I have resolved the problem and found the culprit too. Pass this info on to KoanYorel who I believe is still pondering my HJT log.
Having caused a bit more of a mess myself, decided to go through the safeboot routines again with all checkers.
Got rid of Popuper and clientman.
Stopped system restore and pagefiles then went on to do more checks through several system reboots.
"cydoor.topicks.a" and "family keylogger Commercial Keylogger" were a hardy pair of nasties.
So, backed up my documents and did a complete reformat/reinstall (including a re-write of the MBR just for good measure) of windows xp.
ran mwav.exe and the last two nasties had reappeared.
There was only one source left - Did another reformat/install with recovery CD, but didnt go on to the Application and driver recovery dvd, did a few checks first.
All was clear
Now went on to my Application and driver recovery dvd - During the install I have chosen individual drivers as opposed to the whole recovery, and noticed two things
The blue smiley kicks in when the NV17M (NVidia graphics driver) installs - BUT thats not the source of the adware.....
They re-install when I let the system install the AOL references/internet connection settings and HP Compaq default system settings and desktop helpers - All of which are gumf I dont need.
So have once again reformat/installed, and once again selectively gone through the Application and driver recovery dvd....
- One clean system.
I'm sure this kind of thing should be in a EULA somewhere, unfortunately it doesnt exactly leap out and grab your vitals during an install or even afterwards.
I have a Compaq Presario R3000 laptop - People beware youre Application and driver recovery dvd, it has spyware and installs a keylogger too. Do all the Hardware drivers, and Norton if you must have a system heavy virus checker, but the third section only select the .net installs, forget the rest.