OK here are the hijack this log, super anti-spyware, and the avg report
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:08 PM, on 5/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\cris.juarez\Desktop\Hijackthis\HijackThis .exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
Internet Explorer Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
Internet Explorer Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O1 - Hosts: 172.20.22.207 qademo.edusoftbeta.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {51D81DD5-55B7-497F-95DB-D356429BB54E} - (no file)
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPw rMonitor
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAuto nomicMonitor
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\webex\webex\350\atonecli.dll (HKCU)
O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\webex\webex\350\atonecli.dll (HKCU)
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) -
http://forms.real.com/real/player/do...e_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) -
https://webmail.hmco.com/whalecom99f...0/iNotes6W.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) -
https://webmail.hmco.com/InternalSite/WhlCompMgr.cab
O16 - DPF: {9437EF71-9276-432D-AA74-CF8DA12EF11B} (CMMHost Object) -
https://na2.salesforce.com/dwnld/mai...XMailMerge.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/is...92/mcfscan.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = edusoft.ad,edusoftbeta.com,hmco.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = edusoft.ad,edusoftbeta.com,hmco.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = edusoft.ad,edusoftbeta.com,hmco.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\WINDOWS\system32\brsvc01a.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 14084 bytes
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!
Generated 05/22/2008 at 01:27 PM
Application Version : 4.1.1046
Core Rules Database Version : 3466
Trace Rules Database Version: 1457
Scan type : Complete Scan
Total Scan Time : 00:38:33
Memory items scanned : 198
Memory threats detected : 0
Registry items scanned : 5588
Registry threats detected : 49
File items scanned : 19528
File threats detected : 33
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{C6D09EC9-DDB2-4EC4-9D6F-B680A7A849CF}
HKCR\CLSID\{C6D09EC9-DDB2-4EC4-9D6F-B680A7A849CF}
HKCR\CLSID\{C6D09EC9-DDB2-4EC4-9D6F-B680A7A849CF}
HKCR\CLSID\{C6D09EC9-DDB2-4EC4-9D6F-B680A7A849CF}\InprocServer32
HKCR\CLSID\{C6D09EC9-DDB2-4EC4-9D6F-B680A7A849CF}\InprocServer32#ThreadingModel
HKCR\CLSID\{C6D09EC9-DDB2-4EC4-9D6F-B680A7A849CF}\ProgID
HKCR\CLSID\{C6D09EC9-DDB2-4EC4-9D6F-B680A7A849CF}\Programmable
HKCR\CLSID\{C6D09EC9-DDB2-4EC4-9D6F-B680A7A849CF}\TypeLib
HKCR\CLSID\{C6D09EC9-DDB2-4EC4-9D6F-B680A7A849CF}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\443059\443059.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{C6D09EC9-DDB2-4EC4-9D6F-B680A7A849CF}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler#{e89fa8e9-5c0b-45f6-a70e-f7b177bcd193}
Adware.Tracking Cookie
C:\Documents and Settings\cris.juarez\Cookies\cris.juarez@ad.yieldm anager[1].txt
C:\Documents and Settings\tricia.hukee\Cookies\tricia.hukee@partner 2profit[2].txt
C:\Documents and Settings\tricia.hukee\Cookies\tricia.hukee@pt.cros smediaservices[1].txt
C:\Documents and Settings\tricia.hukee\Cookies\tricia.hukee@atwola[1].txt
C:\Documents and Settings\tricia.hukee\Cookies\tricia.hukee@nextag[2].txt
C:\Documents and Settings\tricia.hukee\Cookies\tricia.hukee@icc.int ellisrv[2].txt
C:\Documents and Settings\tricia.hukee\Cookies\tricia.hukee@media.h otels[1].txt
C:\Documents and Settings\tricia.hukee\Local Settings\Temp\Cookies\tricia.hukee@media.hotels[1].txt
Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
C:\Documents and Settings\All Users\Desktop\Security Troubleshooting.url
Adware.E404 Helper/Hij
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version
