Leave the firewall on but its best to disable your virus scanner while doing the fix.

Am I supposed to be finding every one of those dll.s you have listed? when I ran HJT I found no "02" listings, only one of the "04" dll was on the list, and non of the "020" were on it. Anyway, I went and deleted the only one I could find which was the 1st one of the "04"s. do I now go ahead reboot and download Avenger?

I am finding it extremely difficult to post to the PCHelp Forum, I keep getting kicked out..anyhoo, before this thing totally crashes, I figured
I'd post the results of the Avenger log ..Here it is:
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Tue Jul 29 07:33:16 2008
07:33:16: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Tue Jul 29 07:33:34 2008
07:33:34: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, (c) by Swandog46
Swandog46's Public Anti-Malware Tools
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\vtUkkkLB.dll" deleted successfully.
File "C:\WINDOWS\system32\ljJASihe.dll" deleted successfully.
File "C:\WINDOWS\system32\nnnMCsPi.dll" deleted successfully.
File "C:\WINDOWS\system32\yayxwXpq.dll" deleted successfully.
Error: file "C:\WINDOWS\system32\nsvodwdx.dll" not found!
Deletion of file "C:\WINDOWS\system32\nsvodwdx.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\WINDOWS\system32\osguma.dll" deleted successfully.
File "C:\WINDOWS\system32\toceeavs.dll" deleted successfully.
Error: file "C:\WINDOWS\system32\dgixacsh.dll" not found!
Deletion of file "C:\WINDOWS\system32\dgixacsh.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\WINDOWS\system32\dwfqlu.dll" deleted successfully.
File "C:\WINDOWS\system32\qcimlbwk.dll" deleted successfully.
File "C:\WINDOWS\system32\rlvmghcy.dll" deleted successfully.
File "C:\WINDOWS\system32\kQrqAJlm.ini2" deleted successfully.
Error: file "C:\WINDOWS\system32\mlJAqrQk.dll" not found!
Deletion of file "C:\WINDOWS\system32\mlJAqrQk.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\WINDOWS\system32\urqOGXnL.dll" deleted successfully.
File "C:\WINDOWS\system32\qoMcbayx.dll" deleted successfully.
File "C:\WINDOWS\system32\byXOgfgG.dll" deleted successfully.
File "C:\WINDOWS\system32\ljJcApOh.dll" deleted successfully.
File "C:\WINDOWS\system32\cBsTLCUN.dll" deleted successfully.
File "C:\WINDOWS\system32\mlJDvsTJ.dll" deleted successfully.
File "C:\WINDOWS\system32\yayaAsrS.dll" deleted successfully.
File "C:\WINDOWS\system32\mlJCRjhe.dll" deleted successfully.
File "C:\WINDOWS\system32\mlJYoMcB.dll" deleted successfully.
File "C:\WINDOWS\system32\gsxyef.dll" deleted successfully.
File "C:\WINDOWS\system32\htlqlqoo.dll" deleted successfully.
File "C:\WINDOWS\system32\gxveclus.dll" deleted successfully.
File "C:\WINDOWS\system32\eglcfjgs.dll" deleted successfully.
File "C:\WINDOWS\system32\rqtCKRqr.ini2" deleted successfully.
File "C:\WINDOWS\system32\eMpsCfhk.ini2" deleted successfully.
File "C:\WINDOWS\system32\bcMlmnnn.ini2" deleted successfully.
File "C:\WINDOWS\system32\BJTuCcfe.ini2" deleted successfully.
File "C:\WINDOWS\system32\YFijQqru.ini2" deleted successfully.
File "C:\WINDOWS\system32\vcapam.dll" deleted successfully.
File "C:\WINDOWS\system32\tftjdwke.dll" deleted successfully.
File "C:\WINDOWS\system32\WEfhOXyb.ini2" deleted successfully.
File "C:\WINDOWS\system32\zizzypxkzblarlyxs.exe" deleted successfully.
Error: "C:\WINDOWS\system32\xys7" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\xys7" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory

Error: "C:\WINDOWS\system32\tsoc" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\tsoc" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory

Error: "C:\WINDOWS\system32\pv2" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\pv2" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory

Error: "C:\WINDOWS\system32\aumsDK18" is a folder, not a file!
Deletion of file "C:\WINDOWS\system32\aumsDK18" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory
File "C:\WINDOWS\system32\efcYPjij.dll" deleted successfully.
File "C:\WINDOWS\system32\cffMVvut.ini2" deleted successfully.
Folder "C:\327882R2FWJFW" deleted successfully.
Folder "C:\found.000" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.

and here is the Deckard log....
Deckard's System Scanner v20071014.68
Run by angela on 2008-07-29 15:02:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------
System Drive C: has 4.96 GiB (less than 15%) free.

