# Limeted connectivity/Unidentified Network/unable to start DHCP



## Lost_Helper (Dec 24, 2011)

ok so a buddy at work asked if i could look at a laptop. it was working fine apparently, but then out of the blue the internet will no longer work. so i bring it home, it hooks up to my Network, but no internet. i change it to a private network (though it automatically changes it back when i restart.) and still no internet. i've tried to manually and automatically change the IPv4. no avail. Looking at the Network and Sharing Center the middle icon says Identifying, but theirs an x between that and internet. *i have local only* when i try to resolve the problem it says Dhcp is not running tried restarting it, but it says it cant and that it didnt fix the problem. i dont believe its my modem or router my base pc runs on it fine. *plus this pc was doing this for said friend* also on one forum a guy stated that their were three different programs that were supposed to be running. he said to check them through cmd. i did. they were running. just not DHCP. i've had to restart this laptop about 20 times or so. i cannot change os *Vista (bleh)* nor do a system restore. *wish i could* i also put avira on the computer to check for viruses. *which it did* so that is on their. i also tried uninstalling his ethernet card, so its at Broadcom 590x 10/100 ethernet, i tried then to updated but the file didnt work. so i cannot even update that through the laptop. i have it hooked up through wireless and wired, but without internet. i have his windows firewall on, but i've tried accessing the internet with it on and off. Nothing. I tried doing the Force&enable bcast regedit, nothing. this laptop has alot of stupid software on it but i'm not going to delete anything unless i have to. i've even used the cmd prompt in administrator, nothing. tried to run net start dhcp and all i get is "System error 87 has occurred. The parameter is incorrect." ive even tried doing the "netsh winsock reset catalog" which someone suggested might work. nope. so now i'm here. i'll give you all his spects to see if that will help. Vista home premium, service pack 2 Lenovo vista pc intel core duo t5800 @ 2.00ghz 2.00 ghz, 3.00gb of ram and its 32 bit operating system. his wireless is a Intel wireless wifi link 5100, and his wired is a broadcom 590x 10/100. i cant think of anything else to add here. hopefully one of you may be able to help me. i'll check back in the morning. or after i get back from holiday with family. i'm just beat tonight. been working on this for hours. sorry for the sloppy typing. merry Christmas to all.


----------



## etaf (Oct 2, 2003)

would you post the following

*------------------------------------------------------------------------*
* ipconfig /all *
If you cannot access the internet with this PC, then you will need to paste the results into something like notepad and then copy onto a machine that can access the internet and post results here

We would like to see the results from ipconfig /all post back the results in a reply here

Hold the *Windows* key and press *R*, then type *CMD* then press *Enter* to open a command prompt box (A new dialogue box - black with white font, will appear on screen ):

In the command prompt window that opens, type the following command:

_Note that there is a space before the /ALL, but there is *NOT* a space after the / in the following command._

* ipconfig /all > network.txt & network.txt *

It will export the results to notepad and then automatically open notepad.

Now all you need to do is copy and paste those results to a reply here
to do that:
From the notepad menu - choose *Edit* - *Select all* 
all the text will be highlighted
Next
From the notepad menu - choose *Edit* - *Copy*
Now go back to the forum - reply and then right click in the reply box and *paste* 
*------------------------------------------------------------------------*
*------------------------------------------------------------------------*
*Services*

We would like to see some status information for each of the services listed below to do this goto

Start> {*Run* in XP} {*Search box* in Vista/W7}> CMD to open a DOS window and type:
SERVICES.MSC
*OR*
Control Panel>
Administrative Tools> 
Services>

then for each of the servies listed below - Please post back the following status information - 
If the service is Started/Stopped 
and 
If the service is Automatic/Manual


COM+ Event System (for WZC issues)
Computer Browser
DHCP Client
DNS Client
Network Connections
Network Location Awareness
Remote Procedure Call (RPC)
Server
TCP/IP Netbios helper
Wireless Zero Configuration _(XP wireless configurations only_)
WLAN AutoConfig (_Windows 7 & Vista wireless configurations only_)
Workstation

If a service is not running, 
right click on the service 
then click on properties and now check the dependencies.

Check each of the dependencies and see which one is preventing the service from running.

Also to help us identify what may be causing the issue
Check the event log, there may be clues to what is failing. To do that 
Start > 
control panel > 
administrative tools > 
event Viewer>

*------------------------------------------------------------------------*

*------------------------------------------------------------------------*

To verify that the dependency components are running. Follow the steps below:
• Click Start, Run and type DEVMGMT.MSC
• In the View menu, click Show hidden devices
• Double-click Non-Plug and Play drivers section
• Double-click the entry AFD, "Ancillary Function Driver for winsock" and click the Driver tab
*Whats the startup type set to ?*
• Start the service. Note down the error message if any.

Similarly start the other drivers namely:
NetIO legacy TDI support driver
TCP/IP Protocol Driver
Network store interface service
NSI proxy service

Post back if all are started and any error messages
--------------------------------


----------



## Lost_Helper (Dec 24, 2011)

Thank you Etaf for responding i've seen you help some other's on this site and i'm hopeful you can do the same for me.

ok so i tried to do as you asked and i only ran into one problem i'm not sure what to look for in event log, so there isnt a way i can send that. unless their is a way i can open a command prompt and copy paste as you wanted me to do earlier. heres what i got for you. *hope it helps*

Network first

Windows IP Configuration

Host Name . . . . . . . . . . . . : Fromeyer-PC
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 5100
Physical Address. . . . . . . . . : 00-21-5D-1F-78-E8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Broadcom 590x 10/100 Ethernet
Physical Address. . . . . . . . . : 00-1E-EC-C1-64-69
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::edb9:6814:386e:88b9%10(Preferred) 
Autoconfiguration IPv4 Address. . : 169.254.136.185(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : isatap.myhome.westell.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : isatap.{CC8669DF-C139-4BA5-80AB-E3AD412722D0}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : isatap.{35148CDF-980A-4CEC-A72F-86C32DA478DA}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

now services

com+event system--started--automatic
computer browser--started--automatic
Dhcp client--blank--automatic
dns client--started--automatic
network connections--started--automatic
network location awareness--started--automatic
remote procedure call--started--automatic
server--started--automatic
tcp/ip netbios helper--started--automatic
wlan autoconfig--started--automatic
workstation--started--automatic

The Dhcp client, only has no system dependencies
but does have one service dependent it is WinHTTP Web Proxy Auto-Discovery Service

now for the dependencies

the AFD or Ancillary Function Driver for Winsock -- status: Started -- startup: system. also i tried to stop it to restart, it said it could not do this.

The NetIO legacy TDI support driver -- status: started -- startup: system

TCP/IP Protocol Driver -- Status: Started -- startup: system

NSI proxy service -- status: started -- startup: system

i could not find "Network store interface service"

unless the NSIS is somewhere else on the computer i could not find it. 

i do hope this information is helpful. also i know the DHCP was not working, though i never was capable of restarting it. and after several hours of trying i gave up.


----------



## etaf (Oct 2, 2003)

> Dhcp client--blank--automatic


strange thats blank - if you right click on the service what do you get - can you start it ?


----------



## Lost_Helper (Dec 24, 2011)

Etaf, 

I tried starting it and i get an error code and it says,

Windows could not start the DHCP Client service on Local Computer.

Error 87: The Parameter is incorrect.

and i could not find what that meant or how to remedy it.


----------



## etaf (Oct 2, 2003)

if you look at the dependencies for dhcp client - which one is NOT starting 
right click on the service 
then click on properties and now check the dependencies. 

Check each of the dependencies and see which one is preventing the service from running.


----------



## Lost_Helper (Dec 24, 2011)

i wish there was a way we could talk through yahoo so i could keep contact. i looked at the Dependencies only one i found was WinHTTP Web Proxy Auto-Discovery Service.
it was set to Manual start. i switched it to automatic, then tried to get it running. it says it cannot open.

Error 1068: The dependency service or group failed to start. 
so i checked its dependencies and it says This service depends on the following system components: DHCP Client

also i checked the Dependencies of the DHCP Client. it says <No Dependencies>


----------



## etaf (Oct 2, 2003)

> i wish there was a way we could talk through yahoo


not allowed on the forum here



> DHCP Client. it says <No Dependencies>


 there should be a couple of dependencies for that service

i have attached my vista PC service and dependencies

i think probably worth looking at a virus/malware

have a read here 
http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html
and post the required logs
we can then move to the virus forum, but it may take 48hrs before a virus guru responds and with the holiday maybe longer


----------



## Lost_Helper (Dec 24, 2011)

i have now set up my DHCP client to have dependencies, they are
Ancilliary function driver for winsock
Netbt
-NetIO legacy TDI support driver
--TCP/IP protocol driver
-TCP/IP protocol driver
Network store interface service
-nsi proxy service
Nsi proxy service
Tcp/ip protocol driver

i had to go in through regedit and add the multi string value---DependOnService

then i added under the values 
tcpip
afd
netbt
nsi
nsiproxy

so atleast dhcp now knows it needs dependencies. which is more then it did before.
*i used your attachment as a guide for which dependencies i used*

also the dependencies that i added under the regedit are working, in the Device manager section under Non-Plug and play drivers

with the exception of Nsis. though it some how showed up under my Dhcp client properties.

so all of the dependencies are there and working but i still get a pop up that says

Error 87: The parameter is incorrect

is their something else it needs?

about to start running all of the stuff mention in the Virus & other Malware remover page that i was instructed to go to.


