|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
07-23-2008, 01:16 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2008
Posts: 18
OS: xp
|
explorer.exe keeps restarting(icons folders close)
explorer.exe keeps restarting the icons and start menu closes when i open a folder. The folder closes as well. I fix it by pressing ctrl+alt+del and click new task type in explorer.exe and its find but once i open a folder again it happens. Please help.
This is my log using Deckard's system scanner: Deckard's System Scanner v20071014.68 Run by John Le on 2008-07-23 17:44:22 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 17: 2008-07-23 07:44:27 UTC - RP17 - Deckard's System Scanner Restore Point 16: 2008-07-23 07:01:39 UTC - RP16 - Last known good configuration 15: 2008-07-23 07:01:33 UTC - RP15 - Last known good configuration 14: 2008-07-23 07:01:33 UTC - RP14 - Last known good configuration 13: 2008-07-23 07:01:33 UTC - RP13 - SPTD setup V1.56 -- First Restore Point -- 1: 2008-07-23 07:01:31 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. System Drive C: has 1.47 GiB (less than 15%) free. -- HijackThis (run as John Le.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:45:38 PM, on 23/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\uTorrent\uTorrent.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\John Le\My Documents\Downloads\Programs\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\John Le.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://au.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<< O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {270E714D-DA4D-4605-B5B9-52A3D9F77809} - C:\WINDOWS\system32\khfDtQKb.dll O2 - BHO: (no name) - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe /onboot O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?bcedacc655764656a9da93988bf51eca O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?bcedacc655764656a9da93988bf51eca O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=21871 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\Mabinogi\npkcmsvc.exe (file missing) O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- End of file - 10557 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> S2 npkcrypt - c:\nexon\mabinogi\npkcrypt.sys (file missing) S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 npkcmsvc - c:\nexon\mabinogi\npkcmsvc.exe (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-07-23 17:39:02 258 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job 2008-07-23 17:00:01 232 --a------ C:\WINDOWS\Tasks\SpeedOptimizer Startup.job 2008-02-05 10:55:59 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job -- Files created between 2008-06-23 and 2008-07-23 ----------------------------- 2008-07-23 17:38:25 0 d-------- C:\Program Files\Trend Micro 2008-07-23 17:26:52 0 d-------- C:\Program Files\SpywareBlaster 2008-07-23 17:25:09 0 dr-h----- C:\Documents and Settings\John Le\Recent 2008-07-23 17:18:10 0 d-------- C:\Program Files\CCleaner 2008-07-23 16:30:39 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-07-23 16:30:29 0 d-------- C:\Documents and Settings\John Le\Application Data\DAEMON Tools 2008-07-22 21:47:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\Templates 2008-07-22 21:47:00 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2008-07-22 21:47:00 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\Recent 2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2008-07-22 21:47:00 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2008-07-22 21:47:00 0 d-------- C:\Documents and Settings\Administrator\My Documents 2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2008-07-22 21:47:00 0 d-------- C:\Documents and Settings\Administrator\Favorites 2008-07-22 21:47:00 0 d-------- C:\Documents and Settings\Administrator\Desktop 2008-07-22 21:47:00 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2008-07-22 21:47:00 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2008-07-22 21:47:00 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2008-07-22 18:57:17 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-07-22 18:55:25 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-07-22 18:55:24 0 d-------- C:\Documents and Settings\John Le\Application Data\SUPERAntiSpyware.com 2008-07-22 