-- HijackThis (run as angela.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:20 PM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\angela\Desktop\dss.exe
C:\DOCUME~1\angela\Desktop\angela.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: (no name) - {403A3765-C163-46B1-AD81-51C3E4D53A6B} - C:\WINDOWS\system32\xxywVlLD.dll (file missing)
O2 - BHO: (no name) - {59AAD935-DB8D-4289-A0A3-67E2B3B55BAB} - C:\WINDOWS\system32\efcYPjij.dll (file missing)
O2 - BHO: (no name) - {5B969BF7-FD42-4FEE-841D-519D2AC667DA} - C:\WINDOWS\system32\rqRKCtqr.dll (file missing)
O2 - BHO: (no name) - {606DCCB7-3351-4F20-8B6B-819FCA74EDE8} - C:\WINDOWS\system32\mlJAqrQk.dll (file missing)
O2 - BHO: (no name) - {6083c490-3697-4dd8-b8f6-877578401b82} - (no file)
O2 - BHO: (no name) - {626A0F44-7EC1-49A2-8220-C141249D7A03} - C:\WINDOWS\system32\wvUnLExv.dll (file missing)
O2 - BHO: (no name) - {68A850EE-195B-4564-A4AE-1D9B4501D9DF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {826104AC-742F-4BF1-8133-D34C36954CC1} - C:\WINDOWS\system32\tuvVMffc.dll (file missing)
O2 - BHO: (no name) - {86CF5770-6A10-4A56-816A-4ADF6497772B} - C:\WINDOWS\system32\efcCuTJB.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96F11316-0379-4CED-9352-DDB6C3DC3B89} - C:\WINDOWS\system32\xxywxxxv.dll (file missing)
O2 - BHO: (no name) - {A1376D25-2E3F-40B3-B70F-BE3EDD6E3274} - (no file)
O2 - BHO: (no name) - {B4977567-6B39-4AFA-9CD2-47A20209F5FE} - C:\WINDOWS\system32\xxyaXpOH.dll (file missing)
O2 - BHO: (no name) - {B915237E-280A-46EE-95FD-B08EDAD7C2AA} - C:\WINDOWS\system32\hgGvUkjk.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C9B6FE04-B0F0-4D24-842C-243F3AA6F2E0} - C:\WINDOWS\system32\qoMcyYsP.dll (file missing)
O2 - BHO: (no name) - {D38DB21E-3DD4-43DF-A748-C8842753473D} - C:\WINDOWS\system32\nnnmlMcb.dll (file missing)
O2 - BHO: {c0f19344-c0b1-22f9-ca64-9a1fc1c7e0dd} - {dd0e7c1c-f1a9-46ac-9f22-1b0c44391f0c} - C:\WINDOWS\system32\radwdn.dll
O2 - BHO: (no name) - {EA4D0568-BCAB-4D79-9AB9-76A5917B83A6} - C:\WINDOWS\system32\wvUKEuSl.dll (file missing)
O2 - BHO: (no name) - {EBB926B7-31D5-4333-AC96-27FEEDAD01C6} - C:\WINDOWS\system32\byXOhfEW.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [a89728b9] rundll32.exe "C:\WINDOWS\system32\xotevtro.dll",b
O4 - HKLM\..\Run: [BMaba41b25] Rundll32.exe "C:\WINDOWS\system32\gjhfguvo.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://paris.ville.orange.fr/CO/acti...CamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: cbXRJATK - cbXRJATK.dll (file missing)
O20 - Winlogon Notify: efcYPjij - efcYPjij.dll (file missing)
O20 - Winlogon Notify: qoMcyYsP - qoMcyYsP.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 9050 bytes
-- Files created between 2008-06-29 and 2008-07-29 -----------------------------
2008-07-28 20:53:28 103424 --a------ C:\WINDOWS\system32\radwdn.dll
2008-07-28 20:53:19 103424 --a------ C:\WINDOWS\system32\xnkyykrs.dll
2008-07-28 20:51:00 93696 --a------ C:\WINDOWS\system32\gjhfguvo.dll
2008-07-28 20:50:15 573286 --ahs---- C:\WINDOWS\system32\vxELnUvw.ini2
2008-07-28 18:03:30 103424 --a------ C:\WINDOWS\system32\rotjzz.dll
2008-07-28 18:03:20 103424 --a------ C:\WINDOWS\system32\jusmrxur.dll
2008-07-28 18:00:29 93696 --a------ C:\WINDOWS\system32\nawtpwet.dll
2008-07-28 09:15:56 0 d-------- C:\WINDOWS\system32\Adobe
2008-07-22 22:01:52 0 d-------- C:\WINDOWS\system32\kBin02
2008-07-21 12:56:28 0 d-------- C:\Documents and Settings\angela\.housecall6.6
2008-07-21 12:49:27 0 d-------- C:\Program Files\Trend Micro
2008-07-20 15:41:34 0 d-------- C:\Documents and Settings\angela\Application Data\Ahead
2008-07-20 15:01:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-07-20 14:34:09 0 d-------- C:\Program Files\Nero
2008-07-20 14:34:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-20 14:34:07 0 d-------- C:\Program Files\Common Files\Ahead
2008-07-19 11:08:25 0 d-------- C:\Documents and Settings\angela\Application Data\muvee Technologies
2008-07-19 08:22:56 0 d-------- C:\WINDOWS\system32\carH18
2008-07-18 13:11:42 81920 --a------ C:\WINDOWS\system32\atuxyixv.dll
2008-07-18 10:14:42 0 d--h----- C:\$AVG8.VAULT$
2008-07-18 08:12:02 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-18 08:11:41 0 d-------- C:\Program Files\AVG
2008-07-18 08:11:41 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-18 07:51:02 355 --a------ C:\874.bat
2008-07-17 21:05:01 0 d--hs---- C:\WINDOWS\ZGF5
2008-07-17 09:56:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-17 08:45:09 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-07-17 08:45:09 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-07-17 08:45:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-17 08:45:08 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-07-17 08:45:08 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-17 08:45:08 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-07-17 08:41:38 0 d-------- C:\WINDOWS\pss
2008-07-17 07:17:04 6553600 --a------ C:\Documents and Settings\angela\ntuser.dat
2008-07-17 07:17:00 229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-07-16 09:33:50 0 d-------- C:\WINDOWS\system32\xys7
2008-07-16 09:33:50 0 d-------- C:\WINDOWS\system32\tsoc
2008-07-16 09:33:50 0 d-------- C:\WINDOWS\system32\pv2
2008-07-16 09:33:43 0 d-------- C:\WINDOWS\system32\aumsDK18
2008-07-14 17:24:25 0 d-------- C:\Documents and Settings\angela\Application Data\gtk-2.0
2008-07-14 17:23:06 0 d-------- C:\Documents and Settings\angela\.gimp-2.4
2008-07-14 14:36:04 0 d-------- C:\Program Files\Aurora Digital Imaging
2008-07-14 14:34:49 0 d-------- C:\WINDOWS\Downloaded Installations
2008-07-14 14:22:04 0 d-------- C:\Documents and Settings\angela\Application Data\Help
2008-07-14 09:10:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-14 07:32:44 0 d-------- C:\Program Files\Windows Defender
2008-07-14 06:27:29 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-07-14 06:13:00 0 d-------- C:\WINDOWS\system32\olixds18
2008-07-14 06:13:00 0 d-------- C:\Temp
2008-07-13 14:18:20 0 d-------- C:\Documents and Settings\angela\Application Data\FastStone
2008-07-10 22:12:05 0 d-------- C:\Program Files\iPod
2008-07-10 21:54:32 0 d-------- C:\Program Files\Safari
2008-07-03 22:52:38 0 d-------- C:\Documents and Settings\Jen\Application Data\Sun
2008-07-02 12:28:54 0 d-------- C:\DVDVideoSoft
2008-07-02 12:28:24 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-07-02 12:28:23 0 d-------- C:\Program Files\DVDVideoSoft
2008-07-01 17:39:13 0 d-------- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
2008-07-01 17:31:15 0 d-------- C:\Program Files\Flypaper Beta
2008-07-01 17:24:04 0 d-------- C:\Program Files\MSBuild
2008-07-01 17:23:53 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-07-01 17:23:42 0 d-------- C:\Program Files\Reference Assemblies
2008-07-01 17:17:12 0 d-------- C:\Program Files\MSXML 6.0