----------



## Lost_Helper (Dec 24, 2011)

ok i ran all three programs on the other forum page. so they are waiting if i need them.


----------



## etaf (Oct 2, 2003)

can you post them and we will move to the virus forum - may take 48 hrs for a response 

have you tried a system restore 
start>programs>accessories>system tools>system restore 
choose a date before the problem started


----------



## Lost_Helper (Dec 24, 2011)

first off the system restore was tried from what i was told, though to no good effect. i dont want to do that seeing as its not my computer. i dont have the vista cd so i cannot use it to reinstall the right files to help me fix it either. all i have is the laptop and the problem. and now for the scan results.

Gmer first

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-26 02:30:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVS-22UST0 rev.01.01A01
Running: zqo0j82w.exe; Driver: C:\Users\Fromeyer\AppData\Local\Temp\uxddakoc.sys

---- System - GMER 1.0.15 ----

SSDT 8BF74756 ZwCreateSection
SSDT 8BF74760 ZwRequestWaitReplyPort
SSDT 8BF7475B ZwSetContextThread
SSDT 8BF74765 ZwSetSecurityObject
SSDT 8BF7476A ZwSystemDebugControl
SSDT 8BF746F7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 215 81CC2998 4 Bytes [56, 47, F7, 8B]
.text ntkrnlpa.exe!KeSetEvent + 539 81CC2CBC 4 Bytes [60, 47, F7, 8B]
.text ntkrnlpa.exe!KeSetEvent + 56D 81CC2CF0 4 Bytes [5B, 47, F7, 8B]
.text ntkrnlpa.exe!KeSetEvent + 5D1 81CC2D54 4 Bytes [65, 47, F7, 8B]
.text ntkrnlpa.exe!KeSetEvent + 619 81CC2D9C 4 Bytes [6A, 47, F7, 8B]
.text ... 
PAGE [email protected]@3PADA + 1ABF AC05603F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE [email protected]@3PADA + 1B2F AC0560AF 1 Byte [16]
PAGE [email protected]@3PADA + 1B2F AC0560AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE [email protected]@3PADA + 1BB0 AC056130 6 Bytes [0E, 83, 78, 14, 01, 75]
PAGE [email protected]@3PADA + 1BB7 AC056137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, ...]
PAGE ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

DDs

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_17
Run by Fromeyer at 0:17:20 on 2011-12-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3032.1906 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Compal\TmlCMode\TmlCMode.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\p2phost.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\IgrsSvcs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\msiexec.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uSearch Page = 
uSearch Bar = Preserve
mStart Page = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uInternet Settings,ProxyServer = http=127.0.0.1:59677
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80113&tmpl=1
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80113
mURLSearchHooks: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf_.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - &Yahoo! Toolbar Helper
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf_.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll
TB: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf_.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {CF45C54F-801C-41B5-AC77-57F2BF418EDC} - No File
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ZMW] c:\program files\handheld entertainment\zapp\zmw.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SmartAudio] c:\program files\conexant\smartaudio\SMAUDIO.EXE /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [TmlCMode] c:\program files\compal\tmlcmode\TmlCMode.exe
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /pausefor=600
mRun: [Readycomm] c:\program files\lenovo\readycomm\ReadyComm.exe -TrayMode
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\fromeyer\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\fromeyer\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 68.68.170.9 69.60.160.196
TCP: Interfaces\{35148CDF-980A-4CEC-A72F-86C32DA478DA} : DhcpNameServer = 68.68.170.9 69.60.160.196
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\fromeyer\appdata\roaming\mozilla\firefox\profiles\chiust77.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNxpt343YYUS&fl=0&ptb=ICjr_rRBdmGm6omg.2Di0A&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59677
FF - prefs.js: network.proxy.type - 1
FF - component: c:\users\fromeyer\appdata\roaming\mozilla\firefox\profiles\chiust77.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\fromeyer\appdata\roaming\mozilla\firefox\profiles\chiust77.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\users\fromeyer\appdata\roaming\mozilla\firefox\profiles\chiust77.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\fromeyer\appdata\roaming\mozilla\firefox\profiles\chiust77.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\users\fromeyer\appdata\roaming\mozilla\firefox\profiles\chiust77.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\FFExternalAlert.dll
FF - component: c:\users\fromeyer\appdata\roaming\mozilla\firefox\profiles\chiust77.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\RadioWMPCore.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2008-10-7 17192]
R0 Wdkbdmou;Lenovo RMCT KbdMou Service;c:\windows\system32\drivers\Wdkbdmou.sys [2008-5-21 8832]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-24 36000]
R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2008-10-7 49472]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-24 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-24 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-24 74640]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2008-2-14 32768]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2008-10-7 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-10-7 47680]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2008-10-7 18448]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-24 183808]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-5-15 54784]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\drivers\enecirhid.sys [2008-5-15 11264]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\drivers\enecirhidma.sys [2008-5-15 5632]
R3 IncSvc;ReadyComm Network Monitor and Configuration;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-7-24 112128]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-5-15 3658752]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-5-12 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-11 43608]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2008-5-21 8832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-26 136176]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-5-17 308592]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [2010-11-4 25728]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [2010-11-4 101120]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [2010-11-4 108416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-10-7 81192]
.
=============== Created Last 30 ================
.
2011-12-24 06:28:07 -------- d-----w- c:\users\fromeyer\{ab581507-e9a4-42a0-9714-2e8809fa7ef6}
2011-12-24 06:27:42 -------- d-----w- c:\users\fromeyer\{e445000d-9851-4c3f-9455-40ca7f295276}
2011-12-24 05:25:46 -------- d-----w- c:\users\fromeyer\appdata\roaming\Avira
2011-12-24 05:23:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-24 05:23:54 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-24 05:23:50 -------- d-----w- c:\programdata\Avira
2011-12-24 05:23:50 -------- d-----w- c:\program files\Avira
2011-12-18 05:22:54 -------- d-sh--r- C:\_Backup.RC
2011-12-18 05:22:46 -------- d--h--w- C:\_Backup
2011-12-18 05:19:59 -------- d-----w- c:\users\fromeyer\appdata\roaming\Avanquest
2011-12-18 05:19:59 -------- d-----w- c:\programdata\Avanquest
2011-12-18 05:19:47 -------- d-----w- c:\program files\common files\AntiVirus
2011-12-18 05:19:38 -------- d-----w- c:\program files\Avanquest
.
==================== Find3M ====================
.
.
============= FINISH: 0:18:30.56 ===============

Hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:18:41 AM, on 12/26/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Compal\TmlCMode\TmlCMode.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\p2phost.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Fromeyer\Desktop\dds.com
C:\Windows\system32\cmd.exe
C:\Users\Fromeyer\Desktop\zqo0j82w.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\System32\cscript.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80113&tmpl=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80113
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59677
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Elf 1.13 - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll
O3 - Toolbar: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE /c
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [TmlCMode] C:\Program Files\Compal\TmlCMode\TmlCMode.exe
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /pausefor=600
O4 - HKLM\..\Run: [Readycomm] C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe -TrayMode
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ZMW] C:\Program Files\HandHeld Entertainment\ZAPP\zmw.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Fromeyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: System Repair Windows Update Monitor (System_Repair_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10482 bytes

hope that is correct. here's hoping it will help.


----------



## Lost_Helper (Dec 24, 2011)

i was just wondering if this has been placed in the appropriate place. i haven't heard anything in a while. here's hoping someone has had a chance to look at it.


----------



## etaf (Oct 2, 2003)

this is a very busy forum, and with the holidays, maybe the reason it taking so long for an expert to view - I'll see if any around


----------



## Cookiegal (Aug 27, 2003)

First of all, you mentioned this is someone's laptop at work. Is it a work laptop or their own personal laptop?


----------



## Lost_Helper (Dec 24, 2011)

its a personal laptop. it's just owned by a relative of one of my co-workers.


----------



## Cookiegal (Aug 27, 2003)

Does it use a proxy to connect?

Because I believe these proxy settings are rogue (set by malware):

http=127.0.0.1:59677


----------



## Lost_Helper (Dec 24, 2011)

i'm not sure. how would i find this information to answer your question?


----------



## Cookiegal (Aug 27, 2003)

You would have to ask the owner of the laptop. I'm 99% sure it's rogue though. We can go ahead and remove them. If necessary, it can always be set up again.

But first, please do the following:

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to *Step 1*, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

* Note: If you have SP3, use the SP2 package.*

---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------

*Disable your anti-Virus and anti-spyware applications*, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.











Drag the setup package onto ComboFix.exe and drop it.

Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.










At the next prompt, click 'Yes' to run the full ComboFix scan.

When the tool is finished, it will produce a report for you.
Please post the *C:\ComboFix.txt* in your next reply.

***


----------



## Lost_Helper (Dec 24, 2011)

um these programs are for xp, this laptop uses Vista


----------



## Cookiegal (Aug 27, 2003)

Sorry, that's just the Recovery Console part but you're right, Vista is different. Does the laptop have the System Recovery Environment pre-installed on it?


----------



## Lost_Helper (Dec 24, 2011)

i dont think so, how would i find out this as well? turn on the computer hit f2, or f8? or is there something on the laptop that would allow me to find this out?

again i doubt its on her though.


----------



## Cookiegal (Aug 27, 2003)

For the purpose of running ComboFix, it won't matter so please just go ahead with that.


----------



## Lost_Helper (Dec 24, 2011)

ComboFix 12-01-01.06 - Fromeyer 01/01/2012 19:36:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3032.1935 [GMT -5:00]
Running from: c:\users\Fromeyer\Desktop\ComboFix.exe
Command switches used :: c:\users\Fromeyer\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AutocompletePro
c:\program files\AutocompletePro\64\AutocompletePro64.dll
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\[email protected]\chrome.manifest
c:\program files\AutocompletePro\[email protected]\chrome\content\appIcon.png
c:\program files\AutocompletePro\[email protected]\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\[email protected]\chrome\content\options.js
c:\program files\AutocompletePro\[email protected]\chrome\content\options.xul
c:\program files\AutocompletePro\[email protected]\chrome\content\utils.js
c:\program files\AutocompletePro\[email protected]\defaults\preferences\predictad.js
c:\program files\AutocompletePro\[email protected]\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\iun6002.exe
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))
.
.
2011-12-26 05:17 . 2011-12-26 05:17 388096 ----a-r- c:\users\Fromeyer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-26 05:17 . 2011-12-26 05:17 -------- d-----w- c:\program files\Trend Micro
2011-12-24 06:28 . 2011-12-24 06:28 -------- d-----w- c:\users\Fromeyer\{ab581507-e9a4-42a0-9714-2e8809fa7ef6}
2011-12-24 06:27 . 2011-12-24 06:27 -------- d-----w- c:\users\Fromeyer\{e445000d-9851-4c3f-9455-40ca7f295276}
2011-12-24 05:25 . 2011-12-24 05:25 -------- d-----w- c:\users\Fromeyer\AppData\Roaming\Avira
2011-12-24 05:23 . 2011-10-11 20:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-24 05:23 . 2011-10-11 20:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-24 05:23 . 2011-10-11 20:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-24 05:23 . 2011-12-24 05:23 -------- d-----w- c:\programdata\Avira
2011-12-24 05:23 . 2011-12-24 05:23 -------- d-----w- c:\program files\Avira
2011-12-18 05:22 . 2011-12-24 06:25 -------- d-----w- C:\_Backup
2011-12-18 05:19 . 2011-12-18 05:31 -------- d-----w- c:\users\Fromeyer\AppData\Roaming\Avanquest
2011-12-18 05:19 . 2011-12-18 05:30 -------- d-----w- c:\programdata\Avanquest
2011-12-18 05:19 . 2011-12-24 06:26 -------- d-----w- c:\program files\Common Files\AntiVirus
2011-12-18 05:19 . 2011-12-18 05:19 -------- d-----w- c:\program files\Avanquest
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 07:24 . 2011-12-24 05:08 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-03 15:16 175400 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b80f591e-fe9a-46cf-a13e-180377240586}]
2011-01-03 15:16 175400 ----a-w- c:\program files\Elf_1.13\prxtbElf_.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-03-28 16:22 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-02-28 22:11 191488 ------w- c:\program files\Yontoo Layers\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b80f591e-fe9a-46cf-a13e-180377240586}"= "c:\program files\Elf_1.13\prxtbElf_.dll" [2011-01-03 175400]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B80F591E-FE9A-46CF-A13E-180377240586}"= "c:\program files\Elf_1.13\prxtbElf_.dll" [2011-01-03 175400]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2008-10-08 02:53 241752 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-21 192000]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-09 4363504]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-27 39408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-06-21 399736]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2008-08-26 5289888]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-07-31 8851456]
"TmlCMode"="c:\program files\Compal\TmlCMode\TmlCMode.exe" [2008-10-08 348160]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2008-06-19 284096]
"Readycomm"="c:\program files\Lenovo\ReadyComm\ReadyComm.exe" [2007-05-11 421888]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-05-07 1638400]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
.
c:\users\Fromeyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 13:58 40368 ----a-w-  c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFaceManager]
2008-10-08 02:53 2916352 ----a-w- c:\program files\Lenovo\VeriFaceIII\PManage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3575403344-3258026585-3421331224-1004]
"EnableNotificationsRef"=dword:00000001
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-27 136176]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [2010-05-17 308592]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\smhwadb.sys [2009-12-24 25728]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2008-01-21 21504]
R3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\DRIVERS\smhwdev.sys [2010-01-13 101120]
R3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\DRIVERS\smhwser.sys [2010-02-04 108416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-01-10 81192]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2007-10-25 17192]
S0 Wdkbdmou;Lenovo RMCT KbdMou Service;c:\windows\system32\DRIVERS\Wdkbdmou.sys [2008-05-21 8832]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 funfrm;funfrm; [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2008-02-14 32768]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2008-01-21 21504]
S2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [2008-04-23 430080]
S2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2007-11-24 47680]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2008-01-02 18448]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-25 183808]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-29 54784]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2008-04-29 11264]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-25 5632]
S3 IncSvc;ReadyComm Network Monitor and Configuration;c:\windows\System32\IgrsSvcs.exe [2008-01-21 21504]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-05-13 51288]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2008-05-21 8832]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter IncSvc PS_MDP
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-27 00:14]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-27 00:14]
.
2012-01-02 c:\windows\Tasks\User_Feed_Synchronization-{9E13857D-6D0F-4607-B604-FFF6E58982B1}.job
- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = http=127.0.0.1:59677
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Fromeyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 68.68.170.9 69.60.160.196
FF - ProfilePath - c:\users\Fromeyer\AppData\Roaming\Mozilla\Firefox\Profiles\chiust77.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNxpt343YYUS&fl=0&ptb=ICjr_rRBdmGm6omg.2Di0A&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59677
FF - prefs.js: network.proxy.type - 1
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
WebBrowser-{CF45C54F-801C-41B5-AC77-57F2BF418EDC} - (no file)
HKCU-Run-ZMW - c:\program files\HandHeld Entertainment\ZAPP\zmw.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-01 19:44
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-01 19:47:52
ComboFix-quarantined-files.txt 2012-01-02 00:47
.
Pre-Run: 41,336,201,216 bytes free
Post-Run: 41,078,935,552 bytes free
.
- - End Of File - - D9DF38C7155A72183FCA6361EFA8DBFF

this is the file ComboFix from the infected laptop.


----------



## Cookiegal (Aug 27, 2003)

In Internet Explorer go to *Tools *- *Internet Options* - *Connections Tab* - *Lan Settings* and uncheck "Use a proxy server for your LAN" and check "Automatically detect settings".

In Firefox go to *Tools *- *Options*... -> *Advanced Tab* -> *Network Tab* -> "*Settings*" under *Connection* and click on "No proxy".

Then reboot and see if the laptop can connect please.


----------



## Lost_Helper (Dec 24, 2011)

that is already the settings. i did that back when i first started working on this laptop.


----------



## Cookiegal (Aug 27, 2003)

Both logs indicate there are proxy settings in place:

uInternet Settings,ProxyServer = http=127.0.0.1:59677


----------



## Lost_Helper (Dec 24, 2011)

it was the firefox, i changed it to no proxy as you said. *both are as you put it in Post #25*

restarted and clicked on Internet explorer.

nothing.


----------



## Cookiegal (Aug 27, 2003)

Please go back into the Event Viewer and post back all errors that have occured in the past 24-48 hours under both Application and System.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## Lost_Helper (Dec 24, 2011)

hopefully i'm doing this right. i opened event viewer, then went into the Windows logs folder then opened application copied them to a notepad. i then clicked on the system one and got an big white X with red around it. says this "Event Viewer cannot open the event log or custom view. Verify that Event Log service is running. The data is invalid (13)"

i'm not sure what to do their i thought the event viewer was running. so here is the Applications folder for today. Log Name: Application
Source: Microsoft-Windows-CAPI2
Date: 1/1/2012 8:31:38 PM
Event ID: 11
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" EventSourceName="Microsoft-Windows-CAPI2" />
<EventID Qualifiers="49154">11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-02T01:31:38.000Z" />
<EventRecordID>25113</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-WMI
Date: 1/1/2012 8:31:33 PM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-02T01:31:33.000Z" />
<EventRecordID>25110</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
//./root/CIMV2
SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99
0x80041003
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-CAPI2
Date: 1/1/2012 7:25:17 PM
Event ID: 11
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" EventSourceName="Microsoft-Windows-CAPI2" />
<EventID Qualifiers="49154">11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-02T00:25:17.000Z" />
<EventRecordID>25070</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-WMI
Date: 1/1/2012 7:23:12 PM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-02T00:23:12.000Z" />
<EventRecordID>25060</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
//./root/CIMV2
SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99
0x80041003
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-CAPI2
Date: 1/1/2012 7:14:51 PM
Event ID: 11
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" EventSourceName="Microsoft-Windows-CAPI2" />
<EventID Qualifiers="49154">11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-02T00:14:51.000Z" />
<EventRecordID>25026</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-WMI
Date: 1/1/2012 7:14:48 PM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-02T00:14:48.000Z" />
<EventRecordID>25024</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
//./root/CIMV2
SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99
0x80041003
</EventData>
</Event>

i can go back further if you'd like, i got the system back on the 23rd or 22nd. i'm not sure. but i can all the way back to 2005 with this thing if i remember correctly.


----------



## Cookiegal (Aug 27, 2003)

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
In *Additional Scans *section put a check in Disabled MS Config Items, Drivers32, NetSvcs, SafeBoot Minimal and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## Lost_Helper (Dec 24, 2011)

ok here is the OTS notepad file.


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.

```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Users\Fromeyer\AppData\Roaming\Mozilla\FireFox\Profiles\chiust77.default\prefs.js
YN -> network.proxy.http -> "127.0.0.1"
YN -> network.proxy.http_port -> 59677
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [&Yahoo! Toolbar Helper]
YN -> {0FB6A909-6086-458F-BD92-1F8EE10042A0} [HKLM] -> [AC-Pro]
YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{D7E97865-918F-41E4-9CD0-25AB1C574CE8}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Files - No Company Name]
NY ->  ep6kkw8xbk0184big1gr3105moca8yr5263 -> C:\Users\Fromeyer\AppData\Local\ep6kkw8xbk0184big1gr3105moca8yr5263
NY ->  ep6kkw8xbk0184big1gr3105moca8yr5263 -> C:\ProgramData\ep6kkw8xbk0184big1gr3105moca8yr5263
[Start Explorer]
[Reboot]
```


----------



## Lost_Helper (Dec 24, 2011)

OST said for me to finish i needed to restart the computer, so i did. it didn't show a notepad at all. i could still run the Hijack This program or is their something else i was supposed to do?


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *Run *and copy and paste the following:

*regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services"*

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. The report will be large so please zip it and upload it as an attachment.


----------



## Lost_Helper (Dec 24, 2011)

alright here is the look.txt i compressed.


----------



## Cookiegal (Aug 27, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
tdx.sys
netbt.sys
dhcpcsvc.dll
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## Lost_Helper (Dec 24, 2011)

SystemLook 30.07.11 by jpshortstuff
Log created at 05:44 on 04/01/2012 by Fromeyer
Administrator - Elevation successful

========== filefind ==========

Searching for "tdx.sys"


Will this suffice? Or were you wanting me to upload the notepad file?


----------



## Cookiegal (Aug 27, 2003)

it shouldn't be big enough to have to upload it as an attachment so please just copy and paste the entire log file.


----------



## Lost_Helper (Dec 24, 2011)

that was all the file said. i copied then pasted the whole document. and thinking that was rather a short doc txt. i re-ran it. that is again all i received when i ran the program with 

:filefind
tdx.sys
netbt.sys
dhcpcsvc.dll

in the open box and then hit look. was their something else i was supposed to do?


----------



## Cookiegal (Aug 27, 2003)

Please try entering the commands one at a time then, as follows:


```
:filefind
tdx.sys
```


```
:filefind
netbt.sys
```


```
:filefind
dhcpcsvc.dll
```


----------



## Lost_Helper (Dec 24, 2011)

SystemLook 30.07.11 by jpshortstuff
Log created at 05:06 on 06/01/2012 by Fromeyer
Administrator - Elevation successful

========== filefind ==========

Searching for "tdx.sys"
C:\Windows\ERDNT\cache\tdx.sys --a---- 72192 bytes [00:45 02/01/2012] [04:45 11/04/2009] 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\drivers\tdx.sys --a---- 72192 bytes [14:21 29/10/2009] [04:45 11/04/2009] 76B06EB8A01FC8624D699E7045303E54
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys --a---- 71680 bytes [02:24 21/01/2008] [02:24 21/01/2008] D09276B1FAB033CE1D40DCBDF303D10F
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys --a---- 72192 bytes [14:21 29/10/2009] [04:45 11/04/2009] 76B06EB8A01FC8624D699E7045303E54

Searching for "netbt.sys"
C:\Windows\System32\drivers\netbt.sys --a---- 185856 bytes [14:21 29/10/2009] [04:45 11/04/2009] ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys --a---- 184320 bytes [02:24 21/01/2008] [02:24 21/01/2008] 7C5FEE5B1C5728507CD96FB4A13E7A02
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys --a---- 185856 bytes [14:21 29/10/2009] [04:45 11/04/2009] ECD64230A59CBD93C85F1CD1CAB9F3F6

Searching for "dhcpcsvc.dll"
C:\Windows\System32\dhcpcsvc.dll --a---- 204288 bytes [14:22 29/10/2009] [06:28 11/04/2009] 9028559C132146FB75EB7ACF384B086A
C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\dhcpcsvc.dll --a---- 204288 bytes [02:24 21/01/2008] [02:24 21/01/2008] 43A988A9C10333476CB5FB667CBD629D
C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6002.18005_none_d945a2ac2bb19ac6\dhcpcsvc.dll --a---- 204288 bytes [14:22 29/10/2009] [06:28 11/04/2009] 9028559C132146FB75EB7ACF384B086A

-= EOF =-

rescanned. will this suffice? is this what your looking for?


----------



## Cookiegal (Aug 27, 2003)

Yes, thanks.

Please download *Farbar Service Scanner* and run it on the computer with the issue.
Make sure the following option is checked:
*Internet Services*

Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


----------



## Lost_Helper (Dec 24, 2011)

Farbar Service Scanner 
Ran by Fromeyer (administrator) on 07-01-2012 at 01:23:52
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-27 15:33] - [2010-06-16 11:04] - 0905088 ____A (Microsoft Corporation) A474879AFA4A596B3A531F3E69730DBF

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## Cookiegal (Aug 27, 2003)

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Click *Scan*.

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *


----------



## Lost_Helper (Dec 24, 2011)

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-07 16:12:22
-----------------------------
16:12:22.249 OS Version: Windows 6.0.6002 Service Pack 2
16:12:22.249 Number of processors: 2 586 0xF0D
16:12:22.249 ComputerName: FROMEYER-PC UserName: Fromeyer
16:13:00.344 Initialize success
16:13:00.407 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
16:13:21.056 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:13:21.072 Disk 0 Vendor: WDC_WD2500BEVS-22UST0 01.01A01 Size: 238475MB BusType: 3
16:13:21.119 Disk 0 MBR read successfully
16:13:21.134 Disk 0 MBR scan
16:13:21.134 Disk 0 Windows VISTA default MBR code
16:13:21.150 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 192247 MB offset 2048
16:13:21.165 Disk 0 Partition - 00 0F Extended LBA 31118 MB offset 393723904
16:13:21.197 Disk 0 Partition 2 00 12 Compaq diag NTFS 15108 MB offset 457453568
16:13:21.228 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 31117 MB offset 393725952
16:13:21.228 Disk 0 scanning sectors +488396464
16:13:21.290 Disk 0 scanning C:\Windows\system32\drivers
16:13:30.744 Service scanning
16:13:32.413 Modules scanning
16:13:39.885 Disk 0 trace - called modules:
16:13:39.917 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 
16:13:39.917 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85178ac8]
16:13:39.932 3 CLASSPNP.SYS[89fa98b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84751030]
16:13:39.948 Scan finished successfully
16:14:16.805 Disk 0 MBR has been saved successfully to "C:\Users\Fromeyer\Desktop\MBR.dat"
16:14:16.805 The log file has been saved successfully to "C:\Users\Fromeyer\Desktop\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

Please check the Event Viewer again and post any errors under both Application and System that have occurred in the past 48 hours.


----------



## Lost_Helper (Dec 24, 2011)

Log Name: Application
Source: Microsoft-Windows-CAPI2
Date: 1/7/2012 3:49:15 PM
Event ID: 11
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" EventSourceName="Microsoft-Windows-CAPI2" />
<EventID Qualifiers="49154">11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-07T20:49:15.000Z" />
<EventRecordID>25419</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-WMI
Date: 1/7/2012 3:49:11 PM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-07T20:49:11.000Z" />
<EventRecordID>25418</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
//./root/CIMV2
SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99
0x80041003
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-CAPI2
Date: 1/7/2012 1:22:26 AM
Event ID: 11
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" EventSourceName="Microsoft-Windows-CAPI2" />
<EventID Qualifiers="49154">11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-07T06:22:26.000Z" />
<EventRecordID>25380</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-WMI
Date: 1/7/2012 1:22:22 AM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-07T06:22:22.000Z" />
<EventRecordID>25377</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
//./root/CIMV2
SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99
0x80041003
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-CAPI2
Date: 1/6/2012 4:56:30 AM
Event ID: 11
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" EventSourceName="Microsoft-Windows-CAPI2" />
<EventID Qualifiers="49154">11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-06T09:56:30.000Z" />
<EventRecordID>25336</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-WMI
Date: 1/6/2012 4:56:26 AM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-06T09:56:26.000Z" />
<EventRecordID>25334</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
//./root/CIMV2
SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99
0x80041003
</EventData>
</Event>

system error

event viewer cannot open the event log or custom view. verify that event log service is running. the data is invalid (13)


----------



## Cookiegal (Aug 27, 2003)

I believe I see some discrepancies in the services registry key. Has anyone made some edits to the registry to try to fix this or some previous problem with networking issues?


----------



## Lost_Helper (Dec 24, 2011)

yes. the DHCP client wasnt working correctly. so i looked up online on how to fix this. it stated that the client needed certain dependencies. so i checked to see that they were working correctly. they were functioning, the client was not. so then i check it to see if it was relying on the proper dependencies. when i opened it up their were no dependencies in the box. so i looked up how to make it so the DHCP client would use the proper dependencies. had to go in the Regedit. the file needed was not there. so i had to make it. i then had to set it up through cmd prompt to make it so the client would accept all of what i did. *a lot of internet and searching around and trying to figure out where every thing went. and a lot of swearing* after all was said and done the client still would not run. it would start when i turned the laptop on, but as soon as it was up and running it would stop. * i am assuming it was running. it said it had sent and received a small amount of packets. so after a few days of trying to get things to work and not succeeding on doing so i came here and i was sent to you after doing some work for another person on this sight. hopefully i didnt screw up anything.


----------



## Cookiegal (Aug 27, 2003)

Yes, I remember seeing that in earlier posts. But other than dependences, for instance, did you try to add keys or values such as "DhcpConnForceBroadcastFlag"?


----------



## Lost_Helper (Dec 24, 2011)

yes. after someone had suggested it. i then tried it, to see if it would allow me through. no go. then i tried another one. still no go. in the end i read somewhere that a guy did two different things for his. i believe i tried both and may have for gotten to undo something.


----------



## Cookiegal (Aug 27, 2003)

I will be signing off in a few minutes. Please give me some time and tomorrow I'll write a registry fix to see if we can set things straight.


----------



## Lost_Helper (Dec 24, 2011)

ok. thank you for your assistance. hopefully all will go well.


----------



## Cookiegal (Aug 27, 2003)

Alright, let's try the following.

First, I'm attaching a zipped file called LostBackUps.zip. Save this file to the desktop of the affected laptop. This will serve as a back up for these keys we'll be changing, if needed, to restore them back to the way they were.

It would also be a good idea to create a new restore point as well.

Next, I'm attaching a FixLost.zip file. Save this to the desktop as well. Unzip it (extract the file) and double-click the FixLost.reg file and allow it to merge into the registry.

Then reboot and do the following:

Go to *Start *- *All Programs* - *Accessories *and right click on *Command Prompt*, select "Run as Administrator" to open a command prompt and type the following commands one at a time (press Enter after each one):

*netsh winsock reset catalog*

*netsh int ip reset resetlog.txt*

*netsh int ipv4 reset reset.log*
*
netsh int ipv6 reset reset.log*

Reboot again and see if you can start the Dhcp service and connect.


----------



## Lost_Helper (Dec 24, 2011)

ok did everything you said. after last reboot. i went into control panel opened administrative tools opened services right-clicked Dhcp client click on start and got this message.

Windows could not start the DHCP Client service on Local Computer.

Error 2: The system cannot find the file specified.



i hit ok, because their wasnt another option. i didnt do anything else to the computer so as to not do more harm then good.


----------



## Cookiegal (Aug 27, 2003)

Please download and run the following utility and post the log it creates:

http://www.techsupportforum.com/for...bleepingcomputer.com/sUBs/Beta/CheckConns.exe


----------



## Lost_Helper (Dec 24, 2011)

==== ServiceGroupOrder =========

PNP_TDI
TDI
NetBIOSGroup

==========================
PNP_TDI = [0a], 05, 01, 02, 03, 0a, 04, 06, 07, 08, 09

SERVICE_NAME: AFD
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\system32\drivers\afd.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 0
DISPLAY_NAME : Ancilliary Function Driver for Winsock

SERVICE_NAME: IpFilterDriver
STATE : 1 STOPPED
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\ipfltdrv.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 0
DISPLAY_NAME : IP Traffic Filter Driver
DEPENDENCIES : Tcpip

SERVICE_NAME: NDProxy
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : 
LOAD_ORDER_GROUP : PNP_TDI
TAG : 0
DISPLAY_NAME : NDIS Proxy

SERVICE_NAME: netbt
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : System32\DRIVERS\netbt.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 0
DISPLAY_NAME : NETBT
DEPENDENCIES : Tdx, tcpip

SERVICE_NAME: Smb
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\smb.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 9
DISPLAY_NAME : Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
DEPENDENCIES : Tcpip

SERVICE_NAME: Tcpip
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : System32\drivers\tcpip.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 3
DISPLAY_NAME : TCP/IP Protocol Driver

SERVICE_NAME: Tcpip6
STATE : 1 STOPPED
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\tcpip.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 8
DISPLAY_NAME : Microsoft IPv6 Protocol Driver
DEPENDENCIES : Tcpip

SERVICE_NAME: tdx
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\tdx.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 4
DISPLAY_NAME : NetIO Legacy TDI Support Driver
DEPENDENCIES : Tcpip

SERVICE_NAME: ws2ifsl
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\system32\drivers\ws2ifsl.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 0
DISPLAY_NAME : Windows Socket 2.0 Non-IFS Service Provider Support Environment

==========================

SERVICE_NAME: Dhcp
STATE : 1 STOPPED
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 2 (0x2)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : NSI, Tdx, Afd

SERVICE_NAME: Dnscache
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
PID : 1268
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tdx

SERVICE_NAME: dot3svc
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
PID : 988
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wired AutoConfig
DEPENDENCIES : RpcSs, Ndisuio, Eaphost

SERVICE_NAME: lmhosts
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
PID : 956
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT, Afd

SERVICE_NAME: Wlansvc
STATE : 4 RUNNING
 (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
PID : 988
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : WLAN AutoConfig
DEPENDENCIES : nativewifip, RpcSs, Ndisuio, Eaphost

==========================
NetBIOSGroup = [02], 01, 02

SERVICE_NAME: NetBIOS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\netbios.sys
LOAD_ORDER_GROUP : NetBIOSGroup
TAG : 2
DISPLAY_NAME : NetBIOS Interface


----------



## Cookiegal (Aug 27, 2003)

Please clear the Event Viewer under System events. Right-click on System and select "Clear All Events".

Then please post a report from *ipconfig /all* again.


----------



## Lost_Helper (Dec 24, 2011)

i'm looking at the event viewer and i'm looking at system under windows logs, i right-click on it and i do not see Clear all events. what i so see is

open saved log...
create custom view...
import custom view...
clear log...
filter current log... *Greyed out*
properties...
find... *Greyed out*
save events as...
attach a task to this log...
view >
refresh
help >

i'm not exactly sure what you'd like me to do.. did you want me to click on Clear log?


----------



## Cookiegal (Aug 27, 2003)

Yes, plase select "clear log". I don't have a Vista machine so the wording can vary slightly.


----------



## Lost_Helper (Dec 24, 2011)

the event viewer for system is still showing an error


----------



## Lost_Helper (Dec 24, 2011)

Windows IP Configuration

Host Name . . . . . . . . . . . . : 

Fromeyer-PC
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : 

Hybrid
IP Routing Enabled. . . . . . . . : 

No
WINS Proxy Enabled. . . . . . . . : 

No

Wireless LAN adapter Wireless Network 

Connection:

Media State . . . . . . . . . . . : 

Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : 

Intel(R) Wireless WiFi Link 5100
Physical Address. . . . . . . . . : 

00-21-5D-1F-78-E8
DHCP Enabled. . . . . . . . . . . : 

Yes
Autoconfiguration Enabled . . . . : 

Yes

Ethernet adapter Local Area 

Connection:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : 

Broadcom 590x 10/100 Ethernet
Physical Address. . . . . . . . . : 

00-1E-EC-C1-64-69
DHCP Enabled. . . . . . . . . . . : 

Yes
Autoconfiguration Enabled . . . . : 

Yes
Link-local IPv6 Address . . . . . : 

fe80::edb9:6814:386e:88b9%10

(Preferred) 
Autoconfiguration IPv4 Address. . : 

169.254.136.185(Preferred) 
Subnet Mask . . . . . . . . . . . : 

255.255.0.0
Default Gateway . . . . . . . . . : 
DNS Servers . . . . . . . . . . . : 

fec0:0:0:ffff::1%1


fec0:0:0:ffff::2%1


fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : 

Enabled

Tunnel adapter Local Area Connection* 

6:

Media State . . . . . . . . . . . : 

Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : 

isatap.myhome.westell.com
Physical Address. . . . . . . . . : 

00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : 

No
Autoconfiguration Enabled . . . . : 

Yes

Tunnel adapter Local Area Connection* 

7:

Media State . . . . . . . . . . . : 

Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : 

isatap.{CC8669DF-C139-4BA5-80AB-

E3AD412722D0}
Physical Address. . . . . . . . . : 

00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : 

No
Autoconfiguration Enabled . . . . : 

Yes

Tunnel adapter Local Area Connection* 

12:

Media State . . . . . . . . . . . : 

Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : 

Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 

02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : 

No
Autoconfiguration Enabled . . . . : 

Yes

Tunnel adapter Local Area Connection* 

13:

Media State . . . . . . . . . . . : 

Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : 

isatap.{35148CDF-980A-4CEC-A72F-

86C32DA478DA}
Physical Address. . . . . . . . . : 

00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : 

No
Autoconfiguration Enabled . . . . : 

Yes


i do hope this is what you were asking for.


----------



## Lost_Helper (Dec 24, 2011)

i'm not sure why that came out like that, but here it is again so its easier to understand. 
Windows IP Configuration

Host Name . . . . . . . . . . . . : Fromeyer-PC
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 5100
Physical Address. . . . . . . . . : 00-21-5D-1F-78-E8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Broadcom 590x 10/100 Ethernet
Physical Address. . . . . . . . . : 00-1E-EC-C1-64-69
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::edb9:6814:386e:88b9%10(Preferred) 
Autoconfiguration IPv4 Address. . : 169.254.136.185(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : isatap.myhome.westell.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : isatap.{CC8669DF-C139-4BA5-80AB-E3AD412722D0}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : isatap.{35148CDF-980A-4CEC-A72F-86C32DA478DA}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


----------



## Cookiegal (Aug 27, 2003)

What is the exact error message you get for the Event Viewer?

Are you trying to connect wirelessly or wired? Have you tried both?

Please run Farbar again as per post no. 43:

http://forums.techguy.org/8211866-post43.html


----------



## Cookiegal (Aug 27, 2003)

Also, is the dhcp service's status area still blank instead of showing "stopped" or "started"?


----------



## Lost_Helper (Dec 24, 2011)

wow. i logged on today and for some reason i can now view the system log in the Event viewer. i don know why, so on to the Q&A.

yes i'm trying to connect through wired and wireless.

my farbar report is

Farbar Service Scanner 
Ran by Fromeyer (administrator) on 13-01-2012 at 06:30:48
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-27 15:33] - [2010-06-16 11:04] - 0905088 ____A (Microsoft Corporation) A474879AFA4A596B3A531F3E69730DBF

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

and now for the System logs. *their were a lot of them*

Log Name: System
Source: volmgr
Date: 1/13/2012 6:24:52 AM
Event ID: 49
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="volmgr" />
<EventID Qualifiers="49156">49</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:24:52.086Z" />
<EventRecordID>41336</EventRecordID>
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
\Device\HarddiskVolume1
<Binary>000000000100000000000000310004C001400000230000C000000000000000000000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: volmgr
Date: 1/13/2012 6:25:04 AM
Event ID: 49
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="volmgr" />
<EventID Qualifiers="49156">49</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:25:04.098Z" />
<EventRecordID>41348</EventRecordID>
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
\Device\HarddiskVolume1
<Binary>000000000100000000000000310004C001400000230000C000000000000000000000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:37 AM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The DHCP Client service terminated with the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:37.000Z" />
<EventRecordID>41379</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:37 AM
Event ID: 7000
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The Parallel port driver service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:37.000Z" />
<EventRecordID>41393</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
Parallel port driver
%%1058
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:37 AM
Event ID: 7003
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The Kodak AiO Network Discovery Service service depends the following service: Bonjour Service. This service might not be installed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7003</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:37.000Z" />
<EventRecordID>41400</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
Kodak AiO Network Discovery Service
Bonjour Service
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:37 AM
Event ID: 7009
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7009</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:37.000Z" />
<EventRecordID>41415</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
30000
Roxio Hard Drive Watcher 9
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:37 AM
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:37.000Z" />
<EventRecordID>41423</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
WinHTTP Web Proxy Auto-Discovery Service
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:37 AM
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The service has not been started.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:37.000Z" />
<EventRecordID>41439</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
WinHTTP Web Proxy Auto-Discovery Service
DHCP Client
%%1062
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:37 AM
Event ID: 7026
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The following boot-start or system-start driver(s) failed to load: 
SBRE
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7026</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:37.000Z" />
<EventRecordID>41441</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>

SBRE
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:41 AM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The DHCP Client service terminated with the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:41.000Z" />
<EventRecordID>41445</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:41 AM
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:41.000Z" />
<EventRecordID>41446</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
WinHTTP Web Proxy Auto-Discovery Service
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:43 AM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The DHCP Client service terminated with the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:43.000Z" />
<EventRecordID>41453</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:43 AM
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:43.000Z" />
<EventRecordID>41454</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
WinHTTP Web Proxy Auto-Discovery Service
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:44 AM
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:44.000Z" />
<EventRecordID>41458</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
 <Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
WinHTTP Web Proxy Auto-Discovery Service
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:44 AM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The DHCP Client service terminated with the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:44.000Z" />
<EventRecordID>41460</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:44 AM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The DHCP Client service terminated with the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:44.000Z" />
<EventRecordID>41462</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:44 AM
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:44.000Z" />
<EventRecordID>41463</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
WinHTTP Web Proxy Auto-Discovery Service
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:44 AM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The DHCP Client service terminated with the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:44.000Z" />
<EventRecordID>41465</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:44 AM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The DHCP Client service terminated with the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:44.000Z" />
<EventRecordID>41465</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:44 AM
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:44.000Z" />
<EventRecordID>41466</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
WinHTTP Web Proxy Auto-Discovery Service
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:46 AM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The DHCP Client service terminated with the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:46.000Z" />
<EventRecordID>41468</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:46 AM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The DHCP Client service terminated with the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:46.000Z" />
<EventRecordID>41468</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:46 AM
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:46.000Z" />
<EventRecordID>41469</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
WinHTTP Web Proxy Auto-Discovery Service
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:49 AM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The DHCP Client service terminated with the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:49.000Z" />
<EventRecordID>41472</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:49 AM
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User:  N/A
Computer: Fromeyer-PC
Description:
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:49.000Z" />
<EventRecordID>41473</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
WinHTTP Web Proxy Auto-Discovery Service
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:52 AM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The DHCP Client service terminated with the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:52.000Z" />
<EventRecordID>41475</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:52 AM
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:52.000Z" />
<EventRecordID>41476</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
WinHTTP Web Proxy Auto-Discovery Service
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:52 AM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The DHCP Client service terminated with the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:52.000Z" />
<EventRecordID>41478</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:52 AM
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:52.000Z" />
<EventRecordID>41479</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
WinHTTP Web Proxy Auto-Discovery Service
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:52 AM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The DHCP Client service terminated with the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:52.000Z" />
<EventRecordID>41481</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:30:09 AM
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:30:09.000Z" />
<EventRecordID>41546</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
WinHTTP Web Proxy Auto-Discovery Service
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:30:09 AM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The DHCP Client service terminated with the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:30:09.000Z" />
<EventRecordID>41545</EventRecordID>
<Correlation />
 <Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
DHCP Client
%%2
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/13/2012 6:26:52 AM
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Fromeyer-PC
Description:
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-13T11:26:52.000Z" />
<EventRecordID>41482</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Fromeyer-PC</Computer>
<Security />
</System>
<EventData>
WinHTTP Web Proxy Auto-Discovery Service
DHCP Client
%%2
</EventData>
</Event>


----------



## Lost_Helper (Dec 24, 2011)

and yes the space under Status for the DHCP client is still blank.


----------



## Cookiegal (Aug 27, 2003)

Please export these two registry keys (the same way you did previously for the Services key):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DHCP


----------



## Lost_Helper (Dec 24, 2011)

i do hope these are the correct files, and that i've done it correctly.


----------



## Lost_Helper (Dec 24, 2011)

i kind of feel stupid. sorry for the previous post. i believe this is what you were looking for.


----------



## Cookiegal (Aug 27, 2003)

If you go into services.msc and open the DHCP Client service, click on the Log On tab does it show the service in Enabled for the hardware profile?


----------



## Lost_Helper (Dec 24, 2011)

looking at the Log On tab, its marked this account -- Local Service a long password and under Hardware Profile it says Undocked Profile -- Enabled


----------



## Cookiegal (Aug 27, 2003)

I would like you to use SystemLook to look for more files and post the log. You can try doing them all at once but if that fails then search for each file individually, as you did before.

:filefind
Dhcpcsvc.dll
dhcpssvc.dll
mdhcp.dll
dhcpmon.dll
dhcpsapi.dll
nsisvc.dll
nsiproxy.sys


----------



## Lost_Helper (Dec 24, 2011)

SystemLook 30.07.11 by jpshortstuff
Log created at 18:20 on 15/01/2012 by Fromeyer
Administrator - Elevation successful

========== filefind ==========

Searching for "Dhcpcsvc.dll"
C:\Windows\System32\dhcpcsvc.dll --a---- 204288 bytes [14:22 29/10/2009] [06:28 11/04/2009] 9028559C132146FB75EB7ACF384B086A
C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\dhcpcsvc.dll --a---- 204288 bytes [02:24 21/01/2008] [02:24 21/01/2008] 43A988A9C10333476CB5FB667CBD629D
C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6002.18005_none_d945a2ac2bb19ac6\dhcpcsvc.dll --a---- 204288 bytes [14:22 29/10/2009] [06:28 11/04/2009] 9028559C132146FB75EB7ACF384B086A

Searching for "dhcpssvc.dll"
No files found.

Searching for "mdhcp.dll"
No files found.

Searching for "dhcpmon.dll"
No files found.

Searching for "dhcpsapi.dll"
C:\Windows\System32\dhcpsapi.dll --a---- 61440 bytes [02:24 21/01/2008] [02:24 21/01/2008] 97872E5309026CFBB1AE89FB2FF0AE31
C:\Windows\winsxs\x86_microsoft-windows-dhcpserverapi_31bf3856ad364e35_6.0.6001.18000_none_a87c05a0e2db007a\dhcpsapi.dll --a---- 61440 bytes [02:24 21/01/2008] [02:24 21/01/2008] 97872E5309026CFBB1AE89FB2FF0AE31

Searching for "nsisvc.dll"
C:\Windows\System32\nsisvc.dll --a---- 18432 bytes [02:24 21/01/2008] [02:24 21/01/2008] 8BB86F0C7EEA2BDED6FE095D0B4CA9BD
C:\Windows\winsxs\x86_microsoft-windows-usermodensi_31bf3856ad364e35_6.0.6001.18000_none_726222dfc773e0a2\nsisvc.dll --a---- 18432 bytes [02:24 21/01/2008] [02:24 21/01/2008] 8BB86F0C7EEA2BDED6FE095D0B4CA9BD

Searching for "nsiproxy.sys"
C:\Windows\System32\drivers\nsiproxy.sys --a---- 16384 bytes [02:24 21/01/2008] [02:24 21/01/2008] 609773E344A97410CE4EBF74A8914FCF
C:\Windows\winsxs\x86_microsoft-windows-usermodensi_31bf3856ad364e35_6.0.6001.18000_none_726222dfc773e0a2\nsiproxy.sys --a---- 16384 bytes [02:24 21/01/2008] [02:24 21/01/2008] 609773E344A97410CE4EBF74A8914FCF

-= EOF =-

should i have searched for them individually? some say their are now files found


----------



## Cookiegal (Aug 27, 2003)

No, it seems those files don't exist on Vista. I'm trying to figure out what file could be missing and it's difficult to find which dlls are supposed to exist without a Vista machine.

Please try a wildcard search using SystemLook using the following script:


```
:filefind
dhcp*.dll
```


----------



## Lost_Helper (Dec 24, 2011)

SystemLook 30.07.11 by jpshortstuff
Log created at 18:47 on 15/01/2012 by Fromeyer
Administrator - Elevation successful

========== filefind ==========

Searching for "dhcp*.dll"
C:\Windows\System32\dhcpcmonitor.dll --a---- 10240 bytes [08:56 02/11/2006] [09:46 02/11/2006] 214ABDCD522ED606C63F13DD886D862A
C:\Windows\System32\dhcpcsvc.dll --a---- 204288 bytes [14:22 29/10/2009] [06:28 11/04/2009] 9028559C132146FB75EB7ACF384B086A
C:\Windows\System32\dhcpcsvc6.dll --a---- 130560 bytes [14:22 29/10/2009] [06:28 11/04/2009] DFB6B71CDABA9DFB49C9D2B318B97A1A
C:\Windows\System32\DHCPQEC.DLL --a---- 66048 bytes [02:24 21/01/2008] [02:24 21/01/2008] FAF3D589C7E28315EBFCDFA4EE9C610E
C:\Windows\System32\dhcpsapi.dll --a---- 61440 bytes [02:24 21/01/2008] [02:24 21/01/2008] 97872E5309026CFBB1AE89FB2FF0AE31
C:\Windows\System32\dhcpsoc.dll --a---- 23552 bytes [08:56 02/11/2006] [09:46 02/11/2006] 90A4C232475B0290D81002440D61901D
C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-DHCPServerMigPlugin-DL\DhcpSrvMigPlugin.dll --a---- 122880 bytes [02:23 21/01/2008] [02:23 21/01/2008] 7186D11930092E6A332DD7D352136C2E
C:\Windows\winsxs\x86_microsoft-windows-d..-enforcement-client_31bf3856ad364e35_6.0.6001.18000_none_40f9b5444251dc24\DHCPQEC.DLL --a---- 66048 bytes [02:24 21/01/2008] [02:24 21/01/2008] FAF3D589C7E28315EBFCDFA4EE9C610E
C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\dhcpcmonitor.dll --a---- 10240 bytes [08:56 02/11/2006] [09:46 02/11/2006] 214ABDCD522ED606C63F13DD886D862A
C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\dhcpcsvc.dll --a---- 204288 bytes [02:24 21/01/2008] [02:24 21/01/2008] 43A988A9C10333476CB5FB667CBD629D
C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\dhcpcsvc6.dll --a---- 128000 bytes [02:24 21/01/2008] [02:24 21/01/2008] EEBC4C814729C50E7D21EF70CF3E2B4A
C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6002.18005_none_d945a2ac2bb19ac6\dhcpcmonitor.dll --a---- 10240 bytes [08:56 02/11/2006] [09:46 02/11/2006] 214ABDCD522ED606C63F13DD886D862A
C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6002.18005_none_d945a2ac2bb19ac6\dhcpcsvc.dll --a---- 204288 bytes [14:22 29/10/2009] [06:28 11/04/2009] 9028559C132146FB75EB7ACF384B086A
C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6002.18005_none_d945a2ac2bb19ac6\dhcpcsvc6.dll --a---- 130560 bytes [14:22 29/10/2009] [06:28 11/04/2009] DFB6B71CDABA9DFB49C9D2B318B97A1A
C:\Windows\winsxs\x86_microsoft-windows-dhcpserverapi_31bf3856ad364e35_6.0.6001.18000_none_a87c05a0e2db007a\dhcpsapi.dll --a---- 61440 bytes [02:24 21/01/2008] [02:24 21/01/2008] 97872E5309026CFBB1AE89FB2FF0AE31
C:\Windows\winsxs\x86_microsoft-windows-dhcpserverinstaller_1122334455667788_6.0.6000.16386_none_c91d0c1fa66c7943\dhcpsoc.dll --a---- 23552 bytes [08:56 02/11/2006] [09:46 02/11/2006] 90A4C232475B0290D81002440D61901D
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\DhcpSrvMigPlugin.dll --a---- 122880 bytes [02:23 21/01/2008] [02:23 21/01/2008] 7186D11930092E6A332DD7D352136C2E
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\DhcpSrvMigPlugin.dll --a---- 122880 bytes [02:23 21/01/2008] [02:23 21/01/2008] 7186D11930092E6A332DD7D352136C2E

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Let's try this:

Please go to the following link and download and run TDSSKiller:

http://support.kaspersky.com/viruses/solutions?qid=208280684

Allow it cure anything if prompted.

Please post the log back here.


----------



## Lost_Helper (Dec 24, 2011)

it did not give any log all its says is

No threats found

Duration: 00:00:15
Processed: 266 objects, Details *clicked this and it shows nothing*
Found: 0 threats
Neutralized: 0 threats
Quarantined: 0 threats


it also has Change parameters


----------



## Cookiegal (Aug 27, 2003)

I've noticed some other things in the registry. For instance, for the services (dhcp and tcpip) the first entry in the right-hand pane when you click on the service should be the following:

The headings are Name - Type - Date

and below those heading should be:

(Default) - REG_SZ - (value not set)

The above values will not appear in a registry export so the key should look like this:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Configurations]
"Options"=hex:32,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ff,ff,ff,7f,00,\
00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ff,ff,ff,7f,00,00,\
00,00

But in the registry export I see several entries like the following sample:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Configurations]
"Options"=hex:32,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ff,ff,ff,7f,00,\
00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ff,ff,ff,7f,00,00,\
00,00
*@=""*

The highlighted part (@="") means that the default value has been changed but it's empty (it's not pointing to anything).

Is this something you remember doing?


----------



## Lost_Helper (Dec 24, 2011)

no i don remember doing that.. that looks unfamiliar.


----------



## Cookiegal (Aug 27, 2003)

I'm sorry for the delay. I've been discussing this with some colleagues.

I'm attaching a FixLostF.zip file to this post. Save it to your desktop. Unzip it (extract the file) and double-click the FixLostF.reg file and allow it to merge into the registry.

Then reboot the machine.

Then try to start the Dhcp service. If it won't start, please report back what error you're receiving and whether or not the service status is now showing "Stopped" or if it's still blank like before.


----------



## Lost_Helper (Dec 24, 2011)

Well thanks to you i'm now able to get this laptop back on the internet. i've installed a couple of anti virus programs, and am trying to update all window's files, and stuff like that. is their anything else you think i should do? if not THANK you so much. you truly have been wonderful for helping me. and etaf as well. thanks guys you all have been wonderful.


----------



## Cookiegal (Aug 27, 2003)

Lost_Helper said:


> Well thanks to you i'm now able to get this laptop back on the internet.


That's great news! :up:


> i've installed *a couple of anti virus programs*


You should not have more than one anti-virus program installed as they will conflict and cause problems. It's fine to have one anti-virus and one or two anti-malware/spyware programs such as MalwareBytes' Anti-Malware and/or SuperAntiSpyware (as long as only one is running real-time protection, which would not be the case in the free versions).


> is their anything else you think i should do?


Yes, let's run a couple more programs to see if there are any lingering things that need to be addressed. Also, just a word of advice. Someone needs to stop fiddling around in the registry without guidance as this practice could be dangerous and the problem could have been fixed much sooner had it not been for items added or altered incorrectly. 

Please download Malwarebytes' Anti-Malware from *Here*.

Double Click *mbam-setup.exe* to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.*


----------



## Lost_Helper (Dec 24, 2011)

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Fromeyer :: FROMEYER-PC [administrator]

1/20/2012 6:29:31 AM
mbam-log-2012-01-20 (06-48-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211806
Time elapsed: 10 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> No action taken.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:59677 -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## Lost_Helper (Dec 24, 2011)

this is what is said the second time i ran it. Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Fromeyer :: FROMEYER-PC [administrator]

1/20/2012 7:06:55 AM
mbam-log-2012-01-20 (07-06-55).txt

Blink Verse: Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211712
Time elapsed: 9 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)
Blink Verse is typing...
Blink Verse: Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## Cookiegal (Aug 27, 2003)

OK so you had it take action on what was found in the initial scan.

Please run the following on-line scanner. Note that you must use Internet Explorer to perform the scan.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\EsetOnlineScanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## Lost_Helper (Dec 24, 2011)

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2f7ea0cf840a534dab202587d5e0cfd7
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-21 09:12:40
# local_time=2012-01-21 04:12:40 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 1335404 1335404 0 0
# compatibility_mode=1792 16777215 100 0 1507826 1507826 0 0
# compatibility_mode=5892 16776574 100 100 16403663 163737584 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=153072
# found=1
# cleaned=1
# scan_time=7104
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis log. If there are no remaining problems, you should be good to go after I check HijackThis to see if there's anything that needs to be addressed.


----------



## Lost_Helper (Dec 24, 2011)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:05:57 PM, on 1/21/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19170)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Compal\TmlCMode\TmlCMode.exe
C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\p2phost.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (file missing)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE /c
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [TmlCMode] C:\Program Files\Compal\TmlCMode\TmlCMode.exe
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /pausefor=600
O4 - HKLM\..\Run: [Readycomm] C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe -TrayMode
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Fromeyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: System Repair Windows Update Monitor (System_Repair_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7976 bytes


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## Lost_Helper (Dec 24, 2011)

Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 8.3.1
aiofw
aioprnt
aioscnnr
Apple Application Support
Avira Free Antivirus
Broadcom Gigabit Integrated Controller
Broadcom Gigabit Integrated Controller
Business Contact Manager for Outlook 2007 SP2
Business Contact Manager for Outlook 2007 SP2
Carbonite Online Backup Setup
center
Conduit Engine
Conexant HD Audio
CyberLink Power2Go
EasyCapture
Emsisoft Anti-Malware
Energy Management
ESET Online Scanner v3
File Type Assistant
Final Media Player 2011
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 17
KODAK AiO Home Center
ksDIP
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo ReadyComm 4.0
Lenovo System Repair - Windows Update Monitor
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
O2Micro Flash Memory Card Reader Driver (x86)
PhotoJoy
PhotoJoy
Picasa 3
PreReq
QuickTime
Roblox
Roxio Media Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Synaptics Pointing Device Driver
TmlCMode
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VeriFace III
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
Visual C++ 8.0 MFC (x86) WinSXS MSM
Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
VoiceOver Kit
Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Yahoo! Messenger


----------



## Cookiegal (Aug 27, 2003)

You should uninstall the following via the Control Panel - Add or Remove Programs:

Conduit Engine

Also, you should update Adobe Reader to the latest version as the one you have is outdated and contains vulernabilities that may be exploited so there's a security risk.

Your *Java* is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of *Java* components and upgrade the application.

*Upgrading Java*:


Download the latest version of *Java Runtime Environment (JRE) 6 Update 30*.
Select the option to download the *Windows 7, XP Offline* version 
Save the executable file to your desktop.
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with * Java Runtime Environment, JRE, J2SE or Java(TM)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download and follow the prompts to install the newest version.

This is the older version of Java that you need to uninstall:

Java(TM) 6 Update 17

After doing all of the above reboot the machine and post a new HijackThis log please.


----------



## Lost_Helper (Dec 24, 2011)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:54:08 PM, on 1/22/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19170)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Compal\TmlCMode\TmlCMode.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxext.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE /c
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [TmlCMode] C:\Program Files\Compal\TmlCMode\TmlCMode.exe
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /pausefor=600
O4 - HKLM\..\Run: [Readycomm] C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe -TrayMode
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Fromeyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: System Repair Windows Update Monitor (System_Repair_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7884 bytes


----------



## Cookiegal (Aug 27, 2003)

Rescan with HijackThis, close all other browser windows, place a check mark beside the following entries and then click on "Fix Checked".

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (file missing)

How is everything now with the system?


----------



## Lost_Helper (Dec 24, 2011)

its running ok i guess. i just need to do some deleting *programs like limewire and the like*


----------



## Lost_Helper (Dec 24, 2011)

for some reason the little Mouse pad that laptops use is not working. i don know why so i'm going to have to look into that.


----------



## Cookiegal (Aug 27, 2003)

Might this be helpful for the mousepad problem?

http://www.ehow.com/how_6066529_fix-touchpad-not-working-laptop.html


----------

