ok,
I never found a log for the first avg scan...just as well, because this one turned up much more:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:32:39 PM 2/18/2007
+ Scan result:
C:\Program Files\Ipwindows\ipwins.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FB851716-8BA1-4B6D-A786-96F34372954A}\RP22\A0001769.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Documents and Settings\deborah stone\Local Settings\Temporary Internet Files\Content.IE5\0ZAHNU7S\122[1].net -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{3873997D-0702-1033-1002-020105290001}\Bar888.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mc-110-12-0000144.exe -> Adware.Toolbar888 : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FB851716-8BA1-4B6D-A786-96F34372954A}\RP23\A0001915.exe -> Backdoor.Rbot.bdu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FB851716-8BA1-4B6D-A786-96F34372954A}\RP23\A0001916.exe -> Backdoor.Rbot.bdu : Cleaned with backup (quarantined).
::Report end
never found C:\windows\system32\qirewt.exe
Dr. web's site found no virus' in the short scan, but wait till you see what came up in the long scan..:
system.dll;C:\Program Files\Common Files\{1873997D-0702-1033-1002-020105290001};Trojan.DownLoader.17799;Deleted.;
system.dll;C:\RECYCLER\S-1-5-18\Dc1;Trojan.DownLoader.17799;Deleted.;
system.dll;C:\RECYCLER\S-1-5-18\Dc2;Trojan.DownLoader.17799;Deleted.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;
A0001857.exe;C:\System Volume Information\_restore{FB851716-8BA1-4B6D-A786-96F34372954A}\RP23;Tool.Prockill;Incurable.Moved.;
A0001877.exe;C:\System Volume Information\_restore{FB851716-8BA1-4B6D-A786-96F34372954A}\RP23;Win32.HLLW.MyBot;Deleted.;
A0001938.exe;C:\System Volume Information\_restore{FB851716-8BA1-4B6D-A786-96F34372954A}\RP23;Tool.Prockill;Incurable.Moved.;
A0001967.exe;C:\System Volume Information\_restore{FB851716-8BA1-4B6D-A786-96F34372954A}\RP23;Tool.Prockill;Incurable.Moved.;
A0002061.dll;C:\System Volume Information\_restore{FB851716-8BA1-4B6D-A786-96F34372954A}\RP23;Adware.Lucky;Incurable.Moved.;
A0002062.dll;C:\System Volume Information\_restore{FB851716-8BA1-4B6D-A786-96F34372954A}\RP23;Adware.Maxifiles;Incurable.Moved.;
A0002080.dll;C:\System Volume Information\_restore{FB851716-8BA1-4B6D-A786-96F34372954A}\RP23;Trojan.DownLoader.17799;Deleted.;
A0002081.dll;C:\System Volume Information\_restore{FB851716-8BA1-4B6D-A786-96F34372954A}\RP23;Trojan.DownLoader.17799;Deleted.;
A0002082.dll;C:\System Volume Information\_restore{FB851716-8BA1-4B6D-A786-96F34372954A}\RP23;Trojan.DownLoader.17799;Deleted.;
TFTP2876;C:\WINDOWS\system32;Win32.IRC.Bot;Deleted.;
and here's the hijack this log from after the other two scans (and in normal mode):
Logfile of HijackThis v1.99.1
Scan saved at 7:20:56 PM, on 2/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\HijackThis\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.earthlink.net/partner/mor...on/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://start.earthlink.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/microsof...?1171679163515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...?1171679115937
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
waiting further instructions....db