SP3 pauses for 20 secs prior to log in

onelosttiger · 2008/06/10

Hi

I really hope that somebody can help.

Windows XP SP3 keeps pausing between windows load screen and login. I have read this http://www.windowsbbs.com/showthread.php?t=73530 thread and it's about the only post I can find with someone with almost the same problem. I do not have errors with keyboards etc though.

I have done the Hijack this and DSS as requested and hope that somebody can help as my system should be much faster than this. I haev rebuilt the computer with a new MOBO and RAM and this has only started since I haev reinstalled windows on the new config.

Deckard's System Scanner v20071014.68
Run by Paulie B on 2008-06-10 22:18:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

-- Last 2 Restore Point(s) --
2: 2008-06-10 21:12:02 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-06-10 20:59:55 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Paulie B.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:18:48, on 10/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Paulie B\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\PAULIE~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll "
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212829561714
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

--
End of file - 7049 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1 ",%*
.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1 "

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 RivaTuner32 - c:\program files\rivatuner v2.09\rivatuner32.sys
R3 SaiMini - c:\windows\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>
R3 SaiNtBus - c:\windows\system32\drivers\saintbus.sys <Not Verified; Saitek; Configuration Software>

S3 ALSysIO - c:\docume~1\paulie~1\locals~1\temp\alsysio.sys (file missing)
S3 cpuz129 - c:\docume~1\paulie~1\locals~1\temp\cpuz_x32.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

PeteC · 2008/06/10

onelosttiger - Welcome to the Board

I haev rebuilt the computer with a new MOBO and RAM and this has only started since I haev reinstalled windows on the new config.
Click to expand...

Did you load the chipset drivers from the mobo CD?

onelosttiger · 2008/06/10

Hi and thanks Pete, Yes from the CD and then any updates to them when i downloaded SP3 via windows update.

Here's the rest of the log as the post was too long:

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-05-10 and 2008-06-10 -----------------------------

