Popupping Always: dangerous trojan horses detected in your system!

ianodin · 2008/06/22

this message always popup! when i click folders....
dangerous trojan horses detected in your system
check out this photo>>

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:06:26 PM, on 6/22/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\tsnpstd3.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Windows\VM303_STI.EXE
C:\Windows\vmsnap3.exe
C:\Windows\Domino.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Eset\nod32kui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\Kasai\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kasai.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Dell ???????? Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.250.235.238:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨Ã£¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IE ext - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\Windows\system32\dapol.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! ¤u¨Ã£¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe "
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [VMSnap3] C:\Windows\VMSnap3.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe "
O4 - HKCU\..\Run: [Joy proxy] "C:\ProgramData\iso gpl gpl.aci4prf "
O4 - HKCU\..\Run: [Ford mpeg road draw] "C:\ProgramData\setup obj 01.o2qpw "
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Kasai\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun ? Java ????? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} (Nps Control) - http://kr.gameguard.nprotect.com/inca/onscan//tyscan/nps.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12476 bytes

PeteC · 2008/06/22

ianodin - Welcome to the Board

Please read this and post the logs requested (copy/paste into your next post here - you may need to spread over 2 posts).

ianodin · 2008/06/22

additional

scanned by dss.exe:
Deckard's System Scanner v20071014.68
Run by Kasai on 2008-06-22 17:04:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
10: 2008-06-21 03:43:05 UTC - RP65 - Windows Update
9: 2008-06-21 03:38:13 UTC - RP64 - Windows Defender Checkpoint
8: 2008-06-18 09:58:18 UTC - RP62 - Windows Update
7: 2008-06-16 11:59:33 UTC - RP61 - Installed
6: 2008-06-16 11:20:52 UTC - RP60 - Installed UCAM-H1C30 series

-- First Restore Point --
1: 2008-06-15 03:15:13 UTC - RP51 - Windows Defender Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Kasai.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:06:26 PM, on 6/22/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\tsnpstd3.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Windows\VM303_STI.EXE
C:\Windows\vmsnap3.exe
C:\Windows\Domino.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Eset\nod32kui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\Kasai\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kasai.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Dell ???????? Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.250.235.238:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨Ã£¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IE ext - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\Windows\system32\dapol.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! ¤u¨Ã£¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe "
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [VMSnap3] C:\Windows\VMSnap3.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe "
O4 - HKCU\..\Run: [Joy proxy] "C:\ProgramData\iso gpl gpl.aci4prf "
O4 - HKCU\..\Run: [Ford mpeg road draw] "C:\ProgramData\setup obj 01.o2qpw "
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Kasai\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun ? Java ????? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} (Nps Control) - http://kr.gameguard.nprotect.com/inca/onscan//tyscan/nps.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12476 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-06-15 18:08:45 408 --a------ C:\Windows\Tasks\Norton Security Scan.job
2008-05-17 18:13:30 254 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job