18:54:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-22 18:20:50 0 d-------- C:\Program Files\Alwil Software 2008-07-22 17:53:42 0 d-------- C:\VundoFix Backups 2008-07-22 17:15:47 0 d-------- C:\Program Files\SpeedOptimizer 2008-07-19 17:33:26 426178 --ahs---- C:\WINDOWS\system32\bKQtDfhk.ini2 2008-07-19 17:33:18 319488 -----n--- C:\WINDOWS\system32\khfDtQKb.dll 2008-07-17 21:12:57 0 d-------- C:\WoW-2.0.0-enUS-Installer 2008-07-17 21:12:42 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-07-17 13:57:17 0 d-------- C:\Documents and Settings\John Le\Application Data\My Games 2008-07-17 12:56:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Gogii 2008-07-16 13:02:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Fugazo 2008-07-14 18:27:50 0 d-------- C:\Program Files\GamesCampus 2008-07-13 21:17:26 0 d-------- C:\Documents and Settings\John Le\Application Data\Wildfire 2008-07-13 14:29:36 4096 --a------ C:\WINDOWS\d3dx.dat 2008-07-13 14:16:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2008-07-13 14:16:31 0 d-------- C:\Program Files\GamesCafe.com 2008-07-13 14:15:14 0 d-------- C:\Program Files\eMule 2008-07-13 14:12:14 0 d-------- C:\Program Files\RealArcade 2008-07-11 09:31:44 0 d-------- C:\Documents and Settings\All Users\Application Data\SpeedBit 2008-07-11 09:31:39 0 d-------- C:\Documents and Settings\John Le\Application Data\SpeedBit 2008-07-09 14:39:19 0 d-------- C:\Program Files\Messenger Plus! Live 2008-07-07 16:14:49 0 d--h----- C:\WINDOWS\PIF 2008-07-06 13:47:24 0 d-------- C:\Program Files\Chicken Invaders 3 2008-07-06 13:47:15 0 d-------- C:\Program Files\ReflexiveArcade 2008-06-28 19:15:01 0 d-------- C:\Documents and Settings\John Le\Application Data\PlayFirst 2008-06-28 19:13:18 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst -- Find3M Report --------------------------------------------------------------- 2008-07-23 17:45:43 0 d-------- C:\Documents and Settings\John Le\Application Data\uTorrent 2008-07-23 17:26:29 0 d-------- C:\Program Files\Shockwave.com 2008-07-23 17:01:46 0 d-------- C:\Documents and Settings\John Le\Application Data\DMCache 2008-07-23 16:58:25 40 --a------ C:\WINDOWS\system32\profile.dat 2008-07-22 18:54:48 0 d-------- C:\Program Files\Common Files 2008-07-22 18:44:49 668 --a------ C:\Documents and Settings\John Le\Application Data\vso_ts_preview.xml 2008-07-22 18:44:47 0 d-------- C:\Documents and Settings\John Le\Application Data\Vso 2008-07-22 17:25:06 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-07-22 17:25:06 0 d-------- C:\Documents and Settings\John Le\Application Data\Azureus 2008-07-19 17:17:04 0 d-------- C:\Program Files\Azureus 2008-07-19 16:53:04 0 d-------- C:\Documents and Settings\John Le\Application Data\BitTorrent 2008-07-13 21:01:40 0 d-------- C:\Documents and Settings\John Le\Application Data\dvdcss 2008-07-09 14:39:19 0 d-------- C:\Program Files\Windows Live 2008-07-09 14:39:19 0 d-------- C:\Program Files\MSN Messenger 2008-06-14 19:15:28 0 d-------- C:\Program Files\Sun 2008-06-14 19:15:07 0 d-------- C:\Program Files\Java 2008-06-12 21:31:05 0 d-------- C:\Documents and Settings\John Le\Application Data\IDM 2008-06-11 18:53:43 0 d-------- C:\Documents and Settings\John Le\Application Data\Adobe 2008-06-11 18:53:03 1291 --a------ C:\WINDOWS\mozver.dat 2008-06-11 08:29:26 0 d-------- C:\Program Files\Incomplete 2008-06-10 17:46:06 0 d-------- C:\Program Files\uTorrent 2008-06-10 17:17:58 0 d-------- C:\Program Files\AskSBar 2008-06-10 17:13:10 0 d-------- C:\Documents and Settings\John Le\Application Data\LimeWire 2008-06-10 17:12:49 0 d-------- C:\Program Files\LimeWire 2008-06-07 13:39:04 0 d-------- C:\Program Files\ChickenInvadersTNWXmasdemo 2008-05-29 17:35:50 0 d-------- C:\Documents and Settings\John Le\Application Data\CasinoOnNet 2008-05-25 13:10:59 0 d--h----- C:\Documents and Settings\John Le\Application Data\ijjigame 2008-05-24 18:12:54 0 d-------- C:\Program Files\Common Files\INCA Shared 2008-05-24 18:11:00 0 d-------- C:\Program Files\NHN USA 2008-05-24 18:10:59 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-23 17:52:50 0 d-------- C:\Documents and Settings\John Le\Application Data\MozillaControl 2008-05-23 17:52:22 0 d-------- C:\Program Files\'Full Speed' Internet Booster + Performance Tests 2008-05-21 17:10:18 34 --a------ C:\Documents and Settings\John