Thread: explorer.exe keeps restarting(icons folders close)
View Single Post
Old 07-23-2008, 02:16 AM   #1 (permalink)
3066843
Registered User
 
Join Date: Jul 2008
Posts: 18
OS: xp


explorer.exe keeps restarting(icons folders close)
explorer.exe keeps restarting the icons and start menu closes when i open a folder. The folder closes as well. I fix it by pressing ctrl+alt+del and click new task type in explorer.exe and its find but once i open a folder again it happens. Please help.

This is my log using Deckard's system scanner:
Deckard's System Scanner v20071014.68
Run by John Le on 2008-07-23 17:44:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
17: 2008-07-23 07:44:27 UTC - RP17 - Deckard's System Scanner Restore Point
16: 2008-07-23 07:01:39 UTC - RP16 - Last known good configuration
15: 2008-07-23 07:01:33 UTC - RP15 - Last known good configuration
14: 2008-07-23 07:01:33 UTC - RP14 - Last known good configuration
13: 2008-07-23 07:01:33 UTC - RP13 - SPTD setup V1.56


-- First Restore Point --
1: 2008-07-23 07:01:31 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 1.47 GiB (less than 15%) free.


-- HijackThis (run as John Le.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:38 PM, on 23/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\John Le\My Documents\Downloads\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\John Le.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://au.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<<
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {270E714D-DA4D-4605-B5B9-52A3D9F77809} - C:\WINDOWS\system32\khfDtQKb.dll
O2 - BHO: (no name) - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?bcedacc655764656a9da93988bf51eca
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?bcedacc655764656a9da93988bf51eca
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=21871
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\Mabinogi\npkcmsvc.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 10557 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S2 npkcrypt - c:\nexon\mabinogi\npkcrypt.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 npkcmsvc - c:\nexon\mabinogi\npkcmsvc.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-23 17:39:02 258 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-07-23 17:00:01 232 --a------ C:\WINDOWS\Tasks\SpeedOptimizer Startup.job
2008-02-05 10:55:59 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-06-23 and 2008-07-23 -----------------------------

2008-07-23 17:38:25 0 d-------- C:\Program Files\Trend Micro
2008-07-23 17:26:52 0 d-------- C:\Program Files\SpywareBlaster
2008-07-23 17:25:09 0 dr-h----- C:\Documents and Settings\John Le\Recent
2008-07-23 17:18:10 0 d-------- C:\Program Files\CCleaner
2008-07-23 16:30:39 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-23 16:30:29 0 d-------- C:\Documents and Settings\John Le\Application Data\DAEMON Tools
2008-07-22 21:47:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-22 21:47:00 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-22 21:47:00 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-22 21:47:00 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-22 21:47:00 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-22 21:47:00 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-22 21:47:00 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-22 21:47:00 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-22 21:47:00 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-22 21:47:00 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-22 18:57:17 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-22 18:55:25 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-22 18:55:24 0 d-------- C:\Documents and Settings\John Le\Application Data\SUPERAntiSpyware.com
2008-07-22 18:54:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-22 18:20:50 0 d-------- C:\Program Files\Alwil Software
2008-07-22 17:53:42 0 d-------- C:\VundoFix Backups
2008-07-22 17:15:47 0 d-------- C:\Program Files\SpeedOptimizer
2008-07-19 17:33:26 426178 --ahs---- C:\WINDOWS\system32\bKQtDfhk.ini2
2008-07-19 17:33:18 319488 -----n--- C:\WINDOWS\system32\khfDtQKb.dll
2008-07-17 21:12:57 0 d-------- C:\WoW-2.0.0-enUS-Installer
2008-07-17 21:12:42 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-07-17 13:57:17 0 d-------- C:\Documents and Settings\John Le\Application Data\My Games
2008-07-17 12:56:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2008-07-16 13:02:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-07-14 18:27:50 0 d-------- C:\Program Files\GamesCampus
2008-07-13 21:17:26 0 d-------- C:\Documents and Settings\John Le\Application Data\Wildfire
2008-07-13 14:29:36 4096 --a------ C:\WINDOWS\d3dx.dat
2008-07-13 14:16:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-13 14:16:31 0 d-------- C:\Program Files\GamesCafe.com
2008-07-13 14:15:14 0 d-------- C:\Program Files\eMule
2008-07-13 14:12:14 0 d-------- C:\Program Files\RealArcade
2008-07-11 09:31:44 0 d-------- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-07-11 09:31:39 0 d-------- C:\Documents and Settings\John Le\Application Data\SpeedBit
2008-07-09 14:39:19 0 d-------- C:\Program Files\Messenger Plus! Live
2008-07-07 16:14:49 0 d--h----- C:\WINDOWS\PIF
2008-07-06 13:47:24 0 d-------- C:\Program Files\Chicken Invaders 3
2008-07-06 13:47:15 0 d-------- C:\Program Files\ReflexiveArcade
2008-06-28 19:15:01 0 d-------- C:\Documents and Settings\John Le\Application Data\PlayFirst
2008-06-28 19:13:18 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst


-- Find3M Report ---------------------------------------------------------------

2008-07-23 17:45:43 0 d-------- C:\Documents and Settings\John Le\Application Data\uTorrent
2008-07-23 17:26:29 0 d-------- C:\Program Files\Shockwave.com
2008-07-23 17:01:46 0 d-------- C:\Documents and Settings\John Le\Application Data\DMCache
2008-07-23 16:58:25 40 --a------ C:\WINDOWS\system32\profile.dat
2008-07-22 18:54:48 0 d-------- C:\Program Files\Common Files
2008-07-22 18:44:49 668 --a------ C:\Documents and Settings\John Le\Application Data\vso_ts_preview.xml
2008-07-22 18:44:47 0 d-------- C:\Documents and Settings\John Le\Application Data\Vso
2008-07-22 17:25:06 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-22 17:25:06 0 d-------- C:\Documents and Settings\John Le\Application Data\Azureus
2008-07-19 17:17:04 0 d-------- C:\Program Files\Azureus
2008-07-19 16:53:04 0 d-------- C:\Documents and Settings\John Le\Application Data\BitTorrent
2008-07-13 21:01:40 0 d-------- C:\Documents and Settings\John Le\Application Data\dvdcss
2008-07-09 14:39:19 0 d-------- C:\Program Files\Windows Live
2008-07-09 14:39:19 0 d-------- C:\Program Files\MSN Messenger
2008-06-14 19:15:28 0 d-------- C:\Program Files\Sun
2008-06-14 19:15:07 0 d-------- C:\Program Files\Java
2008-06-12 21:31:05 0 d-------- C:\Documents and Settings\John Le\Application Data\IDM
2008-06-11 18:53:43 0 d-------- C:\Documents and Settings\John Le\Application Data\Adobe
2008-06-11 18:53:03 1291 --a------ C:\WINDOWS\mozver.dat
2008-06-11 08:29:26 0 d-------- C:\Program Files\Incomplete
2008-06-10 17:46:06 0 d-------- C:\Program Files\uTorrent
2008-06-10 17:17:58 0 d-------- C:\Program Files\AskSBar
2008-06-10 17:13:10 0 d-------- C:\Documents and Settings\John Le\Application Data\LimeWire
2008-06-10 17:12:49 0 d-------- C:\Program Files\LimeWire
2008-06-07 13:39:04 0 d-------- C:\Program Files\ChickenInvadersTNWXmasdemo
2008-05-29 17:35:50 0 d-------- C:\Documents and Settings\John Le\Application Data\CasinoOnNet
2008-05-25 13:10:59 0 d--h----- C:\Documents and Settings\John Le\Application Data\ijjigame
2008-05-24 18:12:54 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-05-24 18:11:00 0 d-------- C:\Program Files\NHN USA
2008-05-24 18:10:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-23 17:52:50 0 d-------- C:\Documents and Settings\John Le\Application Data\MozillaControl
2008-05-23 17:52:22 0 d-------- C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2008-05-21 17:10:18 34 --a------ C:\Documents and Settings\John Le\Application Data\pcouffin.log
2008-05-21 17:10:00 47360 --a------ C:\Documents and Settings\John Le\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-21 17:10:00 1144 --a------ C:\Documents and Settings\John Le\Application Data\pcouffin.inf
2008-05-21 17:10:00 7887 --a------ C:\Documents and Settings\John Le\Application Data\pcouffin.cat
2008-05-12 18:42:48 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-05-07 18:16:07 299 --a------ C:\WINDOWS\EReg515.dat
2008-05-06 17:02:54 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-27 19:13:36 704512 --a------ C:\WINDOWS\system32\ijjiSetup.exe <Not Verified; NHN USA; ijjiSetup Application>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{270E714D-DA4D-4605-B5B9-52A3D9F77809}]
19/07/2008 05:33 PM 319488 --------- C:\WINDOWS\system32\khfDtQKb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
10/06/2008 05:17 PM 262144 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [10/06/2008 05:17 PM 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [05/07/2007 06:08 PM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [15/06/2007 06:45 PM C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 08:43 PM C:\WINDOWS\Alcmtr.exe]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [02/11/2004 07:24 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04/10/2005 11:42 AM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [15/11/2005 12:28 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28 AM]
"EPSON Stylus Photo R230 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.exe" [09/03/2005 02:00 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 09:19 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 10:00 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/06/2008 09:49 AM]
"IDMan"="C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe" [21/12/2007 07:16 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
"Magnify"=Magnify.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfDtQKb


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d73cefbc-1721-11dd-9db3-001d7d71803e}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs




-- End of Deckard's System Scanner: finished at 2008-07-23 17:46:17 ------------
Attached Files
File Type: txt extra.txt (16.6 KB, 0 views)
3066843 is offline