-- Find3M Report ---------------------------------------------------------------
2008-07-29 14:49:33 0 d-------- C:\Documents and Settings\angela\Application Data\Skype
2008-07-27 18:49:05 0 d-------- C:\Program Files\Common Files
2008-07-21 16:45:08 0 d-------- C:\Program Files\Picasa2
2008-07-20 13:50:08 0 d-------- C:\Program Files\Ahead
2008-07-20 06:33:28 0 d-------- C:\Program Files\Incomplete
2008-07-16 09:42:56 0 d-------- C:\Documents and Settings\angela\Application Data\Adobe
2008-07-16 09:42:54 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-14 13:36:28 0 d-------- C:\Program Files\Java
2008-07-13 07:03:00 0 d-------- C:\Documents and Settings\angela\Application Data\Apple Computer
2008-07-10 22:12:39 0 d-------- C:\Program Files\iTunes
2008-07-10 22:08:19 0 d-------- C:\Program Files\QuickTime
2008-06-10 03:04:20 0 d-------- C:\Program Files\Microsoft Works
2008-06-08 10:38:18 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-13 09:12:06 33280 --a------ C:\WINDOWS\system32\HUFFYUV.DLL <Not Verified; Disappearing Inc.; Huffyuv>
2008-05-10 17:13:59 50 --a------ C:\AUTOEXEC.BAT

