Having difficult time with computer

[TomThomas]

My laptop is acting weird, i know i have a virus on it. My windows defender blocked 2 trojan virus's, but i believe some sort of virus got through, now its acting really really messed up. heres the logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:42 AM, on 7/2/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {05D2A8BF-7CA6-426F-8261-B4C93596B1AB} - C:\Windows\system32\jkKBsPFy.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E3E60F5-F691-475F-AFBA-CF9FCAB47C15} - C:\Windows\system32\vtuuRIbC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: QXK Olive - {E859DCC4-2549-4667-9E0D-CBCB6F2FCC78} - C:\Windows\kgqfweltbnk.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: nqgpedlr - {6374A4B4-45BA-4718-9972-E56A8912ED9E} - C:\Windows\nqgpedlr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [G2] "C:\Program Files\GamingSquared\Gaming2\G2.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtuuRIbC.dll,#1
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [winmatrix.exe] C:\Program Files\WinMatrix XP\WinMatrixXP.exe
O4 - HKCU\..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_inst...syInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O21 - SSODL: AlrtKernel - {dfa4c8c2-0356-4f78-a874-d2427241c3ee} - C:\Windows\Resources\AlrtKernel.dll
O21 - SSODL: axrfgvek - {51F50921-EA8E-49D4-BB22-E49010A0BCEA} - C:\Windows\axrfgvek.dll
O21 - SSODL: okmdepgb - {3CB459DA-CF3F-48EA-B187-F0456ACAF13D} - C:\Windows\okmdepgb.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9835 bytes

[Jintan]

Welcome to HijackThis.de TomThomas,


Some serious infection active there. Let's get more details and then start some repairs.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button (if the "Uncheck All" button shows, click that, then click "Check All"). Next, Under Main Log, uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Options, place a check next to the following:

Backup Registry Hives

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)

You can use extra posts here if needed for that.

[TomThomas]

To whoever can help me,

Hey everyone check me out on waht i did. My notpad wont work so i cant creat a log to see whats rong. Then it hit me i can download a new one. So as i did i created a Hijackthis.log and opend it in my new not pad. Here is where i have trouble. I dont know where to find the X! So can someone direct me to the

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqOEwxv.dll,#1

plz it will help out alot

[TomThomas]

can someone tell me how to get to this

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqOEwxv.dll,#1

[Petra]

Hallo TomThomas,

you made 3 different threads. I put them toghether here in one thread. Please do what Jintan proposed

[TomThomas]

Deckard's System Scanner v20071014.68
Run by Tom on 2008-04-12 06:31:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
12: 2008-04-12 09:22:03 UTC - RP241 - Windows Update
11: 2008-04-12 00:11:31 UTC - RP240 - Scheduled Checkpoint
10: 2008-04-10 08:41:08 UTC - RP239 - Windows Update
9: 2008-04-10 00:00:54 UTC - RP238 - Removed thematrixcode
8: 2008-04-09 23:55:45 UTC - RP237 - RegRun Virus Scan


-- First Restore Point --
1: 2008-04-09 16:25:07 UTC - RP224 - Installed Ad-Aware 2007


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-12 06:34:50
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\GamingSquared\Gaming2\G2.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\antiviirus.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\tmp0.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Cube_desktop\Yodm3D.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\tmp0.exe
C:\Program Files\Internet Explorer\ieuser.exe
H:\FF7 DISC 1\dss.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {BE0027FB-31FF-4661-82BC-83ADCEF28F0F} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {4A193445-E856-4329-89B9-55AE1688A360} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [G2] "C:\Program Files\GamingSquared\Gaming2\G2.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\RunOnceEx: [Flags] 128
O4 - HKLM\..\RunOnceEx: [Title] UnHackMe Rootkit Check
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [winmatrix.exe] C:\Program Files\WinMatrix XP\WinMatrixXP.exe
O4 - HKCU\..\Run: [Body extra] "C:\ProgramData\SkipDupeDupe.mqorkm"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Syst em, DisableTaskMgr=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: AlrtKernel - {dfa4c8c2-0356-4f78-a874-d2427241c3ee} - C:\Windows\Resources\AlrtKernel.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\System32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - C:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\System32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


--
End of file - 11761 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 Haspnt - \??\c:\windows\system32\drivers\haspnt.sys
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>