-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-22 16:59:43 0 d-------- C:\Program Files\Trend Micro
2008-06-21 15:51:14 0 d-------- C:\Program Files\Netscape
2008-06-21 13:11:04 13824 --a------ C:\Windows\system32\dapol.dll
2008-06-21 13:10:45 13824 --a------ C:\Windows\system32\dani.dll
2008-06-21 12:56:38 0 d-------- C:\Program Files\GameSpy Arcade
2008-06-16 20:58:55 0 d-------- C:\Users\All Users\Roxio
2008-06-15 18:04:21 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-15 18:02:32 0 d-------- C:\Users\All Users\Symantec
2008-06-15 12:23:49 21840 --a-----t C:\Windows\system32\SIntfNT.dll
2008-06-15 12:23:49 17212 --a-----t C:\Windows\system32\SIntf32.dll
2008-06-15 12:23:49 12067 --a-----t C:\Windows\system32\SIntf16.dll
2008-06-15 12:22:48 0 d-------- C:\Program Files\AdVantage
2008-06-15 12:22:28 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-15 12:15:51 717296 --a------ C:\Windows\system32\drivers\sptd.sys
2008-06-15 12:05:20 0 d-------- C:\Users\All Users\way rdr ford mpeg
2008-06-15 12:04:56 0 d-------- C:\Users\All Users\bolt poll size
2008-06-15 12:04:38 0 d-------- C:\Program Files\NetPumper
2008-06-15 11:09:04 0 d-------- C:\Users\Kasai\{188c6079-aed4-4d63-a6b8-db90ae68c201}
2008-06-15 11:06:13 0 d-------- C:\Windows\EffectResources
2008-06-15 11:05:25 94208 --a------ C:\Windows\amcap.exe <Not Verified; Microsoft Corporation; DirectX 8.1 Sample>
2008-06-15 11:05:25 0 d-------- C:\Program Files\Vimicro
2008-06-14 22:27:24 0 d-------- C:\Program Files\NinjaSurfing
2008-06-14 20:29:45 83 -----n--- C:\Windows\winomnifile.dat
2008-06-14 20:29:41 0 d-------- C:\Windows\Ultimate Security Suite
2008-06-14 19:40:04 0 d-------- C:\Program Files\My-Proxy
2008-06-14 18:56:21 0 d-------- C:\Users\All Users\Anonymizer
2008-06-14 14:34:18 0 d-------- C:\Program Files\uTorrent
2008-06-13 20:02:58 0 d-------- C:\Program Files\Norton Security Scan
2008-06-13 20:02:27 0 d-------- C:\Windows\system32\Adobe
2008-06-13 19:21:38 0 d-------- C:\Program Files\DNA
2008-06-09 21:40:16 0 d-------- C:\Program Files\Fox
2008-06-09 21:30:27 1970176 --a------ C:\Windows\system32\d3dx9.dll
2008-06-09 21:30:27 679936 --a------ C:\Windows\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2008-06-09 21:30:25 0 d-------- C:\Program Files\Cheat Engine
2008-06-09 15:03:57 11264 --a------ C:\Windows\system32\SPORDER.DLL <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-06-05 18:54:45 0 d-------- C:\Program Files\VSO
2008-06-04 18:20:23 0 d-------- C:\Program Files\SpeederXP
2008-06-04 14:30:17 0 d-------- C:\Program Files\Game Speed Changer
2008-06-04 14:28:43 0 d-------- C:\Program Files\Speed Gear
2008-06-03 17:49:25 0 d-------- C:\Users\Kasai\media
2008-06-03 16:35:07 0 d-------- C:\Users\Kasai\Shared
2008-06-03 16:35:03 0 d-------- C:\Users\Kasai\Incomplete
2008-06-03 16:33:41 0 d-------- C:\Program Files\LimeWire
2008-06-01 18:06:59 0 d-------- C:\Program Files\WinSCP
2008-05-31 18:20:24 0 d-------- C:\Program Files\Search Settings
2008-05-31 18:20:10 0 d-------- C:\Program Files\Dealio
2008-05-31 18:19:50 208896 --a------ C:\Windows\system32\TubeFinder.exe <Not Verified; Koyote Soft; Tube Finder>
2008-05-31 18:19:49 101888 --a------ C:\Windows\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-31 18:19:49 119568 --a------ C:\Windows\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-05-31 18:19:48 9728 --a------ C:\Windows\system32\PCCLPFR.DLL <Not Verified; Microsoft Corporation; PicClip>
2008-05-31 18:19:48 141312 --a------ C:\Windows\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-05-31 18:19:48 32768 --a------ C:\Windows\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-05-31 18:19:48 0 d-------- C:\Program Files\Free FLV Converter
2008-05-27 13:49:55 0 d-------- C:\Program Files\Canon
2008-05-25 16:33:16 0 -rahs---- C:\MSDOS.SYS
2008-05-25 16:33:16 0 -rahs---- C:\IO.SYS
2008-05-22 15:20:27 0 d-------- C:\Windows\system32\appmgmt
2008-05-22 15:03:53 0 d-------- C:\Users\All Users\WinZip
2008-05-22 14:54:06 0 d-------- C:\Program Files\AMPED
2008-05-22 14:48:37 398743525 --a------ C:\Users\Kasai\WR_OBTsetup.exe <Not Verified; Macrovision Corporation; InstallShield>
2008-05-22 11:55:54 0 d-------- C:\Program Files\Apple Software Update