Le\Application Data\pcouffin.log 2008-05-21 17:10:00 47360 --a------ C:\Documents and Settings\John Le\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2008-05-21 17:10:00 1144 --a------ C:\Documents and Settings\John Le\Application Data\pcouffin.inf 2008-05-21 17:10:00 7887 --a------ C:\Documents and Settings\John Le\Application Data\pcouffin.cat 2008-05-12 18:42:48 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines> 2008-05-07 18:16:07 299 --a------ C:\WINDOWS\EReg515.dat 2008-05-06 17:02:54 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-27 19:13:36 704512 --a------ C:\WINDOWS\system32\ijjiSetup.exe <Not Verified; NHN USA; ijjiSetup Application> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{270E714D-DA4D-4605-B5B9-52A3D9F77809}] 19/07/2008 05:33 PM 319488 --------- C:\WINDOWS\system32\khfDtQKb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 10/06/2008 05:17 PM 262144 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [10/06/2008 05:17 PM 262144] [-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [05/07/2007 06:08 PM C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [15/06/2007 06:45 PM C:\WINDOWS\SkyTel.exe] "Alcmtr"="ALCMTR.EXE" [03/05/2005 08:43 PM C:\WINDOWS\Alcmtr.exe] "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [02/11/2004 07:24 PM] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04/10/2005 11:42 AM] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [15/11/2005 12:28 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28 AM] "EPSON Stylus Photo R230 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.exe" [09/03/2005 02:00 PM] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 09:19 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 10:00 PM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/06/2008 09:49 AM] "IDMan"="C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe" [21/12/2007 07:16 PM] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33 AM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe "Magnify"=Magnify.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "disableregistrytools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 AM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfDtQKb [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d73cefbc-1721-11dd-9db3-001d7d71803e}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs -- End of Deckard's System Scanner: finished at 2008-07-23 17:46:17 ------------ |
|
     |
|
07-28-2008, 06:25 AM
|
#4 (permalink) |
|
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Jun 2006
Location: Rhode Island, USA
Posts: 3,259
OS: XP Home SP3, XP MCE SP3, XP Pro SP3
|
Re: explorer.exe keeps restarting(icons folders close)
Hello and welcome to TSF.
 Sorry for the delay in response. The forum is very busy. Please post a fresh main.txt, as it has been a while since you posted.
__________________
My services are free. However, you can donate to TSF to help keep it running and prospering. ASAP  
|
|
|
|
|
07-31-2008, 12:17 AM
|
#5 (permalink) |
|
Registered User
Join Date: Jul 2008
Posts: 18
OS: xp
|
Re: explorer.exe keeps restarting(icons folders close)
thx for responding here is the log u requested
Deckard's System Scanner v20071014.68 Run by John Le on 2008-07-31 17:22:18 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as John Le.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:22:24 PM, on 31/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe C:\Documents and Settings\John Le\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\JOHNLE~1.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://au.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<< O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {43924C9C-DC4D-4C90-BD4A-0D9F6BCE536E} - C:\WINDOWS\system32\khfDtQKb.dll (file missing) O2 - BHO: (no name) - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe /onboot O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?bcedacc655764656a9da93988bf51eca O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?bcedacc655764656a9da93988bf51eca O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=21871 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary...t.cab56907.