High-End Rig suddenly slow..? - Page 3

Nick_a87 · 06-23-2009

Extras.txt:

OTL Extras logfile created on: 6/22/2009 11:12:23 PM - Run 1
OTL by OldTimer - Version 3.0.5.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 54.41% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 365.59 Gb Free Space | 78.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MACHINE1
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe ()
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorre nt (BitTorrent, Inc.)
C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorre nt (BitTorrent, Inc.)

========== Vista Active Open Ports Exception List ==========

{03a679e8-56a3-4b11-95c8-7e142e7a198d} = rport=10243 | protocol=6 | dir=out | app=system |
{165f0410-d9dc-4fa0-b333-1c38e0617eca} = lport=10243 | protocol=6 | dir=in | app=system |
{289e3f8a-24ad-4c02-9d68-0895298ce02d} = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{3e78db7d-697d-4a25-b798-c2b345b0e35b} = rport=137 | protocol=17 | dir=out | app=system |
{4f8feb6d-7d05-4ed4-8ca3-31e7027aad99} = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
{5fce70f5-79e6-48f1-8c83-608a57102e94} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{66d85918-2992-4381-b6d4-07985dd8c082} = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
{68856229-afbf-4e92-b0ac-0a7560d8a580} = lport=445 | protocol=6 | dir=in | app=system |
{69629497-447a-4681-bacd-79d6e281ae7d} = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
{6da7793f-baab-41f8-bf4a-6ffb96d14e37} = rport=138 | protocol=17 | dir=out | app=system |
{8d832d3f-af66-4c91-9718-fee5ec913660} = lport=138 | protocol=17 | dir=in | app=system |
{8fe7c745-473e-4080-9701-517a6708e69d} = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
{966d338d-2ed1-4ed6-8f8d-b65cdfbf1438} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{aa369ddf-ea79-4254-85f2-750f34960ee4} = lport=2869 | protocol=6 | dir=in | app=system |
{aea19251-8ffc-4cff-9b30-c7dc8689e415} = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
{b13ac149-eddb-484e-ac6f-33f11c43199d} = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{b9b94038-a27f-49a8-9a25-f2e54525ce98} = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
{bd5f00aa-caae-4535-8092-7e3d7b713194} = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
{cc2b12c7-0f70-4b1b-8fe5-d3942b2d05bb} = lport=137 | protocol=17 | dir=in | app=system |
{d016eca4-bea8-46a5-aedb-a646d804b970} = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
{df5e33b6-c78b-425a-9850-f3a332bbd43e} = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
{e81468c5-42c9-4732-8837-93bbee9b93ee} = lport=139 | protocol=6 | dir=in | app=system |
{e8898711-41dc-48dc-99db-e784acfcffae} = rport=445 | protocol=6 | dir=out | app=system |
{e92c03a1-ab1c-46e7-b4ba-1cd997442583} = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
{f66f06e6-8212-49b0-81f0-e645499d62e1} = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
{fb19268d-74f7-49bc-8426-ace5b7a3b427} = rport=139 | protocol=6 | dir=out | app=system |
{feaca7f1-dadd-467b-a0b6-125fc691299c} = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

