here are the logs requested
hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:03:20, on 04/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ?
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Toki Toki Boom -
http://download2.games.yahoo.com/games/ ... /vto_x.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) -
http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 3304175961
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
http://javadl-esd.sun.com/update/1.4.2/ ... s-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -
https://riverbelle.microgaming.com/freeplay/FlashAX.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
--
End of file - 4546 bytes
avg log
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 14:11:31 04/09/2007
+ Scan result:
C:\System Volume Information\_restore{E943E717-B7FE-4087-A68B-F54774062516}\RP158\A0294475.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E943E717-B7FE-4087-A68B-F54774062516}\RP158\A0294476.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E943E717-B7FE-4087-A68B-F54774062516}\RP165\A0359206.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E943E717-B7FE-4087-A68B-F54774062516}\RP166\A0359227.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E943E717-B7FE-4087-A68B-F54774062516}\RP153\A0280163.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E943E717-B7FE-4087-A68B-F54774062516}\RP153\A0280165.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E943E717-B7FE-4087-A68B-F54774062516}\RP161\A0315953.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E943E717-B7FE-4087-A68B-F54774062516}\RP161\A0316001.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E943E717-B7FE-4087-A68B-F54774062516}\RP161\A0316003.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
::Report end
activescan
Incident Status Location
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15-3.inf
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\aaron\Cookies\aaron@2o7[2].txt
Spyware:Cookie/7search Not disinfected C:\Documents and Settings\aaron\Cookies\aaron@7search[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\aaron\Cookies\aaron@ad.yieldmanager[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\aaron\Cookies\aaron@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\aaron\Cookies\aaron@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\aaron\Cookies\aaron@atdmt[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\aaron\Cookies\aaron@c5.zedo[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\aaron\Cookies\aaron@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\aaron\Cookies\aaron@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\aaron\Cookies\aaron@fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\aaron\Cookies\aaron@mediaplex[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\aaron\Cookies\aaron@tradedoubler[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\aaron\Cookies\aaron@tribalfusion[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\aaron\Cookies\aaron@zedo[2].txt
Adware:Adware/Trymedia Not disinfected C:\Documents and Settings\aaron\Local Settings\Temporary Internet Files\Content.IE5\L6WGS3WN\BurgerRushSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\BurgerRushSetup-dm[1].exe
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Program Files\Trend Micro\HijackThis\backups\backup-20070903-232048-520-PowerReg Scheduler V3.exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR.vir[contents.rdf]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR.vir[menu.xul]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR.vir[toolbarembed.html]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S.vir
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Game\CHESS.F3S.vir
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Game\REVERSI.F3S.vir
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
thanks again