2008-06-10 21:58:08 0 d-------- C:\Program Files\Trend Micro
2008-06-10 21:22:38 0 d-------- C:\Program Files\Microsoft Bootvis
2008-06-10 14:25:15 0 d-------- C:\Documents and Settings\Hachidori\Application Data\vlc
2008-06-10 14:24:33 0 d-------- C:\Program Files\VideoLAN
2008-06-10 13:33:29 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-06-10 13:25:19 0 d-------- C:\Program Files\Zune
2008-06-10 12:02:28 0 dr-h----- C:\Documents and Settings\Hachidori\Recent
2008-06-10 11:19:52 0 d-------- C:\Program Files\BCL Technologies
2008-06-10 11:16:36 0 d-------- C:\Program Files\Microsoft.NET
2008-06-10 11:16:34 0 d-------- C:\Program Files\Microsoft WSE
2008-06-10 11:16:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-10 11:14:31 0 d-------- C:\Program Files\Family Tree Maker 2008
2008-06-10 11:07:16 0 d-------- C:\Program Files\Common Files\Macromedia
2008-06-10 11:07:12 0 d-------- C:\Program Files\Macromedia
2008-06-10 11:06:22 45056 --a------ C:\WINDOWS\NCUNINST.EXE <Not Verified; Northern Codeworks; Uninstall>
2008-06-10 11:04:24 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-06-09 22:27:06 0 d-------- C:\Documents and Settings\Paulie B\Application Data\OpenOffice.org2
2008-06-09 10:17:30 0 dra------ C:\My Downloads
2008-06-08 19:56:59 0 d-------- C:\Documents and Settings\Hachidori\Contacts
2008-06-08 09:34:25 0 d-------- C:\Documents and Settings\Hachidori\Application Data\Ahead
2008-06-08 01:39:34 0 d-------- C:\Documents and Settings\Hachidori\Application Data\Skype
2008-06-08 01:39:22 0 d-------- C:\Program Files\Skype
2008-06-08 01:39:22 0 d-------- C:\Program Files\Common Files\Skype
2008-06-08 01:39:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-08 01:38:30 0 d-------- C:\Program Files\CoreFTP
2008-06-08 01:32:10 0 d-------- C:\Documents and Settings\Hachidori\Application Data\OpenOffice.org2
2008-06-08 01:31:05 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-08 01:30:47 0 d-------- C:\Program Files\Java
2008-06-08 01:30:46 0 d-------- C:\Program Files\Common Files\Java
2008-06-08 01:30:44 0 d-------- C:\Documents and Settings\Hachidori\Application Data\Sun
2008-06-08 00:50:05 0 d-------- C:\Program Files\Neat Image
2008-06-07 22:55:58 0 d-------- C:\Documents and Settings\Hachidori\Application Data\Macromedia
2008-06-07 22:26:12 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-07 22:24:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-07 22:23:43 0 d-------- C:\Program Files\Bonjour
2008-06-07 22:23:31 0 d-------- C:\Documents and Settings\Hachidori\Application Data\Adobe
2008-06-07 22:17:57 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-07 22:17:00 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-07 22:16:28 0 d-------- C:\Documents and Settings\Hachidori\Application Data\Mozilla
2008-06-07 22:14:58 0 d-------- C:\Documents and Settings\Hachidori\Application Data\Identities
2008-06-07 22:14:53 0 d--h----- C:\Documents and Settings\Hachidori\Templates
2008-06-07 22:14:53 0 dr------- C:\Documents and Settings\Hachidori\Start Menu
2008-06-07 22:14:53 0 dr-h----- C:\Documents and Settings\Hachidori\SendTo
2008-06-07 22:14:53 0 d--h----- C:\Documents and Settings\Hachidori\PrintHood
2008-06-07 22:14:53 2359296 --ah----- C:\Documents and Settings\Hachidori\NTUSER.DAT
2008-06-07 22:14:53 0 d--h----- C:\Documents and Settings\Hachidori\NetHood
2008-06-07 22:14:53 0 dr------- C:\Documents and Settings\Hachidori\My Documents
2008-06-07 22:14:53 0 d--h----- C:\Documents and Settings\Hachidori\Local Settings
2008-06-07 22:14:53 0 dr------- C:\Documents and Settings\Hachidori\Favorites
2008-06-07 22:14:53 0 d-------- C:\Documents and Settings\Hachidori\Desktop
2008-06-07 22:14:53 0 d--hs---- C:\Documents and Settings\Hachidori\Cookies
2008-06-07 22:14:53 0 dr-h----- C:\Documents and Settings\Hachidori\Application Data
2008-06-07 22:14:53 0 d---s---- C:\Documents and Settings\Hachidori\Application Data\Microsoft
2008-06-07 22:13:53 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 22:13:52 0 d-------- C:\Fraps
2008-06-07 20:41:19 0 d-a------ C:\Program Files\CPU-Z
2008-06-07 20:00:14 73728 --a------ C:\WINDOWS\system32\GkSui18.EXE
2008-06-07 20:00:14 69632 --a------ C:\WINDOWS\system32\Copy of GkSui18.EXE
2008-06-07 20:00:13 0 d-------- C:\Program Files\Folding@Home
2008-06-07 19:09:23 0 d-------- C:\Program Files\OpenAL
2008-06-07 19:05:25 0 d-------- C:\Program Files\Bohemia Interactive
2008-06-07 18:00:44 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-07 17:56:37 0 d-------- C:\WINDOWS\Performance
2008-06-07 17:56:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-06-07 17:25:02 45056 --a------ C:\WINDOWS\system32\SAIKICK.dll <Not Verified; Saitek; Configuration Software>
2008-06-07 17:25:02 45056 --a------ C:\WINDOWS\system32\SAIHOOK.dll <Not Verified; Saitek plc; Configuration Software>
2008-06-07 17:25:02 147456 --a------ C:\WINDOWS\system32\SAICFG.dll <Not Verified; ; SaiCfg Dynamic Link Library>
2008-06-07 17:25:02 40960 --a------ C:\WINDOWS\system32\REnum.exe <Not Verified; Saitek; Saitek Enumeration Utility>
2008-06-07 17:25:02 163840 --a------ C:\WINDOWS\system32\PrfAct.exe <Not Verified; Saitek plc; PrfAct Module>
2008-06-07 17:25:02 122880 --a------ C:\WINDOWS\system32\Nx.exe <Not Verified; ; NukeUxp Application>
2008-06-07 17:25:02 26752 --a------ C:\WINDOWS\system32\drivers\SaiNtBus.sys <Not Verified; Saitek; Configuration Software>
2008-06-07 17:25:02 15616 --a------ C:\WINDOWS\system32\drivers\SaiMini.sys <Not Verified; Saitek; Configuration Software>
2008-06-07 17:24:57 0 d-------- C:\Program Files\Saitek
2008-06-07 16:57:19 53248 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-06-07 16:56:43 0 d-------- C:\Program Files\Common Files\Logitech
2008-06-07 16:56:17 0 d-------- C:\Program Files\Logitech
2008-06-07 15:44:02 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-06-07 15:01:52 0 d-------- C:\WINDOWS\system32\Futuremark
2008-06-07 15:01:52 3972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2008-06-07 15:01:10 0 d-------- C:\Program Files\Futuremark
2008-06-07 13:56:13 0 d-------- C:\Program Files\SpeedFan
2008-06-07 13:46:41 0 d-------- C:\Program Files\RivaTuner v2.09
2008-06-07 13:43:22 0 d-------- C:\Program Files\Common Files\LightScribe
2008-06-07 13:40:46 0 d-------- C:\Program Files\Nero
2008-06-07 13:40:46 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-07 13:40:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-07 13:14:18 0 d-------- C:\Program Files\ReGetDx
2008-06-07 13:14:18 0 d-------- C:\Program Files\Common Files\ReGet Shared
2008-06-07 13:01:30 0 d-------- C:\Documents and Settings\Paulie B\Application Data\Macromedia
2008-06-07 13:01:30 0 d-------- C:\Documents and Settings\Paulie B\Application Data\Adobe
2008-06-07 13:01:27 1169 --a------ C:\WINDOWS\mozver.dat
2008-06-07 11:44:02 0 d-------- C:\Documents and Settings\Paulie B\Contacts
2008-06-07 11:42:02 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-07 11:41:58 0 d-------- C:\Program Files\Windows Live
2008-06-07 11:41:54 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-07 11:26:36 0 d-------- C:\WINDOWS\pss
2008-06-07 11:17:33 0 d-------- C:\Program Files\Alwil Software
2008-06-07 11:10:18 0 d-------- C:\Documents and Settings\Paulie B\Application Data\Diino
2008-06-07 11:05:56 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-07 11:05:54 0 d-------- C:\Documents and Settings\Paulie B\Application Data\Mozilla
2008-06-07 10:59:00 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-07 10:58:20 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-07 10:58:20 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-07 10:52:47 0 d-------- C:\WINDOWS\Prefetch
2008-06-07 10:49:15 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-07 10:23:41 0 d-------- C:\WINDOWS\system32\scripting
2008-06-07 10:23:41 0 d-------- C:\WINDOWS\system32\en
2008-06-07 10:23:41 0 d-------- C:\WINDOWS\system32\bits
2008-06-07 10:23:41 0 d-------- C:\WINDOWS\l2schemas
2008-06-07 10:09:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-07 10:06:27 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-07 10:05:39 0 d--hs---- C:\Documents and Settings\Paulie B\UserData
2008-06-07 09:59:00 280 --a------ C:\WINDOWS\system32\PDBootState
2008-06-07 09:48:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-06-07 09:47:56 0 d-------- C:\Program Files\Raxco
2008-06-07 09:38:02 0 d-------- C:\Program Files\Lavasoft
2008-06-07 09:38:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-07 09:37:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-07 09:26:20 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2008-06-07 09:25:35 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-06-07 09:25:35 110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-06-07 09:25:33 0 d-------- C:\Documents and Settings\Paulie B\Application Data\Creative
2008-06-07 09:25:05 0 d-------- C:\WINDOWS\system32\Data
2008-06-07 09:25:05 3072 --a------ C:\WINDOWS\CTXFIRES.DLL <Not Verified; ; CTxfiRes Dynamic Link Library>
2008-06-07 09:25:05 10240 --a------ C:\WINDOWS\CTDCRES.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-06-07 09:24:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-06-07 09:24:12 0 d-------- C:\Program Files\Creative
2008-06-07 09:15:35 0 d-------- C:\WINDOWS\nvidia icons
2008-06-07 09:15:25 0 d-------- C:\WINDOWS\nview
2008-06-07 09:15:03 0 d-------- C:\NVIDIA
2008-06-07 09:11:46 0 d-------- C:\WINDOWS\system32\Lang
2008-06-07 09:07:44 0 d-------- C:\WINDOWS\OPTIONS
2008-06-07 09:07:38 0 d-------- C:\Documents and Settings\Paulie B\Application Data\InstallShield