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{403A3765-C163-46B1-AD81-51C3E4D53A6B}]
C:\WINDOWS\system32\xxywVlLD.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59AAD935-DB8D-4289-A0A3-67E2B3B55BAB}]
C:\WINDOWS\system32\efcYPjij.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B969BF7-FD42-4FEE-841D-519D2AC667DA}]
C:\WINDOWS\system32\rqRKCtqr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{606DCCB7-3351-4F20-8B6B-819FCA74EDE8}]
C:\WINDOWS\system32\mlJAqrQk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6083c490-3697-4dd8-b8f6-877578401b82}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{626A0F44-7EC1-49A2-8220-C141249D7A03}]
C:\WINDOWS\system32\wvUnLExv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68A850EE-195B-4564-A4AE-1D9B4501D9DF}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{826104AC-742F-4BF1-8133-D34C36954CC1}]
C:\WINDOWS\system32\tuvVMffc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86CF5770-6A10-4A56-816A-4ADF6497772B}]
C:\WINDOWS\system32\efcCuTJB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96F11316-0379-4CED-9352-DDB6C3DC3B89}]
C:\WINDOWS\system32\xxywxxxv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1376D25-2E3F-40B3-B70F-BE3EDD6E3274}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4977567-6B39-4AFA-9CD2-47A20209F5FE}]
C:\WINDOWS\system32\xxyaXpOH.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B915237E-280A-46EE-95FD-B08EDAD7C2AA}]
C:\WINDOWS\system32\hgGvUkjk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9B6FE04-B0F0-4D24-842C-243F3AA6F2E0}]
C:\WINDOWS\system32\qoMcyYsP.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D38DB21E-3DD4-43DF-A748-C8842753473D}]
C:\WINDOWS\system32\nnnmlMcb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd0e7c1c-f1a9-46ac-9f22-1b0c44391f0c}]
07/28/2008 08:53 PM 103424 --a------ C:\WINDOWS\system32\radwdn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA4D0568-BCAB-4D79-9AB9-76A5917B83A6}]
C:\WINDOWS\system32\wvUKEuSl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBB926B7-31D5-4333-AC96-27FEEDAD01C6}]
C:\WINDOWS\system32\byXOhfEW.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 01:47 PM C:\WINDOWS\Alcxmntr.exe]
"zzzHPSETUP"="E:\Setup.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumpre p 0 -k" []
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/18/2008 10:01 AM]
"a89728b9"="C:\WINDOWS\system32\xotevtro.dll" []
"BMaba41b25"="C:\WINDOWS\system32\gjhfguvo.dll " [07/28/2008 08:51 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [09/29/2006 05:25 PM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [02/25/2008 06:23 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" -t
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{C9B6FE04-B0F0-4D24-842C-243F3AA6F2E0}"= C:\WINDOWS\system32\qoMcyYsP.dll [ ]
"{B4977567-6B39-4AFA-9CD2-47A20209F5FE}"= C:\WINDOWS\system32\xxyaXpOH.dll [ ]
"{59AAD935-DB8D-4289-A0A3-67E2B3B55BAB}"= C:\WINDOWS\system32\efcYPjij.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXRJATK]
cbXRJATK.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcYPjij]
efcYPjij.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMcyYsP]
qoMcyYsP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\wvUnLExv

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9ef3de30-ff49-11dc-9a4a-806d6172696f}]
AutoRun\command- E:\Info.exe folder.htt 480 480


-- End of Deckard's System Scanner: finished at 2008-07-29 15:04:01 ------------

Most of all you problems have come from all this malware that we are removing...Give Combofix another try after this.We still have the job of cleaning out the registry yet.