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\Mabinogi\npkcmsvc.exe (file missing) O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- End of file - 10640 bytes -- Files created between 2008-06-30 and 2008-07-31 ----------------------------- 2008-07-30 22:15:38 0 dr-h----- C:\Documents and Settings\John Le\Recent 2008-07-26 19:13:55 0 d-------- C:\Program Files\RegCure 2008-07-26 17:59:10 0 d-------- C:\Archivos de programa 2008-07-23 18:02:06 0 d-------- C:\Program Files\Panda Security 2008-07-23 17:58:17 0 d-------- C:\ie-spyad_zo 2008-07-23 17:38:25 0 d-------- C:\Program Files\Trend Micro 2008-07-23 17:26:52 0 d-------- C:\Program Files\SpywareBlaster 2008-07-23 17:18:10 0 d-------- C:\Program Files\CCleaner 2008-07-23 16:30:39 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-07-23 16:30:29 0 d-------- C:\Documents and Settings\John Le\Application Data\DAEMON Tools 2008-07-22 21:47:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\Templates 2008-07-22 21:47:00 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2008-07-22 21:47:00 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\Recent 2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2008-07-22 21:47:00 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2008-07-22 21:47:00 0 d-------- C:\Documents and Settings\Administrator\My Documents 2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2008-07-22 21:47:00 0 d-------- C:\Documents and Settings\Administrator\Favorites 2008-07-22 21:47:00 0 d-------- C:\Documents and Settings\Administrator\Desktop 2008-07-22 21:47:00 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2008-07-22 21:47:00 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2008-07-22 21:47:00 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2008-07-22 18:57:17 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-07-22 18:55:25 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-07-22 18:55:24 0 d-------- C:\Documents and Settings\John Le\Application Data\SUPERAntiSpyware.com 2008-07-22 18:54:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-22 18:20:50 0 d-------- C:\Program Files\Alwil Software 2008-07-22 17:53:42 0 d-------- C:\VundoFix Backups 2008-07-22 17:15:47 0 d-------- C:\Program Files\SpeedOptimizer 2008-07-19 17:33:26 417648 --ahs---- C:\WINDOWS\system32\bKQtDfhk.ini2 2008-07-17 21:12:57 0 d-------- C:\WoW-2.0.0-enUS-Installer 2008-07-17 21:12:42 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-07-17 13:57:17 0 d-------- C:\Documents and Settings\John Le\Application Data\My Games 2008-07-17 12:56:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Gogii 2008-07-16 13:02:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Fugazo 2008-07-14 18:27:50 0 d-------- C:\Program Files\GamesCampus 2008-07-13 21:17:26 0 d-------- C:\Documents and Settings\John Le\Application Data\Wildfire 2008-07-13 14:29:36 4096 --a------ C:\WINDOWS\d3dx.dat 2008-07-13 14:16:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2008-07-13 14:16:31 0 d-------- C:\Program Files\GamesCafe.com 2008-07-13 14:15:14 0 d-------- C:\Program Files\eMule 2008-07-13 14:12:14 0 d-------- C:\Program Files\RealArcade 2008-07-11 09:31:44 0 d-------- C:\Documents and Settings\All Users\Application Data\SpeedBit 2008-07-11 09:31:39 0 d-------- C:\Documents and Settings\John Le\Application Data\SpeedBit 2008-07-09 14:39:19 0 d-------- C:\Program Files\Messenger Plus! Live 2008-07-07 16:14:49 0 d--h----- C:\WINDOWS\PIF 2008-07-06 13:47:24 0 d-------- C:\Program Files\Chicken Invaders 3 2008-07-06 13:47:15 0 d-------- C:\Program Files\ReflexiveArcade -- Find3M Report --------------------------------------------------------------- 2008-07-31 16:59:44 0 d-------- C:\Documents and Settings\John Le\Application Data\DMCache 2008-07-30 22:24:59 40 --a------ C:\WINDOWS\system32\profile.dat 2008-07-30 21:27:17 0 d-------- C:\Documents and Settings\John Le\Application Data\Vso 2008-07-30 21:27:16 668 --a------ C:\Documents and Settings\John Le\Application Data\vso_ts_preview.xml 2008-07-25 20:01:19 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-07-23 21:57:51 0 d-------- C:\Documents and Settings\John Le\Application Data\uTorrent 2008-07-23 17:26:29 0 d-------- C:\Program Files\Shockwave.com 2008-07-22 18:54:48 0 d-------- C:\Program Files\Common Files 2008-07-22 17:25:06 0 d-------- C:\Documents and Settings\John Le\Application Data\Azureus 2008-07-19 17:17:04 0 d-------- C:\Program Files\Azureus 2008-07-19 16:53:04 