SP2 pauses 30 seconds "windows is starting up"

I have:

* intel core duo 2 3.0
* 2 gig ballistics curcial ram
* Evga 8800gt
* Asus p5k-e wifi ap
* Windows XP Pro SP2 Dual boot with Vista
* Audigy 2 zs
* 250 gig WD Sata 2 drive(NO RAID)
* 150 gig WD Sata 1 drive(NO RAID)

Its a brand new system and its loading VERY VERY SLOWLY I did a boot vis to see what was going on, I've attached some pictures I did a Combofix just to be sure about things I will also post that too.

When I boot:

* Typical windows loading screen with meter
* Black screen 3 seconds
* Blue Screen with Cursor and then hour glass for about 5 seconds OR MORE sad.gif
* Then "windows is starting up" just sits there :-( until it finally decides to load
* Windows loads with a black solid taskbar for a few seconds then it becomes normal again

Spybot S&D comes up clean so does Windows Defender and Spysweeper.

I have defragged my hard drive, disabled the Firewire ports, the wifi router on it is disabled also, set my IP, all the things that should be done to make this thing boot fast, but STILL it decides to take a nap whilst loading sad.gif .

My computer used to load quiet quickly, I am using the on board Marvel LAN Yukon but that shouldn't slow things down this badly?

I don't know if this helps any, but Windows seems to think I've got a Standard PS/2 Keyboard installed when I have a MS natural 4000 USB installed, I have the PS/2 one disabled in the device manager because if I uninstall it IT COMES BACK AGAIN! sad.gif


PLEASE HELP! I appreciate any help at all, its depressing to have a slow loading NEW computer

I've disabled ALL those things and STILL it sits and does nothing for a 30second period when booting as shown by my bootvis scan, something has to be wrong here!

I had installed XP SP3 and thought that the slow down was because of lack of defrag, but much to my chagrin it wasn't, someone on another form suggested getting rid of SP3 and going back to SP2, saying that would fix the problem, but it DIDN'T .

My Vista install loads quiet fast, as one would expect!

Any help is greatly appreciated.




Here is my Runscanner

Runscanner logfile

* = signed file
- = file not found

000 General info
----------------
Computer name : 22NDSTRE-747ABF
Creation time : 5/14/2008 7:21:14 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.11
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.6.3.0
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

001 Running processes
---------------------
c:\program files\asus\aasp\1.00.59\aacenter.exe
c:\program files\asus\ai suite\ainap\ainap.exe
* c:\windows\system32\alg.exe (Microsoft Corporation)
* c:\windows\system32\csrss.exe (Microsoft Corporation)
c:\program files\creative\sbaudigy2zs\surround mixer\ctsysvol.exe (Creative Technology Ltd)
* c:\program files\microsoft intellitype pro\dpupdchk.exe (Microsoft Corporation)
* c:\program files\mozilla firefox\firefox.exe (Mozilla Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\program files\microsoft intellitype pro\itype.exe (Microsoft Corporation)
* c:\windows\system32\lsass.exe (Microsoft Corporation)
* c:\windows\system32\mmc.exe (Microsoft Corporation)
c:\windows\system32\nvsvc32.exe (NVIDIA Corporation)
* c:\docume~1\owner\locals~1\temp\rar$ex00.046\runscanner.exe (Runscanner.net)
c:\program files\sandboxie\sbiectrl.exe (tzuk)
c:\program files\sandboxie\sbiesvc.exe (tzuk)
* c:\windows\system32\services.exe (Microsoft Corporation)
* c:\windows\system32\spoolsv.exe (Microsoft Corporation)
c:\windows\explorer.exe (Microsoft Corporation)
* c:\windows\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\system32\smss.exe (Microsoft Corporation)
c:\program files\winrar\winrar.exe
* c:\windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\program files\asus\ai suite\ainap\ainap.exe
c:\program files\asus\ai suite\energysaving\pwsave.exe
c:\program files\asus\ai suite\cpuleveluphelp.exe
c:\program files\asus\ai suite\aigear3\cpupowermonitor.exe
c:\program files\creative\sbaudigy2zs\surround mixer\ctsysvol.exe (Creative Technology Ltd)
c:\windows\system32\nvcpl.dll (NVIDIA Corporation)
C:\WINDOWS\system32\nwiz.exe
c:\program files\rivatuner v2.09\rivatuner.exe

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\program files\sandboxie\sbiectrl.exe (tzuk)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Display Driver Service)
c:\program files\sandboxie\sbiesvc.exe (Sandboxie Service)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
* C:\WINDOWS\system32\drivers\asio.sys (AsIO)
C:\WINDOWS\system32\drivers\streamip.sys (BDA IPSink)
C:\WINDOWS\system32\drivers\slip.sys (BDA Slip De-Framer)
- c:\windows\system32\drivers\changer.sys (Changer)
C:\WINDOWS\system32\drivers\ccdecode.sys (Closed Caption Decoder)
C:\WINDOWS\system32\drivers\d347bus.sys (d347bus)
C:\WINDOWS\system32\drivers\d347prt.sys (d347prt)
C:\WINDOWS\system32\drivers\ov519vid.sys (EyeToy)
C:\WINDOWS\system32\drivers\gameenum.sys (Game Port Enumerator)
- c:\windows\system32\drivers\i2omgmt.sys (i2omgmt)
- c:\windows\system32\drivers\lbrtfdc.sys (lbrtfdc)
C:\WINDOWS\system32\drivers\mstee.sys (Microsoft Streaming Tee/Sink-to-Sink Converter)
C:\WINDOWS\system32\drivers\ndisip.sys (Microsoft TV/Video Connection)
C:\WINDOWS\system32\drivers\nabtsfec.sys (NABTS/FEC VBI Codec)
C:\WINDOWS\system32\drivers\nv4_mini.sys (nv)
c:\windows\system32\drivers\nvport.sys (NVIDIA PORT IO Control Driver)
C:\WINDOWS\system32\drivers\pfc.sys (Padus ASPI Shell)
- c:\windows\system32\drivers\pcidump.sys (PCIDump)
- c:\windows\system32\drivers\pdcomp.sys (PDCOMP)
- c:\windows\system32\drivers\pdframe.sys (PDFRAME)
- c:\windows\system32\drivers\pdreli.sys (PDRELI)
- c:\windows\system32\drivers\pdrframe.sys (PDRFRAME)
c:\program files\rivatuner v2.09\rivatuner32.sys (RivaTuner32)
c:\program files\sandboxie\sbiedrv.sys (SbieDrv)
C:\WINDOWS\system32\drivers\secdrv.sys (Secdrv)
C:\WINDOWS\system32\drivers\tcpip.sys (TCP/IP Protocol Driver)
- c:\windows\system32\drivers\wdica.sys (WDICA)
C:\WINDOWS\system32\drivers\wstcodec.sys (World Standard Teletext Codec)