S2 DS1410D - \??\c:\windows\system32\drivers\ds1410d.sys
S3 RegGuard - \??\c:\windows\system32\drivers\regguard.sys
S3 Sntnlusb (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>
S4 KR3NPXP - c:\windows\system32\drivers\kr3npxp.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 mi-raysat_3dsMax2008_32 (mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit) - "c:\program files\autodesk\3ds max 2008\mentalray\satellite\raysat_3dsmax2008_32server.exe"
R2 TNaviSrv (TOSHIBA Navi Support Service) - c:\program files\toshiba\toshiba dvd player\tnavisrv.exe <Not Verified; TOSHIBA Corporation; TOSHIBA DVD Player>
R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application>

S3 gusvc (Google Updater Service) - "c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-12 06:34:59 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{55FC51E9-A41E-4151-9646-8B2FAEE07677}.job
2007-12-31 04:28:03 250 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2008-03-12 and 2008-04-12 -----------------------------

2008-04-09 17:34:36 0 --a------ C:\Users\Tom\clsid
2008-04-09 11:15:12 25773 --a------ C:\Windows\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-04-09 11:14:12 0 d-------- C:\Program Files\Greatis
2008-04-09 10:52:20 2 -rahs-o-t C:\Windows\winstart.bat
2008-04-09 09:25:28 0 d-------- C:\Program Files\Lavasoft
2008-04-09 09:25:27 0 d-------- C:\Users\All Users\Lavasoft
2008-04-09 02:28:16 4096 --a------ C:\Windows\userconfig9x.dll
2008-04-09 02:28:16 4096 --a------ C:\Windows\system32winlogonpc.exe
2008-04-09 02:28:16 4096 --a------ C:\Windows\system32taack.exe
2008-04-09 02:28:16 4096 --a------ C:\Windows\system32taack.dat
2008-04-09 02:28:16 4096 --a------ C:\Windows\system32sncntr.exe
2008-04-09 02:28:16 4096 --a------ C:\Windows\system32mwin32.exe
2008-04-09 02:28:16 4096 --a------ C:\Windows\system32hxiwlgpm.exe
2008-04-09 02:28:16 4096 --a------ C:\Windows\system32hxiwlgpm.dat
2008-04-09 02:28:16 4096 --a------ C:\Windows\system32hoproxy.dll
2008-04-09 02:28:16 4096 --a------ C:\Windows\FVProtect.exe
2008-04-09 02:28:16 4096 --a------ C:\Windows\a.bat
2008-04-09 02:28:15 4096 --a------ C:\Windows\winsystem.exe
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32WINWGPX.EXE
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32winsystem.exe
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32vcatchpi.dll
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32vbsys2.dll
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32thun32.dll
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32thun.dll
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32temp#01.exe
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32sysreq.exe
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32ssvchost.exe
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32ssvchost.com
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32ssurf022.dll
2008-04-09 02:28:15 0 d-------- C:\Windows\system32smp
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32Rundl1.exe
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32regm64.dll
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32regc64.dll
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32psoft1.exe
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32psof1.exe
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32ps1.exe
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32newsd32.exe
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32netode.exe
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32mtr2.exe
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32msvchost.exe
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32mssecu.exe
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32msnbho.dll
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32msgp.exe
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32medup020.dll
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32medup012.dll
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32h@tkeysh@@k.dll
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32emesx.dll
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32dpcproxy.exe
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32bsva-egihsg52.exe
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32bdn.com
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32awtoolb.dll
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32anticipator.dll
2008-04-09 02:28:15 4096 --a------ C:\Windows\system32akttzn.exe
2008-04-09 02:28:15 4096 --a------ C:\Windows\mssecu.exe
2008-04-09 02:28:15 0 d-------- C:\Windows\mslagent
2008-04-09 02:28:15 4096 --a------ C:\Windows\iTunesMusic.exe
2008-04-09 02:28:15 4096 --a------ C:\Windows\bdn.com
2008-04-09 02:28:15 90112 --a------ C:\Windows\apoxqwfv.exe
2008-04-09 02:28:15 0 d-------- C:\Users\Tom\Desktopvirii
2008-04-09 02:28:15 4096 --a------ C:\Users\Tom\DesktopFWebdEditor.exe
2008-04-09 02:28:15 4096 --a------ C:\Users\Tom\Desktopfwebd.exe
2008-04-09 02:28:15 4096 --a------ C:\Users\Tom\Desktopfilemanagerclient.exe
2008-04-09 02:28:09 98304 --a------ C:\Windows\system32\qjshuhmv.exe
2008-04-09 02:28:09 0 d-------- C:\Users\All Users\olkrcpyl
2008-04-09 02:28:06 36236 --a------ C:\Program Files\instaler.exe
2008-04-09 02:27:57 16464 -r-hs---- C:\Program Files\tmp0.exe
2008-04-09 02:27:57 21588 --a------ C:\Program Files\antiviirus.exe
2008-04-06 00:48:29 106496 --a------ C:\Windows\system32\Astro Gemini Screensaver Manager.scr
2008-04-06 00:48:26 0 d-------- C:\Program Files\Astro Gemini Software
2008-04-06 00:48:20 7078912 --a------ C:\Windows\system32\Space Tunnels 3D Screensaver.scr
2008-04-06 00:40:12 0 d-------- C:\Program Files\Mojicon
2008-04-06 00:38:45 0 d-------- C:\Program Files\Mojicon Installer
2008-04-06 00:25:18 0 d-------- C:\Program Files\UselessCreations
2008-04-06 00:16:59 29696 --a------ C:\Windows\mickey32.dll <Not Verified; MacSourcery; Mickey DLL>
2008-04-06 00:16:59 232784 --a------ C:\Windows\Matrix Code.scr <Not Verified; MacSourcery; CineMac for Director>
2008-04-06 00:16:59 2285222 --a------ C:\Windows\Matrix Code.exe <Not Verified; Macromedia, Inc.; Macromedia Director>
2008-04-06 00:16:59 232784 --a------ C:\Windows\Inst9753.exe <Not Verified; MacSourcery; CineMac for Director>
2008-04-05 13:07:53 0 d-------- C:\Program Files\iPod
2008-04-05 13:07:48 0 d-------- C:\Program Files\iTunes
2008-04-05 13:06:21 0 d-------- C:\Program Files\QuickTime
2008-04-05 00:14:19 0 d-------- C:\Program Files\Winamp
2008-04-05 00:14:15 0 d-------- C:\Program Files\ZMatrix
2008-03-30 22:06:18 0 d-------- C:\Program Files\Safari
2008-03-24 19:02:29 0 d-------- C:\Users\All Users\Admin Inter 1 Mags
2008-03-24 19:02:03 0 d-------- C:\Users\All Users\For4city
2008-03-17 00:15:14 0 d-------- C:\Program Files\DNA
2008-03-16 08:42:27 0 d-------- C:\New Folder
2008-03-16 01:32:11 516021 --a------ C:\Windows\system32\drivers\Ca533av.sys <Not Verified; Digital Camera; Digital Camera Driver>
2008-03-16 01:32:11 10986 --a------ C:\Windows\system32\drivers\Bulk533.sys <Not Verified; USB BULK; Platform SDK Sample Code>
2008-03-16 01:32:11 131072 --a------ C:\Windows\system\Sp5x_32.dll <Not Verified; Sunplus; Sunplus SP5X_32>
2008-03-16 01:32:11 0 d-------- C:\Program Files\Cam1070
2008-03-15 16:51:57 0 d-------- C:\Program Files\IZArc
2008-03-15 12:56:53 0 d-------- C:\Users\All Users\Adobe Systems
2008-03-15 12:53:16 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared


-- Find3M Report ---------------------------------------------------------------

2008-04-11 23:18:40 8405015 --a------ C:\Windows\TempFile
2008-04-11 22:53:11 0 d-------- C:\Users\Tom\AppData\Roaming\Media Player Classic
2008-04-11 14:05:21 0 d-------- C:\Users\Tom\AppData\Roaming\U3
2008-04-09 12:19:48 0 d-------- C:\Program Files\Common Files
2008-04-09 09:55:06 0 d-------- C:\Program Files\winvi
2008-04-09 07:24:08 0 d-------- C:\Program Files\Windows Mail
2008-04-08 00:35:36 0 d-------- C:\Program Files\ShoppingReport
2008-04-07 21:40:12 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-06 00:48:23 0 d-------- C:\Users\Tom\AppData\Roaming\Astro Gemini Software
2008-04-06 00:46:37 0 d-------- C:\Users\Tom\AppData\Roaming\FileSubmit
2008-04-06 00:42:31 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-05 00:35:35 0 d-------- C:\Users\Tom\AppData\Roaming\.ZMatrix
2008-03-30 22:13:05 0 d-------- C:\Users\Tom\AppData\Roaming\Apple Computer
2008-03-29 01:25:01 0 d-------- C:\Program Files\FrostWire
2008-03-28 22:00:20 0 d-------- C:\Program Files\Windows Live
2008-03-20 22:26:23 0 d-------- C:\Users\Tom\AppData\Roaming\FrostWire
2008-03-17 21:34:41 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-17 15:46:47 0 d-------- C:\Users\Tom\AppData\Roaming\BitTorrent
2008-03-17 15:20:53 0 d-------- C:\Users\Tom\AppData\Roaming\Desktopicon
2008-03-15 12:57:05 0 d-------- C:\Users\Tom\AppData\Roaming\Adobe
2008-03-13 22:02:09 0 d-------- C:\Program Files\The Weather Channel FW
2008-03-11 22:20:56 0 d-------- C:\Program Files\d-lusion
2008-03-11 22:02:07 0 d-------- C:\Program Files\Speeditup Free
2008-03-11 21:57:20 0 d-------- C:\Program Files\GamingSquared
2008-03-10 00:32:22 0 d-------- C:\Program Files\AskSBar
2008-03-09 21:33:55 0 d-------- C:\Program Files\PhoTags Express
2008-03-09 21:28:03 0 d-------- C:\Program Files\StepMania
2008-03-09 01:46:01 0 d-------- C:\Program Files\Autodesk
2008-03-09 01:21:29 0 d-------- C:\Program Files\Common Files\Scanner
2008-03-08 12:12:17 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-07 23:59:22 0 d-------- C:\Users\Tom\AppData\Roaming\Deskbar_{57A19698-87F9-4a2c-867B-D64EFB9930A9}
2008-03-05 20:45:35 472 --a------ C:\Users\Tom\AppData\Roaming\wklnhst.dat
2008-02-28 22:58:13 0 d-------- C:\Users\Tom\AppData\Roaming\Real
2008-02-24 20:21:56 0 d-------- C:\Program Files\The KMPlayer
2008-02-21 21:59:31 0 d-------- C:\Program Files\iDump
2008-02-20 17:08:18 0 d-------- C:\Program Files\Data Doctor Recovery iPod (Demo)
2008-02-18 03:48:21 0 d-------- C:\Program Files\Yahoo!
2008-02-18 03:48:16 0 d-------- C:\Users\Tom\AppData\Roaming\Yahoo!
2008-02-17 17:11:48 0 d-------- C:\Users\Tom\AppData\Roaming\fretsonfire
2008-02-16 22:42:59 0 dr------- C:\Program Files\Cube_desktop
2008-02-15 19:04:10 0 d-------- C:\Program Files\directx
2008-02-12 23:13:50 49 --a------ C:\tmp.bat
2008-02-01 12:11:10 586240 --a------ C:\Windows\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>
2008-01-17 22:10:09 80097 --a------ C:\Windows\system32\dcads-remove.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
03/10/2008 12:32 AM 66912 --a------ C:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
02/06/2008 05:13 AM 1173024 --a------ C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/22/2007 12:11 PM]
"RtHDVCpl"="RtHDVCpl.exe" [08/09/2007 07:26 PM C:\Windows\RtHDVCpl.exe]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [03/29/2007 10:39 AM]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [12/07/2006 04:49 PM]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [06/15/2007 09:01 PM]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [05/22/2007 04:32 PM]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [08/15/2007 03:31 PM]
"NDSTray.exe"="NDSTray.exe" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [11/20/2007 05:40 PM]
"G2"="C:\Program Files\GamingSquared\Gaming2\G2.exe" [02/07/2008 02:10 PM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [02/29/2008 10:10 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"antiviirus"="C:\Program Files\antiviirus.exe" [04/09/2008 02:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [05/18/2007 03:43 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 05:35 AM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [02/01/2008 01:32 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]
"WinUpdater"="" []
"winmatrix.exe"="C:\Program Files\WinMatrix XP\WinMatrixXP.exe" []
"Body extra"="C:\ProgramData\SkipDupeDupe.mqorkm" [04/09/2008 12:20 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversio n\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ policies\explorer]
"ForceActiveDesktopOn"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \ShellServiceObjectDelayLoad]
"AlrtKernel"= {dfa4c8c2-0356-4f78-a874-d2427241c3ee} - C:\Windows\Resources\AlrtKernel.dll [04/09/2008 02:27 AM 12330]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ explorer\mountpoints2\{f319f08b-b433-11dc-bb59-0016447199c8}]
AutoRun\command- E:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-12 06:37:03 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 1917.44 MiB / 934.87 MiB
Pagefile Memory (total/avail): 4072.18 MiB / 2569.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.25 MiB