0 d-------- C:\Documents and Settings\John Le\Application Data\BitTorrent 2008-07-13 21:01:40 0 d-------- C:\Documents and Settings\John Le\Application Data\dvdcss 2008-07-09 14:39:19 0 d-------- C:\Program Files\Windows Live 2008-07-09 14:39:19 0 d-------- C:\Program Files\MSN Messenger 2008-06-28 20:39:02 0 d-------- C:\Documents and Settings\John Le\Application Data\PlayFirst 2008-06-14 19:15:28 0 d-------- C:\Program Files\Sun 2008-06-14 19:15:07 0 d-------- C:\Program Files\Java 2008-06-12 21:31:05 0 d-------- C:\Documents and Settings\John Le\Application Data\IDM 2008-06-11 18:53:43 0 d-------- C:\Documents and Settings\John Le\Application Data\Adobe 2008-06-11 18:53:03 1291 --a------ C:\WINDOWS\mozver.dat 2008-06-11 08:29:26 0 d-------- C:\Program Files\Incomplete 2008-06-10 17:46:06 0 d-------- C:\Program Files\uTorrent 2008-06-10 17:17:58 0 d-------- C:\Program Files\AskSBar 2008-06-10 17:13:10 0 d-------- C:\Documents and Settings\John Le\Application Data\LimeWire 2008-06-10 17:12:49 0 d-------- C:\Program Files\LimeWire 2008-06-07 13:39:04 0 d-------- C:\Program Files\ChickenInvadersTNWXmasdemo 2008-05-21 17:10:18 34 --a------ C:\Documents and Settings\John Le\Application Data\pcouffin.log 2008-05-21 17:10:00 47360 --a------ C:\Documents and Settings\John Le\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2008-05-21 17:10:00 1144 --a------ C:\Documents and Settings\John Le\Application Data\pcouffin.inf 2008-05-21 17:10:00 7887 --a------ C:\Documents and Settings\John Le\Application Data\pcouffin.cat 2008-05-12 18:42:48 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines> 2008-05-07 18:16:07 299 --a------ C:\WINDOWS\EReg515.dat 2008-05-06 17:02:54 0 --a------ C:\WINDOWS\nsreg.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43924C9C-DC4D-4C90-BD4A-0D9F6BCE536E}] C:\WINDOWS\system32\khfDtQKb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 10/06/2008 05:17 PM 262144 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [10/06/2008 05:17 PM 262144] [-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [05/07/2007 06:08 PM C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [15/06/2007 06:45 PM C:\WINDOWS\SkyTel.exe] "Alcmtr"="ALCMTR.EXE" [03/05/2005 08:43 PM C:\WINDOWS\Alcmtr.exe] "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [02/11/2004 07:24 PM] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04/10/2005 11:42 AM] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [15/11/2005 12:28 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28 AM] "EPSON Stylus Photo R230 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.exe" [09/03/2005 02:00 PM] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 09:19 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 10:00 PM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/06/2008 09:49 AM] "IDMan"="C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe" [21/12/2007 07:16 PM] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33 AM] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe "Magnify"=Magnify.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "disableregistrytools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 AM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d73cefbc-1721-11dd-9db3-001d7d71803e}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs -- End of Deckard's System Scanner: finished at 2008-07-31 17:23:02 ------------ End of file - 10737 bytes Last edited by 3066843 : 07-31-2008 at 12:23 AM. |
|
|
|
|
07-31-2008, 01:57 AM
|
#6 (permalink) |
|
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Jun 2006
Location: Rhode Island, USA
Posts: 3,259
OS: XP Home SP3, XP MCE SP3, XP Pro SP3
|
Re: explorer.exe keeps restarting(icons folders close)
Hi,
First of all you are running two antivirus programs at the same time, i.e Avast and Symantec/Norton. Alike firewalls, anti-virus programs have conflicts co-existing with each other & produces undesirable results. Please uninstall ALL leaving only one of them. ALL the antivirus programs must be removed via add/remove program. For any program that doesn't have an add/remove entry, you will have to do this: re-install the program -> reboot -> uninstallYou can use the instructions on this page to completely uninstall your Norton Products. Post a fresh HJT log when you have completed the above task.
