lagging broswers, hijackthis and kapersky logs inside

[fast68]

hi everyone hows the holidays where you are ?

i have a problem with typing delays on some web forums(posting and replying for example) with IE and firefox

i posted my kapersky results and my HJT log below



i did an ewido scan and a trend micro scan and it found a couple viruses but no way to fix them

i dont know what i have or what to do to rid of it, i normally have AVG anti-virus but dont right now and i am going to go install it really soon, i just reinstalled my OS recently due to a MoBo failure and so i had to build another box real quick


looks like i have some sort of wbem/wmi issues

and my windows script host was disabled i had to go to the scripts registry folder and delete the enabled key so that WSH could work again

hmmm...

i appreciate anything at all !!!


feliz ano nuevo
\
Randy

EDIT: i uninstalled a few things and also AVG antispyware and reinstalled HJT after uninstalling it, and so forth and seem to have teken care of the lagging when typing in replies and posts for the most part, also some options in the browser regarding restricted sites, something about a setting that makes the browser check after every typed character, hmm, i forgot now.

thanks!


KASPERSKY ONLINE SCANNER REPORT
Sunday, December 30, 2007 10:42:13 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/12/2007
Kaspersky Anti-Virus database records: 500471


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 38893
Number of viruses found 1
Number of infected objects 6
Number of suspicious objects 0
Duration of the scan process 03:50:19

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\randy\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\randy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\randy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\randy\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\randy\Local Settings\History\History.IE5\MSHist012007123020071 231\index.dat Object is locked skipped

C:\Documents and Settings\randy\Local Settings\Temp\Perflib_Perfdata_150.dat Object is locked skipped

C:\Documents and Settings\randy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\randy\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\randy\NTUSER.DAT.LOG Object is locked skipped

C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{CBE99599-DBC9-4807-905B-654584EC5E1E}\RP116\A0007688.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped

C:\System Volume Information\_restore{CBE99599-DBC9-4807-905B-654584EC5E1E}\RP116\A0007688.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped

C:\System Volume Information\_restore{CBE99599-DBC9-4807-905B-654584EC5E1E}\RP116\A0007688.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped

C:\System Volume Information\_restore{CBE99599-DBC9-4807-905B-654584EC5E1E}\RP116\A0007688.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped

C:\System Volume Information\_restore{CBE99599-DBC9-4807-905B-654584EC5E1E}\RP116\A0007688.exe NSIS: infected - 4 skipped

C:\System Volume Information\_restore{CBE99599-DBC9-4807-905B-654584EC5E1E}\RP121\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


--------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:54 AM, on 12/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\randy\Desktop\hijackthis.exe

O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtim e.dll,_RunDLLEntry@16
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1197791436380
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload.adobe.com/pub/shoc...sh/swflash.cab
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe

--
End of file - 1723 bytes

[Jintan]

Hello fast68,

HijackThis is set to target many infection specific locations on systems, but these are by no coincidence also usually either startup or active functional areas. This HijackThis log, if an accurate reflection of the situation there shows a sorta severely limited setup. No infection showing in what little is, and only your mIRC software picked up by the Kaspersky scan (the remainder are mostly normally locked system functions). Doesn't seem like a malware issue. We'll take one different look at things to be sure though.

Go Here and download Silent Runners to your desktop. Run it, and post back here the log it creates. If your protective software queries the script, allow it to run. It's not malicious. It will create a file named Startup Programs, and will notify when the scan is complete. Copy the log from the Startup Programs file back here please.

[fast68]

Tom howdy there

thanks for looking and spending time on this

i noticed i still have a typing lag issue but it only seems to occur on Vbulletin jelsoft powered sites

and also mouse page scrolling lags very badly on such sites as well

message forums that is


i uninstalled FF and MIRC

i keep next to nothing on my system, i only use my system to go to message forums and groups and so on, and to instant message,
no gaming, or anything else,
i use the browser ALOT,
sometimes i have upwards of a dozen or more IE windows running at a time, really busy and can run out of memory, often

it is so difficult to keep broswers functioning properly and to not malfunction

i run CCleaner very often and some others programs as well and sure they remove alot of junk but theres always some problem with the browser regardless, at any given time

makes me want to convert to MAC

really super tempting

EDIT: ok Ie is totally jacked, it just went nuts on me and started opening multiple new instances/windows while i was trying to make replies on a vbulletin jelsoft powered message forum a bit ago, i had to force a hrd shut down to stop it, task manager would not open


here is silent runners log:

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"LXDCCATS" = "rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtim e.dll,_RunDLLEntry@16" [MS]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"Matrox Powerdesk" = "C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch" ["Matrox Graphics Inc."]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)"
-> {HKLM...CLSID} = "Skype add-on (mastermind)"
\InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{4A741382-48B4-11d2-AD84-00A024D24BF3}" = "Matrox PowerDesk Properties"
-> {HKLM...CLSID} = "Matrox PowerDesk Properties"
\InProcServer32\(Default) = "C:\WINDOWS\system32\PDesk\PDPAGES.DLL" ["Matrox Graphics Inc."]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "Yahoo! Mail Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YMMAPI.dll" ["Yahoo! Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandler s\
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "Yahoo! Mail Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YMMAPI.dll" ["Yahoo! Inc."]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\

"ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoRecentDocsMenu" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{Prevent access to registry editing tools}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{77BF5300-1474-4EC7-9980-D32B190E9B07}\
"ButtonText" = "Skype"
"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"
-> {HKLM...CLSID} = "Skype add-on (button)"
\InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Messenger Sharing Folders USN Journal Reader service, usnjsvc, ""C:\Program Files\Windows Live\Messenger\usnsvc.exe"" [MS]
MGABGEXE, MGABGEXE, "C:\WINDOWS\system32\mgabg.exe" ["Matrox Graphics Inc."]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs\
1300 Series Port\Driver = "lxdclmpm.DLL" [" "]


---------- (launch time: 2008-01-02 12:40:15)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 232 seconds, including 17 seconds for message boxes)




thank you!!


hope your new year is going and will be great

[Jintan]

Thank you for the good greetings. I can't say there is a known malware that targets Jelsoft access I am aware of. Still, as I already mentioned, there is so little of anything showing as remaining intact there (startups, normal expected registry settings) there is nowhere for malware to be active from.

Code:

some others programs as well and sure they remove alot of junk

What programs, and what "junk"? Also what blocks might be set at this time I am not seeing perhaps?

[fast68]

no problem
im starting to wonder if i dont have a memory issue
IE will start opening multiples of new windows over and over, when i am busy replying or posting on the message forum,
IE closes due to error often, even when this is not occuring
its really bad
something is my system bad, or something is very wrong
i removed basic stuff, AVG, mirc, WMP update 11 runtime, firefox, etc
nothing out of the ordinary
just trying to eliminate possibilities i guess
i dont know
is there any online scanner out there that will actually remove spyware malware and such ?
i cannot find one that will do anything more than show you what you have and do anything for you beyond that
these days, unlike in the past
the problem(s) really seems to be in the IE and/or memory
a browser hijack or something it really seems like
due to something i dont know
one of the online scanners says i had two viruses, was infected
but it wont say what it is or where
so i cant do anything
i have CCleaner and Adaware and HJT and noe of them are getting rid of whatever is going wrong with this system now

oh, im not sure what you mean by blocks
i am confused


thanks again Tom!!

stay warm


brrrrrrr!!

[Jintan]

Blocks would mean softwares that monitor, intercept and block functions, but not any from what you listed just then. The Kaspersky log does not indicate malware of any sort found. As websites can be Java heavy in requirements see if upgrading that will help there. It is a sound next move anyway - that version you have is especially susceptible to malware infection.

Go to Add/Remove Programs in Control Panel and uninstall all versions Java/JRE (Sun Java Runtime Environment/J2SE Runtime Environment) and reboot. When you have done that, go here and download and install the latest version of Sun Java (Java Runtime Environment (JRE) 6 Update 3). The current file name for that is jre-6u3-windows-i586-p.exe.

Then reboot and check for improvements.

Still hard to believe this system hasn't been infected though. Even if doing that Java upgrade brought improvements, also Download ComboFix.exe from here to your desktop, and click the downloaded file to run the repair.

When the command window opens, select 1 (and Enter). Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

(ComboFix will also disable any screensaver settings made, so know that at some point when we complete repairs you will need to reset your screensaver)

Post back the C:\ComboFix.txt log please.

[fast68]

Tom howdy there

yeah i have javaTM 6 update 3

i just reinstalled my OS very recently due to mobo failure

however i am now working on uninstalling the java and reinstalling it with the link you provided

and then i will do the rest including the combofix and anything else and get back to this

i dont use a screensaver, all disabled to save resources

still having horrible multiple browser windows opening issues

has been getting worse over the past day

have to hard shut down every time


OH! and i forgot, but flashplayer add on crashes IE as well, it pops up an error stating a script on this page is preventing flash from working correctly and can lag the system, or something to that effect



so..



i appreciate again!!!! DD

[fast68]

ComboFix 08-01-03.5 - randy 2008-01-03 15:29:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.41 [GMT -6:00]
Running from: C:\Documents and Settings\randy\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.

2008-01-03 15:26 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 15:18 . 2008-01-03 15:18 <DIR> d-------- C:\Program Files\Sun
2008-01-03 15:18 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-03 15:09 . 2008-01-03 15:18 <DIR> d-------- C:\Program Files\Java
2008-01-03 15:05 . 2008-01-03 15:05 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-02 13:00 . 2008-01-02 13:00 <DIR> d-------- C:\WINDOWS\Sun
2008-01-01 18:45 . 2008-01-03 08:04 <DIR> d-------- C:\Documents and Settings\randy\Application Data\skypePM
2008-01-01 18:45 . 2008-01-01 18:45 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-01 18:43 . 2008-01-03 10:19 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Skype
2008-01-01 18:37 . 2008-01-01 18:38 <DIR> d-------- C:\Program Files\Skype
2008-01-01 18:37 . 2008-01-01 18:37 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-01-01 18:36 . 2008-01-01 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-01-01 13:15 . 2002-03-27 20:34 6,076 --a------ C:\html_association_fix.reg
2008-01-01 11:02 . 2008-01-01 11:02 32,852 --a------ C:\WINDOWS\system32\PDData.bin
2008-01-01 11:00 . 2004-08-03 23:29 29,311 --a--c--- C:\WINDOWS\system32\dllcache\OLDDEF.tmp
2008-01-01 11:00 . 2004-08-03 23:29 19,551 --a--c--- C:\WINDOWS\system32\dllcache\SETDF1.tmp
2008-01-01 11:00 . 2004-08-03 23:29 19,551 --a--c--- C:\WINDOWS\system32\dllcache\OLDDF3.tmp
2008-01-01 09:42 . 2008-01-01 09:42 <DIR> d-------- C:\WINDOWS\system32\PDesk
2007-12-31 11:25 . 2008-01-03 15:23 <DIR> d-------- C:\Program Files\Lx_cats
2007-12-30 14:42 . 2007-12-30 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-30 14:41 . 2007-12-30 14:41 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-30 14:30 . 2007-12-30 14:30 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-30 14:30 . 2007-12-30 14:30 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-26 22:59 . 2002-08-29 06:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2007-12-26 22:58 . 2002-08-29 06:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2007-12-26 22:57 . 2002-08-29 06:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2007-12-26 22:56 . 2002-08-29 06:00 57,398 --a--c--- C:\WINDOWS\system32\dllcache\imjpdadm.exe