030 HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
------------------------------------------
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {733AC4CB-F1A4-11d0-B951-00A0C90312E1}

034 HKLM-HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
-------------------------------------------------------------------------
C:\WINDOWS\explorer.exe (Microsoft Corporation)

035 HKLM-HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
------------------------------------------------------------------
c:\windows\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}

047 Trusted zones
-----------------
Zone: free.aol.com : http://free.aol.com

050 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
-----------------------------------------------------------------------------
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {AEB6717E-7E19-11d0-97EE-00C04FD91972}

060 HKLM-HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
-----------------------------------------------------------------------------------
c:\windows\system32\stobject.dll (Microsoft Corporation) {35CEC8A3-2BE6-11D2-8773-92E220524153}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {7849596a-48ea-486e-8937-a2a3009f31a9}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {fbeb8a05-beee-4442-804e-409d6c4515e9}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
c:\windows\system32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D}
c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
c:\windows\system32\shimgvw.dll (Microsoft Corporation) {3F30C968-480A-4C6C-862D-EFC0897BB84B}
c:\windows\system32\shimgvw.dll (Microsoft Corporation) {EAB841A0-9550-11cf-8C16-00805F1408F3}
c:\windows\system32\nvcpl.dll (NVIDIA Corporation) {A70C977A-BF00-412C-90B7-034C51DA2439}
c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
c:\windows\system32\nvcpl.dll (NVIDIA Corporation) {FFB699E0-306A-11d3-8BD1-00104B6F7516}
c:\windows\system32\dfshim.dll (Microsoft Corporation) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}
C:\WINDOWS\system32\shimgvw.dll (Microsoft Corporation) {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}
C:\WINDOWS\system32\shimgvw.dll (Microsoft Corporation) {eb9b1153-3b57-4e68-959a-a3266bc3d7fe}
C:\WINDOWS\system32\shimgvw.dll (Microsoft Corporation) {e84fda7c-1d6a-45f6-b725-cb260c236066}
c:\windows\system32\dfshim.dll (Microsoft Corporation) {e82a2d71-5b2f-43a0-97b8-81be15854de8}
c:\windows\system32\shimgvw.dll (Microsoft Corporation) {9DBD2C50-62AD-11d0-B806-00C04FD706EC}

062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {66742402-F9B9-11D1-A202-0000F81FEDEE}

064 HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
-------------------------------------------------------------------
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

066 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
---------------------------------------------------------------------
C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
-

100 Internet Explorer settings
------------------------------
Start Page HKCU : http://www.msn.com/
Start Page HKLM : http://www.msn.com/

102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
------------------------------------------------------------------
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}

120 Domain/DNS hijacking
------------------------
NameServer {5DEEB972-41FF-4C8B-92C4-126C15F1EC40} : 208.67.222.222,208.67.220.220

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
GUID / CLSID not found
c:\program files\attribute changer\acshell.dll (Romain Petges) {D3F9A525-8824-497A-BE36-B23E22F141FC}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) Start Menu Pin
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
-------------------------------------------------------
GUID / CLSID not found
c:\program files\attribute changer\acshell.dll (Romain Petges) {D3F9A525-8824-497A-BE36-B23E22F141FC}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) Start Menu Pin
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

223 HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
--------------------------------------------------------------------------
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {7BA4C740-9E81-11CF-99D3-00AA004AE837}

225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
------------------------------------------------------------
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
---------------------------------------------------------------
GUID / CLSID not found
c:\program files\attribute changer\acshell.dll (Romain Petges) {D3F9A525-8824-497A-BE36-B23E22F141FC}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {A470F8CF-A1E8-4f65-8335-227475AA5C46}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

229 HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
--------------------------------------------------------------------------
c:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
c:\windows\system32\shellext\browserback.dll {DD23BD50-C784-4557-BE82-1B3FDDB22CA5}
c:\windows\system32\shellext\fileexttoggle.dll {D8E899D8-A7B3-449C-BFDF-761FC5826313}
c:\windows\system32\shellext\hiddenfilestoggle.dll {AC67E92C-D916-4058-A7B8-0913746592F4}
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {D969A300-E7FF-11d0-A93B-00A0C90F2719}
c:\windows\system32\nvcpl.dll (NVIDIA Corporation) {A70C977A-BF00-412C-90B7-034C51DA2439}
c:\windows\system32\shellext\selectall.dll {A0F26623-302C-41E1-B00C-04EE54A3188C}

231 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
-------------------------------------------------------
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

 

Hi Phoop

If this is a home computer then the services below are typically not needed, disabling them will give an overall performance boost free some RAM and also some faster boot.

But if one of them is the issue it will cure your problem.

Do not worry you can always turn them back on!

In services stop and disable all of the below will help some.
DNS Client <this likely your problem>
Fast User switching
Indexing service
Messenger
Net logon
Net.TCP Port Sharing
NetMeeting Remote Desktop Sharing
IPsec services
QoS RSVP
Remote Registry
Uninteruptable Power supply
Universal Plug and play
Web Client
Windows media player Network Sharing

Reboot and test.

If the above don't do it remove the OpenDNS numbers and reboot to see it that alone will correct it.

No Joy!

Copy the lines below 1 at a time and paste into an open cmd prompt and hit enter
Ignore errors for now as that is possible depending on your setup.
---------------------------------------------------------
netsh interface ip delete arpcache

ipconfig /flushdns

ipconfig /release *

ipconfig /renew *

ipconfig /registerdns

nbtstat -RR

netsh winsock reset catalog
---------------------------------------------------------

Reboot and test!

Let me know!

Mike

 

Thank you for the prompt reply!

I've got a router that I connect to for the internet, I don't have any other computers on the network only game consoles, do you still recommend disabling those services listed?

I'm at work right now so it'll be a while til I can try this out.

 

10-4 just stuff M$ thought you needed!

Look! You can just renable them if yo need them we are not uninstalling!

I disable them on all computers even bussiness systems.

Mike

 

Thank you again for your advice, it worked a little bit but didn't fully speed up the booting process, it just depresses me that the old crapbox at work boots faster past that "Windows is starting up" point than my new pc :/ .
It was working a bit faster so I pressed my luck and installed XP SP3 as some state it fixes slow boots, but *sigh* no luck even with those steps you gave me done.

Is there a way to find out EXACTLY what networking is going on during the "windows is starting up" timeout I'm getting? Are there any NIC tweaks that can speed this up?

Any idea why a PS/2 keyboard keeps insisting that its installed when I only have a USB one installed?

 

OK

Lets look at your startups

http://www.tombraiderhub.com/download/ardiag.exe

when run give it a couple minutes it will produce a text file post the contents back here.

Mike

 

Just for the record, ComboFix is not only a very powerful tool, but a specialized tool to be used only where targeted infections are present. It is NOT a tool meant to be used randomly 'just to be sure'.

 

Here you go Mike hope it helps! Also my install of XP might be slight busted as Eventlog is NOT installed somehow it went missing? I've been looking for easy ways to reinstall it but to no end, I've read theres ways to simply reinstall services, something about importing REG keys from other computers works alright, there was an old post on another forum about it working, if anyone wants to host their reg key for their Eventlog that would be great.

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------


Program:
"Provides system and desktop level support to the NVIDIA display driver "
Publisher:
"(Not verified) NVIDIA Corporation "
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NVSvc
Program path & name:
"c:\windows\system32\nvsvc32.exe "
Enabled: [V]


Program:
"Sandboxie Service "
Publisher:
"(Not verified) tzuk "
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SbieSvc
Program path & name:
"c:\program files\sandboxie\sbiesvc.exe "
Enabled: [V]


Program:
"Cleans up handles to allow unloading of user profile hive. This can help speed up logging off
Publisher:
reconciliation of roaming profiles and prevent exceeding the registry size limit. "
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
UPHClean
Program path & name:
"(Not verified) Microsoft Corporation" "c:\program files\uphclean\uphclean.exe "
Enabled: [V]


Program:
N/A
Publisher:
"(Verified) ASUSTeK Computer Inc. "
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AsIO
Program path & name:
"c:\windows\system32\drivers\asio.sys "
Enabled: [V]


Program:
"PnP BIOS Extension "
Publisher:
"(Not verified) "
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
d347bus
Program path & name:
"c:\windows\system32\drivers\d347bus.sys "
Enabled: [V]


Program:
"SCSI miniport "
Publisher:
"(Not verified) "
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
d347prt
Program path & name:
"c:\windows\system32\drivers\d347prt.sys "
Enabled: [V]


Program:
"NVIDIA Compatible Windows 2000 Miniport Driver
Publisher:
Version 175.16 "
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
nv
Program path & name:
"(Not verified) NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys "
Enabled: [V]


Program:
"Port Driver "
Publisher:
"(Not verified) NVIDIA Corporation. "
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
nvport
Program path & name:
"c:\windows\system32\drivers\nvport.sys "
Enabled: [V]


Program:
"Dual Mode USB Camera 519 Stream Class Mini Driver "
Publisher:
"(Not verified) OmniVision Technologies Inc. "
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ovt519
Program path & name:
"c:\windows\system32\drivers\ov519vid.sys "
Enabled: [V]


Program:
"Padus(R) ASPI Shell "
Publisher:
"(Not verified) Padus Inc. "
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
pfc
Program path & name:
"c:\windows\system32\drivers\pfc.sys "
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
RivaTuner32
Program path & name:
c:\program files\rivatuner v2.09\rivatuner32.sys "
Enabled: [V]


Program:
"Allows this PC to be discovered and located on the network. "
Publisher:
"(Not verified) Microsoft Corporation "
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
rspndr
Program path & name:
"c:\windows\system32\drivers\rspndr.sys "
Enabled: [V]


Program:
"Sandboxie Kernel Mode Driver "
Publisher:
"(Not verified) tzuk "
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SbieDrv
Program path & name:
"c:\program files\sandboxie\sbiedrv.sys "
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Ai Nap
Program path & name:
c:\program files\asus\ai suite\ainap\ainap.exe "
Enabled: [V]