2008-06-07 09:07:13 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-06-07 09:06:56 0 d-------- C:\WINDOWS\system32\RTCOM
2008-06-07 09:06:45 0 d-------- C:\Program Files\Realtek
2008-06-07 09:06:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-07 09:06:40 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-07 09:06:40 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-06-07 09:06:38 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-07 09:02:36 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-07 09:02:35 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-07 09:02:34 53248 --a------ C:\WINDOWS\system32\CSVer.dll <Not Verified; Windows XP Bundled build C-Centric Single User; Windows XP Bundled build C-Centric Single User CSVer>
2008-06-07 09:02:34 0 d-------- C:\Program Files\Intel
2008-06-07 09:02:24 0 d-------- C:\Intel
2008-06-07 08:03:30 0 d-------- C:\Documents and Settings\Paulie B\Application Data\Identities
2008-06-07 08:03:23 0 dr-h----- C:\Documents and Settings\Paulie B\SendTo
2008-06-07 08:03:23 0 dr-h----- C:\Documents and Settings\Paulie B\Recent
2008-06-07 08:03:23 0 d--h----- C:\Documents and Settings\Paulie B\PrintHood
2008-06-07 08:03:23 0 d--h----- C:\Documents and Settings\Paulie B\NetHood
2008-06-07 08:03:23 0 dr------- C:\Documents and Settings\Paulie B\My Documents
2008-06-07 08:03:23 0 d--h----- C:\Documents and Settings\Paulie B\Local Settings
2008-06-07 08:03:23 0 dr------- C:\Documents and Settings\Paulie B\Favorites
2008-06-07 08:03:23 0 d-------- C:\Documents and Settings\Paulie B\Desktop
2008-06-07 08:03:23 0 d--hs---- C:\Documents and Settings\Paulie B\Cookies
2008-06-07 08:03:23 0 dr-h----- C:\Documents and Settings\Paulie B\Application Data
2008-06-07 08:03:22 0 d--h----- C:\Documents and Settings\Paulie B\Templates
2008-06-07 08:03:22 0 dr------- C:\Documents and Settings\Paulie B\Start Menu
2008-06-07 08:03:22 1835008 --ah----- C:\Documents and Settings\Paulie B\NTUSER.DAT
2008-06-07 08:00:11 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-07 08:00:09 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-06-07 08:00:09 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-06-07 08:00:09 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-06-07 08:00:09 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-06-07 08:00:09 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-07 08:00:08 237568 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-07 03:51:43 0 d--hs---- C:\WINDOWS\Installer
2008-06-07 03:51:42 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-07 03:51:40 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-07 03:51:39 0 dr------- C:\Program Files
2008-06-07 03:51:39 0 d-------- C:\Program Files\Common Files
2008-06-07 03:51:39 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-06-07 03:51:20 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-06-07 03:51:20 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-07 03:51:20 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-07 03:51:20 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-06-07 03:51:20 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-06-07 03:51:20 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-06-07 03:51:20 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-06-07 03:51:20 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-06-07 03:51:20 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-06-07 03:51:20 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-06-07 03:51:20 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-06-07 03:51:20 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-06-07 03:51:20 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-07 03:51:20 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-06-07 03:51:20 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-07 03:51:20 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-06-07 03:51:05 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-07 03:51:05 0 d-------- C:\WINDOWS\system32\CatRoot
2008-06-07 03:51:00 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-07 03:51:00 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-07 03:51:00 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-07 03:50:59 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-07 03:50:42 0 d--hs---- C:\System Volume Information
2008-06-07 03:50:42 0 d-------- C:\Documents and Settings
2008-06-07 03:47:37 0 d-------- C:\WINDOWS
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\WinSxS
2008-06-07 03:47:37 0 dr------- C:\WINDOWS\Web
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\twain_32
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\wins
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\wbem
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\usmt
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\spool
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\ShellExt
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\Setup
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\ras
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\oobe
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\npp
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\mui
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\inetsrv
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\IME
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\icsxml
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\ias
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\export
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\drivers
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-06-07 03:47:37 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\dhcp
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\config
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\3076
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\2052
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\1054
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\1042
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\1041
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\1037
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\1033
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\1031
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\1028
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\1025
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\security
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\Resources
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\repair
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\Provisioning
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\PeerNet
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\pchealth
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\mui
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\msapps
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\msagent
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\Media
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\java
2008-06-07 03:47:37 0 d--h----- C:\WINDOWS\inf
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\ime
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\Help
2008-06-07 03:47:37 0 dr--s---- C:\WINDOWS\Fonts
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\ehome
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\Driver Cache
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\Debug
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\Cursors
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\Connection Wizard
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\Config
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\AppPatch
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\addins
2008-06-07 03:01:19 237568 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-07 03:01:19 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-06-07 03:01:19 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-06-07 03:01:19 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-06-07 03:01:19 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-07 02:59:14 0 d-------- C:\WINDOWS\system32\xircom
2008-06-07 02:59:14 0 d-------- C:\Program Files\microsoft frontpage
2008-06-07 02:58:57 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-07 02:58:54 0 d-------- C:\WINDOWS\network diagnostic
2008-06-07 02:58:37 0 -rahs---- C:\MSDOS.SYS
2008-06-07 02:58:37 0 -rahs---- C:\IO.SYS
2008-06-07 02:58:37 0 --a------ C:\CONFIG.SYS
2008-06-07 02:58:37 0 --a------ C:\AUTOEXEC.BAT
2008-06-07 02:57:58 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-07 02:57:53 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-07 02:57:53 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-06-07 02:57:45 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-07 02:57:31 0 d-------- C:\WINDOWS\system32\DirectX
2008-06-07 02:57:09 0 d---s---- C:\WINDOWS\Tasks
2008-06-07 02:57:08 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-07 02:57:06 0 d-------- C:\WINDOWS\srchasst
2008-06-07 02:57:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-06-07 02:57:00 0 d-------- C:\Program Files\Movie Maker
2008-06-07 02:56:54 0 d-------- C:\WINDOWS\system32\Restore
2008-06-07 02:56:24 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-07 02:56:10 0 d-------- C:\WINDOWS\Registration
2008-06-07 02:56:04 0 d-------- C:\Program Files\Online Services
2008-06-07 02:55:58 0 d-------- C:\Program Files\Messenger
2008-06-07 02:55:56 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-07 02:55:30 0 d-------- C:\Program Files\Windows NT
2008-06-07 02:55:28 0 d-------- C:\WINDOWS\system32\MsDtc
2008-06-07 02:55:26 0 d-------- C:\WINDOWS\system32\Com