2007-12-26 22:56 . 2002-08-29 06:00 45,109 --a--c--- C:\WINDOWS\system32\dllcache\imjpuex.exe
2007-12-26 22:54 . 2001-08-17 22:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-12-25 21:43 . 2007-12-25 21:50 <DIR> d-------- C:\Documents and Settings\randy\Application Data\mIRC
2007-12-25 20:12 . 2007-12-25 20:12 1,167 --a------ C:\WINDOWS\mozver.dat
2007-12-25 17:11 . 2007-12-25 17:11 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-25 16:53 . 2007-12-25 16:53 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2007-12-25 16:36 . 2007-12-25 16:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-12-23 17:33 . 2004-08-04 01:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-12-23 17:33 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-12-23 17:33 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-12-23 17:32 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2007-12-23 17:32 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-12-23 17:32 . 2004-08-03 23:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-12-23 17:32 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-12-23 17:32 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-12-23 17:31 . 2004-08-04 00:10 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
2007-12-23 17:31 . 2004-08-03 23:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2007-12-23 17:31 . 2004-08-04 01:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-12-23 17:29 . 2002-08-28 22:59 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2007-12-23 17:29 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2007-12-23 17:29 . 2004-08-04 00:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2007-12-23 17:28 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2007-12-23 17:28 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2007-12-23 17:28 . 2001-08-17 22:36 53,760 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll
2007-12-23 17:27 . 2001-08-17 13:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2007-12-23 17:27 . 2001-08-17 12:10 35,871 --a--c--- C:\WINDOWS\system32\dllcache\wbfirdma.sys
2007-12-23 17:27 . 2004-08-03 23:29 33,599 --a--c--- C:\WINDOWS\system32\dllcache\watv04nt.sys
2007-12-23 17:27 . 2004-08-04 00:08 31,744 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2007-12-23 17:27 . 2004-08-03 23:29 29,311 --a--c--- C:\WINDOWS\system32\dllcache\watv01nt.sys
2007-12-23 17:27 . 2004-08-03 23:29 23,615 --a--c--- C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2007-12-23 17:26 . 2001-08-17 13:28 397,502 --a--c--- C:\WINDOWS\system32\dllcache\vpctcom.sys
2007-12-23 17:26 . 2001-08-17 13:28 64,605 --a--c--- C:\WINDOWS\system32\dllcache\vvoice.sys
2007-12-23 17:26 . 2001-08-17 12:13 19,528 --a--c--- C:\WINDOWS\system32\dllcache\w840nd.sys
2007-12-23 17:26 . 2001-08-17 12:13 19,016 --a--c--- C:\WINDOWS\system32\dllcache\w926nd.sys
2007-12-23 17:26 . 2001-08-17 12:13 16,925 --a--c--- C:\WINDOWS\system32\dllcache\w940nd.sys
2007-12-23 17:26 . 2004-08-03 23:29 12,415 --a--c--- C:\WINDOWS\system32\dllcache\wadv01nt.sys
2007-12-23 17:26 . 2004-08-03 23:29 12,127 --a--c--- C:\WINDOWS\system32\dllcache\wadv02nt.sys
2007-12-23 17:26 . 2004-08-03 23:29 11,775 --a--c--- C:\WINDOWS\system32\dllcache\wadv05nt.sys
2007-12-23 17:25 . 2001-08-17 13:28 687,999 --a--c--- C:\WINDOWS\system32\dllcache\usrwdxjs.sys
2007-12-23 17:25 . 2001-08-17 13:28 604,253 --a--c--- C:\WINDOWS\system32\dllcache\vmodem.sys
2007-12-23 17:25 . 2001-08-17 12:14 249,402 --a--c--- C:\WINDOWS\system32\dllcache\vinwm.sys
2007-12-23 17:25 . 2004-08-04 01:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-12-23 17:25 . 2001-08-17 13:49 24,576 --a--c--- C:\WINDOWS\system32\dllcache\viairda.sys
2007-12-23 17:25 . 2004-08-03 23:59 5,376 --a--c--- C:\WINDOWS\system32\dllcache\viaide.sys
2007-12-23 17:24 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2007-12-23 17:24 . 2001-08-17 13:28 794,399 --a--c--- C:\WINDOWS\system32\dllcache\usr1806v.sys
2007-12-23 17:24 . 2001-08-17 13:28 793,598 --a--c--- C:\WINDOWS\system32\dllcache\usr1806.sys
2007-12-23 17:24 . 2001-08-17 13:28 765,884 --a--c--- C:\WINDOWS\system32\dllcache\usrti.sys
2007-12-23 17:24 . 2001-08-17 13:28 224,802 --a--c--- C:\WINDOWS\system32\dllcache\usr1807a.sys
2007-12-23 17:24 . 2001-08-17 13:28 113,762 --a--c--- C:\WINDOWS\system32\dllcache\usrpda.sys
2007-12-23 17:24 . 2004-08-04 00:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2007-12-23 17:24 . 2004-08-03 23:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-23 17:24 . 2001-08-17 13:28 7,556 --a--c--- C:\WINDOWS\system32\dllcache\usroslba.sys
2007-12-23 17:23 . 2001-08-17 22:36 94,720 --a--c--- C:\WINDOWS\system32\dllcache\umaxud32.dll
2007-12-23 17:23 . 2001-08-17 22:36 69,632 --a--c--- C:\WINDOWS\system32\dllcache\umaxu12.dll
2007-12-23 17:23 . 2004-08-04 00:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-12-23 17:23 . 2002-08-28 22:59 32,384 --a--c--- C:\WINDOWS\system32\dllcache\usb101et.sys
2007-12-23 17:23 . 2004-08-04 00:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-23 17:23 . 2001-08-17 22:36 28,160 --a--c--- C:\WINDOWS\system32\dllcache\umaxu40.dll
2007-12-23 17:23 . 2001-08-17 22:36 26,624 --a--c--- C:\WINDOWS\system32\dllcache\umaxu22.dll
2007-12-23 17:21 . 2001-08-17 14:56 315,520 --a--c--- C:\WINDOWS\system32\dllcache\trid3d.dll
2007-12-23 17:21 . 2001-08-17 14:01 241,664 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd02.sys
2007-12-23 17:21 . 2001-08-17 14:02 230,912 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd03.sys
2007-12-23 17:21 . 2001-08-17 12:14 123,995 --a--c--- C:\WINDOWS\system32\dllcache\tjisdn.sys
2007-12-23 17:21 . 2004-08-04 01:56 82,432 --a--c--- C:\WINDOWS\system32\dllcache\tp4mon.exe
2007-12-23 17:21 . 2001-08-17 22:35 42,496 --a--c--- C:\WINDOWS\system32\dllcache\tp4res.dll
2007-12-23 17:21 . 2001-08-17 12:12 34,375 --a--c--- C:\WINDOWS\system32\dllcache\tpro4.sys
2007-12-23 17:21 . 2001-08-17 22:36 31,744 --a--c--- C:\WINDOWS\system32\dllcache\tp4.dll
2007-12-23 17:21 . 2001-08-17 12:10 28,232 --a--c--- C:\WINDOWS\system32\dllcache\tos4mo.sys
2007-12-23 17:21 . 2001-08-17 13:51 4,992 --a--c--- C:\WINDOWS\system32\dllcache\toside.sys
2007-12-23 17:20 . 2004-08-04 00:00 149,376 --a--c--- C:\WINDOWS\system32\dllcache\tffsport.sys
2007-12-23 17:20 . 2001-08-17 12:51 138,528 --a--c--- C:\WINDOWS\system32\dllcache\tgiulnt5.sys
2007-12-23 17:20 . 2001-08-17 14:56 81,408 --a--c--- C:\WINDOWS\system32\dllcache\tgiul50.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-16 06:55 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-16 06:54 558,142 ----a-w C:\WINDOWS\java\Packages\UCWBZ7LR.ZIP
2007-12-16 06:54 155,995 ----a-w C:\WINDOWS\java\Packages\8KKPJ7LZ.ZIP
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 17:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"LXDCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\LXDCtime.dll" [2007-01-22 16:05 102400]
"Matrox Powerdesk"="C:\WINDOWS\system32\PDesk\PDesk.exe" [2004-09-14 10:13 684032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet

R2 lxdc_device;lxdc_device;C:\WINDOWS\system32\lxdcco ms.exe [2007-02-12 17:56]
R3 G200;G200;C:\WINDOWS\system32\DRIVERS\g200mini.sys [2004-09-14 10:33]
R3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\ngrpci.sys [2001-08-17 06:12]

*Newly Created Service* - PROCEXP90
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 15:35:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDCCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-01-03 15:38:49
.
2007-12-28 01:37:31 --- E O F ---

[Jintan]

Nothing in that except for these two unknown zip files:

C:\WINDOWS\java\Packages\UCWBZ7LR.ZIP
C:\WINDOWS\java\Packages\8KKPJ7LZ.ZIP

Dated 12/16 - do you know their use there?

[fast68]

Quote:

Originally Posted by Tom

Nothing in that except for these two unknown zip files:

C:\WINDOWS\java\Packages\UCWBZ7LR.ZIP
C:\WINDOWS\java\Packages\8KKPJ7LZ.ZIP

Dated 12/16 - do you know their use there?

hiiiiiii there


no i have no idea what these files are for or from, other than beimg associated with java somehow- should i delete them ?

i uninstalled the old java i had and installed the 6 3 version SE so

my browsers are still lagging, and typing is still lagged horribly as well.

and they open billions of windows sometimes, and take the CPU time all up and lag it out to where i cant do anything but shut down the power supply

something is severely messed up still in browser-land

even with my Opera- in which i d/l'd and installed last night to try out to see if it lags too

in which it does!
:O

this is so bad...
all i use this computer for is to get on message forums and such and it is about impossible to

computer is virtually useless without this ability :/


i appreciate your helping and info and time spent and so forth!!

[Jintan]

Not really sure of their involvement, but as the Java zip files are not yet identified let's check them out. Just email copies of them as attachments to jintan@cfl.rr.com as an attachment. Please place "Submitted Files - fast68" as the email Subject.

If this is a malware related issue, it would likely be something you reinstalled after reformatting. Only item of note not normally seen in threads so far are many Japanese language related modules in August. Not an Anime games user are you? Or use Japanese language on an English OS?

Let's see what running process are there behind this issues of the extra windows opening.

Download System Repair Engineer. Use either of the Local Download buttons to download sreng2.zip

1. Extract it to it's own folder on your Desktop, then double click SREng.exe to run it.
2. Select 'Smart Scan' & tick "Verify Digital Signatures"
3. Click on the [Scan] button
4. When finished, click on the [Save Reports] button & save the log to Desktop.

Please post that log back here for review - it will be large, so use extra posts as needed.

[fast68]

howdy there again DD

well i deleted those two files kinda by accident already haha

there were two of each


the other ones were in service pack folder

like all of my files on my OS are doubled

one in service pack files on my drive, and the other in the regular folders, system, system32, windows, etc


i dont know why my computer has copies of all my system files in the service pack folder


i dont game at all nope, i try to avoid all language packs,
i dont need them, i am in the USA and only know english

so

haha


should i uninstall and reinstall java again and see if the two zip files above come back again ?


and if so send them as attachments like we were gonna do above ?

i got Opera the other night, and well it is just as bad with lagging, bugging/crashing out as IE is

every browser does this, that i have tried.

i dont know if i told you that yet or not,



on the servicepack files folder thing, can i just delete this stupid folder ? all it has in it is my I386 folder, in which i have on my OS install CD and also i have I386 copied to my C:/ drive

and is where i registry edited it to get info from when i run the sfc scannow command

im tired of getting doubles of folder in search results and such

it is really super annoying

back with the sreng2 results soon if i can figure it out, having a little problem with it,

i cant find that .exe to run though after i extracted to its own new folder on my DT

there is SRengPS.exe though system repair engineer smallfrogs studio 545KB

is that it ?

i am unable to locate any SReng.exe file with a search of my drive

doesnt exist after extracting all the files of this program

hmmm..

so i am running the scan with this SRengPS.exe right now



unrelated thing:


should winlogon.exe be running all the time ?

mine does,

and i cannot recall it ever doing so in the past after any Os reinstall, etc.

doesnt seem right ?

also, my entire task manager window blinks,
about once a second, constantly, always

never used to do that either, is a new occurance

i have been using xp home for years and years now, and these are different behaviors than i have ever seen in the past


i just opened my java console in control panel and found that the disk space set for java temp files was clear over on the right hand size maxed out

i disabled temp files storage and moved the storage to the far left side 0

and i deleted all the stored java temp files

i have never seen java set itself all the way over to the far right side like that

thats a new one on me


crazy,,


THANKS more DD

[fast68]

its not THAt long:

Code:

2008-01-05,14:16:35

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan


Boot Items
Registry
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <LXDCCATS><rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Matrox Powerdesk><C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
    <MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}]
    <Internet Explorer><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MsnMsgr><; "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background>  [N/A]
    <Yahoo! Pager><; "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet>  [(Verified)Yahoo! Inc.]

==================================
Startup Folders
N/A

==================================
Services
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[lxdc_device / lxdc_device][Stopped/Auto Start]
  <C:\WINDOWS\system32\lxdccoms.exe -service><>
[MGABGEXE / MGABGEXE][Stopped/Auto Start]
  <C:\WINDOWS\system32\mgabg.exe><Matrox Graphics Inc.>

==================================
Drivers
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Running/Manual Start]
  <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[G200 / G200][Running/Manual Start]
  <system32\DRIVERS\g200mini.sys><Matrox Graphics Inc.>
[NETGEAR FA310TX Fast Ethernet Adapter Driver / ngrpci][Running/Manual Start]
  <System32\DRIVERS\ngrpci.sys><NETGEAR Corporation.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>

==================================
Browser Add-ons
[Skype add-on (mastermind)]
  {22BF413B-C6D2-4d91-82A9-A0F997BA588C} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Skype add-on (button)]
  {77BF5300-1474-4EC7-9980-D32B190E9B07} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
[CKAVWebScan Object]
  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Macromedia Authorware Web Player Control]
  {15B782AF-55D8-11D1-B477-006097098764} <C:\WINDOWS\system32\macromed\authorwa\awswax.ocx, Macromedia, Inc.>
[ewidoOnlineScan Control]
  {193C772A-87BE-4B19-A7BB-445B226FE9A1} <C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL, Anti-Malware Development a.s.>
[Shockwave ActiveX Control]
  {233C1507-6A77-46A4-9443-F871F945D258} <C:\WINDOWS\system32\Macromed\Director\swdir.dll, Adobe Systems, Inc.>
[Installation Support]
  {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\Program Files\Yahoo!\Common\Yinsthelper.dll, Yahoo! Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[HP Download Manager]
  {6F15128C-E66A-490C-B848-5000B5ABEEAC} <C:\WINDOWS\Downloaded Program Files\HPDEXAXO.dll, Hewlett-Packard Co.>
[Java Plug-in 1.6.0_03]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[a-squared Scanner]
  {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} <C:\WINDOWS\DOWNLO~1\asquared.ocx, Emsi Software GmbH>
[Java Plug-in 1.6.0_03]
  {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\System32\msjava.dll, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\System32\legitcheckcontrol.dll, Microsoft Corporation>
[Skype add-on (mastermind)]
  {22BF413B-C6D2-4D91-82A9-A0F997BA588C} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Skype add-on (button)]
  {77BF5300-1474-4EC7-9980-D32B190E9B07} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
[Java Plug-in 1.6.0_03]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[MessengerChecker Class]
  {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, Yahoo! Inc.>

==================================
Running Processes
[PID: 380 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 472 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 540 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 704 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 784 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 864 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1332 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2012 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1872 / randy][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\Program Files\Yahoo!\Common\YMMAPI.dll]  [Yahoo! Inc., 2005, 1, 1, 12]
[PID: 1108 / randy][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll]  [Skype Technologies S.A., 2, 2, 0, 147]
    [C:\Program Files\Skype\Toolbars\Shared\SPhoneParser.dll]  [Skype Technologies, 1, 0, 1, 169]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]
[PID: 1304 / randy][C:\Documents and Settings\randy\Desktop\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Documents and Settings\randy\Desktop\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost

==================================
Process Privileges Scan
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

[Jintan]

Nothing amiss in that. I really do not think this is malware, and with all the questions about deleting necessary folders like your SP2 uninstall folders, or if winlogon.exe, which is your winlogon executable file, is suspect, to be square with you I sense you have been making choices there that may not have been beneficial to system operations. Best you reformat and reinstall again, then start off in the CTH XP forum if any changes occur unexpectedly. You may have hardware or other issues, but at this point that all is obscured by changes done.

[fast68]

ok thanks

im just going to have to live with it for a while because i have reinstalled windows so many times that microsoft is very reluctant to activate my key id because i am having to reinstall so many times,

ill just live with this until i get a MAC


hopefully sooner than later

so i can kiss all these windows browser issues bye bye forever finally

cant wait!

but only problem is i cant find a good used G3 or G4 or I book around here most likely so i think i am going to order a 2400 or larger AMD mobo and cpu combo tonight and 1 gig ram stick as well






thanks