Rawe, thanks for the suggestion.
Here are the post:
1) uninstall_list
Ad-Aware SE Professional
Adobe Acrobat 5.0
Amazing Windows XP Screen Saver 1.2
Anark Client 1.0
AOL Instant Messenger
AOL Toolbar 2.0
AudibleManager
BitComet 0.56
BroadJump Client Foundation
CleanUp!
Creative MediaSource
Diskeeper Lite
DivX Codec
DivX Player
ewido security suite
FileSpecs plug-in for Ad-Aware SE
Google Toolbar for Internet Explorer
HexDump plug-in for Ad-Aware SE
HijackThis 1.99.1
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
Internet Explorer Q903235
Lavasoft Reghance 2.1 -licensed-
LiveUpdate 1.6 (Symantec Corporation)
LSP Explorer plug-in for Ad-Aware SE
MAZDA3 Screen Saver
Mazda3 Screensaver
Messenger-Control plug-in for Ad-Aware SE
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office 2000 SR-1 Premium
Microsoft Windows Journal Viewer
Microsoft Works 7.0
Mozilla Firefox (1.0.4)
MSN Messenger 7.0
MSN Music Assistant
MSN Toolbar
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
MuVo Driver
Nero 6 Demo
NJStar Communicator
Norton AntiVirus Corporate Edition
OE/W Messengerctrl plug-in for Ad-Aware SE
Ragnarok Online
Ragnarok Sakray
RealPlayer
Rose Online
RX8 Screen Saver
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
SBC Yahoo! Applications
Search Basket
SegaGT
SiX-Steam
Steam
Tweak-SE plug-in for Ad-Aware SE
Ventrilo
VIA Audio Driver Setup Program
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VX2 Cleaner plug-in for Ad-Aware SE
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Service Pack 2
Windows XP Winter Fun Pack Screensavers
WinRAR archiver
2) startuplist
StartupList report, 7/21/2005, 11:54:02 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Tom\Desktop\hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Tom\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
KavSvc = C:\WINDOWS\System32\kauamp.exe reg_run
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=*Registry value not found*
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
--------------------------------------------------
Enumerating Download Program Files:
[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE =
http://www.apple.com...ex/qtplugin.cab[{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MediaAccX.dll
CODEBASE =
http://static.windup...e/bridge-c5.cab[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\System32\macromed\Shockwave 10\Download.dll
CODEBASE =
http://download.macr...director/sw.cab[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\System32\LegitCheckControl.DLL
CODEBASE =
http://go.microsoft....467&clcid=0x409[MSSecurityAdvisor Class]
InProcServer32 = C:\WINDOWS\System32\mssecadv.dll
CODEBASE =
http://protect.micro...b?1121656083906[{1D0D9077-3798-49BB-9058-393499174D5D}]
CODEBASE = file://c:\counter.cab
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE =
http://office.micros...ntent/opuc2.cab[ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ActiveX.ocx
CODEBASE =
http://www.icannnews.../ST/ActiveX.ocx[YahooYMailTo Class]
InProcServer32 = C:\Program Files\Yahoo!\Common\ymmapi.dll
CODEBASE =
http://download.yaho...mail/ymmapi.dll[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\flash.ocx
CODEBASE =
http://fpdownload.ma...ash/swflash.cab--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 5,457 bytes
Report generated in 0.031 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
3) hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 11:54:53 PM, on 7/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tom\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapp.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapp...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://yahoo.sbc.com/dslR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://c/F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\\system32\userinit.exe,
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\kauamp.exe reg_run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windup...e/bridge-c5.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....467&clcid=0x409O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) -
http://www.icannnews.../ST/ActiveX.ocxO18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\pufmgr.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
-------------------------------------------------------------------
Once again, here is the quick note about what is going on:
This computer was badly infected with spy-ware (nail and aurora), so I spent a great deal of time removing them, and after I did those, I tried to install xp professional sp2, but it keeps telling me that the installation failed.
So .. I used the windows xp cd and did a repair on the computer, hoping that a "clean" installation of windows will solve the problem, which it did.
The computer is running okay before I install sp2, but as soon as I put sp2 on, I noticed that it takes 10 minutes just to load all the icons on the desktop, and whenever I click on an icon/start menu, it takes at least several minutes to respond, and whenever I wanted to shut down the computer, it always tell me that the "explorer.exe" is not responding.
The computer works fine with sp2 under safe mode, but under normal mode, the explorer just doesn't respond in an efficient manner. Also, just in case you wonder, under normal mode, during the first 10 minutes, there will be TWO explorer.exe running on task manager, and after everything is loaded, then it will become ONE instance of explorer.exe. I am not sure if it has anything to do with it.
but please help!!! I guess what comes the worst I will just format the computer, but I really want to find out what the cause might be.
All these days, I have just been using command prompt to run these applications and reading the log files. Life can become miserable when explorer.exe doesn't work in the way it should.
Invisible