Program:
"CTSysVol.exe "
Publisher:
"(Not verified) Creative Technology Ltd "
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
CTSysVol
Program path & name:
"c:\program files\creative\sbaudigy2zs\surround mixer\ctsysvol.exe "
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Cpu Level Up help
Program path & name:
c:\program files\asus\ai suite\cpuleveluphelp.exe "
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
CPU Power Monitor
Program path & name:
c:\program files\asus\ai suite\aigear3\cpupowermonitor.exe "
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
ASUS Energy Saving
Program path & name:
c:\program files\asus\ai suite\energysaving\pwsave.exe "
Enabled: [V]


Program:
"RivaTuner 2.09 "
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
RivaTunerStartupDaemon
Program path & name:
c:\program files\rivatuner v2.09\rivatuner.exe "
Enabled: [V]


Program:
"NVIDIA Display Properties Extension "
Publisher:
"(Not verified) NVIDIA Corporation "
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NvCplDaemon
Program path & name:
"c:\windows\system32\nvcpl.dll "
Enabled: [V]


Program:
"NVIDIA nView Wizard
Publisher:
Version 111.73 "
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
nwiz
Program path & name:
"(Not verified) NVIDIA Corporation" "c:\windows\system32\nwiz.exe "
Enabled: [V]


Program:
"NVIDIA Media Center Library "
Publisher:
"(Not verified) NVIDIA Corporation "
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NvMediaCenter
Program path & name:
"c:\windows\system32\nvmctray.dll "
Enabled: [V]


Program:
"Microsoft .NET Runtime Execution Engine "
Publisher:
"(Not verified) Microsoft Corporation "
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
application/octet-stream
Program path & name:
"c:\windows\system32\mscoree.dll "
Enabled: [V]


Program:
"Microsoft .NET Runtime Execution Engine "
Publisher:
"(Not verified) Microsoft Corporation "
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
application/x-complus
Program path & name:
"c:\windows\system32\mscoree.dll "
Enabled: [V]


Program:
"Microsoft .NET Runtime Execution Engine "
Publisher:
"(Not verified) Microsoft Corporation "
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
application/x-msdownload
Program path & name:
"c:\windows\system32\mscoree.dll "
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
0
Program path & name:
File not found: About:Home "
Enabled: [V]


Program:
"Microsoft .NET IE SECURITY REGISTRATION "
Publisher:
"(Not verified) Microsoft Corporation "
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
n/a
Program path & name:
"c:\windows\system32\mscories.dll "
Enabled: [V]


Program:
"Sandboxie Control "
Publisher:
"(Not verified) tzuk "
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
SandboxieControl
Program path & name:
"c:\program files\sandboxie\sbiectrl.exe "
Enabled: [V]


Program:
"Application Deployment Support Library "
Publisher:
"(Not verified) Microsoft Corporation "
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name:
ShellLink for Application References
Program path & name:
"c:\windows\system32\dfshim.dll "
Enabled: [V]


Program:
"Application Deployment Support Library "
Publisher:
"(Not verified) Microsoft Corporation "
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name:
Shell Icon Handler for Application References
Program path & name:
"c:\windows\system32\dfshim.dll "
Enabled: [V]


Program:
"NVIDIA Display Properties Extension "
Publisher:
"(Not verified) NVIDIA Corporation "
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name:
NvCpl DesktopContext Class
Program path & name:
"c:\windows\system32\nvcpl.dll "
Enabled: [V]


Program:
"NVIDIA Display Properties Extension "
Publisher:
"(Not verified) NVIDIA Corporation "
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name:
Play on my TV helper
Program path & name:
"c:\windows\system32\nvcpl.dll "
Enabled: [V]


Program:
"NVIDIA Desktop Explorer
Publisher:
Version 111.73 "
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name:
Desktop Explorer
Program path & name:
"(Not verified) NVIDIA Corporation" "c:\windows\system32\nvshell.dll "
Enabled: [V]


Program:
"NVIDIA Desktop Explorer
Publisher:
Version 111.73 "
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name:
Desktop Explorer Menu
Program path & name:
"(Not verified) NVIDIA Corporation" "c:\windows\system32\nvshell.dll "
Enabled: [V]


Program:
"NVIDIA Desktop Explorer
Publisher:
Version 111.73 "
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Entry name:
nView Desktop Context Menu
Program path & name:
"(Not verified) NVIDIA Corporation" "c:\windows\system32\nvshell.dll "
Enabled: [V]

 

OK nothing pops out at me from your autoruns or Runscan.

Like broni asked above, I too would like to know how it boots into safe mode, then safe mode networking. So let us know this.

Lets go a little deeper! No sign that you have malware at this point but lets be sure. In any case the following programs can give us more details about your system.

Go here read understand, then post the HJT log and the DSS main and extra logs.

http://www.windowsbbs.com/announcement.php?f=41

Mike

 

Here is the DDS scan with the extra. I'll do safe mode after work, thank you for your continuing support. Could this have something to do with Event Log service not being present in my service list? A repair didn't bring it back, maybe its hidden for some reason. Also the retarded keyboard that is showing up in devices with the yellow ! next to it.

Also, since XP SP3 install it now stalls out on "Applying settings" on the welcome screen, instead of "Windows is starting up" so basically same spot but different dialog.

