 - HKCU\..\Run: [ctfmon[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File] O4 - HKCU\..\Run: [apistrmon] C:\WINDOWS\system32\lorqhmde[Caution: Executable File] O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: Executable File] O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware[Caution: Executable File] O4 - HKCU\..\Run: [srvInfoGen] C:\WINDOWS\system32\mjoncxel[Caution: Executable File] O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: Executable File] O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL[Caution: Executable File]/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4146264746 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4248445014 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice[Caution: Executable File] O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc[Caution: Executable File] O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService[Caution: Executable File] O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc[Caution: Executable File] O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc[Caution: Executable File] O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder[Caution: Executable File] O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer[Caution: Executable File] O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv[Caution: Executable File] O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch[Caution: Executable File] O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent[Caution: Executable File] O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs[Caution: Executable File] O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc[Caution: Executable File] -- End of file - 9767 bytes -- To the person above, I got rid of Antivirus XP just not these pop up things.. arrg. Its actually quite easy to get rid of Antivirus Xp, just used the programs I listed above it will be gone its just these trojan popups that won't go.