We need to stop TeaTimer from running as changes to the log may not be saved.Right click Spybot's TeaTimer System Tray Icon(the lock symbol is just part of the icon and does not mean it is locked preventing using it) > click Exit Spybot-S&D Resident.

When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer during HijackThis Cleanup
Disable TeaTimer during Hijackthis Cleanup

Then, Download ResetTeaTimer.bat.
http://downloads.subratam.org/ResetTeaTimer.bat

Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.


O2 - BHO: (no name) - {403A3765-C163-46B1-AD81-51C3E4D53A6B} - C:\WINDOWS\system32\xxywVlLD.dll (file missing)
O2 - BHO: (no name) - {55DEF831-9A69-46BC-8A73-CEED72EE7DD6} - C:\WINDOWS\system32\mlJAqrQk.dll
O2 - BHO: (no name) - {59AAD935-DB8D-4289-A0A3-67E2B3B55BAB} - C:\WINDOWS\system32\efcYPjij.dll
O2 - BHO: (no name) - {5B969BF7-FD42-4FEE-841D-519D2AC667DA} - C:\WINDOWS\system32\rqRKCtqr.dll (file missing)
O2 - BHO: (no name) - {6083c490-3697-4dd8-b8f6-877578401b82} - (no file)
O2 - BHO: (no name) - {68A850EE-195B-4564-A4AE-1D9B4501D9DF} - (no file)
O2 - BHO: {c20f908d-74bd-d729-3d64-067f49669547} - {74596694-f760-46d3-927d-db47d809f02c} - C:\WINDOWS\system32\osguma.dll
O2 - BHO: (no name) - {826104AC-742F-4BF1-8133-D34C36954CC1} - C:\WINDOWS\system32\tuvVMffc.dll (file missing)
O2 - BHO: (no name) - {86CF5770-6A10-4A56-816A-4ADF6497772B} - C:\WINDOWS\system32\efcCuTJB.dll (file missing)
O2 - BHO: (no name) - {96F11316-0379-4CED-9352-DDB6C3DC3B89} - C:\WINDOWS\system32\xxywxxxv.dll (file missing)
O2 - BHO: (no name) - {A1376D25-2E3F-40B3-B70F-BE3EDD6E3274} - (no file)
O2 - BHO: (no name) - {B4977567-6B39-4AFA-9CD2-47A20209F5FE} - C:\WINDOWS\system32\xxyaXpOH.dll (file missing)
O2 - BHO: (no name) - {B915237E-280A-46EE-95FD-B08EDAD7C2AA} - C:\WINDOWS\system32\hgGvUkjk.dll (file missing)
O2 - BHO: (no name) - {C9B6FE04-B0F0-4D24-842C-243F3AA6F2E0} - C:\WINDOWS\system32\qoMcyYsP.dll (file missing)
O2 - BHO: (no name) - {D38DB21E-3DD4-43DF-A748-C8842753473D} - C:\WINDOWS\system32\nnnmlMcb.dll (file missing)
O2 - BHO: (no name) - {EA4D0568-BCAB-4D79-9AB9-76A5917B83A6} - C:\WINDOWS\system32\wvUKEuSl.dll (file missing)
O2 - BHO: (no name) - {EBB926B7-31D5-4333-AC96-27FEEDAD01C6} - C:\WINDOWS\system32\byXOhfEW.dll (file missing)
O4 - HKLM\..\Run: [a89728b9] rundll32.exe "C:\WINDOWS\system32\nsvodwdx.dll",b
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\angela\winlogon.exe
O4 - HKLM\..\Run: [BMaba41b25] Rundll32.exe "C:\WINDOWS\system32\dgixacsh.dll",s
O20 - Winlogon Notify: cbXRJATK - cbXRJATK.dll (file missing)
O20 - Winlogon Notify: efcYPjij - C:\WINDOWS\SYSTEM32\efcYPjij.dll
O20 - Winlogon Notify: qoMcyYsP - qoMcyYsP.dll (file missing)

Reboot....................