-- Find3M Report ---------------------------------------------------------------

2008-06-07 03:51:20 62 --ahs---- C:\Documents and Settings\Paulie B\Application Data\desktop.ini
2008-05-03 05:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-03 05:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-03 05:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-03 05:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-03 05:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-03 05:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-03 05:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-03 05:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr "= "ALCMTR.EXE" [03/05/2005 11:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [03/05/2008 05:46]
"nwiz "= "nwiz.exe" [03/05/2008 05:46 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [03/05/2008 05:46]
"AudioDrvEmulator "= "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [04/11/2005 18:07]
"CTHelper "= "CTHELPER.EXE" [12/12/2006 10:46 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp "= "CTXFIHLP.EXE" [12/12/2006 10:46 C:\WINDOWS\system32\Ctxfihlp.exe]
"UpdReg "= "C:\WINDOWS\UpdReg.EXE" [11/05/2000 01:00]
"CTRegRun "= "C:\WINDOWS\CTRegRun.EXE" [11/10/1999 02:00]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 00:19]
"RivaTunerStartupDaemon "= "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [28/04/2008 19:25]
"RTHDCPL "= "RTHDCPL.EXE" [19/09/2007 11:14 C:\WINDOWS\RTHDCPL.exe]
"LVCOMSX "= "C:\WINDOWS\system32\LVCOMSX.EXE" [08/10/2004 11:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [01/06/2007 10:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages "= scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hachidori^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Hachidori\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Profiler]
C:\Program Files\Saitek\Software\Profiler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
C:\Program Files\Saitek\Software\SaiMfd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiSmart]
C:\Program Files\Saitek\Software\SaiSmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"C:\Program Files\Zune\ZuneLauncher.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe "

-- End of Deckard's System Scanner: finished at 2008-06-10 22:20:36 ------------

PeteC · 2008/06/11

As posted in the thread you referenced are there any problems shown in Device Manager ? - check View > Show Hidden Devices for the full picture.

I don't think this is malware related, but we shall see - I need another member to chip in here to analyse the Deckards and propose a few more checks.

mflynn · 2008/06/11

The posted logs look clean of malware but there are a couple of possibilities of system issues.

These can be re-installed later if not the issue, but for now un-install both
WindowsLive
and
Reget.

After uninstalling the above reboot and do the below:
Cleanup using these

D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

http://www.majorgeeks.com/ATF_Cleaner_d4949.html

D/L and install CCleaner: Clean temps and registry. Run both (temp and registry) repeatedly until no more found.

http://www.ccleaner.com/download/bui...wnloading-slim

Finally cleanup old Java and update to newest version.

Download JavaRa http://prm753.bchea.org/JavaRa.html
Unzip run it, cleanup old versions then use the update, chose Jucheck first and if you do not have Jucheck then chose Update using Sun..

I also advise you to do post #2 in the link you mentioned above if not already done.

After all above repost new HJT and DSS logs.

Mike

onelosttiger · 2008/06/11

Thanks for the help so far, great little programs too!

I have followed your instructions to the letter but still the same pause and same length of time unfortunately.

Checked my device manager, I had done before but didn't do the show hidden items, I have two with exclamations, Parport and Serial. What should I do with these?

I tried post #2 in the link last night and to no avail. What I did find interesting was that in reports on the admin services DHCP has always got an x next to it and states that 192.168.1.1 was unavailable and so it had to use 192.168.1.100. I presume this is just the router adn a normal occurnece as all teh ip fixes didn't fix my problem.

Ok here is my new HJT DSS log:

Deckard's System Scanner v20071014.68
Run by Paulie B on 2008-06-11 18:50:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Paulie B.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:34, on 11/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Paulie B\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\PAULIE~1.EXE
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll "
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212829561714
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

--
End of file - 6068 bytes

onelosttiger · 2008/06/11

And the second half- The first half is just going through screening and in that I detail what I have tried.

