ok here are the 3 logs:
Malwarebytes’ RogueRemover
Malwarebytes ©2007 http://www.malwarebytes.org
6290 total fingerprints loaded.
Loading database …
Expanding environmental variables …
Scanning files … [ 100% ].
Scanning folders … [ 100% ].
Scanning registry keys … [ 100% ].
Scanning registry values … [ 100% ].
RogueRemover has detected rogue antispyware components! Results below…
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode
Selected for removal: No
Type: File
Vendor: AntiVirus Golden
Location: C:\Program Files\AV\AntivirusGolden 3.7\AntivirusGolden AntivirusGolden.url
Selected for removal: No
Type: File
Vendor: AntiVirus Golden
Location: C:\Program Files\AV\AntivirusGolden 3.7\Logs\scan_log_04102007-145911.html
Selected for removal: No
Type: File
Vendor: AntiVirus Golden
Location: C:\Program Files\AV\AntivirusGolden 3.7\Logs\scan_log_04102007-145954.html
Selected for removal: No
Type: Folder
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007
Selected for removal: No
Type: Folder
Vendor: WinAntiVirus 2006
Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data
Selected for removal: No
Type: Folder
Vendor: AntiVirus Golden
Location: C:\Program Files\AV\AntivirusGolden 3.7
Selected for removal: No
Type: Folder
Vendor: AntiVirus Golden
Location: C:\Program Files\AV\AntivirusGolden 3.7\Logs
Selected for removal: No
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FOPN
Selected for removal: No
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN
Selected for removal: No
RogueRemover has found the objects above.
2nd log
Malwarebytes’ Anti-Malware 1.28
Database version: 1200
Windows 5.1.2600 Service Pack 3
9/23/2008 12:44:47 PM
mbam-log-2008-09-23 (12-44-47).txt
Scan type: Quick Scan
Objects scanned: 63792
Time elapsed: 9 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 11
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system\sounds (Backdoor.Bot) → Quarantined and deleted successfully.
C:\WINDOWS\system\logs (Backdoor.Bot) → Quarantined and deleted successfully.
C:\WINDOWS\system\download (Backdoor.Bot) → Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007 (Rogue.WinAntivirus) → Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data (Rogue.WinAntivirus) → Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr (Rogue.WinAntivirus) → Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode (Rogue.WinAntivirus) → Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode (Rogue.WinAntivirus) → Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Temp\dat6A.tmp (Trojan.Agent) → Quarantined and deleted successfully.
C:\WINDOWS\system\users.ini (Backdoor.Bot) → Quarantined and deleted successfully.
C:\WINDOWS\system\servers.ini (Backdoor.Bot) → Quarantined and deleted successfully.
C:\WINDOWS\system\remote.ini (Backdoor.Bot) → Quarantined and deleted successfully.
C:\WINDOWS\system\mirc.ini (Backdoor.Bot) → Quarantined and deleted successfully.
C:\WINDOWS\system\mirc.ico (Backdoor.Bot) → Quarantined and deleted successfully.
C:\WINDOWS\system\control.ini (Backdoor.Bot) → Quarantined and deleted successfully.
C:\WINDOWS\system\aliases.ini (Backdoor.Bot) → Quarantined and deleted successfully.
3rd log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/23/2008 at 01:45 PM
Application Version : 4.21.1004
Core Rules Database Version : 3577
Trace Rules Database Version: 1565
Scan type : Quick Scan
Total Scan Time : 00:45:48
Memory items scanned : 805
Memory threats detected : 0
Registry items scanned : 548
Registry threats detected : 1
File items scanned : 10152
File threats detected : 32
Adware.Tracking Cookie
C:\Documents and Settings\Lou\Cookies\lou@2o7[1].txt
C:\Documents and Settings\Lou\Cookies\lou@specificclick[2].txt
C:\Documents and Settings\Lou\Cookies\lou@ads.pointroll[1].txt
C:\Documents and Settings\Lou\Cookies\lou@bs.serving-sys[1].txt
C:\Documents and Settings\Lou\Cookies\lou@serving-sys[2].txt
C:\Documents and Settings\Lou\Cookies\lou@tacoda[1].txt
C:\Documents and Settings\Lou\Cookies\lou@revsci[1].txt
C:\Documents and Settings\Lou\Cookies\lou@cdn.at.atwola[1].txt
C:\Documents and Settings\Lou\Cookies\lou@at.atwola[1].txt
C:\Documents and Settings\Lou\Cookies\lou@ar.atwola[2].txt
C:\Documents and Settings\Lou\Cookies\lou@autoupdate.windowsmedia[2].txt
C:\Documents and Settings\Lou\Cookies\lou@atwola[1].txt
.atwola.com [ C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\mdvr2k8g.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\mdvr2k8g.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\mdvr2k8g.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\mdvr2k8g.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\mdvr2k8g.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\mdvr2k8g.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\mdvr2k8g.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\mdvr2k8g.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\mdvr2k8g.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3se1p68x.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3se1p68x.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3se1p68x.default\cookies.txt ]
Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#mav_startupmon [ “C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe” ]
C:\UWA7P\Quar
C:\WINDOWS..\UWA7P
Malware.AntiVirusGolden
C:\Program Files\AV\AntivirusGolden 3.7\AntivirusGolden AntivirusGolden.url
C:\Program Files\AV\AntivirusGolden 3.7\Logs\scan_log_04102007-145911.html
C:\Program Files\AV\AntivirusGolden 3.7\Logs\scan_log_04102007-145954.html
C:\Program Files\AV\AntivirusGolden 3.7\Logs
C:\Program Files\AV\AntivirusGolden 3.7
Trojan.Smitfraud Variant
C:\SUSPECT\A0090869.EXE