WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer super slow loading and anything with graphics

Started by loubratt , Sep 29 2009 05:13 PM

Please log in to reply

43 replies to this topic

#1 loubratt

Authentic Member

Authentic Member
30 posts

Posted 29 September 2009 - 05:13 PM

Getting slower and slower everyday. About 3 mos ago I got an error message that said something about my video card but I have never seen that warning again. You guys checked me for the obvious stuff (virus/malware)and then sent me over here to see what you guys could find. I bought more memory but when i put it in it REALLY slowed it down...almost like it couldnt process the addition of the memory. I do know that anything with pictures, graphics or when starting up a program is the worst. It also is extremely slow when getting onto internet loading pages. Any ideas? thanks so much

Advertisements

Register to Remove

#2 Ztruker

WTT Technical Elder

Tech Team
8,292 posts

Interests:Helping people fix MS Windows related computer problems of all kinds.

Waking each morning to see the green side of the Earth!

Posted 29 September 2009 - 06:06 PM

Hi loubratt.

Please download and run SINO. Instruction here: http://forums.whatth...NO_t107285.html

Rich

Die with memories, not dreams. – Unknown

#3 loubratt

Authentic Member

Authentic Member
30 posts

Posted 29 September 2009 - 07:19 PM

Thanks Ztruker..one thing I just remembered happened around the same time was that my cf card reader stopped working...not sure if that is related and I get a virtual memory too low warning all the time (which was why I went to buy the ram). I have attached the log.

#4 loubratt

Authentic Member

Authentic Member
30 posts

Posted 29 September 2009 - 07:21 PM

ok it will not let me attach the file Upload failed. You are not permitted to upload this type of file and if I copy and paste it says it is too much I will try to break it up into separate posts

#5 loubratt

Authentic Member

Authentic Member
30 posts

Posted 29 September 2009 - 07:22 PM

System Investigator by Olrik
Log Created On: 2004_29-09-2009
SINO Version: 2.4.9.9

Total RAM: 958 MB | Free RAM: 306 MB | Pagefile Size: 2597 MB
C: | 167858 MB out of 233617 MB Free | Local Fixed Disk
D: | None | CD-ROM Disc
E: | None | CD-ROM Disc
F: | None | Removable Disk
G: | None | Removable Disk
H: | None | Removable Disk
I: | None | Removable Disk

<<<< System Information >>>>

Computer Name: DGJCJ7C1
Username: Laura
Language Setting: ENU
Windows Directory: C:\WINDOWS
Windows Version: Windows XP Service Pack 3

<<<< Tasklist >>>>

[System Idle Process] - Process ID: 0
[System] - Process ID: 4
[C:\WINDOWS\System32\smss.exe] - Process ID: 788
[csrss.exe] - Process ID: 1208
[C:\WINDOWS\system32\winlogon.exe] - Process ID: 1232
[C:\WINDOWS\system32\services.exe] - Process ID: 1276
[C:\WINDOWS\system32\lsass.exe] - Process ID: 1288
[C:\WINDOWS\system32\svchost.exe] - Process ID: 1536
[svchost.exe] - Process ID: 1640
[C:\WINDOWS\System32\svchost.exe] - Process ID: 1792
[svchost.exe] - Process ID: 1940
[C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe] - Process ID: 2036
[C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe] - Process ID: 288
[svchost.exe] - Process ID: 388
[C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe] - Process ID: 488
[C:\WINDOWS\system32\spoolsv.exe] - Process ID: 1756
[svchost.exe] - Process ID: 1888
[C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe] - Process ID: 1976
[C:\WINDOWS\eHome\ehRecvr.exe] - Process ID: 808
[C:\WINDOWS\eHome\ehSched.exe] - Process ID: 1184
[C:\Program Files\Java\jre6\bin\jqs.exe] - Process ID: 596
[C:\Program Files\Common Files\LightScribe\LSSrvc.exe] - Process ID: 848
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] - Process ID: 1032
[C:\WINDOWS\system32\nvsvc32.exe] - Process ID: 208
[C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe] - Process ID: 264
[svchost.exe] - Process ID: 2444
[C:\WINDOWS\system32\svchost.exe] - Process ID: 2456
[wdfmgr.exe] - Process ID: 2480
[mcrdsvc.exe] - Process ID: 2652
[C:\Program Files\Canon\CAL\CALMAIN.exe] - Process ID: 3248
[C:\WINDOWS\system32\dllhost.exe] - Process ID: 3480
[alg.exe] - Process ID: 3680
[C:\WINDOWS\Explorer.EXE] - Process ID: 2928
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe] - Process ID: 1204
[C:\WINDOWS\ehome\ehtray.exe] - Process ID: 1996
[C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe] - Process ID: 3652
[C:\WINDOWS\eHome\ehmsas.exe] - Process ID: 2364
[C:\WINDOWS\System32\DLA\DLACTRLW.EXE] - Process ID: 2884
[C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe] - Process ID: 1700
[C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe] - Process ID: 2880
[C:\Program Files\Java\jre6\bin\jusched.exe] - Process ID: 3516
[C:\Program Files\Dell Support\DSAgnt.exe] - Process ID: 3552
[C:\Program Files\Messenger\msmsgs.exe] - Process ID: 3348
[C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] - Process ID: 2184
[C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe] - Process ID: 4052
[C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe] - Process ID: 4028
[C:\WINDOWS\system32\ctfmon.exe] - Process ID: 2284
[C:\WINDOWS\System32\svchost.exe] - Process ID: 1020
[C:\Program Files\Digital Line Detect\DLG.exe] - Process ID: 4020
[C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe] - Process ID: 2248
[C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe] - Process ID: 3676
[C:\Program Files\internet explorer\iexplore.exe] - Process ID: 1608
[C:\Program Files\Java\jre6\bin\jucheck.exe] - Process ID: 3112
[C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe] - Process ID: 7836
[C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgr.exe] - Process ID: 6196
[C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe] - Process ID: 4828
[C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe] - Process ID: 2500
[C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE] - Process ID: 7424
[C:\PROGRA~1\MI1933~1\OFFICE11\OUTLOOK.EXE] - Process ID: 4184
[C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE] - Process ID: 8164
[C:\Program Files\internet explorer\iexplore.exe] - Process ID: 2304
[C:\DOCUME~1\Laura\LOCALS~1\Temp\SINO\SINO.exe] - Process ID: 7212
[wmiprvse.exe] - Process ID: 6532

<<<< Startup Items >>>>

[DellSupport]
<HKU\S-1-5-21-627564644-3550065620-3799553870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Dell Support\DSAgnt.exe" /startup
[MSMSGS] - <HKU\S-1-5-21-627564644-3550065620-3799553870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Messenger\msmsgs.exe" /background
[swg] - <HKU\S-1-5-21-627564644-3550065620-3799553870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[ISUSPM] - <HKU\S-1-5-21-627564644-3550065620-3799553870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
[LightScribe Control Panel] - <HKU\S-1-5-21-627564644-3550065620-3799553870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
[ctfmon.exe] - <HKU\S-1-5-21-627564644-3550065620-3799553870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\WINDOWS\system32\ctfmon.exe

Edited to remove all the bogus info from the SINO report Rich

Edited by Ztruker, 03 October 2009 - 03:29 PM.

#6 loubratt

Authentic Member

Authentic Member
30 posts

Posted 29 September 2009 - 07:24 PM

Edited to remove the bogus info from the SINO report Rich

[Digital Line Detect] - <Common Startup> - C:\PROGRA~1\DIGITA~1\DLG.exe
[NetScreen-Remote] - <Common Startup> - C:\PROGRA~1\Juniper\NETSCR~1\SafeCfg.exe
[QuickBooks Update Agent] - <Common Startup> - C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe
[ehTray] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\WINDOWS\ehome\ehtray.exe
[NvCplDaemon] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[DMXLauncher] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
[DLA] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\WINDOWS\System32\DLA\DLACTRLW.EXE
[ISUSPM Startup] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[ISUSScheduler] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[QuickTime Task] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\QuickTime\qttask.exe" -atboottime
[eFax 4.3] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
[ccApp] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
[osCheck] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Norton Internet Security\osCheck.exe"
[RoxWatchTray] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
[NvMediaCenter] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[SunJavaUpdateSched] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Java\jre6\bin\jusched.exe"

<<<< MS Services >>>>

Alerter (Alerter) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Application Layer Gateway Service (ALG) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\System32\alg.exe
Application Management (AppMgmt) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
ASP.NET State Service (aspnet_state) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Windows Audio (AudioSrv) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Background Intelligent Transfer Service (BITS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Computer Browser (Browser) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Indexing Service (CiSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\cisvc.exe
ClipBook (ClipSrv) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\clipsrv.exe
.NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
COM+ System Application (COMSysApp) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc (CryptSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher (DcomLaunch) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client (Dhcp) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Logical Disk Manager Administrative Service (dmadmin) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\dmadmin.exe /com
Logical Disk Manager (dmserver) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
DNS Client (Dnscache) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k NetworkService
Media Center Receiver Service (ehRecvr) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\eHome\ehRecvr.exe
Media Center Scheduler Service (ehSched) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\eHome\ehSched.exe
Error Reporting Service (ERSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log (Eventlog) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\services.exe
COM+ Event System (EventSystem) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Stopped [Manual | Not_Stoppable | Not_Pausable] - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
Help and Support (helpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Human Interface Device Access (HidServ) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
HTTP SSL (HTTPFilter) - Running [Manual | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
Windows CardSpace (idsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
IMAPI CD-Burning COM Service (ImapiService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\imapi.exe
Server (lanmanserver) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Workstation (lanmanworkstation) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper (LmHosts) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Media Center Extender Service (McrdSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\ehome\mcrdsvc.exe
Machine Debug Manager (MDM) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
Messenger (Messenger) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
MHN (MHN) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
NetMeeting Remote Desktop Sharing (mnmsrvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\mnmsrvc.exe
Windows Installer (MSIServer) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\msiexec.exe /V
Network DDE (NetDDE) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\netdde.exe
Network DDE DSDM (NetDDEdsdm) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\netdde.exe
Net Logon (Netlogon) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Network Connections (Netman) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Net.Tcp Port Sharing Service (NetTcpPortSharing) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Network Location Awareness (NLA) (Nla) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
NT LM Security Support Provider (NtLmSsp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Removable Storage (NtmsSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Office Source Engine (ose) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Plug and Play (PlugPlay) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\services.exe
IPSEC Services (PolicyAgent) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Protected Storage (ProtectedStorage) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Remote Access Auto Connection Manager (RasAuto) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Access Connection Manager (RasMan) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Desktop Help Session Manager (RDSessMgr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\sessmgr.exe
Routing and Remote Access (RemoteAccess) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Registry (RemoteRegistry) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Remote Procedure Call (RPC) Locator (RpcLocator) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\locator.exe
Remote Procedure Call (RPC) (RpcSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost -k rpcss
QoS RSVP (RSVP) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\rsvp.exe
Security Accounts Manager (SamSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Smart Card (SCardSvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\SCardSvr.exe
Task Scheduler (Schedule) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Secondary Logon (seclogon) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
System Event Notification (SENS) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Shell Hardware Detection (ShellHWDetection) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Print Spooler (Spooler) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\spoolsv.exe
System Restore Service (srservice) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
SSDP Discovery Service (SSDPSRV) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Windows Image Acquisition (WIA) (stisvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k imgsvc
MS Software Shadow Copy Provider (SwPrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\dllhost.exe /Processid:{6F6160A9-C71A-4D34-91A0-5B9E71074979}
Performance Logs and Alerts (SysmonLog) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\smlogsvc.exe
Telephony (TapiSrv) - Running [Manual | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Terminal Services (TermService) - Running [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost -k DComLaunch
Themes (Themes) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Telnet (TlntSvr) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\tlntsvr.exe
Distributed Link Tracking Client (TrkWks) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Universal Plug and Play Device Host (upnphost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Uninterruptible Power Supply (UPS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\ups.exe
Volume Shadow Copy (VSS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\vssvc.exe
WebClient (WebClient) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Windows Management Instrumentation (winmgmt) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Portable Media Serial Number Service (WmdmPmSN) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Management Instrumentation Driver Extensions (Wmi) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
WMI Performance Adapter (WmiApSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\wbem\wmiapsrv.exe
Security Center (wscsvc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Automatic Updates (wuauserv) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Wireless Zero Configuration (WZCSVC) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Network Provisioning Service (xmlprov) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs

<<<< Non-MS Services >>>>

Automatic LiveUpdate Scheduler (Automatic LiveUpdate Scheduler) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"
Canon Camera Access Library 8 (CCALib8) - Running [Auto | Stoppable | Not_Pausable] - C:\Program Files\Canon\CAL\CALMAIN.exe
Symantec Event Manager (ccEvtMgr) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Symantec Settings Manager (ccSetMgr) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Symantec Lic NetConnect service (CLTNetCnService) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
COM Host (comHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe"
Wired AutoConfig (Dot3svc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k dot3svc
Extensible Authentication Protocol Service (EapHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k eapsvcs
Fax (Fax) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\fxssvc.exe
Google Software Updater (gusvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
Health Key and Certificate Management Service (hkmsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
SafeNet Monitor Service (IPSECMON) - Running [Auto | Stoppable | Pausable] - "C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe"
SafeNet IKE Service (IreIKE) - Running [Auto | Stoppable | Pausable] - "C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe"
Java Quick Starter (JavaQuickStarterService) - Running [Auto | Stoppable | Pausable] - "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
LightScribeService Direct Disc Labeling Service (LightScribeService) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
LiveUpdate (LiveUpdate) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE"
LiveUpdate Notice (LiveUpdate Notice) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Network Access Protection Agent (napagent) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
NMIndexingService (NMIndexingService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
NVIDIA Display Driver Service (NVSvc) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\nvsvc32.exe
QBCFMonitorService (QBCFMonitorService) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe"
Intuit QuickBooks FCS (QBFCService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe"
Roxio UPnP Renderer 10 (Roxio UPnP Renderer 10) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe"
Roxio Upnp Server 10 (Roxio Upnp Server 10) - Stopped [Auto | Not_Stoppable | Not_Pausable] - "C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe"
LiveShare P2P Server 10 (RoxLiveShare10) - Stopped [Auto | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe"
RoxMediaDB10 (RoxMediaDB10) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe"
Roxio Hard Drive Watcher 10 (RoxWatch10) - Stopped [Auto | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe"
Symantec Core LC (Symantec Core LC) - Running [Manual | Stoppable | Not_Pausable] - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
Windows User Mode Driver Framework (UMWdf) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\wdfmgr.exe
Windows Time (w32time) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs

<<<< Boot.ini >>>>

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

<<<< Ipconfig >>>>

Windows IP Configuration

Host Name . . . . . . . . . . . . : DGJCJ7C1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Peer-Peer
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : om.cox.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : om.cox.net
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-18-8B-7F-CE-CC
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.104
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : xx.xxx.xxx.xx
68.105.29.11
68.105.28.12
Lease Obtained. . . . . . . . . . : Tuesday, September 29, 2009 4:27:41 PM
Lease Expires . . . . . . . . . . : Wednesday, September 30, 2009 4:27:41 PM

<<<< Pinging >>>>

OpenDNS Domain Test
Pinging to www.opendns.com [208.69.38.150]:

Response - 61ms
Response - 62ms
Response - 62ms
Response - 62ms

Packets: Sent = 4, Received = 4, Lost = 0
Minimum = 62ms - Maximum = 62ms

OpenDNS IP Test
Pinging to 208.67.222.222 [208.67.222.222]:

Response - 31ms
Response - 30ms
Response - 31ms
Response - 31ms

Packets: Sent = 4, Received = 4, Lost = 0
Minimum = 31ms - Maximum = 31ms

YouTube Domain Test
Pinging to www.youtube.com [74.125.115.113]:

Response - 78ms
Response - 62ms
Response - 62ms
Response - 62ms

Packets: Sent = 4, Received = 4, Lost = 0
Minimum = 62ms - Maximum = 62ms

YouTube IP Test
Pinging to 208.117.236.69 [208.117.236.69]:

Response - 62ms
Response - 62ms
Response - 62ms
Response - 62ms

Packets: Sent = 4, Received = 4, Lost = 0
Minimum = 62ms - Maximum = 62ms

localhost Test
Pinging to 127.0.0.1 [127.0.0.1]:

Response - 0ms
Response - 0ms
Response - 0ms
Response - 0ms

Packets: Sent = 4, Received = 4, Lost = 0
Minimum = 0ms - Maximum = 0ms

<<<< Netstat >>>>

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1640
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[System]

TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 2444
C:\WINDOWS\system32\httpapi.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

TCP 127.0.0.1:1029 0.0.0.0:0 LISTENING 3680
[alg.exe]

TCP 127.0.0.1:1070 0.0.0.0:0 LISTENING 2880
[ccSvcHst.exe]

TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING 596
[jqs.exe]

TCP 192.168.1.104:139 0.0.0.0:0 LISTENING 4
[System]

TCP 192.168.1.104:1215 74.125.103.99:80 ESTABLISHED 1608
[iexplore.exe]

TCP 127.0.0.1:5152 127.0.0.1:2685 CLOSE_WAIT 596
[jqs.exe]

TCP 192.168.1.104:2692 67.205.44.129:80 CLOSE_WAIT 7212
[SINO.exe]

UDP 0.0.0.0:1027 *:* 288
[IreIKE.exe]

UDP 0.0.0.0:62514 *:* 288
[IreIKE.exe]

UDP 0.0.0.0:1062 *:* 2248
[SafeCfg.exe]

UDP 0.0.0.0:3776 *:* 2652
[mcrdsvc.exe]

UDP 0.0.0.0:500 *:* 288
[IreIKE.exe]

UDP 0.0.0.0:4500 *:* 288
[IreIKE.exe]

UDP 0.0.0.0:445 *:* 4
[System]

UDP 127.0.0.1:123 *:* 1792
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\svchost.exe
[svchost.exe]

UDP 127.0.0.1:2627 *:* 2304
[iexplore.exe]

UDP 127.0.0.1:1074 *:* 1608
[iexplore.exe]

UDP 127.0.0.1:1900 *:* 2444
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 127.0.0.1:1047 *:* 1792
c:\windows\system32\WS2_32.dll
C:\WINDOWS\System32\WINHTTP.dll
C:\WINDOWS\system32\upnp.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\ole32.dll
-- unknown component(s) --
[svchost.exe]

UDP 192.168.1.104:123 *:* 1792
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\svchost.exe
[svchost.exe]

UDP 192.168.1.104:138 *:* 4
[System]

UDP 192.168.1.104:1900 *:* 2444
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 192.168.1.104:137 *:* 4
[System]

<<<< Routing Table >>>>

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 8b 7f ce cc ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.104 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.104 192.168.1.104 20
192.168.1.104 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.104 192.168.1.104 20
224.0.0.0 240.0.0.0 192.168.1.104 192.168.1.104 20
255.255.255.255 255.255.255.255 192.168.1.104 192.168.1.104 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

Route Table

<<<< Hosts File >>>>

The HOSTS file is 734 Bytes in size.

<<<< Active Shares >>>>

Share: IPC$ - Path:
Share: ADMIN$ - Path: C:\WINDOWS
Share: C$ - Path: C:\

END OF LOG FILE, Date of Completion: 2004_29-09-2009 ----------

Edited by Ztruker, 14 October 2009 - 06:43 PM.

#7 Ztruker

WTT Technical Elder

Tech Team
8,292 posts

Interests:Helping people fix MS Windows related computer problems of all kinds.

Waking each morning to see the green side of the Earth!

Posted 30 September 2009 - 08:49 PM

It's going to take me a while to go over the results. Also, the Startup list looks very strange. 99% of what it shows is bogus. I'll have you run anothre program and collect a Startup list again and see what it shows, but it will have to be tomorrow.

Rich

Die with memories, not dreams. – Unknown

#8 loubratt

Authentic Member

Authentic Member
30 posts

Posted 30 September 2009 - 09:46 PM

ok just let me know, I will check back tomorrow.

#9 Ztruker

WTT Technical Elder

Tech Team
8,292 posts

Interests:Helping people fix MS Windows related computer problems of all kinds.

Waking each morning to see the green side of the Earth!

Posted 01 October 2009 - 08:29 PM

Sorry I'm so late checking in. I got caught up in Ken Burns's National Parks special on the Nat Geo channel and lost 2 hours tonight.

What I'd like you to do is download and install HijackThis 2.02. Once it's installed, it will start.
Click on Open the Misc Tools section button
Check the List minor and List empty boxes then click on Generate Startup List log

When it completes, a notepad window will open. Copy all the data shown into a reply here. Hopefully it will make more sense than the SINO report did.

Rich

Die with memories, not dreams. – Unknown

#10 Ztruker

WTT Technical Elder

Tech Team
8,292 posts

Interests:Helping people fix MS Windows related computer problems of all kinds.

Waking each morning to see the green side of the Earth!

Posted 01 October 2009 - 08:50 PM

As for the Virtual memory warnings, I'm not sure what is wrong (yet). You have plenty of ram (1GB, 306MB free) and free hard drive space (more than half the drive): Total RAM: 958 MB | Free RAM: 306 MB | Pagefile Size: 2597 MB C: | 167858 MB out of 233617 MB Free | Local Fixed Disk I wouldn't worry about it right now. Windows is doing what it's supposed to do and expanding Virtual memory (size of pagefile.sys) as needed.

Rich

Die with memories, not dreams. – Unknown

Advertisements

Register to Remove

#11 loubratt

Authentic Member

Authentic Member
30 posts

Posted 03 October 2009 - 07:29 AM

Ok, I already had that version of Hijack This so made it quicker. I will leave the RAM out and I just wanted to let you know that I have to go out of town again but will be back Sunday evening, just in case I dont respond to something until then. I know sometimes they close this if you dont respond right away...I should be back around 10pm CST. I want to say it was TOMKAT that helped me on the virus side if that helps you at all. I dont know if our threads would still be up or not. I ran ComboFix, TFC, MalwareBytes and of course Hijack This for him to check it out. Hopefully that will help you to know where we have already explored. Here is the log:

StartupList report, 10/3/2009, 8:23:58 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16876)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Laura\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Digital Line Detect.lnk = ?
NetScreen-Remote.lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ehTray = C:\WINDOWS\ehome\ehtray.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
DMXLauncher = "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
DLA = C:\WINDOWS\System32\DLA\DLACTRLW.EXE
ISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
eFax 4.3 = "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
osCheck = "C:\Program Files\Norton Internet Security\osCheck.exe"
RoxWatchTray = "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

DellSupport = "C:\Program Files\Dell Support\DSAgnt.exe" /startup
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ISUSPM = "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
LightScribe Control Panel = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\ComFile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[KB910393] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

[{10880D85-AAD9-4558-ABDC-2AB1552D831F}] *
StubPath = "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{407408d4-94ed-4d86-ab69-a7f649d112ee}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ssmypics.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\WINDOWS\System32\DLA\DLASHX_W.DLL - {5CA3D70E-1895-11CF-8E15-001234567890}
NCO 2.0 IE BHO - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll - {6D53EC84-6AAE-4787-AEEE-F4628F01010C}
(no name) - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
Browser Address Error Redirector - C:\Program Files\BAE\BAE.dll - {CA6319C0-31B7-401E-A518-A07C3DB8F777}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton Internet Security - Run Full System Scan - Laura.job

--------------------------------------------------

Enumerating Download Program Files:

[Facebook Photo Uploader 5 Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx
CODEBASE = http://upload.facebo...toUploader5.cab

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitstop.dll
CODEBASE = http://www.pcpitstop...p/pcpitstop.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[Trend Micro ActiveX Scan Agent 6.6]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
CODEBASE = http://housecall65.t...ivex/hcImpl.cab

[Symantec Download Manager]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\symdlmgr.dll
CODEBASE = https://webdl.symant...ex/symdlmgr.cab

[GMNRev Class]
InProcServer32 = C:\Program Files\HP\Common\HPGMNRev.dll
CODEBASE = http://h20270.www2.h...ctDetection.cab

[Java Plug-in 1.6.0_14]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[CamImage Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx
CODEBASE = http://198.180.0.136...sCamControl.cab

[ScorchPlugin Class]
InProcServer32 = C:\Program Files\Sibelius Software\Scorch\ActiveXPlugin\ScorchAxPlugin.dll
CODEBASE = http://www.sibelius....tiveXPlugin.cab

[Java Plug-in 1.6.0_14]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.6.0_14]
InProcServer32 = C:\Program Files\Java\jre6\bin\npjpi160_14.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx
CODEBASE = http://fpdownload2.m...ash/swflash.cab

[PCPitstop Exam]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll
CODEBASE = http://utilities.pcp.../pcpitstop2.dll

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: \SystemRoot\system32\DRIVERS\ABP480N5.SYS (disabled)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
adpu160m: \SystemRoot\system32\DRIVERS\adpu160m.sys (disabled)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\DRIVERS\agp440.sys (disabled)
Compaq AGP Bus Filter: \SystemRoot\system32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\system32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\system32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\system32\DRIVERS\aic78xx.sys (disabled)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: \SystemRoot\system32\DRIVERS\aliide.sys (disabled)
ALI AGP Bus Filter: \SystemRoot\system32\DRIVERS\alim1541.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\system32\DRIVERS\amdagp.sys (disabled)
AMD Processor Driver: system32\DRIVERS\AmdK8.sys (system)
amsint: \SystemRoot\system32\DRIVERS\amsint.sys (disabled)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asc: \SystemRoot\system32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\system32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\system32\DRIVERS\asc3550.sys (disabled)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
Automatic LiveUpdate Scheduler: "C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe" (autostart)
Broadcom 440x 10/100 Integrated Controller XP Driver: system32\DRIVERS\bcm4sbxp.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
catchme: \??\C:\DOCUME~1\Laura\LOCALS~1\Temp\catchme.sys (manual start)
cbidf: \SystemRoot\system32\DRIVERS\cbidf2k.sys (disabled)
Canon Camera Access Library 8: C:\Program Files\Canon\CAL\CALMAIN.exe (autostart)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart)
cd20xrnt: \SystemRoot\system32\DRIVERS\cd20xrnt.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Symantec Lic NetConnect service: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart)
CmdIde: \SystemRoot\system32\DRIVERS\cmdide.sys (disabled)
COH_Mon: \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys (manual start)
COM Host: "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe" (manual start)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
CO_Mon: \??\C:\WINDOWS\system32\drivers\CO_Mon.sys (autostart)
Cpqarray: \SystemRoot\system32\DRIVERS\cpqarray.sys (disabled)
Crypto: \??\C:\WINDOWS\system32\Drivers\Crypto.sys (autostart)
CryptSvc: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: \SystemRoot\system32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\system32\DRIVERS\dac960nt.sys (disabled)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
DLABOIOM: System32\DLA\DLABOIOM.SYS (autostart)
DLACDBHM: System32\Drivers\DLACDBHM.SYS (system)
DLADResN: System32\DLA\DLADResN.SYS (autostart)
DLAIFS_M: System32\DLA\DLAIFS_M.SYS (autostart)
DLAOPIOM: System32\DLA\DLAOPIOM.SYS (autostart)
DLAPoolM: System32\DLA\DLAPoolM.SYS (autostart)
DLARTL_N: System32\Drivers\DLARTL_N.SYS (system)
DLAUDFAM: System32\DLA\DLAUDFAM.SYS (autostart)
DLAUDF_M: System32\DLA\DLAUDF_M.SYS (autostart)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
Deterministic Network Enhancer Miniport: system32\DRIVERS\dne2000.sys (manual start)
SafeNet WAN Miniport (VA): system32\DRIVERS\vap.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)
dpti2o: \SystemRoot\system32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
DRVMCDB: System32\Drivers\DRVMCDB.SYS (system)
DRVNDDM: System32\Drivers\DRVNDDM.SYS (autostart)
DSproct: \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (manual start)
Intel® PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)
Extensible Authentication Protocol Service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)
Symantec Eraser Control driver: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (system)
Media Center Receiver Service: C:\WINDOWS\eHome\ehRecvr.exe (autostart)
Media Center Scheduler Service: C:\WINDOWS\eHome\ehSched.exe (autostart)
EraserUtilRebootDrv: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Windows Presentation Foundation Font Cache 3.0.0.0: c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Google Software Updater: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
hpn: \SystemRoot\system32\DRIVERS\hpn.sys (disabled)
HSFHWBS2: system32\DRIVERS\HSFHWBS2.sys (manual start)
HSF_DP: system32\DRIVERS\HSF_DP.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: \SystemRoot\system32\DRIVERS\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
Windows CardSpace: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: %systemroot%\system32\imapi.exe (manual start)
ini910u: \SystemRoot\system32\DRIVERS\ini910u.sys (disabled)
IntelIde: \SystemRoot\system32\DRIVERS\intelide.sys (disabled)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (disabled)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
SafeNet IPSec Plugin: \??\C:\WINDOWS\system32\Drivers\IPSECDRV.sys (system)
SafeNet Monitor Service: "C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe" (autostart)
SafeNet IKE Service: "C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe" (autostart)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Java Quick Starter: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" (autostart)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
LightScribeService Direct Disc Labeling Service: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (autostart)
LiveUpdate: "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE" (manual start)
LiveUpdate Notice: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Media Center Extender Service: C:\WINDOWS\ehome\mcrdsvc.exe (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
MHN: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
MHN driver: system32\DRIVERS\mhndrv.sys (manual start)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
mraid35x: \SystemRoot\system32\DRIVERS\mraid35x.sys (disabled)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091001.022\NAVENG.SYS (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091001.022\NAVEX15.SYS (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Net.Tcp Port Sharing Service: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NMIndexingService: "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
nvatabus: system32\drivers\nvatabus.sys (system)
NVIDIA nForce™ RAID Class Driver: system32\drivers\nvraid.sys (system)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
perc2: \SystemRoot\system32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\system32\DRIVERS\perc2hib.sys (disabled)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (disabled)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: system32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
QBCFMonitorService: "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" (autostart)
Intuit QuickBooks FCS: "C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" (manual start)
ql1080: \SystemRoot\system32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\system32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\system32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\system32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\system32\DRIVERS\ql1280.sys (disabled)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Roxio UPnP Renderer 10: "C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" (manual start)
Roxio Upnp Server 10: "C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe" (autostart)
LiveShare P2P Server 10: "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" (autostart)
RoxMediaDB10: "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" (manual start)
Roxio Hard Drive Watcher 10: "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\system32\DRIVERS\sisagp.sys (disabled)
Sparrow: \SystemRoot\system32\DRIVERS\sparrow.sys (disabled)
SPBBCDrv: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (system)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
SRTSP: System32\Drivers\SRTSP.SYS (manual start)
SRTSPL: System32\Drivers\SRTSPL.SYS (manual start)
SRTSPX: System32\Drivers\SRTSPX.SYS (system)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
SigmaTel High Definition Audio CODEC: system32\drivers\sthda.sys (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{6F6160A9-C71A-4D34-91A0-5B9E71074979} (manual start)
Symantec Core LC: C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe (manual start)
symc810: \SystemRoot\system32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\system32\DRIVERS\symc8xx.sys (disabled)
SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (manual start)
SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
SYMIDSCO: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20090923.001\SymIDSCo.sys (manual start)
Symantec Network Security Intermediate Filter Service: system32\DRIVERS\SymIM.sys (manual start)
SymIMMP: system32\DRIVERS\SymIM.sys (manual start)
symlcbrd: system32\drivers\symlcbrd.sys (system)
SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
sym_hi: \SystemRoot\system32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\system32\DRIVERS\sym_u3.sys (disabled)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
TosIde: \SystemRoot\system32\DRIVERS\toside.sys (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: \SystemRoot\system32\DRIVERS\ultra.sys (disabled)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\system32\DRIVERS\viaagp.sys (disabled)
ViaIde: \SystemRoot\system32\DRIVERS\viaide.sys (disabled)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): system32\DRIVERS\wanatw4.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
winachsf: system32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
WpdUsb: System32\Drivers\wpdusb.sys (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\Laura\LOCALS~1\Temp\symlcsv1.exe||C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\SyKnAppS\128989039551562500_580DEC84-AECC-11DE-8E66-00188B7FCECC.TMP|||1

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 45,587 bytes
Report generated in 27.125 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#12 Ztruker

WTT Technical Elder

Tech Team
8,292 posts

Interests:Helping people fix MS Windows related computer problems of all kinds.

Waking each morning to see the green side of the Earth!

Posted 03 October 2009 - 03:17 PM

You have a lot of stuff starting at boot time that is not required. Let's see if that is what is slowing things down.

How does it behave if you boot to Safe Mode with Networking? If better then something is starting at boot that is causing the problem.

Use msconfig to determine what is causing the problem.

These are good tutorials on using msconfig in XP or Vista:
How to use msconfig in Windows XP
How to use msconfig in Windows Vista

Click on Start then Run, type msconfig and press Enter.
Click on the Startup tab, record what is currently starting then click the Disable All button.
Reboot and see if it runs normal.
If yes then use msconfig to enable several items at a time till you find the culprit.

If no, boot to Safe Mode again, start msconfig and click on the Services tab.
Check the Hide All Microsoft Services box, record what is currently starting then click the Disable All button.
Again, do a regular boot, see if it runs normal.
If yes then use msconfig to enable services till you find the culprit.

Once you've found the culprit, uninstall it or find out how to eliminate it from your system.
Simply disabling it in msconfig is a temporary fix at best.
Enable everything else you disabled.

Also, any chance this slowdown occurred about the same time you updated to Internet Explorer 8?

Rich

Die with memories, not dreams. – Unknown

#13 loubratt

Authentic Member

Authentic Member
30 posts

Posted 06 October 2009 - 07:12 PM

ok, I did all that and very very little improvement. It seems to me that IE opened a bit faster but not much. To your other question I have not updated to IE8. I am still 7.0.5730. But since you asked...is 8 not a good choice? Even though I did not get much improvement with disabling those startups, I still would like to stop those from starting but I can not figure out how to do it and have it save that way. I am not sure where to go within each program to make it stop loading at startup. I can't eliminate the programs themselves, like Roxio, it is something I use for a side business but I dont need the updater starting up all the time. Sorry it took me awhile. I messed with it til my eyes couldnt stay open anymore last night.

#14 Ztruker

WTT Technical Elder

Tech Team
8,292 posts

Interests:Helping people fix MS Windows related computer problems of all kinds.

Waking each morning to see the green side of the Earth!

Posted 06 October 2009 - 08:06 PM

Leave them disable in msconfig then. That's what I do for some of the ones I can't find program control options for.

Rich

Die with memories, not dreams. – Unknown

#15 Ztruker

WTT Technical Elder

Tech Team
8,292 posts

Interests:Helping people fix MS Windows related computer problems of all kinds.

Waking each morning to see the green side of the Earth!

Posted 06 October 2009 - 08:16 PM

Right click on My Computer and choose Properties. Click the Hardware tab, then the Device Manager button. In the list of devices, expand (click +) IDE ATA/ATAPI controllers. In the expanded list, right click on Primary IDE channel and choose Properties...click on the Advanced Settings tab in the resulting window. This should open a window with one or more devices listed and show the transfer mode information for each.

It should be DMA Mode, definitely not PIO mode. If it's PIO mode, try selecting DMA Mode if available. Reboot and see if it stays in DMA mode.

Rich

Die with memories, not dreams. – Unknown

Body Background

skin color theme