Tampabelle, thank you for replying so quickly and with such clear instructions. Unfortunately they haven't worked.
About:Buster didn't give me the option to scan the alternate datastreams. Here is the log.
AboutBuster 5.1, reference file 32
Scan started on [03/11/2005] at [21:50:05]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 21:54:07
AboutBuster 5.1, reference file 32
Scan started on [03/11/2005] at [21:59:10]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 22:03:15
CWShredder said ther was no CoolWebStream on my systems.
SpSeHjfix said there was nothing to disinfect, here is the log.
(11/3/05 22:05:53) SPSeHjFix started v1.1.2
(11/3/05 22:05:53) OS: WinXP Service Pack 2 (5.1.2600)
(11/3/05 22:05:53) Language: english
(11/3/05 22:05:53) Win-Path: C:\WINDOWS
(11/3/05 22:05:53) System-Path: C:\WINDOWS\system32
(11/3/05 22:05:53) Temp-Path: C:\DOCUME~1\Niamh\LOCALS~1\Temp\
(11/3/05 22:05:59) Disinfection started
(11/3/05 22:05:59) Bad-Dll(IEP): (not found)
(11/3/05 22:05:59) Bad-Dll(IEP) in BHO: (not found)
(11/3/05 22:05:59) UBF: 5 - UBB: 2 - UBR: 13
(11/3/05 22:05:59) UBF: 5 - UBB: 2 - UBR: 13
(11/3/05 22:05:59) Bad IE-pages: (none)
(11/3/05 22:05:59) Stealth-String not found
(11/3/05 22:05:59) Not infected->END
And when I tried to run internet explorer to run one of the scans you mentioned at the end of your advice AVG detected a Trojan called Startpage.
I think I have inclued all the logs you requested and I have redone the HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 22:33:37, on 03/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mfceo.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TopText\wo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\sdkal32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Niamh\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ypens.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ypens.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ypens.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ypens.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ypens.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ypens.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {77915096-204D-E2F0-F041-8CEDC66033AE} - C:\WINDOWS\system32\javafd32.dll (file missing)
O2 - BHO: Class - {FBE10ABE-985F-B8F2-255B-F141A228574F} - C:\WINDOWS\iecx.dll
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mfceo.exe] C:\WINDOWS\mfceo.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\TopText\wo.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) -
http://138.108.63.12.../ACNePlayer.cabO23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\sdkal32.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
again hope you can help! and thanks for the tine you have already spent on this