=============================

• Download The Avenger by Swandog46 from here.
• Unzip/extract it to a folder on your desktop.
• Double click on avenger.exe to run The Avenger.
• Click OK.
• Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
• Copy all of the text in the below textbox to the clipboard by highlighting it and then pressing Ctrl+C.
  
  
  Code:

  Files to delete:
  C:\WINDOWS\system32\radwdn.dll
  C:\WINDOWS\system32\xnkyykrs.dll
  C:\WINDOWS\system32\gjhfguvo.dll
  C:\WINDOWS\system32\vxELnUvw.ini2
  C:\WINDOWS\system32\rotjzz.dll
  C:\WINDOWS\system32\jusmrxur.dll
  C:\WINDOWS\system32\nawtpwet.dll
  C:\874.bat
  C:\WINDOWS\system32\wvUnLExv
  
  Folders to delete:
  C:\WINDOWS\system32\xys7
  C:\WINDOWS\system32\tsoc
  C:\WINDOWS\system32\pv2

• In the avenger window, click the Paste Script from Clipboard, button.
• Click the Execute button.
• You will be asked Are you sure you want to execute the current script?.
• Click Yes.
• You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
• Click Yes.
• Your PC will now be rebooted.
• Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
• If that is the case, it will force a shutdown. This is normal & expected behaviour.
• After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
• Please post this log, along with a new HijackThis log in your next reply.

===========================================


Please download Malwarebytes' Anti-Malware from one of these places:

|MG| Malwarebytes Anti-Malware 1.23

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Before I paste the reports you need, FYI I had deleted Spybot from my "add and remove programs" folder in my control panel long before I ever
contacted you. (I am using AVG FREE 8.0) I've just rechecked that folder and there is nothing left there labeled spybot or teatimer. Yet when I went into the Sys Conf Util. it was showing up there under the startup tab. Anyway, I unchecked it, and ran the reports you wanted. Do I leave the teatimer unchecked in the Startup tab? why is it there if I no longer have Spybot? Should the "selective startup" button still be highlighted in the Sys Conf. Util? unsure what to do, so I will just leave as is till I hear from you.

Reports as follows: Avenger

Logfile of The Avenger Version 2.0, (c) by Swandog46
Swandog46's Public Anti-Malware Tools
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\radwdn.dll" deleted successfully.
File "C:\WINDOWS\system32\xnkyykrs.dll" deleted successfully.
File "C:\WINDOWS\system32\gjhfguvo.dll" deleted successfully.
File "C:\WINDOWS\system32\vxELnUvw.ini2" deleted successfully.
File "C:\WINDOWS\system32\rotjzz.dll" deleted successfully.
File "C:\WINDOWS\system32\jusmrxur.dll" deleted successfully.
File "C:\WINDOWS\system32\nawtpwet.dll" deleted successfully.
File "C:\874.bat" deleted successfully.
Error: file "C:\WINDOWS\system32\wvUnLExv" not found!
Deletion of file "C:\WINDOWS\system32\wvUnLExv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Folder "C:\WINDOWS\system32\xys7" deleted successfully.
Folder "C:\WINDOWS\system32\tsoc" deleted successfully.
Folder "C:\WINDOWS\system32\pv2" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.

the mbam-log

Malwarebytes' Anti-Malware 1.23
Database version: 1008
Windows 5.1.2600 Service Pack 2
9:44:04 PM 7/29/2008
mbam-log-7-29-2008 (21-44-04).txt
Scan type: Quick Scan
Objects scanned: 68107
Time elapsed: 49 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 24
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{dd0e7c1c-f1a9-46ac-9f22-1b0c44391f0c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dd0e7c1c-f1a9-46ac-9f22-1b0c44391f0c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\targetedbanner (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\kBin02 (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\radwdn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atuxyixv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vxiyxuta.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\angela\Local Settings\Temporary Internet Files\Content.IE5\4DXDJ4L0\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\angela\Local Settings\Temporary Internet Files\Content.IE5\692CV95H\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\angela\Local Settings\Temporary Internet Files\Content.IE5\6CDOWW7Q\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\angela\Local Settings\Temporary Internet Files\Content.IE5\6CDOWW7Q\ico[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\angela\Local Settings\Temporary Internet Files\Content.IE5\6CDOWW7Q\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\angela\Local Settings\Temporary Internet Files\Content.IE5\6CDOWW7Q\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\angela\Local Settings\Temporary Internet Files\Content.IE5\CUD2APZI\17PHolmes[1].cmt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\angela\Local Settings\Temporary Internet Files\Content.IE5\E8VZU5MN\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\angela\Local Settings\Temporary Internet Files\Content.IE5\HDD4T0MB\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\angela\Local Settings\Temporary Internet Files\Content.IE5\IYGZWTW4\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\angela\Local Settings\Temporary Internet Files\Content.IE5\IYGZWTW4\ico[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\angela\Local Settings\Temporary Internet Files\Content.IE5\N92VOYF2\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\angela\Local Settings\Temporary Internet Files\Content.IE5\VU4FRGB8\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\angela\Local Settings\Temporary Internet Files\Content.IE5\ZDVNGMZQ\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\BMaba41b25.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMaba41b25.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jen\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

and a fresh Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:20 PM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\angela\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: (no name) - {606DCCB7-3351-4F20-8B6B-819FCA74EDE8} - C:\WINDOWS\system32\mlJAqrQk.dll (file missing)
O2 - BHO: (no name) - {626A0F44-7EC1-49A2-8220-C141249D7A03} - C:\WINDOWS\system32\wvUnLExv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [a89728b9] rundll32.exe "C:\WINDOWS\system32\xotevtro.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BMaba41b25] Rundll32.exe "C:\WINDOWS\system32\gjhfguvo.dll",s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://paris.ville.orange.fr/CO/acti...CamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 7089 bytes


thanks, hope this is what you need!

Yes leave Teatimer unchecked...We can fix those later... Can I have another Deckard scan and log please as we will now need to start clearing the registry.

Here is your report! Thanks again. It's 10:45 pm here, I'm going to call it a nite, I look forward to your response when I get up tomorrow! PS. Love Oz, I lived in Syd for 20 years before moving back to Canada...
Deckard's System Scanner v20071014.68
Run by angela on 2008-07-29 22:40:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Percentage of Memory in Use: 89% (more than 75%).
System Drive C: has 4.95 GiB (less than 15%) free.

-- HijackThis (run as angela.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:19 PM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\angela\Desktop\dss.exe
C:\DOCUME~1\angela\Desktop\angela.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: (no name) - {606DCCB7-3351-4F20-8B6B-819FCA74EDE8} - C:\WINDOWS\system32\mlJAqrQk.dll (file missing)
O2 - BHO: (no name) - {626A0F44-7EC1-49A2-8220-C141249D7A03} - C:\WINDOWS\system32\wvUnLExv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [a89728b9] rundll32.exe "C:\WINDOWS\system32\xotevtro.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BMaba41b25] Rundll32.exe "C:\WINDOWS\system32\gjhfguvo.dll",s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://paris.ville.orange.fr/CO/acti...CamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 7072 bytes
-- Files created between 2008-06-29 and 2008-07-29 -----------------------------
2008-07-29 20:48:15 0 d-------- C:\Documents and Settings\angela\Application Data\Malwarebytes
2008-07-29 20:48:11 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 20:48:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-28 09:15:56 0 d-------- C:\WINDOWS\system32\Adobe
2008-07-21 12:56:28 0 d-------- C:\Documents and Settings\angela\.housecall6.6
2008-07-21 12:49:27 0 d-------- C:\Program Files\Trend Micro
2008-07-20 15:41:34 0 d-------- C:\Documents and Settings\angela\Application Data\Ahead
2008-07-20 15:01:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-07-20 14:34:09 0 d-------- C:\Program Files\Nero
2008-07-20 14:34:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-20 14:34:07 0 d-------- C:\Program Files\Common Files\Ahead
2008-07-19 11:08:25 0 d-------- C:\Documents and Settings\angela\Application Data\muvee Technologies
2008-07-19 08:22:56 0 d-------- C:\WINDOWS\system32\carH18
2008-07-18 10:14:42 0 d--h----- C:\$AVG8.VAULT$
2008-07-18 08:12:02 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-18 08:11:41 0 d-------- C:\Program Files\AVG
2008-07-18 08:11:41 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-17 21:05:01 0 d--hs---- C:\WINDOWS\ZGF5
2008-07-17 09:56:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-17 08:45:09 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-07-17 08:45:09 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-07-17 08:45:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-17 08:45:08 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-07-17 08:45:08 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-17 08:45:08 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-07-17 08:41:38 0 d-------- C:\WINDOWS\pss
2008-07-17 07:17:04 6553600 --a------ C:\Documents and Settings\angela\ntuser.dat
2008-07-17 07:17:00 229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-07-16 09:33:43 0 d-------- C:\WINDOWS\system32\aumsDK18
2008-07-14 17:24:25 0 d-------- C:\Documents and Settings\angela\Application Data\gtk-2.0
2008-07-14 17:23:06 0 d-------- C:\Documents and Settings\angela\.gimp-2.4
2008-07-14 14:36:04 0 d-------- C:\Program Files\Aurora Digital Imaging
2008-07-14 14:34:49 0 d-------- C:\WINDOWS\Downloaded Installations
2008-07-14 14:22:04 0 d-------- C:\Documents and Settings\angela\Application Data\Help
2008-07-14 09:10:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-14 07:32:44 0 d-------- C:\Program Files\Windows Defender
2008-07-14 06:27:29 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-07-14 06:13:00 0 d-------- C:\WINDOWS\system32\olixds18
2008-07-14 06:13:00 0 d-------- C:\Temp
2008-07-13 14:18:20 0 d-------- C:\Documents and Settings\angela\Application Data\FastStone
2008-07-10 22:12:05 0 d-------- C:\Program Files\iPod
2008-07-10 21:54:32 0 d-------- C:\Program Files\Safari
2008-07-03 22:52:38 0 d-------- C:\Documents and Settings\Jen\Application Data\Sun
2008-07-02 12:28:54 0 d-------- C:\DVDVideoSoft
2008-07-02 12:28:24 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-07-02 12:28:23 0 d-------- C:\Program Files\DVDVideoSoft
2008-07-01 17:39:13 0 d-------- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
2008-07-01 17:31:15 0 d-------- C:\Program Files\Flypaper Beta
2008-07-01 17:24:04 0 d-------- C:\Program Files\MSBuild
2008-07-01 17:23:53 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-07-01 17:23:42 0 d-------- C:\Program Files\Reference Assemblies
2008-07-01 17:17:12 0 d-------- C:\Program Files\MSXML 6.0