-- Files created between 2008-05-11 and 2008-06-11 -----------------------------

2008-06-11 18:43:00 0 dr-h----- C:\Documents and Settings\Paulie B\Recent
2008-06-11 18:40:10 0 d-------- C:\Program Files\CCleaner
2008-06-11 12:11:26 0 d-------- C:\Documents and Settings\Hachidori\Application Data\Help
2008-06-11 11:56:09 0 d-------- C:\Documents and Settings\Hachidori\Application Data\CoreFTP
2008-06-10 22:49:56 691545 --a------ C:\WINDOWS\unins000.exe
2008-06-10 22:49:56 2540 --a------ C:\WINDOWS\unins000.dat
2008-06-10 22:46:36 0 d-------- C:\Documents and Settings\Paulie B\Application Data\vlc
2008-06-10 22:37:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-10 21:58:08 0 d-------- C:\Program Files\Trend Micro
2008-06-10 14:25:15 0 d-------- C:\Documents and Settings\Hachidori\Application Data\vlc
2008-06-10 14:24:33 0 d-------- C:\Program Files\VideoLAN
2008-06-10 13:33:29 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-06-10 13:25:19 0 d-------- C:\Program Files\Zune
2008-06-10 12:02:28 0 dr-h----- C:\Documents and Settings\Hachidori\Recent
2008-06-10 11:19:52 0 d-------- C:\Program Files\BCL Technologies
2008-06-10 11:16:36 0 d-------- C:\Program Files\Microsoft.NET
2008-06-10 11:16:34 0 d-------- C:\Program Files\Microsoft WSE
2008-06-10 11:16:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-10 11:14:31 0 d-------- C:\Program Files\Family Tree Maker 2008
2008-06-10 11:07:16 0 d-------- C:\Program Files\Common Files\Macromedia
2008-06-10 11:07:12 0 d-------- C:\Program Files\Macromedia
2008-06-10 11:06:22 45056 --a------ C:\WINDOWS\NCUNINST.EXE <Not Verified; Northern Codeworks; Uninstall>
2008-06-10 11:04:24 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-06-09 22:27:06 0 d-------- C:\Documents and Settings\Paulie B\Application Data\OpenOffice.org2
2008-06-09 10:17:30 0 dra------ C:\My Downloads
2008-06-08 19:56:59 0 d-------- C:\Documents and Settings\Hachidori\Contacts
2008-06-08 09:34:25 0 d-------- C:\Documents and Settings\Hachidori\Application Data\Ahead
2008-06-08 01:39:34 0 d-------- C:\Documents and Settings\Hachidori\Application Data\Skype
2008-06-08 01:39:22 0 d-------- C:\Program Files\Skype
2008-06-08 01:39:22 0 d-------- C:\Program Files\Common Files\Skype
2008-06-08 01:39:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-08 01:38:30 0 d-------- C:\Program Files\CoreFTP
2008-06-08 01:32:10 0 d-------- C:\Documents and Settings\Hachidori\Application Data\OpenOffice.org2
2008-06-08 01:31:05 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-08 01:30:47 0 d-------- C:\Program Files\Java
2008-06-08 01:30:46 0 d-------- C:\Program Files\Common Files\Java
2008-06-08 01:30:44 0 d-------- C:\Documents and Settings\Hachidori\Application Data\Sun
2008-06-08 00:50:05 0 d-------- C:\Program Files\Neat Image
2008-06-07 22:55:58 0 d-------- C:\Documents and Settings\Hachidori\Application Data\Macromedia
2008-06-07 22:26:12 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-07 22:24:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-07 22:23:43 0 d-------- C:\Program Files\Bonjour
2008-06-07 22:23:31 0 d-------- C:\Documents and Settings\Hachidori\Application Data\Adobe
2008-06-07 22:17:57 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-07 22:17:00 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-07 22:16:28 0 d-------- C:\Documents and Settings\Hachidori\Application Data\Mozilla
2008-06-07 22:14:58 0 d-------- C:\Documents and Settings\Hachidori\Application Data\Identities
2008-06-07 22:14:53 0 d--h----- C:\Documents and Settings\Hachidori\Templates
2008-06-07 22:14:53 0 dr------- C:\Documents and Settings\Hachidori\Start Menu
2008-06-07 22:14:53 0 dr-h----- C:\Documents and Settings\Hachidori\SendTo
2008-06-07 22:14:53 0 d--h----- C:\Documents and Settings\Hachidori\PrintHood
2008-06-07 22:14:53 3932160 --ah----- C:\Documents and Settings\Hachidori\NTUSER.DAT
2008-06-07 22:14:53 0 d--h----- C:\Documents and Settings\Hachidori\NetHood
2008-06-07 22:14:53 0 dr------- C:\Documents and Settings\Hachidori\My Documents
2008-06-07 22:14:53 0 d--h----- C:\Documents and Settings\Hachidori\Local Settings
2008-06-07 22:14:53 0 dr------- C:\Documents and Settings\Hachidori\Favorites
2008-06-07 22:14:53 0 d-------- C:\Documents and Settings\Hachidori\Desktop
2008-06-07 22:14:53 0 d--hs---- C:\Documents and Settings\Hachidori\Cookies
2008-06-07 22:14:53 0 dr-h----- C:\Documents and Settings\Hachidori\Application Data
2008-06-07 22:14:53 0 d---s---- C:\Documents and Settings\Hachidori\Application Data\Microsoft
2008-06-07 22:13:53 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 22:13:52 0 d-------- C:\Fraps
2008-06-07 20:41:19 0 d-a------ C:\Program Files\CPU-Z
2008-06-07 20:00:14 73728 --a------ C:\WINDOWS\system32\GkSui18.EXE
2008-06-07 20:00:14 69632 --a------ C:\WINDOWS\system32\Copy of GkSui18.EXE
2008-06-07 20:00:13 0 d-------- C:\Program Files\Folding@Home
2008-06-07 19:09:23 0 d-------- C:\Program Files\OpenAL
2008-06-07 19:05:25 0 d-------- C:\Program Files\Bohemia Interactive
2008-06-07 18:00:44 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-07 17:56:37 0 d-------- C:\WINDOWS\Performance
2008-06-07 17:56:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-06-07 17:25:02 45056 --a------ C:\WINDOWS\system32\SAIKICK.dll <Not Verified; Saitek; Configuration Software>
2008-06-07 17:25:02 45056 --a------ C:\WINDOWS\system32\SAIHOOK.dll <Not Verified; Saitek plc; Configuration Software>
2008-06-07 17:25:02 147456 --a------ C:\WINDOWS\system32\SAICFG.dll <Not Verified; ; SaiCfg Dynamic Link Library>
2008-06-07 17:25:02 40960 --a------ C:\WINDOWS\system32\REnum.exe <Not Verified; Saitek; Saitek Enumeration Utility>
2008-06-07 17:25:02 163840 --a------ C:\WINDOWS\system32\PrfAct.exe <Not Verified; Saitek plc; PrfAct Module>
2008-06-07 17:25:02 122880 --a------ C:\WINDOWS\system32\Nx.exe <Not Verified; ; NukeUxp Application>
2008-06-07 17:25:02 26752 --a------ C:\WINDOWS\system32\drivers\SaiNtBus.sys <Not Verified; Saitek; Configuration Software>
2008-06-07 17:25:02 15616 --a------ C:\WINDOWS\system32\drivers\SaiMini.sys <Not Verified; Saitek; Configuration Software>
2008-06-07 17:24:57 0 d-------- C:\Program Files\Saitek
2008-06-07 16:57:19 53248 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-06-07 16:56:43 0 d-------- C:\Program Files\Common Files\Logitech
2008-06-07 16:56:17 0 d-------- C:\Program Files\Logitech
2008-06-07 15:44:02 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-06-07 15:01:52 0 d-------- C:\WINDOWS\system32\Futuremark
2008-06-07 15:01:52 3972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2008-06-07 15:01:10 0 d-------- C:\Program Files\Futuremark
2008-06-07 13:56:13 0 d-------- C:\Program Files\SpeedFan
2008-06-07 13:46:41 0 d-------- C:\Program Files\RivaTuner v2.09
2008-06-07 13:43:22 0 d-------- C:\Program Files\Common Files\LightScribe
2008-06-07 13:40:46 0 d-------- C:\Program Files\Nero
2008-06-07 13:40:46 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-07 13:40:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-07 13:14:18 0 d-------- C:\Program Files\Common Files\ReGet Shared
2008-06-07 13:01:30 0 d-------- C:\Documents and Settings\Paulie B\Application Data\Macromedia
2008-06-07 13:01:30 0 d-------- C:\Documents and Settings\Paulie B\Application Data\Adobe
2008-06-07 13:01:27 1169 --a------ C:\WINDOWS\mozver.dat
2008-06-07 11:44:02 0 d-------- C:\Documents and Settings\Paulie B\Contacts
2008-06-07 11:42:02 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-07 11:41:54 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-07 11:26:36 0 d-------- C:\WINDOWS\pss
2008-06-07 11:17:33 0 d-------- C:\Program Files\Alwil Software
2008-06-07 11:10:18 0 d-------- C:\Documents and Settings\Paulie B\Application Data\Diino
2008-06-07 11:05:56 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-07 11:05:54 0 d-------- C:\Documents and Settings\Paulie B\Application Data\Mozilla
2008-06-07 10:59:00 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-07 10:58:20 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-07 10:58:20 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-07 10:52:47 0 d-------- C:\WINDOWS\Prefetch
2008-06-07 10:49:15 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-07 10:23:41 0 d-------- C:\WINDOWS\system32\scripting
2008-06-07 10:23:41 0 d-------- C:\WINDOWS\system32\en
2008-06-07 10:23:41 0 d-------- C:\WINDOWS\system32\bits
2008-06-07 10:23:41 0 d-------- C:\WINDOWS\l2schemas
2008-06-07 10:09:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-07 10:06:27 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-07 10:05:39 0 d--hs---- C:\Documents and Settings\Paulie B\UserData
2008-06-07 09:59:00 280 --a------ C:\WINDOWS\system32\PDBootState
2008-06-07 09:48:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-06-07 09:47:56 0 d-------- C:\Program Files\Raxco
2008-06-07 09:38:02 0 d-------- C:\Program Files\Lavasoft
2008-06-07 09:38:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-07 09:37:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-07 09:26:20 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2008-06-07 09:25:35 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-06-07 09:25:35 110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-06-07 09:25:33 0 d-------- C:\Documents and Settings\Paulie B\Application Data\Creative
2008-06-07 09:25:05 0 d-------- C:\WINDOWS\system32\Data
2008-06-07 09:25:05 3072 --a------ C:\WINDOWS\CTXFIRES.DLL <Not Verified; ; CTxfiRes Dynamic Link Library>
2008-06-07 09:25:05 10240 --a------ C:\WINDOWS\CTDCRES.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-06-07 09:24:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-06-07 09:24:12 0 d-------- C:\Program Files\Creative
2008-06-07 09:15:35 0 d-------- C:\WINDOWS\nvidia icons
2008-06-07 09:15:25 0 d-------- C:\WINDOWS\nview
2008-06-07 09:15:03 0 d-------- C:\NVIDIA
2008-06-07 09:11:46 0 d-------- C:\WINDOWS\system32\Lang
2008-06-07 09:07:44 0 d-------- C:\WINDOWS\OPTIONS
2008-06-07 09:07:38 0 d-------- C:\Documents and Settings\Paulie B\Application Data\InstallShield
2008-06-07 09:07:13 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-06-07 09:06:56 0 d-------- C:\WINDOWS\system32\RTCOM
2008-06-07 09:06:45 0 d-------- C:\Program Files\Realtek
2008-06-07 09:06:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-07 09:06:40 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-07 09:06:40 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-06-07 09:06:38 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-07 09:02:36 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-07 09:02:35 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-07 09:02:34 53248 --a------ C:\WINDOWS\system32\CSVer.dll <Not Verified; Windows XP Bundled build C-Centric Single User; Windows XP Bundled build C-Centric Single User CSVer>
2008-06-07 09:02:34 0 d-------- C:\Program Files\Intel
2008-06-07 09:02:24 0 d-------- C:\Intel
2008-06-07 08:03:30 0 d-------- C:\Documents and Settings\Paulie B\Application Data\Identities
2008-06-07 08:03:23 0 dr-h----- C:\Documents and Settings\Paulie B\SendTo
2008-06-07 08:03:23 0 d--h----- C:\Documents and Settings\Paulie B\PrintHood
2008-06-07 08:03:23 0 d--h----- C:\Documents and Settings\Paulie B\NetHood
2008-06-07 08:03:23 0 dr------- C:\Documents and Settings\Paulie B\My Documents
2008-06-07 08:03:23 0 d--h----- C:\Documents and Settings\Paulie B\Local Settings
2008-06-07 08:03:23 0 dr------- C:\Documents and Settings\Paulie B\Favorites
2008-06-07 08:03:23 0 d-------- C:\Documents and Settings\Paulie B\Desktop
2008-06-07 08:03:23 0 d--hs---- C:\Documents and Settings\Paulie B\Cookies
2008-06-07 08:03:23 0 dr-h----- C:\Documents and Settings\Paulie B\Application Data
2008-06-07 08:03:22 0 d--h----- C:\Documents and Settings\Paulie B\Templates
2008-06-07 08:03:22 0 dr------- C:\Documents and Settings\Paulie B\Start Menu
2008-06-07 08:03:22 3145728 --ah----- C:\Documents and Settings\Paulie B\NTUSER.DAT
2008-06-07 08:00:11 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-07 08:00:09 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-06-07 08:00:09 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-06-07 08:00:09 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-06-07 08:00:09 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-06-07 08:00:09 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-07 08:00:08 237568 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-07 03:51:43 0 d--hs---- C:\WINDOWS\Installer
2008-06-07 03:51:42 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-07 03:51:40 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-07 03:51:39 0 dr------- C:\Program Files
2008-06-07 03:51:39 0 d-------- C:\Program Files\Common Files
2008-06-07 03:51:39 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-06-07 03:51:20 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-06-07 03:51:20 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-07 03:51:20 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-07 03:51:20 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-06-07 03:51:20 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-06-07 03:51:20 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-06-07 03:51:20 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-06-07 03:51:20 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-06-07 03:51:20 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-06-07 03:51:20 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-06-07 03:51:20 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-06-07 03:51:20 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-06-07 03:51:20 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-07 03:51:20 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-06-07 03:51:20 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-07 03:51:20 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-06-07 03:51:05 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-07 03:51:05 0 d-------- C:\WINDOWS\system32\CatRoot
2008-06-07 03:51:00 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-07 03:51:00 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-07 03:51:00 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-07 03:50:59 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-07 03:50:42 0 d--hs---- C:\System Volume Information
2008-06-07 03:50:42 0 d-------- C:\Documents and Settings
2008-06-07 03:47:37 0 d-------- C:\WINDOWS
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\WinSxS
2008-06-07 03:47:37 0 dr------- C:\WINDOWS\Web
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\twain_32
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\wins
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\wbem
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\usmt
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\spool
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\ShellExt
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\Setup
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\ras
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\oobe
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\npp
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\mui
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\inetsrv
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\IME
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\icsxml
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\ias
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\export
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\drivers
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-06-07 03:47:37 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\dhcp
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\config
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\3076
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\2052
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\1054
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\1042
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\1041
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\1037
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\1033
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\1031
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\1028
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system32\1025
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\system
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\security
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\Resources
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\repair
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\Provisioning
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\PeerNet
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\pchealth
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\mui
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\msapps
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\msagent
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\Media
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\java
2008-06-07 03:47:37 0 d--h----- C:\WINDOWS\inf
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\ime
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\Help
2008-06-07 03:47:37 0 dr--s---- C:\WINDOWS\Fonts
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\ehome
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\Driver Cache
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\Debug
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\Cursors
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\Connection Wizard
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\Config
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\AppPatch
2008-06-07 03:47:37 0 d-------- C:\WINDOWS\addins
2008-06-07 03:01:19 237568 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-07 03:01:19 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-06-07 03:01:19 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-06-07 03:01:19 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-06-07 03:01:19 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-07 02:59:14 0 d-------- C:\WINDOWS\system32\xircom
2008-06-07 02:59:14 0 d-------- C:\Program Files\microsoft frontpage
2008-06-07 02:58:57 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-07 02:58:54 0 d-------- C:\WINDOWS\network diagnostic
2008-06-07 02:58:37 0 -rahs---- C:\MSDOS.SYS
2008-06-07 02:58:37 0 -rahs---- C:\IO.SYS
2008-06-07 02:58:37 0 --a------ C:\CONFIG.SYS
2008-06-07 02:58:37 0 --a------ C:\AUTOEXEC.BAT
2008-06-07 02:57:58 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-07 02:57:53 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-07 02:57:53 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-06-07 02:57:45 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-07 02:57:31 0 d-------- C:\WINDOWS\system32\DirectX
2008-06-07 02:57:09 0 d---s---- C:\WINDOWS\Tasks
2008-06-07 02:57:08 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-07 02:57:06 0 d-------- C:\WINDOWS\srchasst
2008-06-07 02:57:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-06-07 02:57:00 0 d-------- C:\Program Files\Movie Maker
2008-06-07 02:56:54 0 d-------- C:\WINDOWS\system32\Restore
2008-06-07 02:56:24 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-07 02:56:10 0 d-------- C:\WINDOWS\Registration
2008-06-07 02:56:04 0 d-------- C:\Program Files\Online Services
2008-06-07 02:55:58 0 d-------- C:\Program Files\Messenger
2008-06-07 02:55:56 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-07 02:55:30 0 d-------- C:\Program Files\Windows NT
2008-06-07 02:55:28 0 d-------- C:\WINDOWS\system32\MsDtc
2008-06-07 02:55:26 0 d-------- C:\WINDOWS\system32\Com