-- Find3M Report ---------------------------------------------------------------

2008-06-22 17:03:43 0 d-------- C:\Users\Kasai\AppData\Roaming\Skype
2008-06-22 17:03:34 27335 --a------ C:\Users\Kasai\AppData\Roaming\nvModes.001
2008-06-22 16:57:49 27335 --a------ C:\Users\Kasai\AppData\Roaming\nvModes.dat
2008-06-22 16:05:11 0 d-------- C:\Users\Kasai\AppData\Roaming\skypePM
2008-06-21 15:51:25 0 d-------- C:\Users\Kasai\AppData\Roaming\Netscape
2008-06-19 21:35:07 400162 --a------ C:\Windows\system32\perfh011.dat
2008-06-19 21:35:07 108526 --a------ C:\Windows\system32\perfc011.dat
2008-06-16 20:58:55 0 d-------- C:\Users\Kasai\AppData\Roaming\Roxio
2008-06-16 20:21:00 0 d-------- C:\Program Files\Common Files\snpstd3
2008-06-16 19:24:08 0 d-------- C:\Users\Kasai\AppData\Roaming\Hamachi
2008-06-15 18:04:21 0 d-------- C:\Program Files\Common Files
2008-06-15 15:50:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-15 12:15:16 0 d-------- C:\Users\Kasai\AppData\Roaming\DAEMON Tools
2008-06-15 11:32:24 0 d-------- C:\Users\Kasai\AppData\Roaming\Hide IP NG
2008-06-15 11:05:11 0 d-------- C:\Users\Kasai\AppData\Roaming\InstallShield
2008-06-14 22:30:20 0 d-------- C:\Users\Kasai\AppData\Roaming\FreeCap
2008-06-14 18:56:43 0 d-------- C:\Users\Kasai\AppData\Roaming\Anonymizer
2008-06-14 14:47:07 0 d-------- C:\Users\Kasai\AppData\Roaming\uTorrent
2008-06-12 22:12:26 0 d-------- C:\Program Files\Windows Mail
2008-06-07 22:35:08 0 d-------- C:\Users\Kasai\AppData\Roaming\CyberLink
2008-06-07 18:44:48 0 d-------- C:\Users\Kasai\AppData\Roaming\Vso
2008-06-06 13:29:29 31007 --a------ C:\Users\Kasai\AppData\Roaming\UserTile.png
2008-06-06 13:29:29 0 d-------- C:\Users\Kasai\AppData\Roaming\PeerNetworking
2008-06-06 13:28:59 0 d-------- C:\Users\Kasai\AppData\Roaming\Intel
2008-06-04 18:08:17 600 --a------ C:\Users\Kasai\AppData\Roaming\winscp.rnd
2008-06-03 20:13:49 0 d-------- C:\Users\Kasai\AppData\Roaming\LimeWire
2008-05-27 22:07:19 0 d-------- C:\Users\Kasai\AppData\Roaming\Identities
2008-05-27 13:48:51 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-20 15:08:40 0 d-------- C:\Program Files\Skype
2008-05-20 15:08:37 0 d-------- C:\Program Files\Common Files\Skype
2008-05-19 12:17:58 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-19 11:54:45 0 d-------- C:\Users\Kasai\AppData\Roaming\Adobe
2008-05-18 18:11:49 0 d-------- C:\Users\Kasai\AppData\Roaming\WinRAR
2008-05-18 15:43:17 0 d-------- C:\Users\Kasai\AppData\Roaming\Talkback
2008-05-18 15:43:12 0 --a------ C:\Windows\nsreg.dat
2008-05-18 15:43:10 0 d-------- C:\Users\Kasai\AppData\Roaming\Mozilla
2008-05-18 14:19:20 298104 --a------ C:\Windows\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-05-18 14:04:47 0 d-------- C:\Program Files\Windows Sidebar
2008-05-18 14:04:47 0 d-------- C:\Program Files\Windows Calendar
2008-05-18 14:04:47 0 d-------- C:\Program Files\Movie Maker
2008-05-18 14:04:45 0 d-------- C:\Program Files\Windows Collaboration
2008-05-18 14:04:44 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-18 14:04:44 0 d-------- C:\Program Files\Windows Journal
2008-05-18 14:04:42 0 d-------- C:\Program Files\Windows Defender
2008-05-18 13:31:39 174 --ahs---- C:\Program Files\desktop.ini
2008-05-18 13:14:41 0 d-------- C:\Program Files\Lievo
2008-05-18 12:43:31 0 d-------- C:\Users\Kasai\AppData\Roaming\Google
2008-05-17 18:21:38 0 d-------- C:\Users\Kasai\AppData\Roaming\Apple Computer
2008-05-17 18:21:24 0 d-------- C:\Program Files\iTunes
2008-05-17 18:20:47 0 d-------- C:\Program Files\iPod
2008-05-17 18:13:29 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-17 18:12:40 0 d-------- C:\Program Files\Windows Live Favorites
2008-05-17 18:02:26 0 d-------- C:\Program Files\Windows Live
2008-05-17 18:02:05 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-17 17:32:31 0 d-------- C:\Program Files\Google
2008-05-17 17:28:17 0 d-------- C:\Program Files\Bonjour
2008-05-17 17:27:55 0 d-------- C:\Program Files\QuickTime
2008-05-17 17:26:25 0 d-------- C:\Program Files\Common Files\Apple
2008-05-17 16:20:32 0 d-------- C:\Users\Kasai\AppData\Roaming\Yahoo!
2008-05-17 16:20:29 0 d-------- C:\Program Files\Yahoo!
2008-05-17 16:16:23 0 d-------- C:\Users\Kasai\AppData\Roaming\Macromedia
2008-05-17 14:04:45 0 d-------- C:\Program Files\Windows NT
2008-05-17 13:56:06 21764 --a------ C:\Windows\system32\emptyregdb.dat
2008-05-17 13:47:21 0 d-------- C:\Program Files\Roxio
2008-05-17 13:47:20 0 d-------- C:\Program Files\NetWaiting
2008-05-17 13:47:19 0 d-------- C:\Program Files\Modem Diagnostic Tool
2008-05-17 13:47:12 0 d-------- C:\Program Files\Java
2008-05-17 13:47:12 0 d-------- C:\Program Files\Intel
2008-05-17 13:47:12 0 d-------- C:\Program Files\Intel, Inc
2008-05-17 13:47:12 0 d-------- C:\Program Files\Digital Line Detect
2008-05-17 13:47:07 0 d-------- C:\Program Files\Dell Support Center
2008-05-17 13:46:53 0 d-------- C:\Program Files\Dell
2008-05-17 13:46:42 0 d-------- C:\Program Files\CyberLink
2008-05-17 13:46:42 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-05-17 13:46:42 0 d-------- C:\Program Files\Common Files\supportsoft
2008-05-17 13:46:41 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-17 13:46:41 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-05-17 13:46:39 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-05-17 13:46:38 0 d-------- C:\Program Files\Common Files\Java
2008-05-17 13:46:34 0 d-------- C:\Program Files\Broadcom
2008-05-17 13:43:29 0 d-------- C:\Program Files\CONEXANT
2008-05-17 13:43:14 0 d-------- C:\Program Files\Sigmatel
2008-05-17 13:43:05 0 d-------- C:\Program Files\Synaptics
2008-03-28 11:24:36 974848 --a------ C:\Windows\system32\npdownv.exe <Not Verified; ; nProtect Update>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FF811E6-8925-4084-A649-C159955E67E8}]
06/21/2008 01:11 PM 13824 --a------ C:\Windows\system32\dapol.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
04/16/2008 05:56 PM 1107296 --a------ C:\Program Files\Search Settings\kb127\SearchSettings.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [05/18/2008 01:17 PM]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/28/2007 09:35 AM]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [09/25/2007 05:41 PM]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [09/25/2007 05:40 PM]
"NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [09/25/2007 05:40 PM]
"NVHotkey "= "C:\Windows\system32\nvHotkey.dll" [09/25/2007 05:40 PM]
"SigmatelSysTrayApp "= "C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [01/02/2008 12:44 PM]
"dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [03/11/2008 12:44 PM]
"ECenter "= "C:\Dell\E-Center\EULALauncher.exe" [02/29/2008 01:18 PM]
"Google Desktop Search "= "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [05/10/2008 10:09 PM]
"PCMService "= "C:\Program Files\Dell\MediaDirect\PCMService.exe" [12/21/2007 10:58 AM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [05/10/2008 10:01 PM]
"DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [03/11/2008 12:44 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"nod32kui "= "C:\Program Files\Eset\nod32kui.exe" [05/18/2008 02:19 PM]
"tsnpstd3 "= "C:\Windows\tsnpstd3.exe" [07/07/2006 03:04 PM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"au "= "C:\Program Files\Dealio\DealioAU.exe" [04/16/2008 06:58 PM]