C: is Fixed (NTFS) - 147.58 GiB total, 51.87 GiB free.
D: is CDROM (No Media)
F: is CDROM (CDFS)
H: is Removable (FAT)

\\.\PHYSICALDRIVE0 - Hitachi HTS542516K9SA00 ATA Device - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 1500 MiB
\PARTITION1 (bootable) - Installable File System - 147.58 GiB - C:

\\.\PHYSICALDRIVE1 - SanDisk U3 Cruzer Micro USB Device - 1945.37 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 1950.91 MiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee) Outdated
AS: McAfee VirusScan v (McAfee)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Paramete rs\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Paramete rs\FirewallPolicy\StandardProfile\AuthorizedApplications\Lis t]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\Ne tInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\Ivp\\ISM\\ pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\\Users\\Tom\\Desktop\\BitTorrent\\bittorrent.exe"="C:\\U sers\\Tom\\Desktop\\BitTorrent\\bittorrent.exe:*:Enabled:Bit Torrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Tom\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TOM-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Tom
LOCALAPPDATA=C:\Users\Tom\AppData\Local
LOGONSERVER=\\TOM-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Autodesk\Maya8.5\bin;C:\Windows\system32;C:\Windows;C: \Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C: \Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MS C
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6801
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Tom\AppData\Local\Temp
TMP=C:\Users\Tom\AppData\Local\Temp
USERDOMAIN=Tom-PC
USERNAME=Tom
USERPROFILE=C:\Users\Tom
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Tom
Tomtom


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
--> "C:\Program Files\TOSHIBA Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\TOSHIBA Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\TOSHIBA Games\Diner Dash\Uninstall.exe"
--> "C:\Program Files\TOSHIBA Games\FATE\Uninstall.exe"
--> "C:\Program Files\TOSHIBA Games\Mah Jong Quest\Uninstall.exe"
--> "C:\Program Files\TOSHIBA Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\TOSHIBA Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\TOSHIBA Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\Uninstall.exe"
--> "C:\Program Files\TOSHIBA Games\TOSHIBA Media Center Game Console\Uninstall.exe"
--> "C:\Program Files\TOSHIBA Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\TOSHIBA Games\Virtual Villagers - A New Home\Uninstall.exe"
--> C:\PROGRA~1\Yahoo!\Common\unyt.exe
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\ Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\ Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Audition 3.0 --> msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adssite Games Collection --> C:\Program Files\Adssite Games Collection\uninstall.exe
Alien Arena 2007 6.10 --> "G:\Alien Arena 2007\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\2.bin\AskSBar.dll,O
Astro Gemini Screensaver Manager 2.0 --> "C:\Program Files\Astro Gemini Software\Screensaver Manager 2.0\unins000.exe"
Autodesk 3ds Max 2008 32-bit --> MsiExec.exe /I{BF658A51-6D4F-4CB0-8D40-D183692B995D}
Autodesk 3ds Max 2008 32-bit Help --> MsiExec.exe /I{38EC4486-44FF-49da-8FFF-87DA9DCBC06B}
Backburner --> MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Browser Optimizer Adssite --> C:\Windows\system32\adssite-remove.exe
Browser Optimizer Dcads --> C:\Windows\system32\dcads-remove.exe
CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
Catalyst Control Center - Branding --> MsiExec.exe /I{22543949-70E8-45D0-A938-F38143EB8BF8}
CD/DVD Drive Acoustic Silencer --> C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0009 -removeonly
CiD Help --> C:\PROGRA~2\For4city\ActiveFour.exe -uninstall
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Data Doctor Recovery iPod (Demo) 3.0.1.5 --> C:\Program Files\Data Doctor Recovery iPod (Demo)\Uninstall.exe
Dcads Games Collection --> C:\Program Files\Dcads Games Collection\uninstall.exe
Digital Camera Driver --> C:\PROGRA~1\Cam1070\UNWISE.EXE C:\PROGRA~1\Cam1070\INSTALL.LOG
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD MovieFactory for TOSHIBA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\ Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
DVD43 v4.0.0 --> "C:\Program Files\dvd43\unins000.exe"
FBX Plugin 2006.11.1 for Max 2008 --> C:\Program Files\Autodesk\FBX\FbxPlugins\2006.11.1\Max2008\Uninstall.ex e
FrostWire 4.13.5 --> C:\Program Files\FrostWire\Uninstall.exe
GamingSquared Console --> "C:\Program Files\GamingSquared\GameConsole\UninstallGameConsole.exe"
GLOBEtrotter FLEXid Drivers --> C:\Windows\IsUninst.exe -f"C:\Program Files\GLOBEtrotter Software Inc.\GLOBEtrotter FLEXid Drivers\Uninst.isu"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
iDump (Backing up your iPod) --> C:\Program Files\iDump\uninstall.exe
IMG Tool (remove only) --> "E:\IMG Tool\Uninstall.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
IZArc 3.81 --> "C:\Program Files\IZArc\unins000.exe"
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (2.0.0.11) --> G:\System\Apps\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.13) --> H:\System\Apps\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
QuickBooks Financial Center --> MsiExec.exe /I{890EF3F8-742F-46BD-9E8E-084B3A1F4364}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Real Alternative 1.52 --> "C:\Program Files\Real Alternative\unins000.exe"
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
REALTEK RTL8187B Wireless LAN Driver --> C:\Program Files\InstallShield Installation Information\{7095FD27-37F0-4750-9DE8-D37DC0043706}\Install.exe -uninst -l0x9
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\ Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Safari --> MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sentinel System Driver --> C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TES Construction Set --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
The KMPlayer (remove only) --> "C:\Program Files\The KMPlayer\uninstall.exe"
The Matrix Trilogy 3D Code Screen Saver v3.4 --> "C:\Program Files\UselessCreations\Matrix3D\uninst.exe"
TOSHIBA Assist --> C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA ConfigFree --> C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0009 uninstall
TOSHIBA Disc Creator --> MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER --> C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center --> C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
TOSHIBA Games --> "C:\Program Files\TOSHIBA Games\Uninstall.exe"
TOSHIBA Hardware Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}\setup.exe" -l0x9
Toshiba Registration --> MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
TOSHIBA SD Memory Utilities --> MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}\setup.exe" -l0x9
TOSHIBA Value Added Package --> C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
Unlocker 1.8.6 --> C:\Program Files\Unlocker\uninst.exe
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
WebVideo Support --> C:\Windows\apoxqwfv.exe
Winbond CIR Device Drivers --> MsiExec.exe /I{755F77D1-717E-4D7D-BF21-D3EB63906365}
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
winvi (remove only) --> "C:\Program Files\winvi\uninst.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type9124 / Error
Event Submitted/Written: 04/12/2008 06:23:13 AM
Event ID/Source: 1002 / Application Hang
Event Description:
The program IZArc.exe version 3.8.1.1550 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 19d0
Start Time: 01c89ca00a0ef53f
Termination Time: 60000

Event Record #/Type9123 / Error
Event Submitted/Written: 04/12/2008 06:13:35 AM
Event ID/Source: 1002 / Application Hang
Event Description:
The program LaunchPad.exe version 1.6.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1508
Start Time: 01c89c9ee75e9b4f
Termination Time: 65

Event Record #/Type9120 / Error
Event Submitted/Written: 04/12/2008 03:08:27 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16643, time stamp 0x47bce1b0, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,
process id 0x1200, application start time 0xiexplore.exe0.

Event Record #/Type9113 / Error
Event Submitted/Written: 04/11/2008 11:22:52 PM
Event ID/Source: 5007 / WerSvc
Event Description:
The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Event Record #/Type9109 / Success
Event Submitted/Written: 04/11/2008 11:18:42 PM
Event ID/Source: 5617 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type53685 / Warning
Event Submitted/Written: 04/12/2008 06:35:02 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Tom-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Tom-PC27 can't undo changes that you allow.

For more information please see the following:
%Tom-PC275

Scan ID: {8E0E2693-782E-4EF3-B955-05027E2A5401}

User: Tom-PC\Tom

Name: %Tom-PC271

ID: %Tom-PC272

Severity ID: %Tom-PC273

Category ID: %Tom-PC274

Path Found: %Tom-PC276

Alert Type: %Tom-PC278

Detection Type: 1.1.1505.02

Event Record #/Type53684 / Warning
Event Submitted/Written: 04/12/2008 06:35:02 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Tom-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Tom-PC27 can't undo changes that you allow.

For more information please see the following:
%Tom-PC275

Scan ID: {BA12D005-1355-4A7B-8631-ACDC08D6983A}

User: Tom-PC\Tom

Name: %Tom-PC271

ID: %Tom-PC272

Severity ID: %Tom-PC273

Category ID: %Tom-PC274

Path Found: %Tom-PC276

Alert Type: %Tom-PC278

Detection Type: 1.1.1505.02

Event Record #/Type53683 / Warning
Event Submitted/Written: 04/12/2008 06:35:02 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Tom-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Tom-PC27 can't undo changes that you allow.

For more information please see the following:
%Tom-PC275

Scan ID: {100076B2-B914-4AEB-B06D-E1269D23A47E}

User: Tom-PC\Tom

Name: %Tom-PC271

ID: %Tom-PC272

Severity ID: %Tom-PC273

Category ID: %Tom-PC274

Path Found: %Tom-PC276

Alert Type: %Tom-PC278

Detection Type: 1.1.1505.02

Event Record #/Type53682 / Warning
Event Submitted/Written: 04/12/2008 06:35:02 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Tom-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Tom-PC27 can't undo changes that you allow.

For more information please see the following:
%Tom-PC275

Scan ID: {CEE81A18-BE3D-40C0-AF15-831155258E14}

User: Tom-PC\Tom

Name: %Tom-PC271

ID: %Tom-PC272

Severity ID: %Tom-PC273

Category ID: %Tom-PC274

Path Found: %Tom-PC276

Alert Type: %Tom-PC278

Detection Type: 1.1.1505.02

Event Record #/Type53676 / Warning
Event Submitted/Written: 04/12/2008 06:13:30 AM
Event ID/Source: 225 / Microsoft-Windows-Kernel-PnP
Event Description:
144058\Device\HarddiskVolume2\Program Files\dvd43\DVD43_Tray.exe38USB\VID_0781&PID_5406\00001889E5 74A08A



-- End of Deckard's System Scanner: finished at 2008-04-12 06:37:03 ------------

[Jintan]

A good bit of both installed adware and then the more stealth-type there. Let's start repairs.


Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel.

Browser Optimizer Adssite
Browser Optimizer Dcads
Adssite Games Collection
Ask Toolbar <-made by IAC, who makes MyWebSearch

----------------------------

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Then you will want to print or have other access to a copy of the next steps, as some will be done without net access or in Safe Mode.


Download SDFix.exe and save it to your desktop.

Then disconnect from net access. If cable/dsl physically disconnect the modem cable, if dial-up disconnect the phone line. This will keep infection from reinstalling right now.

===================================================


Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).


In Safe Mode, click the SDFix.exe and allow it to extract to it's own folder (C:\SDFix). Navigate to that folder and double click RunThis.bat to start the script.

Next type Y to begin the script. Once the fix has run it will prompt you to restart your computer. Press any key to restart at this time. Your system will take longer that normal to restart as the fixtool will be running and removing files.

When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Then open the C:\SDFix folder and copy and paste the contents of the results file Report.txt back here.

=============================

After the reboot reconnect to net access and Download Malwarebytes' Anti-Malware from Here or Here.

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

============================

Then still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Extra Log, uncheck all the boxes except this one:

Security Center

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder)

Post that along with the Malwarebytes log and the SDFix report.txt log please.

[TomThomas]

hey i cant open up the sdfix.exe or the mbam-setup.exe, when i click on them its as if i didnt, it wont open or even show the sign that its loading. so i tried installing mbam-setup onto my flashdrive, still cant open it up, what do i do to enable me to be able to load these programs

[Jintan]

I will work under the assumption you did do the first parts already to uninstall what you could there. We will be removing much of the visible infection in this next step, but sometimes the way the infection makes changes can cause additional issues when removing it. Just to mention this as we do these more aggressive changes, should we run into complications. Deckards does make a backup to rely upon though, should we need that. Sorry - SDFix is not yet updated to use on Vista, so it would not have been a benefit here.