-- Find3M Report ---------------------------------------------------------------

2008-06-07 03:51:20 62 --ahs---- C:\Documents and Settings\Paulie B\Application Data\desktop.ini
2008-05-03 05:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-03 05:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-03 05:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-03 05:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-03 05:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-03 05:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-03 05:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-03 05:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr "= "ALCMTR.EXE" [03/05/2005 11:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [03/05/2008 05:46]
"nwiz "= "nwiz.exe" [03/05/2008 05:46 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [03/05/2008 05:46]
"AudioDrvEmulator "= "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [04/11/2005 18:07]
"CTHelper "= "CTHELPER.EXE" [12/12/2006 10:46 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp "= "CTXFIHLP.EXE" [12/12/2006 10:46 C:\WINDOWS\system32\Ctxfihlp.exe]
"UpdReg "= "C:\WINDOWS\UpdReg.EXE" [11/05/2000 01:00]
"CTRegRun "= "C:\WINDOWS\CTRegRun.EXE" [11/10/1999 02:00]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 00:19]
"RivaTunerStartupDaemon "= "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [28/04/2008 19:25]
"RTHDCPL "= "RTHDCPL.EXE" [19/09/2007 11:14 C:\WINDOWS\RTHDCPL.exe]
"LVCOMSX "= "C:\WINDOWS\system32\LVCOMSX.EXE" [08/10/2004 11:52]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [01/06/2007 10:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages "= scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hachidori^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Hachidori\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Profiler]
C:\Program Files\Saitek\Software\Profiler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
C:\Program Files\Saitek\Software\SaiMfd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiSmart]
C:\Program Files\Saitek\Software\SaiSmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"C:\Program Files\Zune\ZuneLauncher.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service "=2 (0x2)
"aawservice "=2 (0x2)
"ZuneWlanCfgSvc "=3 (0x3)
"ZuneNetworkSvc "=2 (0x2)
"ZuneBusEnum "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe "

-- End of Deckard's System Scanner: finished at 2008-06-11 18:52:15 ------------

mflynn · 2008/06/11

Leave those programs Widows live and Reget uninsatlled for now.

Also leave all those services disabled also! But do recheck and make sure DHCP Client Automatic is running. DNS Client was what was supposed to be disabled.

Well the DHCP issue could be the problem.

Drag your mouse to highlight the below, between the lines then rt click and copy.
--------------------------------------------
%SystemRoot%\system32\cmd.exe /c %windir%\system32\ipconfig.exe /all >> "%USERPROFILE% "\Desktop\Ipcfg.txt
--------------------------------------------

Then open a cmd prompt and paste.

A new Icon will appear on desktop post the contents of this file back back.

Also test if this issue is there in Safe mode the Safe mode with networking. let me know!

Mike

mflynn · 2008/06/11

Go back into device manager and rt click and uninstall both of these items and reboot.

They should install correctly on reboot. Recheck to see if in fact they did.

Mike

onelosttiger · 2008/06/11

Ok here is the txt file from the cmd prompt. I have also tried in safe mode and networked and it still pauses.

Windows IP Configuration

Host Name . . . . . . . . . . . . : pc

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-1A-4D-5E-09-3C

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 62.31.176.39

194.117.134.19

195.188.53.175

Lease Obtained. . . . . . . . . . : 11 June 2008 19:56:28

Lease Expires . . . . . . . . . . : 12 June 2008 19:56:28

onelosttiger · 2008/06/11

I have uninstalled the two items in devices. They have not reinstalled upon restart but the pause is much shorter now, around 10 seconds or so. We're getting there! thanks for all your help so far.

mflynn · 2008/06/11

Tell me exactly the steps you took to get this as I don't understand exactly where you got it.

admin services DHCP has always got an x next to it and states that 192.168.1.1 was unavailable and so it had to use 192.168.1.100
Click to expand...

And if you can reproduce it is does it still have an x?

Mike

onelosttiger · 2008/06/11

Hi Mike

Ok, I went into the event viewer in admin tools and clicked on system. In the log it shows the DHCP with an x next to it at the same time that I boot. When I right click the entry it states-

The IP address lease 192.168.1.100 for the network card with network address (not sure whether i'm supposed to put the alpha numeric number on a public forum) has been denied by the DHCP server 192.168.1.1 (The DHCP server sent a DHCPNACK message).

Yes it does still have a red x.

mflynn · 2008/06/11

OK lets do a general Shotgun fix!

But first clear the event logs so they will be easier to read.

Download Dial-A-Fix (DAF)
http://wiki.djlizard.net/Dial-a-fix#...C_and_articles

Have XP CD available in case DAF needs a file.

Check all boxes on the screen (if a Restrictions page pops up, clear any restrictions if it shows any).

Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here 1 at a time do the below

Flush DNS
Process Idle Tasks
Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking

Watch for any File not found or other errors and make note as this may lead to the fix!

Reboot and immediately recheck the events, then retest for issue!

Get back with report!

Mike

onelosttiger · 2008/06/11

Right i'm back thought i'd never make it. The pause is substantially less now and my total time from switching power on to being in windows with a browser open is 50 seconds following all the fixes etc. But the network thing is still there in the new event log but now it appears a couple of times each boot and at one point i could not even get online.

I'm getting a DHCP warning stating-

Your computer has automatically configured the IP address for the Network Card with network address 001A4D5E093C. The IP address being used is 169.254.90.182.

And then a DHCP Error-

The IP address lease 192.168.1.100 for the Network Card with network address 001A4D5E093C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

And then a netlogon error-

This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

Please let me know if i should delete these number from the forum page as i can't remember which ones i should not show to public.

Do you need another DSS report?

mflynn · 2008/06/11

Not yet on the DSS!

So far the numbers are safe.

Do a new Ipconfig at the cmd prompt like you did before.

Go in to Services again make sure DHCP Client, Computer Browser, Server and Workstation are all set to start Automatically and have started.

While there make sure DNS Client is set to disabled and stoped. Same for Netlogon (only for Domains) is disabled.

Revisit the link in your 1st post and check all the services to disable. Get them off!

Mike

onelosttiger · 2008/06/11

Ok I have re-disabled all the services on the post, some had reverted to automatic, i presume due to some of the fixes we have done.

Power on to windows is now 47 seconds. There are now no errors in the event log. The pause is substantially less now and only around 5 seconds or so.

How am I doing now? does this sound about right to you?

My specs are E6400 (overclocked to 2.6ghz)
2GB RAM @ 800mhz
Gigabyte P35C DS3R mobo
SAMSUNG SP2504C - windows drive
WDC WD5000AAKS - documents drive

mflynn · 2008/06/11

You tell me! You have done a fantastic job of following my direction!

I think it sounds reasonable.

Use it for a day or so and then get back!

If you keep your eye on those specific services and keep them off you will be better off. Some M$ updates will kick them back on.

FYI: just this morning I edited my template about this and it may give you more insight to these services.

In services stop and disable all of the below just to get them out of the way for now for trouble shooting purposes.

Nothing is un-installed or deleted only disabled from running!

They can be put back anytime later but I would not, as none of them are needed by most home users and very few business users. Basically stuff M$ thought you should have.

Disabled uses no memory (RAM) and no CPU cycles.
Manual uses the RAM but a small amount of CPU, they use even more RAM and CPU if Auto and not started, and even more if Auto and started..

Now in this case we disabling for trouble shooting purposes. But when we finish if you leave them all off until it is noticed that you need one (not likely for 99%) then it can be enabled.

Leaving these all off, then becomes a performance tweak/boost as they free some RAM and CPU cycles! Special note. If you are going to pick and choose then be aware that the small amount of RAM and CPU cycles of each one individually is not significant but as a group it is! So if you need most of them (or just think you do because you don't) then just as well enable them all)!

DNS Client
Fast User switching
Indexing service
Messenger
Net logon
Net.TCP Port Sharing
NetMeeting Remote Desktop Sharing
IPsec services
QoS RSVP
Remote Registry
Uninterruptable power supply
Universal Plug and play
Web Client
Windows media player Network Sharing

IF you are using a wired network card and "NOT" using wireless on this computer then you can
also disable

Wireless Zero configuration

This is only used on computers with a wireless NIC like a Laptop. Do not disable Wireless Zero configuration on a Laptop. Has nothing to do with other wireless hardware like wireless routers etc.

In short if this computer has a CAT 5 or 6 cable and no ability to connect wirelessly if that cable is unplugged, then you can disable Wireless Zero configuration.

This is not to be confused with Wired Auto Config do not disable that!
Click to expand...

So after a day or so you should notice some speed and stability improvments.

More info on these can be found at http://blackviper.com

Mike

onelosttiger · 2008/06/11

Thanks very very much for your help Mike. I've just discovered a slight snag in my performance after reading up

I have realised that my mobo actually defaults to IDE instead of AHCI in the BIOS. When I installed windows it never gave a prompt for SATA as it just assumed my SATA drives, which are plugged into the SATA sockets are IDE and so i do not have the performance bonus of SATA. I have also found out that I can not install SATA drivers after the installation of xp, so i'm going to have to live with SATA drives pretending to be IDE

I shall be back in a couple of days to let you know how the PC is running, thanks again for the help and also the hints and tips I have picked up!

mflynn · 2008/06/11

Lets go a couple days first but there is a way to get SATA!

Requires slipstreaming the drivers into the XP CD then doing a repair install to get the installed. But it can be done. But I need a little break!

So lets check out what we did up thu today and if all OK then we tackle that!

Mike

Log in or Sign up

SP3 pauses for 20 secs prior to log in

onelosttiger Inactive Thread Starter

PeteC SuperGeek Staff

onelosttiger Inactive Thread Starter

PeteC SuperGeek Staff

mflynn Inactive

onelosttiger Inactive Thread Starter

onelosttiger Inactive Thread Starter

mflynn Inactive

mflynn Inactive

onelosttiger Inactive Thread Starter

onelosttiger Inactive Thread Starter

mflynn Inactive

onelosttiger Inactive Thread Starter

mflynn Inactive

onelosttiger Inactive Thread Starter

mflynn Inactive

onelosttiger Inactive Thread Starter

mflynn Inactive

onelosttiger Inactive Thread Starter

mflynn Inactive

Share This Page

Log in or Sign up

SP3 pauses for 20 secs prior to log in

onelosttiger Inactive Thread Starter

PeteC SuperGeek Staff

onelosttiger Inactive Thread Starter

PeteC SuperGeek Staff

mflynn Inactive

onelosttiger Inactive Thread Starter

onelosttiger Inactive Thread Starter

mflynn Inactive

mflynn Inactive

onelosttiger Inactive Thread Starter

onelosttiger Inactive Thread Starter

mflynn Inactive

onelosttiger Inactive Thread Starter

mflynn Inactive

onelosttiger Inactive Thread Starter

mflynn Inactive

onelosttiger Inactive Thread Starter

mflynn Inactive

onelosttiger Inactive Thread Starter

mflynn Inactive

Share This Page

Useful Searches