-- Find3M Report ---------------------------------------------------------------
2008-07-29 22:39:52 0 d-------- C:\Documents and Settings\angela\Application Data\Skype
2008-07-27 18:49:05 0 d-------- C:\Program Files\Common Files
2008-07-21 16:45:08 0 d-------- C:\Program Files\Picasa2
2008-07-20 13:50:08 0 d-------- C:\Program Files\Ahead
2008-07-20 06:33:28 0 d-------- C:\Program Files\Incomplete
2008-07-16 09:42:56 0 d-------- C:\Documents and Settings\angela\Application Data\Adobe
2008-07-16 09:42:54 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-14 13:36:28 0 d-------- C:\Program Files\Java
2008-07-13 07:03:00 0 d-------- C:\Documents and Settings\angela\Application Data\Apple Computer
2008-07-10 22:12:39 0 d-------- C:\Program Files\iTunes
2008-07-10 22:08:19 0 d-------- C:\Program Files\QuickTime
2008-06-10 03:04:20 0 d-------- C:\Program Files\Microsoft Works
2008-06-08 10:38:18 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-13 09:12:06 33280 --a------ C:\WINDOWS\system32\HUFFYUV.DLL <Not Verified; Disappearing Inc.; Huffyuv>
2008-05-10 17:13:59 50 --a------ C:\AUTOEXEC.BAT

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{606DCCB7-3351-4F20-8B6B-819FCA74EDE8}]
C:\WINDOWS\system32\mlJAqrQk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{626A0F44-7EC1-49A2-8220-C141249D7A03}]
C:\WINDOWS\system32\wvUnLExv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 01:47 PM C:\WINDOWS\Alcxmntr.exe]
"zzzHPSETUP"="E:\Setup.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumpre p 0 -k" []
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/18/2008 10:01 AM]
"a89728b9"="C:\WINDOWS\system32\xotevtro.dll" []
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\M SConfig.exe" [08/04/2004 05:00 AM]
"BMaba41b25"="C:\WINDOWS\system32\gjhfguvo.dll " []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [09/29/2006 05:25 PM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [02/25/2008 06:23 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" -t
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\wvUnLExv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9ef3de30-ff49-11dc-9a4a-806d6172696f}]
AutoRun\command- E:\Info.exe folder.htt 480 480


-- End of Deckard's System Scanner: finished at 2008-07-29 22:42:18 ------------