__________________
My services are free. However, you can donate to TSF to help keep it running and prospering. ASAP
|
|
|
|
|
08-01-2008, 01:58 AM
|
#7 (permalink) |
|
Registered User
Join Date: Jul 2008
Posts: 18
OS: xp
|
Re: explorer.exe keeps restarting(icons folders close)
Deckard's System Scanner v20071014.68 Run by John Le on 2008-08-01 18:55:18 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as John Le.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:55:22 PM, on 1/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Documents and Settings\John Le\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\JOHNLE~1.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://au.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<< O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {43924C9C-DC4D-4C90-BD4A-0D9F6BCE536E} - (no file) O2 - BHO: (no name) - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe /onboot O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?bcedacc655764656a9da93988bf51eca O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?bcedacc655764656a9da93988bf51eca O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=21871 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary...t.cab56907.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\Mabinogi\npkcmsvc.exe (file missing) O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- End of file - 10869 bytes -- Files created between 2008-07-01 and 2008-08-01 ----------------------------- 2008-08-01 17:36:56 0 dr-h----- C:\Documents and Settings\John Le\Recent 2008-07-26 17:59:10 0 d-------- C:\Archivos de programa 2008-07-23 18:02:06 0 d-------- C:\Program Files\Panda Security 2008-07-23 17:58:17 0 d-------- C:\ie-spyad_zo 2008-07-23 17:38:25 0 d-------- C:\Program Files\Trend Micro 2008-07-23 17:26:52 0 d-------- C:\Program Files\SpywareBlaster 2008-07-23 17:18:10 0 d-------- C:\Program Files\CCleaner 2008-07-23 16:30:39 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-07-23 16:30:29 0 d-------- C:\Documents and Settings\John Le\Application Data\DAEMON Tools 2008-07-22 21:47:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\Templates 2008-07-22 21:47:00 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2008-07-22 21:47:00 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\Recent 2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2008-07-22 21:47:00 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2008-07-22 21:47:00 0 d-------- C:\Documents and Settings\Administrator\My Documents 2008-07-22 21:47:00 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2008-07-22 21:47:00 0 d-------- C:\Documents and Settings\Administrator\Favorites 2008-07-22 21:47:00 0 d-------- C:\Documents and Settings\Administrator\Desktop 2008-07-22 21:47:00 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2008-07-22 21:47:00 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2008-07-22 21:47:00 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2008-07-22 18:57:17 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-07-22 18:55:25 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-07-22 18:55:24 0 d-------- C:\Documents and Settings\John Le\Application Data\SUPERAntiSpyware.com 2008-07-22 18:54:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-22 18:20:50 0 d-------- C:\Program Files\Alwil Software 2008-07-22 17:53:42 0 d-------- C:\VundoFix Backups 2008-07-22 17:15:47 0 d-------- C:\Program Files\SpeedOptimizer 2008-07-19 17:33:26 417648 --ahs---- C:\WINDOWS\system32\bKQtDfhk.ini2 2008-07-17 21:12:57 0 d-------- C:\WoW-2.0.0-enUS-Installer 2008-07-17 21:12:42 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-07-17 13:57:17 0 d-------- C:\Documents and Settings\John Le\Application Data\My Games 2008-07-17 12:56:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Gogii 2008-07-16 13:02:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Fugazo 2008-07-14 18:27:50 0 d-------- C:\Program Files\GamesCampus 2008-07-13 21:17:26 0 d-------- C:\Documents