{01396c88-8aac-47a4-8b96-1fea69df5d0c} = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
{0c019585-d1e1-4947-9448-e99c67a38abb} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
{0d8d1da8-2b28-4865-b706-4426ac80754a} = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
{11b2f18b-890d-4d6c-8f10-e3c4dbbee79e} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
{12423c92-abbe-48a8-b162-4c61e122ed3f} = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{13f615e0-05d8-41a2-91fc-dd53fdc1b79d} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\relea se\bioshock.exe |
{15f9a2d6-627f-418e-ab66-7d9995c42a10} = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
{1d9e30b7-4531-4842-bfc8-79c6cc226155} = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
{20f607a5-31fa-4c13-a217-e91120b17402} = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
{20fa5847-1883-487e-adbc-c6b1f35b3ee0} = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
{225077b1-5cc8-42f6-bea3-1927e6a3ee89} = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 3500-4500 series\lxdimon.exe |
{2fbe0f65-01ac-4f6a-bd0d-188cff19aba1} = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
{306bab44-e7d8-462f-be81-74e93d41222a} = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 3500-4500 series\app4r.exe |
{343b02c7-cc92-40b8-891a-db7b7237b3b2} = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
{3899e2b7-430c-4758-a45d-90d70d2a236d} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
{40949c30-363a-4881-b95f-1d8b9fa06f10} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{40cad485-ef25-42ae-9eab-361ec1bd2945} = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
{40d6201f-1bd6-4862-8cd7-3234c0c1533e} = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
{48097e8c-757c-48b0-9491-c0e8b0fe39a8} = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 3500-4500 series\lxdimon.exe |
{49662ba3-f519-459a-8eb7-30526cad134b} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{53ca67e4-9972-4aad-bc15-53cc4871d834} = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
{556c9f68-3b1e-4510-867d-67993eba9770} = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
{56719011-f9ae-4bd1-bc05-c558f392376e} = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
{5b9caa4b-2cd2-4d7d-b293-6f0d073c1864} = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
{5f7d8c75-efa3-48ec-bab9-65b530302953} = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{6194d53f-9414-4c02-ad47-f7ff58e4b64c} = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 3500-4500 series\lxdiamon.exe |
{6c5b920e-bb1e-4ca7-8786-d343e99d3b19} = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
{6e2cfa14-6f9a-4d43-bab6-82dcfd602dfd} = protocol=6 | dir=in | app=c:\windows\syswow64\lxdicoms.exe |
{71bd560e-1a96-4df6-8430-69f0a601aa08} = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{729a7763-04d7-43cc-9216-b382e328b5a5} = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
{767dc0f8-fb1e-4600-a776-65e36625bdf0} = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
{8136d54c-7698-4962-9f3a-34b38d116931} = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
{8669ba1c-0efc-4061-835e-744e664339de} = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{884f1bbb-ec2e-474c-82f1-996658f287ae} = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 3500-4500 series\app4r.exe |
{8e635118-c643-4515-b20a-c9156d12d3b9} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{8fbdbd1c-4e53-40ca-bfea-8e26f317ebcb} = protocol=6 | dir=out | app=system |
{913c8341-f1cd-4941-ad7d-5e3e5151f8cd} = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{9bbf2841-14c0-43ee-a0a1-c3f4e0e5ca97} = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{9d3fc5a6-48ba-4875-8fb5-4720a8aa23d7} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
{a048a1a7-bc76-49d2-ad64-105a16ca4234} = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
{a11e9ff5-6970-4fb5-85d2-8e2c1d344f7c} = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
{a1533ef2-77e3-4938-b96d-2fc45dc1a5f9} = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{a4854a66-aa18-422c-b498-b282bc4212be} = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
{aa334626-7710-4c86-a560-b45459f81ae5} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
{abeef102-1e2e-4246-bb4f-139aa52df2f0} = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
{b6b9b9d8-4b5d-4c03-94d4-33445875f72e} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
{b7f51db8-2b97-4101-a7cd-445ccc094f44} = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
{b9910d5a-1ec8-47b9-81ef-31e0576ff3cc} = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
{bbdfae7c-e48d-4fff-97a2-b939d8a21537} = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{c281ba3b-15de-4781-a100-c0314d3d29d8} = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
{c29ae80e-68bc-48f4-a3d4-14ce2b5399f4} = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
{c84c0f6f-77c9-48d3-94b8-7c72027e9dfc} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\relea se\bioshock.exe |
{ca0351a8-c322-4af6-95d5-8a33ed0965bd} = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
{ce4832d2-e862-42b2-82b6-aeaec04ee9fd} = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
{d2ec0644-18d5-477c-9337-5f3de12a9b52} = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
{d58ce029-28e0-4677-a87d-cd81f63a1910} = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
{d9d1a7c4-513a-4204-92c2-778bca75c01e} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
{dc32b991-fae4-4de7-adc0-4a63b2b90f22} = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
{dd0f6e80-2527-4eb2-9d83-9a9d824c31d7} = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
{df3c854c-43d5-4446-8d4a-f5e0bbc3eec1} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{e6ae67f8-4481-45ae-b713-fad51990803b} = protocol=17 | dir=in | app=c:\windows\syswow64\lxdicoms.exe |
{eb548351-08b5-44f4-a553-7d7a55ab2ca2} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
{f5d252e8-e019-4955-a1c7-6ee4a81926e2} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
{f73cfc58-5450-425b-ba4a-d25aea7c4f39} = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 3500-4500 series\lxdiamon.exe |
{fc06c4ef-0261-4f99-90c0-d1217b7aa09f} = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