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-16 08:42:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:42:24 AM, on 5/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\Misc\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe "
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe "
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe "
O4 - HKLM\..\Run: [NvCplDaemon(1)] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe "
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe "
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 2863 bytes

-- Files created between 2008-04-16 and 2008-05-16 -----------------------------

2008-05-16 00:53:27 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-15 23:16:28 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-15 23:07:19 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-15 22:48:52 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2008-05-15 22:39:43 0 d-------- C:\Program Files\Windows Resource Kits
2008-05-15 18:33:16 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-15 18:05:47 262144 --a------ C:\WINDOWS\system32\default_user_class.dat
2008-05-15 08:42:16 0 d-------- C:\Program Files\UPHClean
2008-05-14 17:45:52 126976 --a------ C:\WINDOWS\system32\zip.exe
2008-05-14 17:45:52 175616 --a------ C:\WINDOWS\system32\strings.exe
2008-05-14 17:45:52 16384 --a------ C:\WINDOWS\system32\restart.exe <Not Verified; WareSoft Software; restart>
2008-05-14 17:45:52 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-14 17:45:52 39184 --a------ C:\WINDOWS\system32\Ntrights.exe
2008-05-14 17:45:52 11254 --a------ C:\WINDOWS\system32\locate.com
2008-05-14 17:38:11 68096 --a------ C:\WINDOWS\zip.exe
2008-05-14 17:38:11 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-14 17:38:11 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-14 17:38:11 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-14 17:38:11 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-14 17:38:11 98816 --a------ C:\WINDOWS\sed.exe
2008-05-14 17:38:11 80412 --a------ C:\WINDOWS\grep.exe
2008-05-14 17:38:11 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-14 17:28:35 0 d-------- C:\Program Files\Greatis
2008-05-13 21:46:01 0 d-------- C:\WINDOWS\nvidia icons
2008-05-13 20:55:38 720896 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-13 20:55:37 0 d-------- C:\Program Files\TuneXP
2008-05-13 19:44:08 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-13 18:54:06 0 d-------- C:\Program Files\Microsoft Bootvis
2008-05-13 18:34:51 0 d-------- C:\Program Files\LucasArts
2008-05-13 18:10:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Auslogics
2008-05-13 18:10:41 0 d-------- C:\Program Files\Auslogics
2008-05-13 01:54:15 0 d-------- C:\WINDOWS\BDOSCAN8
2008-05-13 00:22:47 0 d-------- C:\WINDOWS\pss
2008-05-13 00:20:34 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-12 00:42:14 0 d-------- C:\Program Files\Steam
2008-05-11 19:52:48 0 d-------- C:\WINDOWS\system32\drivers\system32
2008-05-11 19:52:48 0 d-------- C:\WINDOWS\system32\drivers\INF
2008-05-11 19:52:01 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-11 19:52:00 0 d-------- C:\Program Files\Intel
2008-05-11 19:51:50 0 d-------- C:\Intel
2008-05-11 19:50:58 10288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-11 18:43:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 17:19:12 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-05-11 17:03:05 0 d-------- C:\Program Files\Trend Micro
2008-05-11 14:09:16 0 d-------- C:\Program Files\Microsoft Works
2008-05-11 14:08:45 0 d-------- C:\Program Files\Microsoft.NET
2008-05-11 14:07:28 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-11 14:07:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-11 14:07:03 0 dr-h----- C:\MSOCache
2008-05-11 05:59:08 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-10 23:16:19 307200 -ra------ C:\WINDOWS\vidcap32.exe <Not Verified; Microsoft Corporation; Microsoft Windows>
2008-05-10 23:16:19 200704 -ra------ C:\WINDOWS\sel3110.exe <Not Verified; ; select Application>
2008-05-10 23:16:19 61440 -ra------ C:\WINDOWS\ov519dib.dll <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519>
2008-05-10 23:16:19 40960 -ra------ C:\WINDOWS\CleanDev.exe <Not Verified; ; CleanDevice>
2008-05-10 23:16:18 16426 -ra------ C:\WINDOWS\system32\ov519usd.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2008-05-10 23:16:18 40960 -ra------ C:\WINDOWS\system32\ov519ext.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2008-05-10 23:16:18 174530 -ra------ C:\WINDOWS\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>
2008-05-10 23:16:18 25211 -ra------ C:\WINDOWS\system32\drivers\ov519cmd.sys <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2008-05-10 23:16:18 0 d-------- C:\WINDOWS\OvtCam
2008-05-10 23:16:18 135168 -ra------ C:\WINDOWS\ov519cap.exe <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519>
2008-05-10 23:16:18 32528 -ra------ C:\WINDOWS\amcap.exe
2008-05-10 22:14:36 0 d-------- C:\Program Files\DScaler5
2008-05-10 21:08:50 0 d-------- C:\Program Files\AC3Filter
2008-05-10 20:51:22 106496 --a------ C:\WINDOWS\system32\drivers\CTTHXCal.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-10 20:48:54 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2008-05-10 20:48:00 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-10 20:47:48 53552 -----n--- C:\WINDOWS\CTCCW.DLL <Not Verified; Creative® Technology Ltd.; Custom Control for Windows>
2008-05-10 20:47:47 1048576 -----n--- C:\WINDOWS\system32\SFMAN.DAT
2008-05-10 20:47:47 54784 -----n--- C:\WINDOWS\system32\INETWH32.DLL <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-05-10 20:47:47 26768 -----n--- C:\WINDOWS\system32\CTL3D.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2008-05-10 20:46:39 0 d-------- C:\WINDOWS\system32\Win9X
2008-05-10 20:43:18 99 --a------ C:\WINDOWS\È
2008-05-10 20:24:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Opera
2008-05-10 20:24:04 0 d-------- C:\Program Files\Opera
2008-05-10 20:10:09 0 d-------- C:\Documents and Settings\Owner\Application Data\Microsoft Games
2008-05-10 20:10:06 0 d-------- C:\Documents and Settings\Owner\Application Data\vlc
2008-05-10 20:08:54 0 d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-05-10 20:07:59 0 d-------- C:\Documents and Settings\Owner\Application Data\GRETECH
2008-05-10 20:07:50 0 d-------- C:\Program Files\GRETECH
2008-05-10 20:07:32 0 d-------- C:\Program Files\VideoLAN
2008-05-10 19:54:50 0 d-------- C:\Documents and Settings\Owner\Application Data\Media Player Classic
2008-05-10 19:52:47 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2008-05-10 19:52:38 60416 --a------ C:\WINDOWS\system32\DSETUP.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2008-05-10 19:52:38 9856 --a------ C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
2008-05-10 19:52:38 4608 --a------ C:\WINDOWS\system32\drivers\nvport.sys <Not Verified; NVIDIA Corporation.; Port Driver>
2008-05-10 19:52:38 671744 --a------ C:\WINDOWS\system32\DolbyHph.dll <Not Verified; Lake Technology Limited, http://www.lake.com.au; Dolby Headphone>
2008-05-10 19:52:38 0 d-------- C:\Program Files\NVIDIA Corporation
2008-05-10 19:45:10 0 d-------- C:\Program Files\Microsoft Games
2008-05-10 18:04:41 0 d-------- C:\Old Computer stuff
2008-05-10 07:16:23 333203 -rahs---- C:\bootmgr
2008-05-10 07:16:23 0 d--hs---- C:\Boot
2008-05-09 23:49:35 0 d-------- C:\Sandbox
2008-05-09 23:22:22 0 d-------- C:\Program Files\uTorrent
2008-05-09 23:22:17 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-05-09 23:20:23 0 d-------- C:\Program Files\Sandboxie
2008-05-09 23:03:09 0 d-------- C:\WINDOWS\system32\Defaults
2008-05-09 23:02:48 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-05-09 23:02:48 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-05-09 23:02:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Creative
2008-05-09 23:02:40 0 d-------- C:\WINDOWS\system32\Data
2008-05-09 23:02:40 3072 --a------ C:\WINDOWS\CTXFIRES.DLL <Not Verified; ; CTxfiRes Dynamic Link Library>
2008-05-09 23:02:40 10240 --a------ C:\WINDOWS\CTDCRES.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 23:02:40 0 d-------- C:\Program Files\Creative
2008-05-09 22:52:25 5248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-05-09 22:52:25 155136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-05-09 22:52:24 0 d-------- C:\Program Files\D-Tools
2008-05-09 22:52:14 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-09 22:44:00 0 d-------- C:\Program Files\RivaTuner v2.09
2008-05-09 22:35:02 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-09 22:33:50 0 d-------- C:\WINDOWS\nview
2008-05-09 22:27:02 0 d-------- C:\WINDOWS\system32\xircom
2008-05-09 22:27:02 0 d-------- C:\WINDOWS\srchasst
2008-05-09 22:27:02 0 d-------- C:\Program Files\microsoft frontpage
2008-05-09 22:20:59 0 d-------- C:\Program Files\Messenger
2008-05-09 22:20:56 0 d-------- C:\WINDOWS\system32\scripting
2008-05-09 22:20:56 0 d-------- C:\WINDOWS\system32\oobe
2008-05-09 22:20:56 0 d-------- C:\WINDOWS\system32\bits
2008-05-09 22:19:38 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-09 21:50:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-05-09 21:49:36 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-09 21:27:47 0 d--hs---- C:\$RECYCLE.BIN
2008-05-09 21:27:16 171136 -rahs---- C:\grldr
2008-05-09 18:49:31 0 d-------- C:\Program Files\Marvell
2008-05-09 18:21:22 24576 --a------ C:\WINDOWS\system32\AsIO.dll <Not Verified; ; AsIO Dynamic Link Library>
2008-05-09 18:21:21 0 d-------- C:\Program Files\ASUS
2008-05-09 18:21:10 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-09 18:20:50 0 d-------- C:\WINDOWS\OPTIONS
2008-05-09 18:20:50 0 d-------- C:\Program Files\Realtek
2008-05-09 18:20:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-09 18:20:44 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-05-09 18:20:36 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-05-09 18:07:44 0 d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2008-05-09 18:07:39 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-09 18:07:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-05-09 18:01:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2008-05-09 18:01:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-09 18:01:34 0 d--h----- C:\Documents and Settings\Owner\Templates
2008-05-09 18:01:34 0 dr------- C:\Documents and Settings\Owner\Start Menu
2008-05-09 18:01:34 0 dr-h----- C:\Documents and Settings\Owner\SendTo
2008-05-09 18:01:34 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-05-09 18:01:34 0 d--h----- C:\Documents and Settings\Owner\PrintHood
2008-05-09 18:01:34 0 d--h----- C:\Documents and Settings\Owner\NetHood
2008-05-09 18:01:34 0 dr------- C:\Documents and Settings\Owner\My Documents
2008-05-09 18:01:34 0 d--h----- C:\Documents and Settings\Owner\Local Settings
2008-05-09 18:01:34 0 dr------- C:\Documents and Settings\Owner\Favorites
2008-05-09 18:01:34 0 d-------- C:\Documents and Settings\Owner\Desktop
2008-05-09 18:01:34 0 d--hs---- C:\Documents and Settings\Owner\Cookies
2008-05-09 18:01:34 0 dr-h----- C:\Documents and Settings\Owner\Application Data
2008-05-09 18:01:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-05-09 18:01:34 0 d-------- C:\Documents and Settings\Owner\7zSB4E.tmp
2008-05-09 18:01:33 0 d--hs---- C:\WINDOWS\CSC
2008-05-09 18:01:33 2359296 --ah----- C:\Documents and Settings\Owner\NTUSER.DAT
2008-05-09 18:01:30 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-05-09 18:01:29 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-09 18:01:27 270336 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-05-09 18:01:27 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-05-09 18:01:27 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-05-09 18:01:27 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-09 18:01:26 524288 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-09 18:01:26 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-05-09 18:01:26 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-05-09 18:01:26 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-09 17:59:36 524288 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-05-09 17:59:19 0 d-------- C:\Documents and Settings\Default User\7zSB4E.tmp
2008-05-09 17:58:09 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-09 17:57:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-09 17:56:59 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-05-09 17:56:58 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-09 17:56:58 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-09 17:56:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-09 17:56:56 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-09 17:56:56 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-09 17:56:56 639066 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-09 17:56:55 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-09 17:56:51 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-09 17:56:51 0 d-------- C:\Documents and Settings\Default User\Application Data\Real
2008-05-09 17:56:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Real
2008-05-09 17:56:32 0 -rahs---- C:\MSDOS.SYS
2008-05-09 17:56:32 0 -rahs---- C:\IO.SYS
2008-05-09 17:56:32 0 --a------ C:\CONFIG.SYS
2008-05-09 17:56:32 0 --a------ C:\AUTOEXEC.BAT
2008-05-09 17:56:19 0 d-------- C:\WINDOWS\system32\dllcache
2008-05-09 17:55:49 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-05-09 17:55:37 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-09 17:55:20 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-09 17:54:56 0 d---s---- C:\WINDOWS\Tasks
2008-05-09 17:54:55 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-09 17:54:43 0 d-------- C:\Program Files\Movie Maker
2008-05-09 17:54:36 0 d-------- C:\WINDOWS\system32\Restore
2008-05-09 17:54:00 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-09 17:53:48 0 d-------- C:\WINDOWS\Registration
2008-05-09 17:53:42 0 d-------- C:\Program Files\Online Services
2008-05-09 17:53:35 0 d-------- C:\WINDOWS\Offline Web Pages
2008-05-09 17:53:34 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-09 17:53:31 7680 --a------ C:\WINDOWS\system32\engine.dll <Not Verified; fromVistaToXp.com; Windows Vista API Implementation (Energy Lite)>
2008-05-09 17:53:29 8174592 --a------ C:\WINDOWS\system32\Branded.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-09 17:53:25 35840 --a------ C:\WINDOWS\system32\wul.exe <Not Verified; NirSoft; WinUpdatesList>
2008-05-09 17:53:25 8576 --a------ C:\WINDOWS\system32\vcdrom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>
2008-05-09 17:53:25 23552 --a------ C:\WINDOWS\system32\vcdrom.exe <Not Verified; ; VCDControlTool Application>
2008-05-09 17:53:25 244856 --a------ C:\WINDOWS\system32\TweakUI.exe <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Shell PowerToys>
2008-05-09 17:53:25 712704 --a------ C:\WINDOWS\system32\TimeZone.exe <Not Verified; Microsoft; Time Zone>
2008-05-09 17:53:24 71168 --a------ C:\WINDOWS\system32\pserv2.exe <Not Verified; http://p-nand-q.com; pserv2>
2008-05-09 17:53:24 94720 --a------ C:\WINDOWS\system32\MsiZap.exe <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2008-05-09 17:53:24 40960 --a------ C:\WINDOWS\system32\msicuu.exe <Not Verified; Microsoft Corporation; Windows Installer Clean Up>
2008-05-09 17:53:24 24576 --a------ C:\WINDOWS\system32\MemTest.exe <Not Verified; ; memTest Application>
2008-05-09 17:53:24 49152 --a------ C:\WINDOWS\system32\latency.exe
2008-05-09 17:53:23 281600 --a------ C:\WINDOWS\system32\HostsXpert.exe <Not Verified; funkytoad.com; HostsXpert>
2008-05-09 17:53:23 356352 --a------ C:\WINDOWS\system32\DFX.exe <Not Verified; DjLizard.net; Dial-a-fix>
2008-05-09 17:53:22 978377 --a------ C:\WINDOWS\system32\cpuz.exe <Not Verified; CPUID; CPU-Z Application>
2008-05-09 17:53:21 0 d-------- C:\WINDOWS\system32\cplicons
2008-05-09 17:53:21 118144 --a------ C:\WINDOWS\system32\BootSafe.exe <Not Verified; SuperAdBlocker.com; BootSafe Application>
2008-05-09 17:53:15 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-09 17:53:13 0 d-------- C:\Program Files\Foxit
2008-05-09 17:53:12 0 d-------- C:\Program Files\Attribute Changer
2008-05-09 17:53:04 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-09 17:52:16 0 d-------- C:\Program Files\Windows NT
2008-05-09 17:52:12 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-09 17:52:10 0 d-------- C:\WINDOWS\system32\Com
2008-05-09 13:47:50 0 d--hs---- C:\WINDOWS\Installer
2008-05-09 13:47:50 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-09 13:47:46 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-09 13:47:45 0 dr------- C:\Program Files
2008-05-09 13:47:45 0 d-------- C:\Program Files\Common Files
2008-05-09 13:47:26 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-05-09 13:47:26 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-05-09 13:47:26 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-05-09 13:47:26 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-05-09 13:47:26 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-05-09 13:47:26 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-05-09 13:47:26 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-05-09 13:47:26 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-05-09 13:47:26 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-05-09 13:47:26 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-05-09 13:47:26 0 d--h----- C:\Documents and Settings\Default User\Cookies
2008-05-09 13:47:26 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-05-09 13:47:26 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-05-09 13:47:26 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-05-09 13:47:26 0 dr------- C:\Documents and Settings\All Users\Documents
2008-05-09 13:47:26 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-05-09 13:45:22 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-09 13:45:22 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-09 13:45:17 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-05-09 13:45:17 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-09 13:45:16 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-05-09 13:45:16 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-09 13:44:49 0 d--hs---- C:\System Volume Information
2008-05-09 13:44:49 0 d-------- C:\Documents and Settings
2008-05-09 13:38:13 0 d-------- C:\WINDOWS
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\WinSxS
2008-05-09 13:38:13 0 dr------- C:\WINDOWS\Web
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\twain_32
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\wins
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\wbem
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\usmt
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\spool
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\Setup
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\ras
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\npp
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\mui
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\IME
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\ias
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\export
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\en
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\drivers
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\config
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\3076
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\2052
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\1054
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\1042
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\1041
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\1037
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\1033
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\1031
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\1028
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system32\1025
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\system
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\security
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\Resources
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\repair
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\Provisioning
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\PeerNet
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\pchealth
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\Network Diagnostic
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\mui
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\msapps
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\msagent
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\Media
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\l2schemas
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\java
2008-05-09 13:38:13 0 d--h----- C:\WINDOWS\inf
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\ime
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\Help
2008-05-09 13:38:13 0 dr--s---- C:\WINDOWS\Fonts
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\ehome
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\Driver Cache
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\dell
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\Debug
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\Cursors
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\Config
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\AppPatch
2008-05-09 13:38:13 0 d-------- C:\WINDOWS\addins
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Find3M Report ---------------------------------------------------------------

2008-05-16 01:20:15 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-09 13:47:26 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap "= "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" [01/28/2008 02:25 PM]
"CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [07/02/2003 10:03 AM]
"Cpu Level Up help "= "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe" [11/30/2007 09:33 PM]
"CPU Power Monitor "= "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [01/09/2008 11:47 AM]
"NvCplDaemon(1) "= "RUNDLL32.exe" [04/14/2008 05:42 AM C:\WINDOWS\system32\rundll32.exe]
"ASUS Energy Saving "= "C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe" [01/28/2008 12:12 PM]
"RivaTunerStartupDaemon "= "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [04/28/2008 03:55 PM]
"itype "= "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [08/31/2007 12:13 PM]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz "= "nwiz.exe" [05/02/2008 10:46 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl "= "C:\Program Files\Sandboxie\SbieCtrl.exe" [04/27/2008 10:52 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=1 (0x1)
"HideStartupScripts "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=1 (0x1)
"HideStartupScripts "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel "=1 (0x1)
"NoLowDiskSpaceChecks "=1 (0x1)
"NoStartBanner "=1 (0x1)
"NoSMConfigurePrograms "=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel "=1 (0x1)
"NoLowDiskSpaceChecks "=1 (0x1)
"NoStartBanner "=1 (0x1)
"NoSMConfigurePrograms "=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages "= scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-05-16 08:43:53 ------------

 

Something else!

Does it shutdown normally?

And does it seem to perform normally when it is up?

Mike

 

Yes and Yes.

Since I installed SP3 now it's saying "applying settings" instead of "Windows is starting up" but its at the same time as the other message and taking as long, I've got the services turned off once again that you mentioned in my post that didn't post(***?).

Again though no Eventlog service, which stops prefetch from happening. I'm going to take the event log key from this crapbox here at work and import it when I get home.

Why though would it keep adding a generic PS/2 keyboard ALL the time?

I made a post with my DDS scan in it and I guess it didn't get approved? ***? I'm at work right now, I'll try and repost it when I get home later today. Maybe I'll make it an attachment then?

 

Ok will watch for your post later today!

On the keyboard while you are in safe mode go into Device manager and see if you have any yellow exclamation ! red X or a Catagory named Other.

If you have red x's or yellow exclamation's make a note of what they are for us then rt click and uninstall them.

Same for Other.

Now open the keyboard entry and remove all, yes all keyboards.

Then reboot and let any keyboards install generic or not more than 1 is ok also!

For event viewer try this and let me know!

Start-Run
type or copy & paste
eventvwr.msc
click ok.

Report back.

Mike

 

Quick tidbit, its a yellow ! next to the 101/102 standard ps/2 keyboard, and thats all that has any conflict in there, when I get home I'll try the removal thing.

 

My original post with the DDS FINALLY showed up!

The problem with the evenlog service is that its simply not listed in my services menu, its somehow not active?

W00T!W00T!W00T!W00T!W00T!W00T!W00T!W00T!W00T!W00T!

SOLVED!

I went into pserve 2.6 and disabled 1394 Client Protocol and 1394 Net driver. I already have the onboard one disabled from the bios this was the one on my Creative Audigy 2 zs that was causing the problem. I already had it disabled in the system devices AND in the Network *sigh* retarded windows xp. I can see why they removed it from Vista.

I also disabled "i8042 Keyboard and PS/2 Mouse Port Driver" but the phantom keyboard KEEPS COMING BACK!!! I've got it disabled now in my devices so *shrugs*.

Great stuff! I'm very happy! Thank you Mike for all your help! Also with some putzing around I've got Eventlog back where it should be!

*pelvic thrust* now time for a silly somewhat frivilous(as some guides state) run of bootvis for the optimize boot.

Thanks again!

 

Hmmm, yea interesting... could it have something to do with the mystery keyboard? Everything is smooth sailing for me right now!

 

Hi P

Fantastical!

Are you saying the issue referenced by broni in post #18 is now also gone?

I sure am glad this is fixed, when I looked at that DSS log I knew exacty what Jed Clampett meant when he said "wheeeeeeee dogggggiiiieee ".

I would go thru add/remove and do some house cleaning.

I would clear the the event logs and immediately reboot and recheck the event logs as soon as you get to the desktop. You will see only what happend on shutdown and boot up.

Good luck

Mike