and Settings\John Le\Application Data\Wildfire 2008-07-13 14:29:36 4096 --a------ C:\WINDOWS\d3dx.dat 2008-07-13 14:16:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2008-07-13 14:16:31 0 d-------- C:\Program Files\GamesCafe.com 2008-07-13 14:12:14 0 d-------- C:\Program Files\RealArcade 2008-07-11 09:31:44 0 d-------- C:\Documents and Settings\All Users\Application Data\SpeedBit 2008-07-11 09:31:39 0 d-------- C:\Documents and Settings\John Le\Application Data\SpeedBit 2008-07-09 14:39:19 0 d-------- C:\Program Files\Messenger Plus! Live 2008-07-07 16:14:49 0 d--h----- C:\WINDOWS\PIF 2008-07-06 13:47:24 0 d-------- C:\Program Files\Chicken Invaders 3 2008-07-06 13:47:15 0 d-------- C:\Program Files\ReflexiveArcade -- Find3M Report --------------------------------------------------------------- 2008-08-01 18:44:21 668 --a------ C:\Documents and Settings\John Le\Application Data\vso_ts_preview.xml 2008-08-01 18:44:21 0 d-------- C:\Documents and Settings\John Le\Application Data\Vso 2008-08-01 17:59:59 0 d-------- C:\Documents and Settings\John Le\Application Data\DMCache 2008-08-01 17:40:30 0 d-------- C:\Program Files\Shockwave.com 2008-08-01 17:22:14 40 --a------ C:\WINDOWS\system32\profile.dat 2008-07-25 20:01:19 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-07-23 21:57:51 0 d-------- C:\Documents and Settings\John Le\Application Data\uTorrent 2008-07-22 18:54:48 0 d-------- C:\Program Files\Common Files 2008-07-22 17:25:06 0 d-------- C:\Documents and Settings\John Le\Application Data\Azureus 2008-07-19 17:17:04 0 d-------- C:\Program Files\Azureus 2008-07-19 16:53:04 0 d-------- C:\Documents and Settings\John Le\Application Data\BitTorrent 2008-07-13 21:01:40 0 d-------- C:\Documents and Settings\John Le\Application Data\dvdcss 2008-07-09 14:39:19 0 d-------- C:\Program Files\Windows Live 2008-07-09 14:39:19 0 d-------- C:\Program Files\MSN Messenger 2008-06-28 20:39:02 0 d-------- C:\Documents and Settings\John Le\Application Data\PlayFirst 2008-06-14 19:15:28 0 d-------- C:\Program Files\Sun 2008-06-14 19:15:07 0 d-------- C:\Program Files\Java 2008-06-12 21:31:05 0 d-------- C:\Documents and Settings\John Le\Application Data\IDM 2008-06-11 18:53:43 0 d-------- C:\Documents and Settings\John Le\Application Data\Adobe 2008-06-11 18:53:03 1291 --a------ C:\WINDOWS\mozver.dat 2008-06-11 08:29:26 0 d-------- C:\Program Files\Incomplete 2008-06-10 17:46:06 0 d-------- C:\Program Files\uTorrent 2008-06-10 17:17:58 0 d-------- C:\Program Files\AskSBar 2008-06-10 17:13:10 0 d-------- C:\Documents and Settings\John Le\Application Data\LimeWire 2008-06-10 17:12:49 0 d-------- C:\Program Files\LimeWire 2008-06-07 13:39:04 0 d-------- C:\Program Files\ChickenInvadersTNWXmasdemo 2008-05-21 17:10:18 34 --a------ C:\Documents and Settings\John Le\Application Data\pcouffin.log 2008-05-21 17:10:00 47360 --a------ C:\Documents and Settings\John Le\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2008-05-21 17:10:00 1144 --a------ C:\Documents and Settings\John Le\Application Data\pcouffin.inf 2008-05-21 17:10:00 7887 --a------ C:\Documents and Settings\John Le\Application Data\pcouffin.cat 2008-05-12 18:42:48 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines> 2008-05-07 18:16:07 299 --a------ C:\WINDOWS\EReg515.dat 2008-05-06 17:02:54 0 --a------ C:\WINDOWS\nsreg.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43924C9C-DC4D-4C90-BD4A-0D9F6BCE536E}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 10/06/2008 05:17 PM 262144 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [10/06/2008 05:17 PM 262144] [-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [05/07/2007 06:08 PM C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [15/06/2007 06:45 PM C:\WINDOWS\SkyTel.exe] "Alcmtr"="ALCMTR.EXE" [03/05/2005 08:43 PM C:\WINDOWS\Alcmtr.exe] "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [02/11/2004 07:24 PM] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04/10/2005 11:42 AM] "vptray"="C:\PROGRA |