{fda72204-7192-4e6e-bc62-7ab38f84421d} = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
{feaab891-626e-4a40-a388-d14d2dd7b3c5} = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
{ff1fb0e9-6186-49b9-b20d-c5c99380224e} = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
tcp query user{0452051a-084f-4445-a7ad-6266dc804ee9}c:\program files (x86)\steam\steamapps\tuekie456\team fortress 2\hl2.exe = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\tuekie456\team fortress 2\hl2.exe |
tcp query user{1bc5e054-0f24-45fb-8763-39400b2a63f8}c:\program files (x86)\electronic arts\eadm\core.exe = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
tcp query user{303c54d4-22c7-4ad6-9929-0ce5d2ed264a}c:\program files (x86)\bittorrent\bittorrent.exe = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
tcp query user{41afb973-c5d9-4a44-8ff3-c86a66861513}c:\program files (x86)\ddpoker3\ddpoker.exe = protocol=6 | dir=in | app=c:\program files (x86)\ddpoker3\ddpoker.exe |
tcp query user{4796459e-3881-4b24-a63c-1ac061bb66aa}c:\program files (x86)\steam\steamapps\tuekie456\source 2007 dedicated server\srcds.exe = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\tuekie456\source 2007 dedicated server\srcds.exe |
tcp query user{9451a2bd-3596-4ded-a513-076adb3fdb44}c:\program files (x86)\opera\opera.exe = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
tcp query user{a0ca1f86-5922-4200-96d4-83b7f730f4e1}c:\users\owner\program files (x86)\dna\btdna.exe = protocol=6 | dir=in | app=c:\users\owner\program files (x86)\dna\btdna.exe |
tcp query user{c3388482-f72b-4f21-a1b3-409dbbda3125}c:\program files (x86)\steam\steamapps\tuekie456\team fortress 2\hl2.exe = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\tuekie456\team fortress 2\hl2.exe |
tcp query user{ed1681a4-b380-44be-b676-7c1c28e2c8e3}c:\program files (x86)\electronic arts\crytek\crysis wars\bin32\crysis.exe = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis wars\bin32\crysis.exe |
tcp query user{f1b9dc25-2534-48be-9e96-0c57325c3e75}c:\users\owner\desktop\tf2 server stuff\orangebox\srcds.exe = protocol=6 | dir=in | app=c:\users\owner\desktop\tf2 server stuff\orangebox\srcds.exe |
udp query user{25037055-db36-4463-bff9-39b4c64e9398}c:\program files (x86)\electronic arts\eadm\core.exe = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
udp query user{2b89c191-6205-48a2-9f0a-1d6d7c75c67f}c:\program files (x86)\electronic arts\crytek\crysis wars\bin32\crysis.exe = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis wars\bin32\crysis.exe |
udp query user{5469202e-691e-46ca-95ac-5572aef44c6c}c:\users\owner\program files (x86)\dna\btdna.exe = protocol=17 | dir=in | app=c:\users\owner\program files (x86)\dna\btdna.exe |
udp query user{635bd088-d500-46c8-9e8f-da93a7d8dfcd}c:\program files (x86)\ddpoker3\ddpoker.exe = protocol=17 | dir=in | app=c:\program files (x86)\ddpoker3\ddpoker.exe |
udp query user{69086def-3c62-450d-b55c-5b79b78bd6b6}c:\users\owner\desktop\tf2 server stuff\orangebox\srcds.exe = protocol=17 | dir=in | app=c:\users\owner\desktop\tf2 server stuff\orangebox\srcds.exe |
udp query user{9bbc193a-9f99-49e6-8afd-c3be01005be6}c:\program files (x86)\opera\opera.exe = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
udp query user{a48cb2ce-9f77-4716-ad99-6eccdfbf65b9}c:\program files (x86)\steam\steamapps\tuekie456\team fortress 2\hl2.exe = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\tuekie456\team fortress 2\hl2.exe |
udp query user{a5b0b5a0-072d-49ed-bdfd-c13121cd1813}c:\program files (x86)\steam\steamapps\tuekie456\source 2007 dedicated server\srcds.exe = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\tuekie456\source 2007 dedicated server\srcds.exe |
udp query user{b6a88693-b9a1-4935-827a-91560e1e5985}c:\program files (x86)\steam\steamapps\tuekie456\team fortress 2\hl2.exe = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\tuekie456\team fortress 2\hl2.exe |
udp query user{e062364a-8723-4782-aee3-5200b6d81f49}c:\program files (x86)\bittorrent\bittorrent.exe = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{200CD93B-AE9B-4780-A5BE-F32027257DD7}" = Apple Mobile Device Support
"{4575935D-9457-4517-8750-2341F4286F5F}" = iTunes
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{A51597AE-25A8-4B4E-AB19-C8612E400680}" = Microsoft Xbox 360 Accessories 1.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A0F36F1-75CA-49F4-A20C-8D875537F18C}" = Belkin Wireless G Plus MIMO USB Network Adapter
"{30BEF9F2-CD3F-4B13-9E5C-BFE2F9544572}_is1" = iZ3D Driver Remove
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{657201DD-30C8-4E50-88AD-164B3812E8F5}" = Framebuffer Crysis WARHEAD Benchmark Tool
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine(R)2 Sandbox(TM)2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)
"AVG8Uninstall" = AVG 8.5
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis Wars(R)" = Crysis Wars(R)
"DD Poker 3 " = DD Poker 3
"DriverAgent.exe" = DriverAgent by eSupport.com
"FLV Player" = FLV Player 2.0 (build 25)
"Fraps" = Fraps
"Google Updater" = Google Updater
"Guild Wars" = Guild Wars
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"PunkBusterSvc" = PunkBuster Services
"Registry Mechanic_is1" = Registry Mechanic 8.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor 6.0
"Steam App 10500" = Empire: Total War
"Steam App 211" = Source SDK
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 220" = Half-Life 2
"Steam App 310" = Team Fortress 2 Dedicated Server
"Steam App 3900" = Sid Meier's Civilization IV
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 7670" = Bioshock
"Steam App 8800" = Sid Meier's Civilization IV: Beyond the Sword
"Texas Hold'em Poker (Trial version)_is1" = Texas Hold'em Poker (Trial version) 7.21
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.9
"VobSub" = VobSub v2.23 (Remove Only)
"VTFEdit_is1" = VTFEdit 1.2.5
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR archiver
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/8/2009 11:22:24 PM | Computer Name = Machine1 | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, time
stamp 0x483b9a42, faulting module smum64.dll, version 6.0.0.1, time stamp 0x490f9f27,
exception code 0xc0000417, fault offset 0x0000000000002de0, process id 0x9fc, application
start time 0x01c9e8b14fcf0c88.

Error - 6/8/2009 11:24:47 PM | Computer Name = Machine1 | Source = Windows Search Service | ID = 3013
Description =

Error - 6/8/2009 11:24:47 PM | Computer Name = Machine1 | Source = Windows Search Service | ID = 3013
Description =

Error - 6/11/2009 2:25:01 PM | Computer Name = Machine1 | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, time
stamp 0x483b9a42, faulting module smum64.dll, version 6.0.0.1, time stamp 0x490f9f27,
exception code 0xc0000417, fault offset 0x0000000000002de0, process id 0x890, application
start time 0x01c9eac1bb79e847.

Error - 6/11/2009 7:40:10 PM | Computer Name = Machine1 | Source = Application Hang | ID = 1002
Description = The program aim6.exe version 1.4.9.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 7f0 Start Time: 01c9eaedd61d50a4 Termination Time: 2343

Error - 6/12/2009 12:29:19 AM | Computer Name = Machine1 | Source = Application Error | ID = 1000
Description = Faulting application gimp-2.6.exe, version 0.0.0.0, time stamp 0x49c4317f,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a783, exception
code 0xc0000005, fault offset 0x0002f897, process id 0xb1c, application start time
0x01c9eb164103df0a.

Error - 6/19/2009 12:41:35 AM | Computer Name = Machine1 | Source = Google Update | ID = 20
Description =

Error - 6/19/2009 3:42:03 PM | Computer Name = Machine1 | Source = Application Hang | ID = 1002
Description = The program aim6.exe version 1.4.9.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: e4c Start Time: 01c9f115f4d02a0c Termination Time: 31

Error - 6/21/2009 11:51:41 PM | Computer Name = Machine1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18226, time stamp
0x49ac95d6, faulting module IEToolbar.dll_unloaded, version 0.0.0.0, time stamp
0x4a25837e, exception code 0xc0000005, fault offset 0x05a89904, process id 0x10c4,
application start time 0x01c9f2ec65c565ec.

Error - 6/22/2009 1:59:40 PM | Computer Name = Machine1 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3439, time stamp 0x4a25b23d,
faulting module xul.dll, version 1.9.0.3439, time stamp 0x4a25b295, exception code
0xc0000005, fault offset 0x005efe73, process id 0x1680, application start time 0x01c9f35debc6af81.

[ System Events ]
Error - 6/22/2009 1:18:59 PM | Computer Name = Machine1 | Source = HTTP | ID = 15016
Description =

Error - 6/22/2009 3:36:09 PM | Computer Name = Machine1 | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 6/22/2009 3:36:09 PM | Computer Name = Machine1 | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 6/22/2009 3:36:09 PM | Computer Name = Machine1 | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 6/22/2009 3:36:09 PM | Computer Name = Machine1 | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 6/22/2009 3:36:09 PM | Computer Name = Machine1 | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 6/22/2009 3:36:09 PM | Computer Name = Machine1 | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 6/22/2009 3:36:09 PM | Computer Name = Machine1 | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 6/22/2009 3:36:09 PM | Computer Name = Machine1 | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 6/22/2009 3:36:29 PM | Computer Name = Machine1 | Source = HTTP | ID = 15016
Description =

< End of report >

Pancake · 06-23-2009

Download The Avenger by Swandog46 from here.
Unzip/extract it to a folder on your desktop.
Double click on avenger.exe to run The Avenger.
Click OK.
Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.

Copy all of the text in the below textbox to the clipboard by highlighting it and then pressing Ctrl+C.

Code:

Files to delete:
C:\Users\Owner\Desktop\BitTorrent-6.1.2.exe
C:\Windows\Tasks\User_Feed_Synchronization-{91025606-A6CE-49FB-963D-2FB51D02BB44}.job
Folders to delete:
 C:\Program Files\BitTorrent
C:\ProgramData\Viewpoint
C:\Program Files\Viewpoint
Drivers to delete:

In the avenger window, click the Paste Script from Clipboard, button.
Click the Execute button.
You will be asked Are you sure you want to execute the current script?.
Click Yes.
You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
Click Yes.
Your PC will now be rebooted.
Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
If that is the case, it will force a shutdown. This is normal & expected behaviour.
After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
Please post this log, along with a new HijackThis log in your next reply.

06-23-2009	#16
Pancake Senior Security Analyst Join Date: Jun 2006 Location: Victoria, Australia Posts: 8,297 PC Experience: Elite PC Guru	Re: High-End Rig suddenly slow..? Download The Avenger by Swandog46 from here. Unzip/extract it to a folder on your desktop. Double click on avenger.exe to run The Avenger. Click OK. Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it. Copy all of the text in the below textbox to the clipboard by highlighting it and then pressing Ctrl+C. Code: Files to delete: C:\Users\Owner\Desktop\BitTorrent-6.1.2.exe C:\Windows\Tasks\User_Feed_Synchronization-{91025606-A6CE-49FB-963D-2FB51D02BB44}.job Folders to delete: C:\Program Files\BitTorrent C:\ProgramData\Viewpoint C:\Program Files\Viewpoint Drivers to delete: In the avenger window, click the Paste Script from Clipboard, button. Click the Execute button. You will be asked Are you sure you want to execute the current script?. Click Yes. You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes. Your PC will now be rebooted. Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation. If that is the case, it will force a shutdown. This is normal & expected behaviour. After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt). Please post this log, along with a new HijackThis log in your next reply. __________________ An Australian Member of My real name is Eddy

Similar discussions...
Thread	Thread Starter	Forum	Replies	Last Post
High-End Rig suddenly Slow..?	Nick_a87	General Software	3	06-22-2009 04:55 AM
Internet is suddenly slow	XPforever	Windows XP/2000	9	03-28-2008 05:45 AM
<News> CeBIT: High-Def Without the High Price?	Newsie	IT News	0	03-14-2006 05:33 AM
PC is very slow, suddenly!	danhall14	[Pending] HJT Logs	3	10-31-2005 07:21 PM
Solved: pf usage high, system running slow	matty707	Spyware / AdWare	15	08-29-2005 08:47 PM

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode