slowness of computer

Most are MRUs which are just Most Recently Used and are not harmful. You really should turn off scanning for those.

Did you have Ad-Aware and Spybot delete everything they found?

Download ComboFix to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done properly a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Perform the following actions in Safe Mode.

• Double click combofix.exe and follow the prompts.
• When finished, it will produce a log for you. Post that log and a new HijackThis log in your next reply

Note: Do not mouseclick combofix's window while it's running as that may cause it to stall

Hi cookiegal,

YES I deleted everything Ad-Aware and Search and Destroy found.

Please find the combo fix log below.

"Adrian" - 07-01-25 5:38:09 Service Pack 2
ComboFix 07-01-24.2 - Running from: "C:\Documents and Settings\Adrian\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\install.exe

((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 ))))))))))))))))))))))))))))))))))

2007-01-24 20:44 d-------- C:\CloneDVDTemp
2007-01-22 20:57 d-------- C:\ARSENAL
2007-01-21 09:34 d-------- C:\SDFix
2007-01-19 23:28 d-------- C:\Program Files\hijackthis
2007-01-19 11:17 d-------- C:\WINDOWS\system32\ActiveScan
2007-01-15 11:17 d-------- C:\Program Files\10TACLE STUDIOS
2007-01-15 07:52 d-------- C:\Program Files\name load 01
2007-01-15 07:52 d-------- C:\DOCUME~1\Adrian\Application Data\name load 01
2007-01-14 14:26 d-------- C:\WINDOWS\ie7updates
2007-01-13 11:30 d-------- C:\DOCUME~1\ALLUSE~1\Application Data\DVD Shrink
2007-01-13 11:29 d-------- C:\Program Files\DVD Shrink
2007-01-08 09:06 d-------- C:\Games

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-25 05:25 -------- d-------- C:\Program Files\mozilla firefox
2007-01-24 20:43 125 ---hs---- C:\DOCUME~1\Adrian\Application Data\.zreglib
2007-01-18 14:52 -------- d-------- C:\DOCUME~1\Adrian\Application Data\utorrent
2007-01-16 08:16 -------- d--h----- C:\Program Files\installshield installation information
2007-01-12 08:46 -------- d-------- C:\Program Files\spywareguard
2007-01-12 08:46 -------- d-------- C:\Program Files\spywareblaster
2006-12-24 19:15 -------- d-------- C:\Program Files\photo dvd maker professional
2006-12-20 23:38 -------- d-------- C:\Program Files\windows media connect 2
2006-12-19 08:04 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-12-19 07:59 -------- d-------- C:\Program Files\grisoft
2006-12-16 10:45 645904 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-12-16 10:45 115088 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2006-12-16 10:45 1021504 --a------ C:\WINDOWS\system32\vete.dll
2006-12-15 18:50 -------- d-------- C:\Program Files\java
2006-12-13 18:37 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-12-10 18:50 -------- d-------- C:\Program Files\divx
2006-12-10 18:49 -------- d-------- C:\DOCUME~1\Adrian\Application Data\divx
2006-12-10 18:32 -------- d-------- C:\Program Files\daemon tools
2006-12-10 12:19 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-11-29 18:05 -------- d-------- C:\DOCUME~1\Adrian\Application Data\norman
2006-11-29 18:04 -------- d-------- C:\Program Files\norman
2006-11-29 17:52 -------- d-------- C:\DOCUME~1\Adrian\Application Data\lavasoft
2006-11-27 19:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-16 08:01 116984 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-11-16 08:01 115960 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-11-08 16:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-27 15:09 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"eTrustPPAP"="\"C:\\Program Files\\CA\\eTrust PestPatrol\\PPActiveDetection.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"RTHDCPL"="RTHDCPL.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PCMService"="\"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"PCShowBuzz"="C:\\Program Files\\inKline Global\\PCShowBuzz\\PCShowBuzz.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\apdproxy.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H]
Shell\AutoRun\command H:\Autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I]
Shell\AutoRun\command I:\Autorun.exe

Completion time: 07-01-25 5:40:55


Please find the HijackThis log attached below.

Logfile of HijackThis v1.99.1
Scan saved at 7:22:11 AM, on 1/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [PCShowBuzz] C:\Program Files\inKline Global\PCShowBuzz\PCShowBuzz.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanking you

birdman

Hello cookiegal,

Here is the log from Silent Runners:

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
"eTrustPPAP" = ""C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"" ["Computer Associates"]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"LanguageShortcut" = ""C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"" [null data]
"ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup" ["InstallShield Software Corporation"]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"PCMService" = ""C:\Program Files\CyberLink\PowerCinema\PCMService.exe"" ["CyberLink Corp."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"PCShowBuzz" = "C:\Program Files\inKline Global\PCShowBuzz\PCShowBuzz.exe" [file not found]
"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"" ["Adobe Systems Incorporated"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]
"Drivers for Internet Explorer" = "C:\WINDOWS\accesweb.exe" [file not found]
"KernelFaultCheck" = "%systemroot%\system32\dumprep 0 -k" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{4A368E80-174F-4872-96B5-0B27DDD11DB2}\(Default) = "SpywareGuard Download Protection"
-> {HKLM...CLSID} = "SpywareGuardDLBLOCK.CBrowserHelper"
\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\dlprotect.dll" [null data]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
"{81559C35-8464-49F7-BB0E-07A383BEF910}" = (no title provided)
-> {HKLM...CLSID} = "SpywareGuard.Handler"
\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{81559C35-8464-49F7-BB0E-07A383BEF910}" = (no title provided)
-> {HKLM...CLSID} = "SpywareGuard.Handler"
\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]

Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Adrian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Startup items in "Adrian" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\Adrian\Start Menu\Programs\Startup
"SpywareGuard" -> shortcut to: "C:\Program Files\SpywareGuard\sgmain.exe" [null data]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\ZoneLabs\vetredir.dll ["Computer Associates International, Inc."], 01 - 03, 17
%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08

Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Adobe Active File Monitor V5, AdobeActiveFileMonitor5.0, "C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe" [null data]
CyberLink Background Capture Service (CBCS), CLCapSvc, ""C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe"" [empty string]
CyberLink Media Library Service, CyberLink Media Library Service, ""C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe"" ["Cyberlink"]
Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared files\RichVideo.exe"" [empty string]
CyberLink Task Scheduler (CTS), CLSched, ""C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe"" [empty string]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]
Windows Media Player Network Sharing Service, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\WMPNetwk.exe"" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
EPSON V5 2KMonitor\Driver = "EBPMON2.DLL" ["SEIKO EPSON CORPORATION"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 79 seconds, including 19 seconds for message boxes)

Hi cookiegal,

I ran the eventvwr.msc and found a few errors. I have attached the errors as well as warning types. There were a lot of errors!

SYSTEM:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 1/27/2007
Time: 10:45:42 AM
User: N/A
Computer: AM
Description:
The Application Layer Gateway Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 1/27/2007
Time: 10:45:42 AM
User: N/A
Computer: AM
Description:
Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 1/26/2007
Time: 11:13:25 PM
User: N/A
Computer: AM
Description:
The CA ISafe service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 1/26/2007
Time: 2:01:55 PM
User: N/A
Computer: AM
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ....&#130;..&#128;
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Cdrom
Event Category: None
Event ID: 7
Date: 1/25/2007
Time: 11:50:31 PM
User: N/A
Computer: AM
Description:
The device, \Device\CdRom1, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 01 68 00 01 00 b8 00 ..h...¸.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....&#156;..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 80 00 00 00 00 00 00 .&#128;......
0028: 2e dc 05 00 00 00 00 00 .Ü......
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 c4 02 00 00 00 @..Ä....
0040: ff 20 0a 12 4c 02 00 00 ÿ ..L...
0048: 00 00 00 00 88 13 00 00 ....&#136;...
0050: 00 e0 22 85 b0 53 2b 86 .à"&#133;°S+&#134;
0058: 00 00 00 00 08 ab 53 86 .....«S&#134;
0060: 00 00 00 00 10 00 00 00 ........
0068: 28 00 00 00 00 10 00 00 (.......
0070: 01 00 00 00 00 00 00 00 ........
0078: 70 00 03 00 00 00 00 0a p.......
0080: 00 00 00 00 11 06 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ipnathlp
Event Category: None
Event ID: 32003
Date: 1/25/2007
Time: 7:21:26 AM
User: N/A
Computer: AM
Description:
The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 1f 00 00 00 ....

Event Type: Error
Event Source: Dhcp
Event Category: None
Event ID: 1002
Date: 1/25/2007
Time: 7:21:26 AM
User: N/A
Computer: AM
Description:
The IP address lease 192.168.100.11 for the Network Card with network address 001485180A55 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: Dhcp
Event Category: None
Event ID: 1003
Date: 1/25/2007
Time: 7:00:41 AM
User: N/A
Computer: AM
Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001485180A55. The following error occurred:
The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 79 00 00 00 y...

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 1/25/2007
Time: 5:43:27 AM
User: NT AUTHORITY\SYSTEM
Computer: AM
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: ipnathlp
Event Category: None
Event ID: 32003
Date: 1/25/2007
Time: 5:24:09 AM
User: N/A
Computer: AM
Description:
The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 1f 00 00 00 ....

Event Type: Error
Event Source: ipnathlp
Event Category: None
Event ID: 32003
Date: 1/23/2007
Time: 5:15:14 PM
User: N/A
Computer: AM
Description:
The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 1f 00 00 00 ....

Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 11
Date: 1/21/2007
Time: 9:39:58 AM
User: N/A
Computer: AM
Description:
The driver detected a controller error on \Device\Harddisk1\D.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0e 01 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 0b 00 04 c0 .......À
0010: 03 01 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 15 ec 00 00 00 00 00 00 .ì......
0030: ff ff ff ff 06 00 00 00 ÿÿÿÿ....
0038: 40 00 00 00 00 00 00 00 @.......
0040: ff 00 0c 12 0c 00 00 00 ÿ.......
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 d8 8d d6 85 ....؍Ö&#133;
0058: 00 00 00 00 a8 c5 1e 85 ....¨Å.&#133;
0060: 00 00 00 00 00 00 00 00 ........
0068: 00 00 00 00 00 00 00 00 ........
0070: 00 00 00 00 00 00 00 00 ........
0078: 00 00 00 00 00 00 00 00 ........
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 1/20/2007
Time: 11:50:07 AM
User: N/A
Computer: AM
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ....&#130;..&#128;
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 1/14/2007
Time: 4:55:08 PM
User: N/A
Computer: AM
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ....&#130;..&#128;
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Warning
Event Source: Server
Event Category: None
Event ID: 2504
Date: 1/14/2007
Time: 2:19:04 PM
User: N/A
Computer: AM
Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{E2608896-B88F-4922-9A63-E8B08D6CC021}.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: aa 05 00 00 ª...

Event Type: Warning
Event Source: Cdrom
Event Category: None
Event ID: 51
Date: 1/13/2007
Time: 8:40:47 AM
User: N/A
Computer: AM
Description:
An error was detected on device \Device\CdRom1 during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b8 00 ..h...¸.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 09 03 00 c0 -......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 88 6d 3d 00 00 00 00 .&#136;m=....
0028: 8e 4e 01 00 00 00 00 00 &#142;N......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 c4 02 00 00 00 @..Ä....
0040: 00 20 0a 12 48 02 00 40 . [email protected]
0048: 00 00 00 00 88 13 00 00 ....&#136;...
0050: 00 00 00 00 c0 4a 2f 86 ....ÀJ/&#134;
0058: 00 00 00 00 60 55 27 85 ....`U'&#133;
0060: 02 00 00 00 b1 ad 07 00 ....±*..
0068: 28 00 00 07 ad b1 00 00 (...*±..
0070: 02 00 00 00 00 00 00 00 ........
0078: 70 00 05 00 00 00 00 0a p.......
0080: 00 00 00 00 6f 03 00 00 ....o...
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 1/13/2007
Time: 8:19:37 AM
User: N/A
Computer: AM
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

APPLICATION

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 1/13/2007
Time: 10:26:56 AM
User: N/A
Computer: AM
Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 64 72 77 ure drw
0018: 74 73 6e 33 32 2e 65 78 tsn32.ex
0020: 65 20 35 2e 31 2e 32 36 e 5.1.26
0028: 30 30 2e 30 20 69 6e 20 00.0 in
0030: 64 62 67 68 65 6c 70 2e dbghelp.
0038: 64 6c 6c 20 35 2e 31 2e dll 5.1.
0040: 32 36 30 30 2e 32 31 38 2600.218
0048: 30 20 61 74 20 6f 66 66 0 at off
0050: 73 65 74 20 30 30 30 31 set 0001
0058: 32 39 35 64 295d

Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 1/17/2007
Time: 6:50:17 PM
User: N/A
Computer: AM
Description:
Hanging application explorer.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 65 78 70 6c 6f 72 explor
0018: 65 72 2e 65 78 65 20 36 er.exe 6
0020: 2e 30 2e 32 39 30 30 2e .0.2900.
0028: 32 31 38 30 20 69 6e 20 2180 in
0030: 68 75 6e 67 61 70 70 20 hungapp
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 30 30 30 30 t 000000
0050: 30 30 00

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 1/27/2007
Time: 10:57:18 AM
User: NT AUTHORITY\SYSTEM
Computer: AM
Description:
Windows saved user AM\Adrian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 5603
Date: 11/9/2006
Time: 9:28:24 PM
User: AM\Adrian
Computer: AM
Description:
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: ASP.NET 2.0.50727.0
Event Category: Setup
Event ID: 1020
Date: 10/13/2006
Time: 6:26:47 AM
User: N/A
Computer: AM
Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: ASP.NET 2.0.50727.0
Event Category: Setup
Event ID: 1020
Date: 9/1/2006
Time: 5:31:54 PM
User: N/A
Computer: AM
Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: MsiInstaller
Event Category: None
Event ID: 11721
Date: 9/4/2006
Time: 10:28:28 PM
User: AM\Adrian
Computer: AM
Description:
Product: Reservoir Dogs -- Error 1721.There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: NewCustomAction2, location: C:\SETUPEXEDIR\, command: C:\SETUPEXEDIR\installscript_cpy.exe C:\SETUPEXEDIR\|D:\Games\Eidos\Reservoir Dogs\

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 38 44 32 41 43 34 46 {8D2AC4F
0008: 32 2d 30 42 42 41 2d 34 2-0BBA-4
0010: 41 39 34 2d 41 38 36 36 A94-A866
0018: 2d 38 42 35 34 32 36 33 -8B54263
0020: 46 41 45 38 37 7d FAE87}

Event Type: Error
Event Source: EventSystem
Event Category: (50)
Event ID: 4614
Date: 9/1/2006
Time: 5:36:06 PM
User: N/A
Computer: AM
Description:
The COM+ Event System detected an inconsistency in its internal state. The assertion "GetLastError() == 122L" failed at line 201 of d:\qxp_slp\com\com1x\src\events\shared\sectools.cpp. Please contact Microsoft Product Support Services to report this error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 8/2/2006
Time: 5:55:16 PM
User: N/A
Computer: AM
Description:
Faulting application titan quest.exe, version 0.0.0.0, faulting module stlport_vc7146.dll, version 4.6.2003.1031, fault address 0x00018edc.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 74 69 74 ure tit
0018: 61 6e 20 71 75 65 73 74 an quest
0020: 2e 65 78 65 20 30 2e 30 .exe 0.0
0028: 2e 30 2e 30 20 69 6e 20 .0.0 in
0030: 73 74 6c 70 6f 72 74 5f stlport_
0038: 76 63 37 31 34 36 2e 64 vc7146.d
0040: 6c 6c 20 34 2e 36 2e 32 ll 4.6.2
0048: 30 30 33 2e 31 30 33 31 003.1031
0050: 20 61 74 20 6f 66 66 73 at offs
0058: 65 74 20 30 30 30 31 38 et 00018
0060: 65 64 63 0d 0a edc..

Event Type: Error
Event Source: MsiInstaller
Event Category: None
Event ID: 11311
Date: 7/17/2006
Time: 8:26:22 AM
User: AM\Adrian
Computer: AM
Description:
Product: Nero 7 Demo -- Error 1311. Source file not found(cabinet): C:\DOCUME~1\Adrian\LOCALS~1\Temp\NeroDemo9938\Cab\5C42CDB5.cab. Verify that the file exists and that you can access it.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 35 32 34 31 46 42 31 {5241FB1
0008: 42 2d 39 43 46 35 2d 34 B-9CF5-4
0010: 34 38 43 2d 33 42 46 44 48C-3BFD
0018: 2d 31 41 45 35 38 42 30 -1AE58B0
0020: 36 31 30 33 33 7d 61033}

Pay special attention to item 6 in this list, but answer all the questions that might apply:

0 > when did the problem seem to be begin?
1 > is it very slow to boot up?
2 > do programs open slowly?
3 > does the same behavior occur both offline and on?
4 > does it matter how long the system has been on, and does a restart improve things?

Slow performance issues can often be due to overheating, so if the system is faster after it has been shutdown for a while and then restarted -- that would be especially suspect. To check for possible problems here, shutdown, open the case and blow out any accumulated dust. Then turn it
on and check to see that the fan is working. Sometimes it helps to physically clean the fan.

If a laptop, check to see that the vent is clear of dust and verify the fan is working. Temps and fan speed can usually be monitored with SpeedFan (except on Dell desktops), a free utility.

5 > if you do a ctrl-alt-del, do any processes show excess cpu usage, other than System Idle Process?

6 > If you open the Device Manager (run devmgmt.msc) and select the entry for IDE ATA/Atapi and select the Primary IDE > Advanced Settings, does it say the "current transfer mode" is DMA or PIO?

If it says PIO, first ensure "Use DMA if Available" is selected, then select the driver tab and uninstall the driver and reboot. Then check again.
____________________________________________________________________________
COMMIT CHARGE

Do ctrl-alt-del to open up the task manager. Select the "performance" tab. Let me know what you see under:

Physical Memory

Total: this is your total installed ram -- "physical" memory
Available: this is the amt of real "physical" memory presently uncommitted

Commit Charge

Total: this is the combination of total physical and virtual memory currently in use
Limit: this is the total physical and virtual memory available
Peak: this is the most you have had in use in this session

Hello Rollin' Rog,

0) The problem began around 17th of January. I just had a look at the infections log on AVG Anti-Spyware and on that day I had an infection "Trojan.Delf.bcg", "Trojan.crack.h", "Logger.Alexa.a" and "Trojan.Obfuscated.ob".

1) The computer boots up at the same speed as before. There is no difference in the speed on the boot up. Once it is in Windows that when everything slows down. I just tried opening Outlook and it took 3 minutes to open up.

2) All programs are affected. They do load up, but they are extremely slow. Even when I try to show hidden icons (bottom right) it takes up to 2 minutes. When I am in a game however there is no slowness experienced. Only affects the loading up of applications.

3) YES the behaviour is the same for both online and offline.

4) I am not too sure about this. I must admit I have not taken too much notice on this.

5) System Idle process is the only high CPU usage. Ther rest have 05, but normal is 01. Memory usage however is most taken up by vsmon.exe and firefox.

6) When I go and look under device manager I can see 2 Primary IDE channel settings and not just one. Here are the settings of the first one:

Device 0: Transfer mode - DMA if available AND Current transfer mode - Ultra DMA mode 5.

Device 1: Transfer mode - DMA if available AND Current transfer mode - not applicable

Here are the settings for the second one:

Device 0: Transfer mode - DMA if available AND Current transfer mode - Ultra DMA mode 2.

Device 1: Transfer mode - DMA if available AND Current transfer mode - Ultra DMA mode 4.

Physical Memory

Total: 1048044
Available: 567548

Commit Charge

Total: 385960
Limit: 2518388
Peak: 647908

Thanking you kindly

Birdman

The IDE configuration is ok -- so that's not it.

If there is a time component to this -- it could be a heat issue -- but that doesn't explain why it started suddenly.

Are you getting a lot of these "disk" errors in the System log, or is this just a one of a kind?

Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 11
Date: 1/21/2007
Time: 9:39:58 AM
User: N/A
Computer: AM
Description:
The driver detected a controller error on \Device\Harddisk1\D.

Click to expand...

If there are a lot of these, you may have a hardware problem -- but if so, I'm surprised the IDE controllers haven't gone into "PIO" mode.

Do you have any USB drives attached? -- try simplifying the hardware setup as much as you can.

You might try reseating the drive cables for all drives if there are more of these type of errors.

Others seem to be related to network access -- but since your problems are not particularly network related I don't think they explain much.

If you open the case -- do test to see if the fan is working and take the time to blow out any accumulated dust.

>>> By the way, is this computer networked? And if so, do the same problems occur if it is disconnected from the router and the network?

Hi Rollin' Rog,

Are you getting a lot of these "disk" errors in the System log, or is this just a one of a kind?

Have not noticed. I would say this would be very rare.

Do you have any USB drives attached? -- try simplifying the hardware setup as much as you can.

How do I know if I have any and if so how do I simplify the setup?

If you open the case -- do test to see if the fan is working and take the time to blow out any accumulated dust.

Have cleaned the fan (all 3). They were working and I have cleaned out as much dust as possible.

By the way, is this computer networked? And if so, do the same problems occur if it is disconnected from the router and the network?

No it is not.

I am still getting the slowness even though I have cleaned the fans. Would defragging help???

Birdman

USB drives are typically thumb drives or external backup drives connected to USB ports.

Defragging can't hurt. The utility will tell you if you need one. But I doubt it explains what is going on here.

Can you get some temperature readings from Speedfan?

http://www.almico.com/speedfan.php

>> When you examine the event viewer errors -- which error is occuring with the most frequency, and does it just occur on bootup or at other times?

Does the same behavior occur in Safe Mode or in a "clean boot"? Also try creating a new User Account or test the guest account in Control Panel > User Accounts to see if the problem might be profile related.

CLEAN BOOT TROUBLESHOOTING technique XP

First, restart in Safe Mode (tap the f8 key promptly on startup and choose the Safe Mode option from the boot menu).

In Safe Mode -

Run msconfig and select the "Services" tab. Check "Hide Microsoft Services" and then disable the rest. Also uncheck "load startup group" on the general page.

See this link for detailed information:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;310353

Now restart and test the issue at hand

If no problems, run msconfig and recheck half the disabled items on the Services tab. Test again. If the problem recurs, UNcheck half the items you just checked to narrow down the culprit.

If the problem didn't occur, check the other half, so all the Services are enabled -- proceed to do this on the startup tab as well.

Get the idea? You want to isolate the problem to a specific startup if possible.

Note: if you already have items unchecked under msconfig > startups and are in "selective" startup mode - you should note what these are before beginning. They will need to be de-selected again.

It indicates that the drive is exceeding critical temp for that model. What does Speedfan say that critical temp is in its online analysis?

I don't think it explains what you are seeing however.

Once you open and close a program, does it open any faster or slower the second time around? Does the problem get worse over time, or remain relatively the same?

I'm not sure what to suggest by way of analysis from here. Have you tried seeing whether the behavior is different in Safe Mode or a Clean Boot?

There are some "geeky" tools available that can monitor file and registry reads in real time. Occasionally these can be helpful if they identify a hang or delay at some particular file or registry key.

But they are challenging to use and interpret.

If you want to give them a try, they are filemon and regmon available here:

http://www.microsoft.com/technet/sysinternals/processesandthreadsutilities.mspx