Be sure to disable all security software.

Open Notepad (Start, Start Search, type notepad and select Enter) and copy/paste the following text.

Code:

[Version]
Signature="$CHICAGO$"

[DefaultInstall]
DelReg=Del.Settings

[Del.Settings]
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,NoFolderOptions
HKLM,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions

Save this as correct2.inf

Where it says "Files of Type", select All Files and click on Save and save it to your desktop. Exit Notepad, Then right-click on correct2.inf and select Install.

----------------------------

Download The Avenger by Swandog from here and save it to your Desktop.

Disconnect from net access, close all open programs and unzip the downloaded avenger.zip file. Then in the new avenger folder created locate and click on avenger.exe to run the tool.

Okay the warning. When the Avenger display opens copy/paste the following text inside the Code box into the Avenger box titled "Input script here:". Then click the Execute button to run the repair, click Yes, then allow Avenger to reboot your system.

Code:

Begin copying here:
Files to delete:
C:\Program Files\antiviirus.exe
C:\ProgramData\SkipDupeDupe.mqorkm
C:\Windows\Resources\AlrtKernel.dll
C:\Windows\userconfig9x.dll
C:\Windows\system32winlogonpc.exe
C:\Windows\system32taack.exe
C:\Windows\system32taack.dat
C:\Windows\system32sncntr.exe
C:\Windows\system32mwin32.exe
C:\Windows\system32hxiwlgpm.exe
C:\Windows\system32hxiwlgpm.dat
C:\Windows\system32hoproxy.dll
C:\Windows\FVProtect.exe
C:\Windows\a.bat
C:\Windows\winsystem.exe
C:\Windows\system32WINWGPX.EXE
C:\Windows\system32winsystem.exe
C:\Windows\system32vcatchpi.dll
C:\Windows\system32vbsys2.dll
C:\Windows\system32thun32.dll
C:\Windows\system32thun.dll
C:\Windows\system32temp#01.exe
C:\Windows\system32sysreq.exe
C:\Windows\system32ssvchost.exe
C:\Windows\system32ssvchost.com
C:\Windows\system32ssurf022.dll
C:\Windows\system32Rundl1.exe
C:\Windows\system32regm64.dll
C:\Windows\system32regc64.dll
C:\Windows\system32psoft1.exe
C:\Windows\system32psof1.exe
C:\Windows\system32ps1.exe
C:\Windows\system32newsd32.exe
C:\Windows\system32netode.exe
C:\Windows\system32mtr2.exe
C:\Windows\system32msvchost.exe
C:\Windows\system32mssecu.exe
C:\Windows\system32msnbho.dll
C:\Windows\system32msgp.exe
C:\Windows\system32medup020.dll
C:\Windows\system32medup012.dll
C:\Windows\system32h@tkeysh@@k.dll
C:\Windows\system32emesx.dll
C:\Windows\system32dpcproxy.exe
C:\Windows\system32bsva-egihsg52.exe
C:\Windows\system32bdn.com
C:\Windows\system32awtoolb.dll
C:\Windows\system32anticipator.dll
C:\Windows\system32akttzn.exe
C:\Windows\mssecu.exe
C:\Windows\iTunesMusic.exe
C:\Windows\bdn.com
C:\Windows\apoxqwfv.exe
C:\Users\Tom\DesktopFWebdEditor.exe
C:\Users\Tom\Desktopfwebd.exe
C:\Users\Tom\Desktopfilemanagerclient.exe
C:\Windows\system32\qjshuhmv.exe
C:\Users\All Users\olkrcpyl
C:\Program Files\instaler.exe
C:\Program Files\tmp0.exe
C:\Program Files\antiviirus.exe
Folders to delete:
C:\Users\Tom\Desktopvirii
C:\Windows\system32smp
C:\Windows\mslagent
C:\Users\All Users\Admin Inter 1 Mags
C:\Users\All Users\For4city
Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | AlrtKernel

Your system may reboot twice to complete the repairs. After the reboot a text will open - copy/paste those contents back here please. The log can also be found at C:\avenger.txt.

----------------------------

Then reconnect to net access and follow the previous steps to install and run Malwarebytes. Once that completes run the Deckards scan as posted earlier, and post that, the Malwarebytes log and the Avenger log please.