Rogue.WinIFixer
C:\Documents and Settings\cris.juarez\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HK CU\RunOnce
C:\Documents and Settings\cris.juarez\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HK CU
C:\Documents and Settings\cris.juarez\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HK LM\RunOnce
C:\Documents and Settings\cris.juarez\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HK LM
C:\Documents and Settings\cris.juarez\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\St artMenuAllUsers
C:\Documents and Settings\cris.juarez\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\St artMenuCurrentUser
C:\Documents and Settings\cris.juarez\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun
C:\Documents and Settings\cris.juarez\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObj ects
C:\Documents and Settings\cris.juarez\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages
C:\Documents and Settings\cris.juarez\Application Data\WinIFixer.com\WinIFixer\Quarantine
C:\Documents and Settings\cris.juarez\Application Data\WinIFixer.com\WinIFixer
C:\Documents and Settings\cris.juarez\Application Data\WinIFixer.com
C:\Program Files\WinIFixer\MFC71.dll
C:\Program Files\WinIFixer\MFC71ENU.DLL
C:\Program Files\WinIFixer\msvcp71.dll
C:\Program Files\WinIFixer\msvcr71.dll
C:\Program Files\WinIFixer\WinIFixer.exe
C:\Program Files\WinIFixer\WinIFixerSkin.dll
C:\Program Files\WinIFixer
HKLM\Software\Microsoft\Windows\CurrentVersion\Run #WinIFixer [ C:\Program Files\WinIFixer\WinIFixer.exe ]
HKLM\Software\winifixer.com
HKLM\Software\winifixer.com#MGuid
HKLM\Software\winifixer.com\WinIFixer
HKLM\Software\winifixer.com\WinIFixer#Registration Url
HKLM\Software\winifixer.com\WinIFixer#Registration DiscUrl
HKLM\Software\winifixer.com\WinIFixer#ADVid
HKLM\Software\winifixer.com\WinIFixer#InstallDir
HKLM\Software\winifixer.com\WinIFixer#domain
HKLM\Software\winifixer.com\WinIFixer#SoftID
HKLM\Software\winifixer.com\WinIFixer#DatabaseVers ion
HKLM\Software\winifixer.com\WinIFixer#ProgramVersi on
HKLM\Software\winifixer.com\WinIFixer#EngineVersio n
HKLM\Software\winifixer.com\WinIFixer#GuiVersion
HKLM\Software\winifixer.com\WinIFixer#ProxyName
HKLM\Software\winifixer.com\WinIFixer#ProxyPort
HKLM\Software\winifixer.com\WinIFixer#ScanPriority
HKLM\Software\winifixer.com\WinIFixer#DaysInterval
HKLM\Software\winifixer.com\WinIFixer#ScanDepth
HKLM\Software\winifixer.com\WinIFixer#ScanSystemOn Startup
HKLM\Software\winifixer.com\WinIFixer#Automaticall yUpdates
HKLM\Software\winifixer.com\WinIFixer#MinimizeOnSt art
HKLM\Software\winifixer.com\WinIFixer#BackgroundSc an
HKLM\Software\winifixer.com\WinIFixer#BackgroundSc anTimeout
HKLM\Software\winifixer.com\WinIFixer#Installation ID
HKLM\Software\winifixer.com\WinIFixer#LastTimeStam p
HKLM\Software\winifixer.com\WinIFixer#LastUpdateDa te
C:\WINDOWS\Prefetch\WINIFIXER.EXE-3864361D.pf
Trojan.Downloader-Gen/Suspicious
C:\DOCUMENTS AND SETTINGS\CRIS.JUAREZ\LOCAL SETTINGS\TEMP\ZFE2.EXE
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:44:10 PM 5/22/2008
+ Scan result:
C:\Documents and Settings\cris.juarez\Shared\dwight yoakam.mp3 -> Downloader.Wimad.n : No action taken.
C:\Documents and Settings\cris.juarez\Local Settings\Temp\zfe1.exe -> Not-A-Virus.Hoax.Win32.Renos.cdh : No action taken.
C:\Program Files\WinIFixer\WinIFixer.exe -> Not-A-Virus.PUP.WinFixer.f : No action taken.
C:\Documents and Settings\cris.juarez\Cookies\cris.juarez@m.webtren ds[2].txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\cris.juarez\Cookies\cris.juarez@ad.yieldm anager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
::Report end
And here are 2 files that CCleaner wont clean:
1. C:\WINDOWS\Prefetch\INSTALL_AIM[1].EXE
2. C:\WINDOWS\Prefetch\YMUSICID.EXE
That should be all .
PC Help Forum
» Security & Safety
» [Fixed] Hijackthis! Logs
»
All Logs
All Logs
button.
Re: All Logs