"SearchSettings "= "C:\Program Files\Search Settings\SearchSettings.exe" [04/16/2008 05:56 PM]
"BigDog303 "= "C:\Windows\VM303_STI.exe" [01/24/2006 11:07 PM]
"VMSnap3 "= "C:\Windows\VMSnap3.exe" [07/18/2006 04:15 PM]
"Domino "= "C:\Windows\Domino.exe" [07/04/2006 02:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter "= "oobefldr.dll,ShowWelcomeCenter" []
"DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [03/11/2008 12:44 PM]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [12/17/2007 05:13 PM]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/10/2008 10:09 PM]
"MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [04/23/2008 05:45 PM]
"Vidalia "= "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" []
"Joy proxy "= "C:\ProgramData\iso gpl gpl.aci4prf" [06/21/2008 10:22 PM]
"Ford mpeg road draw "= "C:\ProgramData\setup obj 01.o2qpw" [06/15/2008 12:05 PM]
"DAEMON Tools Lite "= "C:\Program Files\DAEMON Tools Lite\daemon.exe" [04/01/2008 06:39 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [5/10/2008 10:03:03 PM]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [7/20/2007 6:13:26 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [4/28/2008 11:20:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@= "IEEE 1394 Bus host controllers "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@= "SBP2 IEEE 1394 Devices "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@= "SecurityDevices "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{114d9331-3a8a-11dd-8c5d-001d09d272f2}]
AutoRun\command- G:\avp2.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{114d9355-3a8a-11dd-8c5d-001d09d272f2}]
AutoRun\command- H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c54adf5-2c98-11dd-b693-001d09d272f2}]
AutoRun\command- I:\
explore\Command- WScript.exe .\__.vbs
open\Command- WScript.exe .\__.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e50a5ec-35ed-11dd-9b2e-001d09d272f2}]
AutoRun\command- G:\
explore\Command- WScript.exe .\__.vbs
open\Command- WScript.exe .\__.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68e08f8d-3474-11dd-ac34-001d09d272f2}]
AutoRun\command- G:\
explore\Command- WScript.exe .\__.vbs
open\Command- WScript.exe .\__.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf364550-27a7-11dd-8fbf-001d09d272f2}]
AutoRun\command- G:\
explore\Command- WScript.exe .\__.vbs
open\Command- WScript.exe .\__.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-06-22 17:07:45 ------------

noahdfear · 2008/06/22

Welcome ianodin

You have a flash drive infection. Please download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

Plug in your USB flash drive.

Double-click Flash_Disinfector.exe to run it.

Follow any prompts that may appear.

Your desktop will vanish for a while, and then reappear. This is normal.

Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Next, download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select 'Perform Quick Scan', then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Post the entire report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Then, dDownload ComboFix by sUBs from here, saving the file to your desktop.

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in another reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Log in or Sign up

Popupping Always: dangerous trojan horses detected in your system!

ianodin Inactive Thread Starter

PeteC SuperGeek Staff

ianodin Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Popupping Always: dangerous trojan horses detected in your system!

ianodin Inactive Thread Starter

PeteC SuperGeek Staff

ianodin Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches