# Network, good; Internet, bad



## PTgirl (Jan 22, 2012)

OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) M processor 1.86GHz, x86 Family 6 Model 13 Stepping 8
Processor Count: 1
RAM: 1014 Mb
Graphics Card: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family, 128 Mb
Hard Drives: C: Total - 114259 MB, Free - 3612 MB;
Motherboard: Quanta, 308F
Antivirus: Norton 360, Updated: Yes, On-Demand Scanner: Enabled

I have a strong home network signal on my laptop, but I cant access the internet. I am trying to connect wirelessly. The desktop is wired into the network and the internet is working fine for it. Another laptop, an iPad and two iPods are having no problem with wireless internet access.

This is my first post, and the instructions say to include as much info as possible. Ive done a lot of tinkering with my laptop, so I think Id better provide a rundown of everything in case something I did impacted some other area. I tried a lot of solutions I found for similar problems, but none of them restored my internet. My internet problems started with a Norton pop-up saying "system infected: tidserv activity 2". 
I downloaded TDSS Killer and followed the instructions to run it. No files were identified. Ran it again, still no files identified, but the pop-up kept appearing. Downloaded and ran microsoft malware remover - still no files identified. Ran a complete system scan with Norton - nothing. Ran SpyBot & XoftSpy - still nothing found (these are both set for manual - I don't have them running at the same time to avoid conflict). However, I know something was there because I was running Chrome and my pages kept getting redirected. Opened IE, and the page redirection was going on there, too. Pop-up was still appearing at this point.

Started searching the internet for other possible fixes, and then things started falling apart. First I couldnt open any programs  kept getting a window asking for me to specify what to use to open it. I had to browse to the appropriate exe file, and then that started not to work. At about the same time, I fell off my home network. It kept acquiring IP address without getting it, and I got the limited connectivity message. Chrome started freezing the computer. Tried restarting, and on startup, Chrome kept trying to load and then it would freeze the system again. Finally got it uninstalled and the computer stopped freezing up. 

Used my desktop to download files since the laptop wasnt accessing the internet. Fixed the registry issue by merging a fix file from www.kellys-korner-xp.com/xp_tweaks.htm
After this, the programs were opening correctly again, and the system infected pop up went away. The only problem Im still having is that when I right click on My Computer and then properties, nothing happens. I can select manage and have the computer management box open. Its just getting to the properties, which is a problem  especially since a lot of the things I read about wanted to go through this step.

Checked services, and DHCP Client wasnt running and wouldnt start due to dependency either deleted or marked for deletion. I used my desktop, which is also on XP, as a reference. Compared to the reference computer and traced the dependencies and found that one of the dependencies, AFD, was missing from HKLMSystem\CurrentControlSetServices\ and the afd.sys was missing from C:\Windows\System32\drivers. Read about a possible fix. Found a copy of afd.sys in SNTUinstall$ folder and copied it back. I exported the Registry Key for AFD service from the reference desktop and imported it into my laptop. Once I rebooted, the acquiring IP address problem was solved. I now have a strong signal to my network. I can print to the network printer and I can use the gateway IP address in IE to get to my routers settings. However, nothing that I have tried has restored my access to the internet .

I have done the following:

Uninstalled Norton 360 and made sure that windows firewall is not turned on

Deleted network adapter with automatic reinstall on reboot
searched for driver update - none available

Ran command netsh int ip reset resetlog.txt but it didnt generate a file log. Downloaded and ran MicrosoftFixit50199.msi to reset the TCP/IP

Ran command netsh winsock reset but this didnt generate a file log either. Downloaded and ran MicrosoftFixIt50203 to reset winsock

Ran ipconfig /release

Ran ipconfig /renew

Ran ipconfig /flushdns

Ran both Registry Booster and SpeedUpMyPC

Im completely out of ideas and I cant think of anymore key words to google. Im really hoping that someone here can help me.

BTW, I reinstalled Norton since there didnt seem to be a difference without it.

Finally  ipconfig /all and ping test results are below

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Kathy.YOUR-4105E587B6>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : your-4105e587b6
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.md.comcast.net.
Ethernet adapter Wireless Network Connection 2:
Connection-specific DNS Suffix . : hsd1.md.comcast.net.
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG Network
Connection
Physical Address. . . . . . . . . : 00-15-00-3A-01-E7
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.102
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
Lease Obtained. . . . . . . . . . : Saturday, January 21, 2012 6:37:21 P
M
Lease Expires . . . . . . . . . . : Sunday, January 22, 2012 6:37:21 PM
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Eth
ernet NIC
Physical Address. . . . . . . . . : 00-16-36-33-EA-7A
C:\Documents and Settings\Kathy.YOUR-4105E587B6>

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Kathy.YOUR-4105E587B6>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time=180ms TTL=64
Reply from 192.168.1.1: bytes=32 time=10ms TTL=64
Reply from 192.168.1.1: bytes=32 time=16ms TTL=64
Reply from 192.168.1.1: bytes=32 time=16ms TTL=64
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 180ms, Average = 55ms

C:\Documents and Settings\Kathy.YOUR-4105E587B6>ping 209.183.226.152
Pinging 209.183.226.152 with 32 bytes of data:
Reply from 209.183.226.152: bytes=32 time=36ms TTL=48
Reply from 209.183.226.152: bytes=32 time=33ms TTL=48
Reply from 209.183.226.152: bytes=32 time=20ms TTL=48
Reply from 209.183.226.152: bytes=32 time=36ms TTL=48
Ping statistics for 209.183.226.152:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 20ms, Maximum = 36ms, Average = 31ms

C:\Documents and Settings\Kathy.YOUR-4105E587B6>ping google.com
Ping request could not find host google.com. Please check the name and try again
.


----------



## Cookiegal (Aug 27, 2003)

You may have done irreparable damage using registry cleaners but we'll see what we can do.

You will have to transfer some utilities via USB flash drive.

Please download DDS by sUBs to your desktop from one of the following locations:

http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Save them both to your desktop. Copy and paste the contents of the DDS.txt and Attach.txt files in your reply please.

Please download GMER from: http://gmer.net/index.php

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.

Please download *Farbar Service Scanner* and transfer it to the desktop of the computer with the issue.
Make sure only the following option is checked:
*Internet Services*

Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run (which should be on the desktop.)
Please copy and paste the log to your reply.


----------



## PTgirl (Jan 22, 2012)

Sorry for the delay in posting the results. I haven't been able to get GMER to complete it's scan. I disabled my screen saver, didn't touch anything while it was scanning, and I am not aware of any CD Emulation programs. You mentioned that this does a quick scan. I was never asked if I wanted to run a full scan, but I think that is what was happening. Three times, after about 10 minutes I got a blue screen saying that a problem was encountered and Windows was shutting down to prevent damage to my system. Three other times the scan froze about one hour into the process. I believe I followed your directions accurately - I went to the gmer.net website, clicked on "Download EXE" and saved it to a USB flash drive and then transferred the file to my laptop. When I double clicked the GMER.exe file, it opened and showed 8 attacheddriver files. I unchecked IAT/EAT and made sure that only drive C was checked. Then I clicked scan. If I missed anything in the process or can do something differently, please let me know. The other three files you asked for are pasted below:

*DDS.txt*
.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702
Run by Kathy at 11:19:49 on 2012-01-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.428 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton 360 *Enabled* 
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.weather.com/weather/my?showdatasavepop=T
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
BHO: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\prxtbMin0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\prxtbMin0.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SpeedUpMyPC] "c:\progra~1\uniblue\speedupmypc\launcher.exe" -d 20000 
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WD Anywhere Backup] c:\program files\wd\wd anywhere backup\MemeoLauncher2.exe --silent
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ASUS Ai Charger] c:\program files\asus\asus ai charger\AiChargerAP.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\kathy.your-4105e587b6\start menu\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{882D8832-5D5C-4EC7-9C70-C638CA9981C2} : DhcpNameServer = 75.75.75.75 75.75.76.76
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 11:21:19.62 ===============

*Attach.txt*
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/25/2008 7:54:07 PM
System Uptime: 1/22/2012 10:58:08 AM (1 hours ago)
.
Motherboard: Quanta | | 308F
Processor: Intel(R) Pentium(R) M processor 1.86GHz | U1 | 1862/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 3.494 GiB free.
D: is CDROM ()
F: is CDROM (CDFS)
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
==== Event Viewer Messages From Past Week ========
.
.
==== End Of File ===========================

*FSS.txt*
Farbar Service Scanner Version: 18-01-2012 01
Ran by Kathy (administrator) on 22-01-2012 at 20:06:09
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Gpc(7) IPSec(5) NetBT(6) PSched(8) SYMTDI(10) Tcpip(4) 
0x0B00000005000000010000000200000003000000040000000A000000090000000600000007000000080000000B000000
IpSec Tag value is correct.
**** End of log ****


----------



## Cookiegal (Aug 27, 2003)

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to *Step 1*, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

* Note: If you have SP3, use the SP2 package.*

---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------

*Disable your anti-Virus and anti-spyware applications*, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.











Drag the setup package onto ComboFix.exe and drop it.

Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.










At the next prompt, click 'Yes' to run the full ComboFix scan.

When the tool is finished, it will produce a report for you.
Please post the *C:\ComboFix.txt* in your next reply.


----------



## PTgirl (Jan 22, 2012)

Thanks for all of your help, Cookiegal. Here is the *C:\ComboFix.txt*

ComboFix 12-01-23.02 - Kathy 01/23/2012 18:39:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.626 [GMT -5:00]
Running from: c:\documents and settings\Kathy.YOUR-4105E587B6\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kathy.YOUR-4105E587B6\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\All Users\Application Data\tmp55.tmp
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\WINDOWS
c:\windows\$NtUninstallKB62280$
c:\windows\$NtUninstallKB62280$\2496955262
c:\windows\$NtUninstallKB62280$\485945278\@
c:\windows\$NtUninstallKB62280$\485945278\bckfg.tmp
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
c:\windows\$NtUninstallKB62280$\485945278\keywords
c:\windows\$NtUninstallKB62280$\485945278\kwrd.dll
c:\windows\$NtUninstallKB62280$\485945278\L\yaywbcos
c:\windows\$NtUninstallKB62280$\485945278\U\[email protected]
c:\windows\$NtUninstallKB62280$\485945278\U\[email protected]
c:\windows\$NtUninstallKB62280$\485945278\U\[email protected]
c:\windows\$NtUninstallKB62280$\485945278\U\[email protected]
c:\windows\$NtUninstallKB62280$\485945278\U\[email protected]
c:\windows\$NtUninstallKB62280$\485945278\U\[email protected]
c:\windows\system32\ndisapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
.
.
2012-01-21 22:05 . 2012-01-21 22:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-01-17 05:51 . 2004-08-04 08:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-17 05:51 . 2004-08-04 08:00 138496 ----a-w- c:\windows\system32\dllcache\afd.sys
2012-01-17 04:56 . 2001-08-18 03:36 27648 ----a-w- c:\windows\system32\dllcache\cyzports.dll
2012-01-17 04:56 . 2001-08-17 18:50 49792 ----a-w- c:\windows\system32\dllcache\cyzport.sys
2012-01-17 04:56 . 2001-08-18 03:36 27136 ----a-w- c:\windows\system32\dllcache\cyzcoins.dll
2012-01-17 04:56 . 2001-08-18 03:36 27648 ----a-w- c:\windows\system32\dllcache\cyyports.dll
2012-01-17 04:56 . 2001-08-17 18:50 50176 ----a-w- c:\windows\system32\dllcache\cyyport.sys
2012-01-17 04:56 . 2001-08-18 03:36 28672 ----a-w- c:\windows\system32\dllcache\cyycoins.dll
2012-01-17 04:54 . 2001-08-18 03:36 236032 ----a-w- c:\windows\system32\dllcache\camext20.dll
2012-01-17 04:53 . 2008-04-13 18:46 13696 ----a-w- c:\windows\system32\dllcache\avcstrm.sys
2012-01-16 22:28 . 2012-01-20 23:32 -------- d-----w- c:\windows\system32\MpEngineStore
2012-01-16 18:12 . 2012-01-16 18:12 -------- d-----w- c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\Immunet
2012-01-16 18:12 . 2012-01-17 01:12 -------- d-----w- c:\documents and settings\All Users\Immunet
2012-01-16 02:05 . 2012-01-16 02:05 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2012-01-12 05:59 . 2012-01-12 05:59 -------- d-----w- c:\program files\KingsIsle Entertainment
2011-12-27 04:49 . 2010-05-05 21:38 13224 ----a-w- c:\windows\system32\drivers\AiCharger.sys
2011-12-27 04:49 . 2011-12-27 04:49 -------- d-----w- c:\program files\ASUS
2011-12-26 06:34 . 2011-12-26 06:34 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-12-26 06:34 . 2011-12-26 06:34 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-12-26 06:34 . 2011-12-26 06:34 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-12-26 06:34 . 2011-12-26 06:34 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-12-26 06:34 . 2011-12-26 06:34 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-12-26 06:34 . 2011-12-26 06:34 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-12-26 06:33 . 2011-12-26 06:34 -------- d-----w- c:\program files\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 05:51 . 2006-09-29 00:00 82944 -c--a-w- c:\windows\system32\drivers\WudfRd.sys
2011-11-25 21:57 . 2004-08-04 08:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-04 08:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-04 08:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-04 08:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-04 08:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-04 08:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Freecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 17:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Mininova-Vuze\prxtbMin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-11-18 01:10 194848 ----a-w- c:\program files\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d51d388b-f5dc-471a-a1ce-5e2d671091c0}"= "c:\program files\Mininova-Vuze\prxtbMin0.dll" [2011-01-17 175912]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D51D388B-F5DC-471A-A1CE-5E2D671091C0}"= "c:\program files\Mininova-Vuze\prxtbMin0.dll" [2011-01-17 175912]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedUpMyPC"="c:\progra~1\Uniblue\SpeedUpMyPC\launcher.exe" [2011-10-19 67960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-23 1434920]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 790528]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2009-04-17 197856]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-02-19 438272]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"ASUS Ai Charger"="c:\program files\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Kathy.YOUR-4105E587B6\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 22:57 86016 -c--a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher]
2009-11-24 06:03 906640 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
2010-06-26 17:09 167936 ----a-w- c:\program files\Freecorder\FLVSrvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 -c--a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-12 00:01 46368 -c--a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54 253952 -c--a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MioNet]
2008-01-14 19:16 32768 -c--a-r- c:\program files\MioNet\MioNetLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 -csh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-03-24 03:28 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-12 00:03 29984 -c--a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoSysTray]
2011-01-05 23:19 15752 ----a-w- c:\documents and settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Plaxo\3.25.0.87\plaxosystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
2011-01-05 23:19 813448 ----a-w- c:\documents and settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 14:01 328992 -c--a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
2011-06-02 09:42 67456 ----a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 -csha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-14 04:12 39408 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SSScsiSV"=3 (0x3)
"SonicStage Back-End Service"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"ose"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"MioNet"=3 (0x3)
"MemeoBackgroundService"=2 (0x2)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9bfb059d9f398"=2 (0x2)
"WDBtnMgrSvc.exe"=2 (0x2)
"LBTServ"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Brother\\Brmfl08b\\FAXRX.exe"=
"c:\\Program Files\\MioNet\\MioNetManager.exe"=
"c:\\Program Files\\MioNet\\jvm\\bin\\MioNet.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Kathy.YOUR-4105E587B6\\My Documents\\Computer Downloads\\PDFConverterSetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
"57448:TCP"= 57448:TCPando Media Booster
"57448:UDP"= 57448:UDPando Media Booster
.
R0 AiCharger;ASUS Charger Driver;c:\windows\system32\drivers\AiCharger.sys [12/26/2011 11:49 PM 13224]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [5/23/2011 3:45 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [5/23/2011 3:45 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx86.sys [11/30/2011 9:25 PM 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [5/23/2011 3:45 PM 136312]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [12/19/2009 8:56 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [12/19/2009 8:57 PM 234888]
R2 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [2/16/2009 4:30 PM 355840]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/13/2009 3:56 PM 10448]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [5/23/2011 3:45 PM 130008]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [11/27/2010 12:55 AM 398176]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2/19/2008 2:15 AM 106496]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/10/2011 5:12 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120113.002\IDSXpx86.sys [1/13/2012 9:45 PM 356280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1c9bfb059d9f398;Google Update Service (gupdate1c9bfb059d9f398);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 6:00 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 6:00 PM 133104]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [11/17/2009 5:16 AM 140632]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [9/29/2010 1:43 PM 582424]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [4/17/2009 12:51 PM 25824]
S4 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [1/14/2008 2:14 PM 139264]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NDISRD
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2012-01-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-14 16:58]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 22:59]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 22:59]
.
2011-05-06 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]
.
2012-01-23 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]
.
2012-01-15 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]
.
2012-01-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-732144715-682409029-181207730-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-01-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-732144715-682409029-181207730-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2011-05-12 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-15 08:26]
.
2011-12-15 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-12-15 20:28]
.
2012-01-24 c:\windows\Tasks\User_Feed_Synchronization-{5C259D8B-DEA8-464E-BEEA-F83CE1340DE9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
2012-01-18 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2010-09-29 18:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.weather.com/weather/my?showdatasavepop=T
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-23 19:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????O?n??|?????? ?,?B?????????????hLC? ?????? 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\09\01\1a\017\04?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(544)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(4176)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\wscntfy.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\HPQ\SHARED\HPQWMI.exe
c:\progra~1\Uniblue\SpeedUpMyPC\sump.exe
c:\program files\WD\WD Anywhere Backup\MemeoBackup.exe
.
**************************************************************************
.
Completion time: 2012-01-23 19:13:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-24 00:13
.
Pre-Run: 3,596,836,864 bytes free
Post-Run: 4,717,146,112 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - 80439128C9EA0BCEC7DB6C45FA9BE10C


----------



## Cookiegal (Aug 27, 2003)

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Click *Scan*.

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *


----------



## PTgirl (Jan 22, 2012)

*aswMBR.txt*

aswMBR version 0.9.9.1509 Copyright(c) 2011 AVAST Software
Run date: 2012-01-23 20:14:39
-----------------------------
20:14:39.421 OS Version: Windows 5.1.2600 Service Pack 3
20:14:39.421 Number of processors: 1 586 0xD08
20:14:39.421 ComputerName: YOUR-4105E587B6 UserName: Kathy
20:14:39.796 Initialize success
20:16:10.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:16:10.359 Disk 0 Vendor: ST9120822A 3.ALD Size: 114473MB BusType: 3
20:16:10.390 Disk 0 MBR read successfully
20:16:10.390 Disk 0 MBR scan
20:16:10.406 Disk 0 unknown MBR code
20:16:10.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114259 MB offset 63
20:16:10.453 Disk 0 Partition 2 00 88 Linux plaintext A Kárò'ó 203 MB offset 234018855
20:16:10.515 Disk 0 scanning sectors +234436545
20:16:10.578 Disk 0 scanning C:\WINDOWS\system32\drivers
20:16:21.109 Service scanning
20:16:22.265 Modules scanning
20:16:50.234 Disk 0 trace - called modules:
20:16:50.296 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
20:16:50.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8654bab8]
20:16:50.828 3 CLASSPNP.SYS[f761cfd7] -> nt!IofCallDriver -> \Device\00000084[0x865c8728]
20:16:50.843 5 ACPI.sys[f7493620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86592940]
20:16:50.859 Scan finished successfully
20:17:57.187 Disk 0 MBR has been saved successfully to "G:\connection problems\repost\MBR.dat"
20:17:57.234 The log file has been saved successfully to "G:\connection problems\repost\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

What is the make and model of your computer?


----------



## PTgirl (Jan 22, 2012)

HP Pavilion dv1000


----------



## Cookiegal (Aug 27, 2003)

Does it have a recovery partition to reinstall the operating system if necessary? It's not needed, I'm just asking because the MBR is not being recognized and this can happen on systems that have recovery partitions.

Actually, I see you seem to have run aswmbr from your G drive. You were to save it to the desktop on your C drive. Please move it there and run it again and then post the new log.


----------



## PTgirl (Jan 22, 2012)

The original file was run from the desktop. I think it specified drive G because when I copied the txt file on the usb flash drive, I did it directly from the program screen to the flash drive. I went ahead and re-ran it, but this time i copied the txt file to my desktop and then transferred it to the flash drive.

I don't know if I have a recovery partition. How do i find that information?

aswMBR version 0.9.9.1509 Copyright(c) 2011 AVAST Software
Run date: 2012-01-23 22:22:21
-----------------------------
22:22:21.812 OS Version: Windows 5.1.2600 Service Pack 3
22:22:21.812 Number of processors: 1 586 0xD08
22:22:21.812 ComputerName: YOUR-4105E587B6 UserName: Kathy
22:22:22.078 Initialize success
22:22:25.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
22:22:25.750 Disk 0 Vendor: ST9120822A 3.ALD Size: 114473MB BusType: 3
22:22:25.765 Disk 0 MBR read successfully
22:22:25.781 Disk 0 MBR scan
22:22:25.781 Disk 0 unknown MBR code
22:22:25.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114259 MB offset 63
22:22:25.828 Disk 0 Partition 2 00 88 Linux plaintext A*Kárò'ó 203 MB offset 234018855
22:22:25.875 Disk 0 scanning sectors +234436545
22:22:25.937 Disk 0 scanning C:\WINDOWS\system32\drivers
22:22:39.234 Service scanning
22:22:40.921 Modules scanning
22:22:50.453 Disk 0 trace - called modules:
22:22:50.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
22:22:50.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8654bab8]
22:22:51.046 3 CLASSPNP.SYS[f761cfd7] -> nt!IofCallDriver -> \Device\00000084[0x865c8728]
22:22:51.062 5 ACPI.sys[f7493620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86592940]
22:22:51.078 Scan finished successfully
22:22:59.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kathy.YOUR-4105E587B6\Desktop\MBR.dat"
22:22:59.187 The log file has been saved successfully to "C:\Documents and Settings\Kathy.YOUR-4105E587B6\Desktop\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

Please run Farbar Service Scanner again. This time, type the following in the edit box after "Search":

afd.sys;netbt.sys

Click Search Files button and post the log (FSS.txt) it makes to your reply.


----------



## PTgirl (Jan 22, 2012)

Search afd.sys; netbt.sys

Farbar Service Scanner Version: 18-01-2012 01
Ran by Kathy (administrator) on 24-01-2012 at 17:16:35
Microsoft Windows XP Service Pack 3 (X86)

************************************************
================== Search: "afd.sys; netbt.sys" ===================

C:\WINDOWS\system32\drivers\afd.sys
[2012-01-17 00:51] - [2004-08-04 03:00] - 0138496 ____A (Microsoft Corporation) 5AC495F4CB807B2B98AD2AD591E6D92E

C:\WINDOWS\system32\drivers\netbt.sys
[2004-08-04 03:00] - [2008-04-13 14:21] - 0162816 ___AC (Microsoft Corporation) 74B2B2F5BEA5E9A3DC021D685551BD3D

C:\WINDOWS\system32\dllcache\afd.sys
[2012-01-17 00:51] - [2004-08-04 03:00] - 0138496 ____A (Microsoft Corporation) 5AC495F4CB807B2B98AD2AD591E6D92E

C:\WINDOWS\system32\dllcache\netbt.sys
[2004-08-04 03:00] - [2008-04-13 14:21] - 0162816 ____A (Microsoft Corporation) 74B2B2F5BEA5E9A3DC021D685551BD3D

C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008-04-13 14:19] - [2008-04-13 14:19] - 0138112 ____C (Microsoft Corporation) 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008-04-13 14:21] - [2008-04-13 14:21] - 0162816 ____C (Microsoft Corporation) 74B2B2F5BEA5E9A3DC021D685551BD3D

C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2008-12-05 15:40] - [2008-04-13 14:19] - 0138112 ____C (Microsoft Corporation) 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2011-10-12 19:22] - [2011-02-16 08:22] - 0138496 ____C (Microsoft Corporation) 355556D9E580915118CD7EF736653A89

C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011-04-15 10:28] - [2008-08-14 05:04] - 0138496 ____C (Microsoft Corporation) 7E775010EF291DA96AD17CA4B17137D7

C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2011-06-15 19:14] - [2008-10-16 09:43] - 0138496 ____C (Microsoft Corporation) 7618D5218F2A614672EC61A80D854A37

C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008-12-05 14:43] - [2004-08-04 03:00] - 0138496 ____C (Microsoft Corporation) 5AC495F4CB807B2B98AD2AD591E6D92E

C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008-12-05 14:43] - [2004-08-04 03:00] - 0162816 ____C (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008-12-05 15:02] - [2008-08-14 05:34] - 0138496 ___AC (Microsoft Corporation) 4D43E74F2A1239D53929B82600F1971C

C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008-06-20 06:48] - [2008-06-20 06:48] - 0138496 ___AC (Microsoft Corporation) D6EE6014241D034E63C49A50CB2B442A

C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
[2011-10-11 20:23] - [2011-08-17 08:41] - 0138496 ____A (Microsoft Corporation) F6B7B1ECD7B41736BDB6FF4B092BCB79

C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008-10-16 10:07] - [2008-10-16 10:07] - 0138496 ____A (Microsoft Corporation) 38D7B715504DA4741DF35E3594FE2099

C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2011-06-15 17:03] - [2011-02-16 08:25] - 0138496 ____A (Microsoft Corporation) 8D499B1276012EB907E7A9E0F4D8FDA4

====== End Of Search ======


----------



## Cookiegal (Aug 27, 2003)

Please run Farbar Service Scanner one more time. This time, type the following in the search box:

afd;netbt;tcpip

Click "Export Service" and post the log it makes (FSS.txt).


----------



## PTgirl (Jan 22, 2012)

afd;netbt;tcpip

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\afd]
"DisplayName"="AFD"
"Description"="AFD Networking Support Environment"
"Group"="TDI"
"ImagePath"="\\SystemRoot\\System32\\drivers\\afd.sys"
"Start"=dword:00000001
"Type"=dword:00000001
"ErrorControl"=dword:00000001

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\afd\Enum]
"0"="Root\\LEGACY_AFD\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\afd\Parameters]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\afd\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\netbt]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000006
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,6e,00,65,00,74,00,62,00,74,00,2e,\
00,73,00,79,00,73,00,00,00
"DisplayName"="NetBios over Tcpip"
"Group"="PNP_TDI"
"DependOnService"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"Description"="NetBios over Tcpip"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\netbt\Linkage]
"OtherDependencies"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,00,00
"Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,\
00,69,00,70,00,5f,00,7b,00,38,00,38,00,32,00,44,00,38,00,38,00,33,00,32,00,\
2d,00,35,00,44,00,35,00,43,00,2d,00,34,00,45,00,43,00,37,00,2d,00,39,00,43,\
00,37,00,30,00,2d,00,43,00,36,00,33,00,38,00,43,00,41,00,39,00,39,00,38,00,\
31,00,43,00,32,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,\
00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,36,00,44,00,35,00,37,00,45,00,\
36,00,41,00,42,00,2d,00,35,00,41,00,43,00,32,00,2d,00,34,00,30,00,46,00,33,\
00,2d,00,38,00,36,00,38,00,33,00,2d,00,36,00,45,00,35,00,42,00,46,00,46,00,\
33,00,36,00,31,00,34,00,44,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,\
00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,32,00,42,00,\
43,00,41,00,35,00,38,00,32,00,33,00,2d,00,34,00,46,00,35,00,33,00,2d,00,34,\
00,36,00,35,00,46,00,2d,00,39,00,45,00,41,00,37,00,2d,00,44,00,33,00,36,00,\
38,00,42,00,44,00,33,00,34,00,39,00,34,00,36,00,34,00,7d,00,00,00,5c,00,44,\
00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,\
7b,00,46,00,31,00,30,00,41,00,45,00,33,00,33,00,39,00,2d,00,41,00,45,00,35,\
00,43,00,2d,00,34,00,37,00,39,00,33,00,2d,00,39,00,30,00,37,00,34,00,2d,00,\
37,00,33,00,37,00,41,00,33,00,43,00,32,00,31,00,43,00,44,00,39,00,39,00,7d,\
00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,\
69,00,70,00,5f,00,7b,00,44,00,42,00,45,00,33,00,43,00,37,00,36,00,38,00,2d,\
00,30,00,41,00,38,00,41,00,2d,00,34,00,38,00,44,00,31,00,2d,00,38,00,37,00,\
46,00,46,00,2d,00,30,00,45,00,30,00,32,00,36,00,46,00,38,00,33,00,45,00,41,\
00,34,00,35,00,7d,00,00,00,00,00
"Route"=hex(7):22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,38,\
00,38,00,32,00,44,00,38,00,38,00,33,00,32,00,2d,00,35,00,44,00,35,00,43,00,\
2d,00,34,00,45,00,43,00,37,00,2d,00,39,00,43,00,37,00,30,00,2d,00,43,00,36,\
00,33,00,38,00,43,00,41,00,39,00,39,00,38,00,31,00,43,00,32,00,7d,00,22,00,\
00,00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,36,00,44,\
00,35,00,37,00,45,00,36,00,41,00,42,00,2d,00,35,00,41,00,43,00,32,00,2d,00,\
34,00,30,00,46,00,33,00,2d,00,38,00,36,00,38,00,33,00,2d,00,36,00,45,00,35,\
00,42,00,46,00,46,00,33,00,36,00,31,00,34,00,44,00,46,00,7d,00,22,00,00,00,\
22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,32,00,42,00,43,\
00,41,00,35,00,38,00,32,00,33,00,2d,00,34,00,46,00,35,00,33,00,2d,00,34,00,\
36,00,35,00,46,00,2d,00,39,00,45,00,41,00,37,00,2d,00,44,00,33,00,36,00,38,\
00,42,00,44,00,33,00,34,00,39,00,34,00,36,00,34,00,7d,00,22,00,00,00,22,00,\
54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,4e,00,64,00,69,00,73,00,57,\
00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
"Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,\
00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,38,00,38,00,\
32,00,44,00,38,00,38,00,33,00,32,00,2d,00,35,00,44,00,35,00,43,00,2d,00,34,\
00,45,00,43,00,37,00,2d,00,39,00,43,00,37,00,30,00,2d,00,43,00,36,00,33,00,\
38,00,43,00,41,00,39,00,39,00,38,00,31,00,43,00,32,00,7d,00,00,00,5c,00,44,\
00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,\
54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,36,00,44,00,35,00,37,00,45,00,36,\
00,41,00,42,00,2d,00,35,00,41,00,43,00,32,00,2d,00,34,00,30,00,46,00,33,00,\
2d,00,38,00,36,00,38,00,33,00,2d,00,36,00,45,00,35,00,42,00,46,00,46,00,33,\
00,36,00,31,00,34,00,44,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,\
63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,\
00,70,00,5f,00,7b,00,32,00,42,00,43,00,41,00,35,00,38,00,32,00,33,00,2d,00,\
34,00,46,00,35,00,33,00,2d,00,34,00,36,00,35,00,46,00,2d,00,39,00,45,00,41,\
00,37,00,2d,00,44,00,33,00,36,00,38,00,42,00,44,00,33,00,34,00,39,00,34,00,\
36,00,34,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,\
00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,\
46,00,31,00,30,00,41,00,45,00,33,00,33,00,39,00,2d,00,41,00,45,00,35,00,43,\
00,2d,00,34,00,37,00,39,00,33,00,2d,00,39,00,30,00,37,00,34,00,2d,00,37,00,\
33,00,37,00,41,00,33,00,43,00,32,00,31,00,43,00,44,00,39,00,39,00,7d,00,00,\
00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,\
54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,44,00,42,00,45,00,33,\
00,43,00,37,00,36,00,38,00,2d,00,30,00,41,00,38,00,41,00,2d,00,34,00,38,00,\
44,00,31,00,2d,00,38,00,37,00,46,00,46,00,2d,00,30,00,45,00,30,00,32,00,36,\
00,46,00,38,00,33,00,45,00,41,00,34,00,35,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\netbt\Parameters]
"NbProvider"="_tcp"
"NameServerPort"=dword:00000089
"CacheTimeout"=dword:000927c0
"BcastNameQueryCount"=dword:00000003
"BcastQueryTimeout"=dword:000002ee
"NameSrvQueryCount"=dword:00000003
"NameSrvQueryTimeout"=dword:000005dc
"Size/Small/Medium/Large"=dword:00000001
"SessionKeepAlive"=dword:0036ee80
"TransportBindName"="\\Device\\"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\netbt\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\netbt\Parameters\Interfaces\Tcpip_{2BCA5823-4F53-465F-9EA7-D368BD349464}]
"NameServerList"=hex(7):00,00
"NetbiosOptions"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\netbt\Parameters\Interfaces\Tcpip_{6D57E6AB-5AC2-40F3-8683-6E5BFF3614DF}]
"NameServerList"=hex(7):00,00
"NetbiosOptions"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\netbt\Parameters\Interfaces\Tcpip_{882D8832-5D5C-4EC7-9C70-C638CA9981C2}]
"NameServerList"=hex(7):00,00
"NetbiosOptions"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\netbt\Parameters\Interfaces\Tcpip_{DBE3C768-0A8A-48D1-87FF-0E026F83EA45}]
"NameServerList"=hex(7):00,00
"NetbiosOptions"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\netbt\Parameters\Interfaces\Tcpip_{F10AE339-AE5C-4793-9074-737A3C21CD99}]
"NameServerList"=hex(7):00,00
"NetbiosOptions"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\netbt\Security]
"Security"=hex:01,00,14,80,e8,00,00,00,f4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,b8,00,08,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,25,02,\
00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,14,\
00,40,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,00,00,14,00,40,00,00,00,\
01,01,00,00,00,00,00,05,14,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,\
00,00,05,20,00,00,00,2c,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\netbt\Enum]
"0"="Root\\LEGACY_NETBT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,\
00,73,00,79,00,73,00,00,00
"DisplayName"="TCP/IP Protocol Driver"
"Group"="PNP_TDI"
"DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"Description"="TCP/IP Protocol Driver"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Linkage]
"Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,38,00,38,\
00,32,00,44,00,38,00,38,00,33,00,32,00,2d,00,35,00,44,00,35,00,43,00,2d,00,\
34,00,45,00,43,00,37,00,2d,00,39,00,43,00,37,00,30,00,2d,00,43,00,36,00,33,\
00,38,00,43,00,41,00,39,00,39,00,38,00,31,00,43,00,32,00,7d,00,00,00,5c,00,\
44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,36,00,44,00,35,00,37,00,45,\
00,36,00,41,00,42,00,2d,00,35,00,41,00,43,00,32,00,2d,00,34,00,30,00,46,00,\
33,00,2d,00,38,00,36,00,38,00,33,00,2d,00,36,00,45,00,35,00,42,00,46,00,46,\
00,33,00,36,00,31,00,34,00,44,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,\
69,00,63,00,65,00,5c,00,7b,00,32,00,42,00,43,00,41,00,35,00,38,00,32,00,33,\
00,2d,00,34,00,46,00,35,00,33,00,2d,00,34,00,36,00,35,00,46,00,2d,00,39,00,\
45,00,41,00,37,00,2d,00,44,00,33,00,36,00,38,00,42,00,44,00,33,00,34,00,39,\
00,34,00,36,00,34,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,\
5c,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,00,00,00,00,00
"Route"=hex(7):22,00,7b,00,38,00,38,00,32,00,44,00,38,00,38,00,33,00,32,00,2d,\
00,35,00,44,00,35,00,43,00,2d,00,34,00,45,00,43,00,37,00,2d,00,39,00,43,00,\
37,00,30,00,2d,00,43,00,36,00,33,00,38,00,43,00,41,00,39,00,39,00,38,00,31,\
00,43,00,32,00,7d,00,22,00,00,00,22,00,7b,00,36,00,44,00,35,00,37,00,45,00,\
36,00,41,00,42,00,2d,00,35,00,41,00,43,00,32,00,2d,00,34,00,30,00,46,00,33,\
00,2d,00,38,00,36,00,38,00,33,00,2d,00,36,00,45,00,35,00,42,00,46,00,46,00,\
33,00,36,00,31,00,34,00,44,00,46,00,7d,00,22,00,00,00,22,00,7b,00,32,00,42,\
00,43,00,41,00,35,00,38,00,32,00,33,00,2d,00,34,00,46,00,35,00,33,00,2d,00,\
34,00,36,00,35,00,46,00,2d,00,39,00,45,00,41,00,37,00,2d,00,44,00,33,00,36,\
00,38,00,42,00,44,00,33,00,34,00,39,00,34,00,36,00,34,00,7d,00,22,00,00,00,\
22,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,\
00
"Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,\
00,69,00,70,00,5f,00,7b,00,38,00,38,00,32,00,44,00,38,00,38,00,33,00,32,00,\
2d,00,35,00,44,00,35,00,43,00,2d,00,34,00,45,00,43,00,37,00,2d,00,39,00,43,\
00,37,00,30,00,2d,00,43,00,36,00,33,00,38,00,43,00,41,00,39,00,39,00,38,00,\
31,00,43,00,32,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,\
00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,36,00,44,00,35,00,37,00,45,00,\
36,00,41,00,42,00,2d,00,35,00,41,00,43,00,32,00,2d,00,34,00,30,00,46,00,33,\
00,2d,00,38,00,36,00,38,00,33,00,2d,00,36,00,45,00,35,00,42,00,46,00,46,00,\
33,00,36,00,31,00,34,00,44,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,\
00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,32,00,42,00,\
43,00,41,00,35,00,38,00,32,00,33,00,2d,00,34,00,46,00,35,00,33,00,2d,00,34,\
00,36,00,35,00,46,00,2d,00,39,00,45,00,41,00,37,00,2d,00,44,00,33,00,36,00,\
38,00,42,00,44,00,33,00,34,00,39,00,34,00,36,00,34,00,7d,00,00,00,5c,00,44,\
00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,\
7b,00,46,00,31,00,30,00,41,00,45,00,33,00,33,00,39,00,2d,00,41,00,45,00,35,\
00,43,00,2d,00,34,00,37,00,39,00,33,00,2d,00,39,00,30,00,37,00,34,00,2d,00,\
37,00,33,00,37,00,41,00,33,00,43,00,32,00,31,00,43,00,44,00,39,00,39,00,7d,\
00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,\
69,00,70,00,5f,00,7b,00,44,00,42,00,45,00,33,00,43,00,37,00,36,00,38,00,2d,\
00,30,00,41,00,38,00,41,00,2d,00,34,00,38,00,44,00,31,00,2d,00,38,00,37,00,\
46,00,46,00,2d,00,30,00,45,00,30,00,32,00,36,00,46,00,38,00,33,00,45,00,41,\
00,34,00,35,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters]
"NV Hostname"="your-4105e587b6"
"DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"Hostname"="your-4105e587b6"
"DeadGWDetectDefault"=dword:00000001
"DisableTaskOffload"=dword:00000000
"DhcpDomain"="hsd1.md.comcast.net."
"DhcpNameServer"="75.75.75.75 75.75.76.76"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Adapters\NdisWanIp]
"LLInterface"="WANARP"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,31,00,30,00,41,00,45,00,33,00,\
33,00,39,00,2d,00,41,00,45,00,35,00,43,00,2d,00,34,00,37,00,39,00,33,00,2d,\
00,39,00,30,00,37,00,34,00,2d,00,37,00,33,00,37,00,41,00,33,00,43,00,32,00,\
31,00,43,00,44,00,39,00,39,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,\
00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,\
6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,44,00,42,\
00,45,00,33,00,43,00,37,00,36,00,38,00,2d,00,30,00,41,00,38,00,41,00,2d,00,\
34,00,38,00,44,00,31,00,2d,00,38,00,37,00,46,00,46,00,2d,00,30,00,45,00,30,\
00,32,00,36,00,46,00,38,00,33,00,45,00,41,00,34,00,35,00,7d,00,00,00,00,00
"NumInterfaces"=dword:00000002
"IpInterfaces"=hex:39,e3,0a,f1,5c,ae,93,47,90,74,73,7a,3c,21,cd,99,68,c7,e3,db,\
8a,0a,d1,48,87,ff,0e,02,6f,83,ea,45

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Adapters\{2BCA5823-4F53-465F-9EA7-D368BD349464}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,32,00,42,00,43,00,41,00,35,00,38,00,\
32,00,33,00,2d,00,34,00,46,00,35,00,33,00,2d,00,34,00,36,00,35,00,46,00,2d,\
00,39,00,45,00,41,00,37,00,2d,00,44,00,33,00,36,00,38,00,42,00,44,00,33,00,\
34,00,39,00,34,00,36,00,34,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Adapters\{6D57E6AB-5AC2-40F3-8683-6E5BFF3614DF}]
"LLInterface"="ARP1394"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,36,00,44,00,35,00,37,00,45,00,36,00,\
41,00,42,00,2d,00,35,00,41,00,43,00,32,00,2d,00,34,00,30,00,46,00,33,00,2d,\
00,38,00,36,00,38,00,33,00,2d,00,36,00,45,00,35,00,42,00,46,00,46,00,33,00,\
36,00,31,00,34,00,44,00,46,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Adapters\{882D8832-5D5C-4EC7-9C70-C638CA9981C2}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,38,00,32,00,44,00,38,00,38,00,\
33,00,32,00,2d,00,35,00,44,00,35,00,43,00,2d,00,34,00,45,00,43,00,37,00,2d,\
00,39,00,43,00,37,00,30,00,2d,00,43,00,36,00,33,00,38,00,43,00,41,00,39,00,\
39,00,38,00,31,00,43,00,32,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\DNSRegisteredAdapters]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Interfaces\{2BCA5823-4F53-465F-9EA7-D368BD349464}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):00,00
"UDPAllowedPorts"=hex(7):00,00
"RawIPAllowedProtocols"=hex(7):00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
33,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000000
"LeaseObtainedTime"=dword:4f1e23e9
"T1"=dword:4f1e23e9
"T2"=dword:4f1e23e9
"LeaseTerminatesTime"=dword:7fffffff
"AddressType"=dword:00000001
"IsServerNapAware"=dword:00000000
"DhcpIPAddress"="169.254.182.79"
"DhcpSubnetMask"="255.255.0.0"
"DisableDynamicUpdate"=dword:00000000
"IPAutoconfigurationAddress"="169.254.182.79"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Interfaces\{6D57E6AB-5AC2-40F3-8683-6E5BFF3614DF}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):00,00
"UDPAllowedPorts"=hex(7):00,00
"RawIPAllowedProtocols"=hex(7):00,00
"AddressType"=dword:00000000
"DisableDynamicUpdate"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Interfaces\{882D8832-5D5C-4EC7-9C70-C638CA9981C2}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):00,00
"UDPAllowedPorts"=hex(7):00,00
"RawIPAllowedProtocols"=hex(7):00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
32,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="192.168.1.1"
"Lease"=dword:00015180
"LeaseObtainedTime"=dword:4f1f7742
"T1"=dword:4f202002
"T2"=dword:4f209e92
"LeaseTerminatesTime"=dword:4f20c8c2
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DisableDynamicUpdate"=dword:00000000
"DhcpIPAddress"="192.168.1.102"
"DhcpSubnetMask"="255.255.255.0"
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"DhcpRetryTime"=dword:0000a8c0
"DhcpRetryStatus"=dword:00000000
"DhcpDomain"="hsd1.md.comcast.net."
"DhcpNameServer"="75.75.75.75 75.75.76.76"
"DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,31,\
00,2e,00,31,00,00,00,00,00
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
00,35,00,35,00,2e,00,30,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Interfaces\{DBE3C768-0A8A-48D1-87FF-0E026F83EA45}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Interfaces\{F10AE339-AE5C-4793-9074-737A3C21CD99}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\PersistentRoutes]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Winsock]
"UseDelayedAcceptance"=dword:00000000
"HelperDllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,00,6c,00,\
00,00
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"Mapping"=hex:0b,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,\
00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,00,00,\
00,00,00,00,00,00,06,00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,\
00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,00,\
00,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,11,00,00,00,00,00,00,00,02,\
00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Performance]
"Close"="CloseTcpIpPerformanceData"
"Collect"="CollectTcpIpPerformanceData"
"Library"="Perfctrs.dll"
"Open"="OpenTcpIpPerformanceData"
"Object List"="502 510 546 582 638 658"
"WbemAdapFileSignature"=hex:db,e2,b6,23,53,66,0e,cc,a0,d7,5e,a3,07,a7,17,e9
"WbemAdapFileTime"=hex:00,40,4f,0a,f9,79,c4,01
"WbemAdapFileSize"=dword:00009c00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\ServiceProvider]
"Class"=dword:00000008
"DnsPriority"=dword:000007d0
"HostsPriority"=dword:000001f4
"LocalPriority"=dword:000001f3
"ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,73,00,6f,00,63,00,6b,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"NetbtPriority"=dword:000007d1
"Name"="TCP/IP"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Enum]
"0"="Root\\LEGACY_TCPIP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_afd]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_afd\0000]
"Service"="AFD"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000020
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="AFD"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_afd\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_afd\0000\Control]
"ActiveService"="AFD"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_netbt]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_netbt\0000]
"Service"="NetBT"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="NetBios over Tcpip"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\\0028"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_netbt\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_netbt\0000\Control]
"ActiveService"="NetBT"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_tcpip]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_tcpip\0000]
"Service"="Tcpip"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="TCP/IP Protocol Driver"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\\0045"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_tcpip\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_tcpip\0000\Control]
"ActiveService"="Tcpip"


----------



## Cookiegal (Aug 27, 2003)

Did you import any other fixes into the registry before posting here for assistance other than the AFD one?

Please run Farbar Service Scanner again. This time, type the following in the search box:

dhcp

Click "Export Service" and post the log it makes (FSS.txt).


----------



## PTgirl (Jan 22, 2012)

Before I got to the AFD fix when everything started falling apart, I wasn't able to open my programs. Any time I did, I was asked what to open the file with and had to browse to the appropriate file. Fixed the registry issue by using regedit #12 from www.kellys-korner-xp.com/xp_tweaks.htm. After this, the programs were opening correctly again. Got the link from another forum on this site.

dhcp

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"DisplayName"="DHCP Client"
"Group"="TDI"
"DependOnService"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,41,00,66,00,64,00,\
00,00,4e,00,65,00,74,00,42,00,54,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="LocalSystem"
"Description"="Manages network configuration by registering and updating IP addresses and DNS names."
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,53,00,65,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,60,ea,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Configurations]
"Options"=hex:32,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ff,ff,ff,7f,00,\
00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ff,ff,ff,7f,00,00,\
00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Linkage]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Linkage\Disabled]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,68,00,63,00,70,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\
00
"{008DDC8F-1D33-463E-AA7E-92BD797AB99A}"=hex:0f,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,7b,5c,5a,42,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
7b,5c,5a,42,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,7b,5c,5a,42,36,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,7b,5c,5a,42,35,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,7b,5c,5a,42
"{AC4A9E94-A581-45A6-B04B-34611DFF7786}"=hex:fc,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,22,a4,14,4f,0f,00,00,00,00,00,00,00,14,00,00,00,00,00,00,00,\
ff,af,15,4f,68,73,64,31,2e,6d,64,2e,63,6f,6d,63,61,73,74,2e,6e,65,74,2e,0c,\
00,00,00,00,00,00,00,0f,00,00,00,00,00,00,00,ff,af,15,4f,79,6f,75,72,2d,34,\
31,30,35,65,35,38,37,62,36,00,06,00,00,00,00,00,00,00,08,00,00,00,00,00,00,\
00,ff,af,15,4f,4b,4b,4b,4b,4b,4b,4c,4c,03,00,00,00,00,00,00,00,04,00,00,00,\
00,00,00,00,ff,af,15,4f,c0,a8,01,01,01,00,00,00,00,00,00,00,04,00,00,00,00,\
00,00,00,ff,af,15,4f,ff,ff,ff,00,3b,00,00,00,00,00,00,00,04,00,00,00,00,00,\
00,00,ff,af,15,4f,00,01,27,50,3a,00,00,00,00,00,00,00,04,00,00,00,00,00,00,\
00,ff,af,15,4f,00,00,a8,c0,33,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,\
ff,af,15,4f,00,01,51,80,36,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ff,\
af,15,4f,c0,a8,01,01,35,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,ff,af,\
15,4f,05,00,00,00
"{882D8832-5D5C-4EC7-9C70-C638CA9981C2}"=hex:fc,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,46,88,20,4f,0f,00,00,00,00,00,00,00,14,00,00,00,00,00,00,00,\
2f,d9,21,4f,68,73,64,31,2e,6d,64,2e,63,6f,6d,63,61,73,74,2e,6e,65,74,2e,0c,\
00,00,00,00,00,00,00,0f,00,00,00,00,00,00,00,2f,d9,21,4f,79,6f,75,72,2d,34,\
31,30,35,65,35,38,37,62,36,00,06,00,00,00,00,00,00,00,08,00,00,00,00,00,00,\
00,2f,d9,21,4f,4b,4b,4b,4b,4b,4b,4c,4c,03,00,00,00,00,00,00,00,04,00,00,00,\
00,00,00,00,2f,d9,21,4f,c0,a8,01,01,01,00,00,00,00,00,00,00,04,00,00,00,00,\
00,00,00,2f,d9,21,4f,ff,ff,ff,00,3b,00,00,00,00,00,00,00,04,00,00,00,00,00,\
00,00,2f,d9,21,4f,00,01,27,50,3a,00,00,00,00,00,00,00,04,00,00,00,00,00,00,\
00,2f,d9,21,4f,00,00,a8,c0,33,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,\
2f,d9,21,4f,00,01,51,80,36,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,2f,\
d9,21,4f,c0,a8,01,01,35,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,2f,d9,\
21,4f,05,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters\Options]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters\Options\1]
"KeyType"=dword:00000007
"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\
00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\
00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,53,00,75,00,62,00,6e,00,\
65,00,74,00,4d,00,61,00,73,00,6b,00,4f,00,70,00,74,00,00,00,53,00,59,00,53,\
00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,43,00,\
6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,5c,00,3f,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,54,00,63,00,70,00,69,00,70,00,5c,\
00,44,00,68,00,63,00,70,00,53,00,75,00,62,00,6e,00,65,00,74,00,4d,00,61,00,\
73,00,6b,00,4f,00,70,00,74,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters\Options\15]
"KeyType"=dword:00000001
"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\
00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\
00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,44,00,6f,00,6d,00,61,00,\
69,00,6e,00,00,00,53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\
00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,44,00,68,00,63,00,70,00,44,00,6f,00,6d,00,61,00,69,\
00,6e,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters\Options\220]
"KeyType"=dword:00000003
"VendorType"=dword:00000001
"RegSendLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,\
72,00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,\
00,65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,\
54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,\
00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,\
65,00,73,00,5c,00,3f,00,5c,00,53,00,6f,00,48,00,52,00,65,00,71,00,75,00,65,\
00,73,00,74,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters\Options\3]
"KeyType"=dword:00000007
"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\
00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\
00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,44,00,65,00,66,00,61,00,\
75,00,6c,00,74,00,47,00,61,00,74,00,65,00,77,00,61,00,79,00,00,00,53,00,59,\
00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,\
43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,53,00,65,\
00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,3f,00,5c,00,50,00,61,00,72,00,\
61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,54,00,63,00,70,00,69,00,70,\
00,5c,00,44,00,68,00,63,00,70,00,44,00,65,00,66,00,61,00,75,00,6c,00,74,00,\
47,00,61,00,74,00,65,00,77,00,61,00,79,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters\Options\44]
"KeyType"=dword:00000001
"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,4e,\
00,65,00,74,00,42,00,54,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\
00,73,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,3f,00,5c,00,44,00,68,00,\
63,00,70,00,4e,00,61,00,6d,00,65,00,53,00,65,00,72,00,76,00,65,00,72,00,4c,\
00,69,00,73,00,74,00,00,00,53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,\
75,00,72,00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,\
00,53,00,65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,\
5c,00,4e,00,65,00,74,00,42,00,54,00,5c,00,41,00,64,00,61,00,70,00,74,00,65,\
00,72,00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,4e,00,61,00,6d,00,\
65,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters\Options\46]
"KeyType"=dword:00000004
"RegLocation"="SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\DhcpNodeType"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters\Options\47]
"KeyType"=dword:00000001
"RegLocation"="SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\DhcpScopeID"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters\Options\6]
"KeyType"=dword:00000001
"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\
00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\
00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,4e,00,61,00,6d,00,65,00,\
53,00,65,00,72,00,76,00,65,00,72,00,00,00,53,00,59,00,53,00,54,00,45,00,4d,\
00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,\
72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,73,00,5c,00,54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,\
61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,44,00,68,00,63,00,70,00,4e,\
00,61,00,6d,00,65,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters\Options\DhcpNetbiosOptions]
"KeyType"=dword:00000004
"OptionId"=dword:00000001
"VendorType"=dword:00000001
"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,4e,\
00,65,00,74,00,42,00,54,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\
00,73,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,3f,00,5c,00,44,00,68,00,\
63,00,70,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,00,4f,00,70,00,74,00,69,\
00,6f,00,6e,00,73,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
2c,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Enum]
"0"="Root\\LEGACY_DHCP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_dhcp]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_dhcp\0000]
"Service"="Dhcp"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="DHCP Client"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_dhcp\0000\Control]
"ActiveService"="Dhcp"


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *Run *- type in *cmd *and click OK.

At the command prompt type in:

*netsh winsock reset catalog*

Press enter.

then type in:

*netsh int ip reset resetlog.txt*

Press enter.

You will need to reboot afterwards.

Let me know if you can connect after doing that.


----------



## PTgirl (Jan 22, 2012)

No change. Network signal still strong but unable to connect to the internet. I got a success response from the first entry but not the second. Tried the second one again, and still no response. Should there have been a response as there was from the first one?
Here is what the screen looked like:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Kathy.YOUR-4105E587B6>netsh winsock reset catalog

Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.

C:\Documents and Settings\Kathy.YOUR-4105E587B6>netsh int ip reset resetlog.txt

C:\Documents and Settings\Kathy.YOUR-4105E587B6>netsh int ip reset resetlog.txt

C:\Documents and Settings\Kathy.YOUR-4105E587B6>


----------



## Cookiegal (Aug 27, 2003)

I don't think that one generates any message but it does recreate a log that should be located here:

C:\Documents and Settings\Kathy.YOUR-4105E587B6\resetlog.txt

Please open that log in Notepad and copy and paste the contents here.


----------



## Cookiegal (Aug 27, 2003)

Also, please do the following:

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## PTgirl (Jan 22, 2012)

*resetlog.txt*
<completed>
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{882D8832-5D5C-4EC7-9C70-C638CA9981C2}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{882D8832-5D5C-4EC7-9C70-C638CA9981C2}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{882D8832-5D5C-4EC7-9C70-C638CA9981C2}\IpAutoconfigurationSeed
<completed>
<completed>
deleted SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\CacheHashTableBucketSize
deleted SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\CacheHashTableSize
deleted SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\MaxCacheEntryTtlLimit
deleted SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\MaxSoaCacheEntryTtlLimit
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2BCA5823-4F53-465F-9EA7-D368BD349464}\AddressType
old REG_DWORD = 1
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2BCA5823-4F53-465F-9EA7-D368BD349464}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2BCA5823-4F53-465F-9EA7-D368BD349464}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2BCA5823-4F53-465F-9EA7-D368BD349464}\IpAutoconfigurationSeed
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{882D8832-5D5C-4EC7-9C70-C638CA9981C2}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{882D8832-5D5C-4EC7-9C70-C638CA9981C2}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{882D8832-5D5C-4EC7-9C70-C638CA9981C2}\IpAutoconfigurationSeed
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableTaskOffload
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer
<completed>
<completed>

*Event View Application*
*no errors for past 24 hours*

*Event View System*
Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 1/26/2012
Time: 8:02:40 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 1/26/2012
Time: 8:02:40 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 1/26/2012
Time: 2:25:45 AM
User: N/A
Computer: YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 240 minutes. NtpClient has no source of accurate time. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 1/26/2012
Time: 2:25:45 AM
User: N/A
Computer: YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 1/26/2012
Time: 12:25:43 AM
User: N/A
Computer: YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 120 minutes. NtpClient has no source of accurate time. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 1/26/2012
Time: 12:25:43 AM
User: N/A
Computer: YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 1/25/2012
Time: 11:25:41 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 60 minutes. NtpClient has no source of accurate time. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 1/25/2012
Time: 11:25:41 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 1/25/2012
Time: 10:55:40 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 30 minutes. NtpClient has no source of accurate time. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 1/25/2012
Time: 10:55:40 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 1/25/2012
Time: 10:40:39 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 1/25/2012
Time: 10:40:39 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 1/25/2012
Time: 10:40:39 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 1/25/2012
Time: 10:40:39 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 1/25/2012
Time: 9:37:42 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 240 minutes. NtpClient has no source of accurate time. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 1/25/2012
Time: 9:37:42 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 1/25/2012
Time: 7:37:39 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 120 minutes. NtpClient has no source of accurate time. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 1/25/2012
Time: 7:37:39 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Windows Update Agent
Event Category: Software Sync 
Event ID: 16
Date: 1/25/2012
Time: 6:45:48 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 57 69 6e 33 32 48 52 65 Win32HRe
0008: 73 75 6c 74 3d 30 78 30 sult=0x0
0010: 30 30 30 30 30 30 30 20 0000000 
0018: 55 70 64 61 74 65 49 44 UpdateID
0020: 3d 7b 30 30 30 30 30 30 ={000000
0028: 30 30 2d 30 30 30 30 2d 00-0000-
0030: 30 30 30 30 2d 30 30 30 0000-000
0038: 30 2d 30 30 30 30 30 30 0-000000
0040: 30 30 30 30 30 30 7d 20 000000} 
0048: 52 65 76 69 73 69 6f 6e Revision
0050: 4e 75 6d 62 65 72 3d 30 Number=0
0058: 20 00 .

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 1/25/2012
Time: 6:37:37 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 60 minutes. NtpClient has no source of accurate time. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 1/25/2012
Time: 6:37:37 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 1/25/2012
Time: 6:07:37 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 30 minutes. NtpClient has no source of accurate time. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 1/25/2012
Time: 6:07:37 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 1/25/2012
Time: 5:52:36 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 1/25/2012
Time: 5:52:36 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 1/25/2012
Time: 5:52:36 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 1/25/2012
Time: 5:52:36 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 1/25/2012
Time: 5:52:36 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 1/25/2012
Time: 5:52:36 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 1/25/2012
Time: 5:52:36 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 1/24/2012
Time: 10:50:57 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 60 minutes. NtpClient has no source of accurate time. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 1/24/2012
Time: 10:50:57 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 1/24/2012
Time: 10:20:56 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 30 minutes. NtpClient has no source of accurate time. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 1/24/2012
Time: 10:20:56 PM
User: N/A
Computer: YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Please do this again:

Go to *Start *- *Run *- type in cmd and click OK to open a command prompt:

Type the following command (be sure to include the space between the g and the /:

*Ipconfig /all*

Hit Enter.

Right click in the command window and choose Select All, then hit Enter.
Paste the results in a message here.


----------



## PTgirl (Jan 22, 2012)

*ipconfig /all*
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Kathy.YOUR-4105E587B6>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : your-4105e587b6
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.md.comcast.net.

Ethernet adapter Wireless Network Connection 2:
Connection-specific DNS Suffix . : hsd1.md.comcast.net.
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG Network
Connection
Physical Address. . . . . . . . . : 00-15-00-3A-01-E7
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.102
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
Lease Obtained. . . . . . . . . . : Friday, January 27, 2012 12:02:26 PM
Lease Expires . . . . . . . . . . : Saturday, January 28, 2012 12:02:26
PM

Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Eth
ernet NIC
Physical Address. . . . . . . . . : 00-16-36-33-EA-7A

C:\Documents and Settings\Kathy.YOUR-4105E587B6>


----------



## Cookiegal (Aug 27, 2003)

Please run Farbar again. Make sure only the following option is checked:
*Internet Services*
Press "*Scan*". It will create a log (FSS.txt) in the same directory the tool is run (which should be on the desktop.) Please copy and paste the log to your reply.


----------



## PTgirl (Jan 22, 2012)

*FSS.txt*

Farbar Service Scanner Version: 18-01-2012 01
Ran by Kathy (administrator) on 27-01-2012 at 12:53:22
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Gpc(7) IPSec(5) NetBT(6) PSched(8) SYMTDI(10) Tcpip(4) 
0x0B00000005000000010000000200000003000000040000000A000000090000000600000007000000080000000B000000
IpSec Tag value is correct.
**** End of log ****


----------



## Cookiegal (Aug 27, 2003)

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Users, Partitions and Memory size.
Click *Go* and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


----------



## PTgirl (Jan 22, 2012)

*MiniToolBox*

MiniToolBox by Farbar Version: 18-01-2012
Ran by Kathy (administrator) on 28-01-2012 at 12:28:17
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel(R) PRO/Wireless 2200BG Network Connection = Wireless Network Connection 2 (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)

# ---------------------------------- 
# Interface IP Configuration 
# ---------------------------------- 
pushd interface ip

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp 
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : your-4105e587b6

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.md.comcast.net.

Ethernet adapter Wireless Network Connection 2:

Connection-specific DNS Suffix . : hsd1.md.comcast.net.

Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG Network Connection

Physical Address. . . . . . . . . : 00-15-00-3A-01-E7

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 75.75.75.75

75.75.76.76

Lease Obtained. . . . . . . . . . : Saturday, January 28, 2012 12:10:08 PM

Lease Expires . . . . . . . . . . : Sunday, January 29, 2012 12:10:08 PM

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-16-36-33-EA-7A

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.115.147, 74.125.115.105, 74.125.115.103, 74.125.115.106
74.125.115.104, 74.125.115.99

Ping request could not find host google.com. Please check the name and try again.

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 72.30.2.43

Ping request could not find host yahoo.com. Please check the name and try again.

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 15 00 3a 01 e7 ...... Intel(R) PRO/Wireless 2200BG Network Connection
0x10004 ...00 16 36 33 ea 7a ...... Realtek RTL8139/810x Family Fast Ethernet NIC
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.102 192.168.1.102 20
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 25
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 25
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 25
255.255.255.255 255.255.255.255 192.168.1.102 10004 1
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/23/2012 06:36:50 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/23/2012 06:36:50 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/23/2012 06:36:50 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/23/2012 06:36:49 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/23/2012 06:36:49 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/23/2012 06:36:49 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (01/23/2012 06:36:48 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (01/23/2012 06:33:21 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/23/2012 06:33:21 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/23/2012 06:33:21 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

System errors:
=============
Error: (01/28/2012 11:53:42 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.

Error: (01/28/2012 11:53:42 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (01/28/2012 11:23:41 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 30 minutes.
NtpClient has no source of accurate time.

Error: (01/28/2012 11:23:41 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (01/28/2012 11:08:41 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (01/28/2012 11:08:41 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (01/27/2012 07:47:45 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 480 minutes.
NtpClient has no source of accurate time.

Error: (01/27/2012 07:47:45 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 480
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (01/27/2012 06:45:51 PM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (01/27/2012 03:47:38 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 240 minutes.
NtpClient has no source of accurate time.

Microsoft Office Sessions:
=========================
Error: (07/27/2011 02:14:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5324 seconds with 1860 seconds of active time. This session ended with a crash.

Error: (09/09/2009 02:11:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2925 seconds with 1200 seconds of active time. This session ended with a crash.

Error: (07/02/2009 02:11:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/02/2009 02:11:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/29/2009 04:01:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/29/2009 04:01:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/13/2009 04:02:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 769 seconds with 720 seconds of active time. This session ended with a crash.

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 1014.42 MB
Available physical RAM: 496.9 MB
Total Pagefile: 2437.07 MB
Available Pagefile: 2043.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.93 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.58 GB) (Free:4.3 GB) NTFS
3 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive g: () (Removable) (Total:1.86 GB) (Free:1.62 GB) FAT

========================= Users: ========================================

User accounts for \\YOUR-4105E587B6

Administrator ASPNET Guest 
HelpAssistant Kathy SUPPORT_388945a0

**** End of log ****


----------



## TerryNet (Mar 23, 2005)

Like your thread title.  But it's slightly inaccurate--you have internet access, but DNS is failing.

Make sure the following services are Started (Control Panel - Administrative Tools - Services).

DNS Client
Network Location Awareness
Remote Procedure Call (RPC)

If any of those are not started, and cannot be started, the issue will be beyond me and I will sit quietly and watch Cookiegal perform more of her magic.


----------



## PTgirl (Jan 22, 2012)

Hi TerryNet, all three of those were already listed as started. 
I had no idea about the importance of DNS when I started this thread! So greatful for Cookiegal's patience & persistence since I'm barely a step above clueless on this.


----------



## Cookiegal (Aug 27, 2003)

Are all these started as well?

Computer Browser 
DHCP Client 
IPSEC Services
Network Connections 
Server 
TCP/IP NetBIOS Helper services
Workstation


----------



## PTgirl (Jan 22, 2012)

All except IPSEC Services and TCP/IP NetBIOS Helper Services were started. I started those two hoping it would make a difference. Both started with no problem, but no change in ability to access the Internet.


----------



## TerryNet (Mar 23, 2005)

Just in case there is a problem with the Comcast DNS servers try using Google's 8.8.8.8 and 8.8.4.4. Configuration instructions here if you need them.


----------



## PTgirl (Jan 22, 2012)

Would it be a comcast DNS problem if I can connect to the internet on my home network with the other desktop, laptop and mobile devices?


----------



## PTgirl (Jan 22, 2012)

I changed to the Google public DNS and ran the tests suggested by them. All results indicated a problem with my DNS configuration (able to connect to a fixed IP address but not a hostname). I rolled the setting back to the original automatic setting and ran the tests again with the same results.


----------



## TerryNet (Mar 23, 2005)

I do not know what the problem is, other than that the malware dug very deep.


----------



## Cookiegal (Aug 27, 2003)

Please download *CheckConns.exe* and save it to your desktop.

Double click to run it. When finished, please post the contents of the report in your next reply.


----------



## PTgirl (Jan 22, 2012)

TerryNet, thanks so much for taking the time to offer your help.


----------



## TerryNet (Mar 23, 2005)

You're welcome, PTgirl! Sorry I couldn't help make any progress.


----------



## PTgirl (Jan 22, 2012)

Cookiegal, when I double click on CheckConns.exe, I get a very, very brief spike in CPU usage, then nothing happens.
Just tried to run it on my "working" laptop, and nothing happens here, either. I'm sure I must be doing something wrong, but I have no idea what it is.


----------



## Triple6 (Dec 26, 2002)

For testing, have you tried disabling the wireless card and connecting with an Ethernet cable?


----------



## Cookiegal (Aug 27, 2003)

PTgirl said:


> Cookiegal, when I double click on CheckConns.exe, I get a very, very brief spike in CPU usage, then nothing happens.
> Just tried to run it on my "working" laptop, and nothing happens here, either. I'm sure I must be doing something wrong, but I have no idea what it is.


Are you saving the file to your desktop?


----------



## PTgirl (Jan 22, 2012)

Yes. First I saved it to my flash drive and then transferred it to the desktop & clicked it from there. Then I tried first saving to the other laptop's desktop and then transferring to the flash drive to the other desktop and clicking. Neither approach worked.


----------



## PTgirl (Jan 22, 2012)

Hi Triple6,
I tried the ethernet when this first started, but couldn't get on the internet. I just tried it again and still get the limited or no connectivity warning.


----------



## Cookiegal (Aug 27, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
ipsec.*
:regfind
ipsec
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## PTgirl (Jan 22, 2012)

*SystemLook.txt*

SystemLook 30.07.11 by jpshortstuff
Log created at 21:03 on 28/01/2012 by Kathy
Administrator - Elevation successful

========== filefind ==========

Searching for "ipsec.*"
C:\I386\IPSEC.SY_	--a--c- 39596 bytes	[13:00 04/08/2004]	[13:00 04/08/2004] 88DC5CC7670238929F698AFBBC0B5594
C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys	-----c- 74752 bytes	[19:43 05/12/2008]	[08:00 04/08/2004] 64537AA5C003A6AFEEE1DF819062D0D1
C:\WINDOWS\ERDNT\cache\ipsec.sys	--a---- 75264 bytes	[00:10 24/01/2012]	[19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\ServicePackFiles\i386\ipsec.sys	-----c- 75264 bytes	[19:19 13/04/2008]	[19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\system32\dllcache\ipsec.sys	--a---- 75264 bytes	[08:00 04/08/2004]	[19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\system32\drivers\ipsec.sys	--a--c- 75264 bytes	[08:00 04/08/2004]	[19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91

========== regfind ==========

Searching for "ipsec"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08229782-89C8-4028-BB74-75BB58EF1488}\ProgID]
@="IpsecMonSnapin.About.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08229782-89C8-4028-BB74-75BB58EF1488}\VersionIndependentProgID]
@="IpsecMonSnapin.About"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA0-CC85-11D0-9CE2-0080C7221EBD}\InprocServer32]
@="C:\WINDOWS\system32\ipsecsnp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA0-CC85-11D0-9CE2-0080C7221EBD}\ProgID]
@="IPSEC.Snapin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA0-CC85-11D0-9CE2-0080C7221EBD}\VersionIndependentProgID]
@="IPSEC.Snapin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA1-CC85-11D0-9CE2-0080C7221EBD}\InprocServer32]
@="C:\WINDOWS\system32\ipsecsnp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA1-CC85-11D0-9CE2-0080C7221EBD}\ProgID]
@="IPSEC.Extension.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA1-CC85-11D0-9CE2-0080C7221EBD}\VersionIndependentProgID]
@="IPSEC.Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA2-CC85-11D0-9CE2-0080C7221EBD}\InprocServer32]
@="C:\WINDOWS\system32\ipsecsnp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA2-CC85-11D0-9CE2-0080C7221EBD}\ProgID]
@="IPSEC.About.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA2-CC85-11D0-9CE2-0080C7221EBD}\VersionIndependentProgID]
@="IPSEC.About"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPSEC.About]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPSEC.About.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPSEC.Extension]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPSEC.Extension.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPSEC.Snapin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPSEC.Snapin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IpsecMonSnapin.About]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IpsecMonSnapin.About.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IPSec]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\{DEA8AFA0-CC85-11d0-9CE2-0080C7221EBD}]
"NameStringIndirect"="@C:\WINDOWS\system32\ipsecsnp.dll,-2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetworkAccessProtection\IPSec]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\IPSecPolicyAgent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\IPSecPolicyAgent\IPSecPolicyAgent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecFilter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000}]
"name"="ipsecFilter{72385235-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000}]
"ipsecName"="All ICMP Traffic"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000}]
"ipsecID"="{72385235-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{668fefad-f15a-4ffa-90ec-488061dbac34} SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d6093a58-58be-45e9-864f-c524c66bc91d}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecFilter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}]
"name"="ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}]
"ipsecName"="All IP Traffic"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}]
"ipsecID"="{7238523a-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{2cabd657-c075-40b5-86b2-edde0ff53b1f} SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{8f2df54b-8fbd-43a9-a70f-8edf73c870ae}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecISAKMPPolicy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}]
"name"="ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}]
"ipsecID"="{72385231-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecISAKMPPolicy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}]
"name"="ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}]
"ipsecID"="{72385234-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecISAKMPPolicy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}]
"name"="ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}]
"ipsecID"="{72385237-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecISAKMPPolicy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}]
"name"="ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}]
"ipsecID"="{7238523d-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{07aaa794-921c-444b-a559-b83d6e166f75}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{07aaa794-921c-444b-a559-b83d6e166f75}]
"ClassName"="ipsecNegotiationPolicy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{07aaa794-921c-444b-a559-b83d6e166f75}]
"name"="ipsecNegotiationPolicy{07aaa794-921c-444b-a559-b83d6e166f75}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{07aaa794-921c-444b-a559-b83d6e166f75}]
"ipsecID"="{07aaa794-921c-444b-a559-b83d6e166f75}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{07aaa794-921c-444b-a559-b83d6e166f75}]
"ipsecNegotiationPolicyAction"="{8a171dd3-77e3-11d1-8659-a04f00000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{07aaa794-921c-444b-a559-b83d6e166f75}]
"ipsecNegotiationPolicyType"="{62f49e13-6c37-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{07aaa794-921c-444b-a559-b83d6e166f75}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{bf4683e4-5bd3-49e4-b484-387e088a304f}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{68241f19-35dd-48ac-b090-fde4270947cd}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{68241f19-35dd-48ac-b090-fde4270947cd}]
"ClassName"="ipsecNegotiationPolicy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{68241f19-35dd-48ac-b090-fde4270947cd}]
"name"="ipsecNegotiationPolicy{68241f19-35dd-48ac-b090-fde4270947cd}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{68241f19-35dd-48ac-b090-fde4270947cd}]
"ipsecID"="{68241f19-35dd-48ac-b090-fde4270947cd}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{68241f19-35dd-48ac-b090-fde4270947cd}]
"ipsecNegotiationPolicyAction"="{8a171dd3-77e3-11d1-8659-a04f00000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{68241f19-35dd-48ac-b090-fde4270947cd}]
"ipsecNegotiationPolicyType"="{62f49e13-6c37-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{68241f19-35dd-48ac-b090-fde4270947cd}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{18a2939e-5480-4ace-a8d0-ae67a878c0a7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecNegotiationPolicy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}]
"name"="ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}]
"ipsecName"="Request Security (Optional)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}]
"ipsecID"="{72385233-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}]
"ipsecNegotiationPolicyAction"="{3f91a81a-7647-11d1-864d-d46a00000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}]
"ipsecNegotiationPolicyType"="{62f49e10-6c37-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{8f2df54b-8fbd-43a9-a70f-8edf73c870ae}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecNegotiationPolicy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}]
"name"="ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}]
"ipsecName"="Permit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}]
"ipsecID"="{7238523b-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}]
"ipsecNegotiationPolicyAction"="{8a171dd2-77e3-11d1-8659-a04f00000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}]
"ipsecNegotiationPolicyType"="{62f49e10-6c37-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{668fefad-f15a-4ffa-90ec-488061dbac34} SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d6093a58-58be-45e9-864f-c524c66bc91d}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecNegotiationPolicy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}]
"name"="ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}]
"ipsecName"="Require Security"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}]
"ipsecID"="{7238523f-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}]
"ipsecNegotiationPolicyAction"="{3f91a81a-7647-11d1-864d-d46a00000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}]
"ipsecNegotiationPolicyType"="{62f49e10-6c37-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{2cabd657-c075-40b5-86b2-edde0ff53b1f}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{b76b3948-0547-47d9-8eb7-f37be971228b}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{b76b3948-0547-47d9-8eb7-f37be971228b}]
"ClassName"="ipsecNegotiationPolicy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{b76b3948-0547-47d9-8eb7-f37be971228b}]
"name"="ipsecNegotiationPolicy{b76b3948-0547-47d9-8eb7-f37be971228b}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{b76b3948-0547-47d9-8eb7-f37be971228b}]
"ipsecID"="{b76b3948-0547-47d9-8eb7-f37be971228b}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{b76b3948-0547-47d9-8eb7-f37be971228b}]
"ipsecNegotiationPolicyAction"="{8a171dd3-77e3-11d1-8659-a04f00000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{b76b3948-0547-47d9-8eb7-f37be971228b}]
"ipsecNegotiationPolicyType"="{62f49e13-6c37-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{b76b3948-0547-47d9-8eb7-f37be971228b}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{c5b51cef-c759-4822-a447-0d05e25b1199}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{18a2939e-5480-4ace-a8d0-ae67a878c0a7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{18a2939e-5480-4ace-a8d0-ae67a878c0a7}]
"ClassName"="ipsecNFA"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{18a2939e-5480-4ace-a8d0-ae67a878c0a7}]
"name"="ipsecNFA{18a2939e-5480-4ace-a8d0-ae67a878c0a7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{18a2939e-5480-4ace-a8d0-ae67a878c0a7}]
"ipsecID"="{18a2939e-5480-4ace-a8d0-ae67a878c0a7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{18a2939e-5480-4ace-a8d0-ae67a878c0a7}]
"ipsecNegotiationPolicyReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{68241f19-35dd-48ac-b090-fde4270947cd}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{18a2939e-5480-4ace-a8d0-ae67a878c0a7}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{2cabd657-c075-40b5-86b2-edde0ff53b1f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{2cabd657-c075-40b5-86b2-edde0ff53b1f}]
"ClassName"="ipsecNFA"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{2cabd657-c075-40b5-86b2-edde0ff53b1f}]
"name"="ipsecNFA{2cabd657-c075-40b5-86b2-edde0ff53b1f}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{2cabd657-c075-40b5-86b2-edde0ff53b1f}]
"ipsecName"="Require Security"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{2cabd657-c075-40b5-86b2-edde0ff53b1f}]
"ipsecID"="{2cabd657-c075-40b5-86b2-edde0ff53b1f}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{2cabd657-c075-40b5-86b2-edde0ff53b1f}]
"ipsecNegotiationPolicyReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{2cabd657-c075-40b5-86b2-edde0ff53b1f}]
"ipsecFilterReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{2cabd657-c075-40b5-86b2-edde0ff53b1f}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{668fefad-f15a-4ffa-90ec-488061dbac34}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{668fefad-f15a-4ffa-90ec-488061dbac34}]
"ClassName"="ipsecNFA"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{668fefad-f15a-4ffa-90ec-488061dbac34}]
"name"="ipsecNFA{668fefad-f15a-4ffa-90ec-488061dbac34}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{668fefad-f15a-4ffa-90ec-488061dbac34}]
"ipsecName"="Permit unsecure ICMP packets to pass through."
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{668fefad-f15a-4ffa-90ec-488061dbac34}]
"ipsecID"="{668fefad-f15a-4ffa-90ec-488061dbac34}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{668fefad-f15a-4ffa-90ec-488061dbac34}]
"ipsecNegotiationPolicyReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{668fefad-f15a-4ffa-90ec-488061dbac34}]
"ipsecFilterReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{668fefad-f15a-4ffa-90ec-488061dbac34}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{8f2df54b-8fbd-43a9-a70f-8edf73c870ae}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{8f2df54b-8fbd-43a9-a70f-8edf73c870ae}]
"ClassName"="ipsecNFA"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{8f2df54b-8fbd-43a9-a70f-8edf73c870ae}]
"name"="ipsecNFA{8f2df54b-8fbd-43a9-a70f-8edf73c870ae}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{8f2df54b-8fbd-43a9-a70f-8edf73c870ae}]
"ipsecName"="Request Security (Optional) Rule"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{8f2df54b-8fbd-43a9-a70f-8edf73c870ae}]
"ipsecID"="{8f2df54b-8fbd-43a9-a70f-8edf73c870ae}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{8f2df54b-8fbd-43a9-a70f-8edf73c870ae}]
"ipsecNegotiationPolicyReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{8f2df54b-8fbd-43a9-a70f-8edf73c870ae}]
"ipsecFilterReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{8f2df54b-8fbd-43a9-a70f-8edf73c870ae}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{bf4683e4-5bd3-49e4-b484-387e088a304f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{bf4683e4-5bd3-49e4-b484-387e088a304f}]
"ClassName"="ipsecNFA"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{bf4683e4-5bd3-49e4-b484-387e088a304f}]
"name"="ipsecNFA{bf4683e4-5bd3-49e4-b484-387e088a304f}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{bf4683e4-5bd3-49e4-b484-387e088a304f}]
"ipsecID"="{bf4683e4-5bd3-49e4-b484-387e088a304f}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{bf4683e4-5bd3-49e4-b484-387e088a304f}]
"ipsecNegotiationPolicyReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{07aaa794-921c-444b-a559-b83d6e166f75}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{bf4683e4-5bd3-49e4-b484-387e088a304f}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{c5b51cef-c759-4822-a447-0d05e25b1199}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{c5b51cef-c759-4822-a447-0d05e25b1199}]
"ClassName"="ipsecNFA"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{c5b51cef-c759-4822-a447-0d05e25b1199}]
"name"="ipsecNFA{c5b51cef-c759-4822-a447-0d05e25b1199}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{c5b51cef-c759-4822-a447-0d05e25b1199}]
"ipsecID"="{c5b51cef-c759-4822-a447-0d05e25b1199}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{c5b51cef-c759-4822-a447-0d05e25b1199}]
"ipsecNegotiationPolicyReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{b76b3948-0547-47d9-8eb7-f37be971228b}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{c5b51cef-c759-4822-a447-0d05e25b1199}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d6093a58-58be-45e9-864f-c524c66bc91d}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d6093a58-58be-45e9-864f-c524c66bc91d}]
"ClassName"="ipsecNFA"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d6093a58-58be-45e9-864f-c524c66bc91d}]
"name"="ipsecNFA{d6093a58-58be-45e9-864f-c524c66bc91d}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d6093a58-58be-45e9-864f-c524c66bc91d}]
"ipsecName"="Permit unsecure ICMP packets to pass through."
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d6093a58-58be-45e9-864f-c524c66bc91d}]
"ipsecID"="{d6093a58-58be-45e9-864f-c524c66bc91d}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d6093a58-58be-45e9-864f-c524c66bc91d}]
"ipsecNegotiationPolicyReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d6093a58-58be-45e9-864f-c524c66bc91d}]
"ipsecFilterReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d6093a58-58be-45e9-864f-c524c66bc91d}]
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecPolicy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}]
"name"="ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}]
"ipsecName"="Server (Request Security)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}]
"ipsecID"="{72385230-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}]
"ipsecISAKMPReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}]
"ipsecNFAReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{8f2df54b-8fbd-43a9-a70f-8edf73c870ae} SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{d6093a58-58be-45e9-864f-c524c66bc91d} SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{18a2939e-5480-4ace-a8d0-ae67a878c0a7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecPolicy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}]
"name"="ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}]
"ipsecName"="Client (Respond Only)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}]
"ipsecID"="{72385236-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}]
"ipsecISAKMPReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}]
"ipsecNFAReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{bf4683e4-5bd3-49e4-b484-387e088a304f}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}]
"ClassName"="ipsecPolicy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}]
"name"="ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}]
"ipsecName"="Secure Server (Require Security)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}]
"ipsecID"="{7238523c-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}]
"ipsecISAKMPReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}]
"ipsecNFAReference"="SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{2cabd657-c075-40b5-86b2-edde0ff53b1f} SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{668fefad-f15a-4ffa-90ec-488061dbac34} SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{c5b51cef-c759-4822-a447-0d05e25b1199}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ipsec6.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ipseccmd.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ipsecsnp.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\ipsecsvc.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPSEC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPSEC\0000]
"Service"="IPSec"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPSEC\0000]
"DeviceDesc"="IPSEC driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPSEC\0000\Control]
"ActiveService"="IPSec"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_POLICYAGENT\0000]
"DeviceDesc"="IPSEC Services"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System]
"Sources"="WZCSVC Wudf01000 WPDClassInstaller Workstation WMPNetworkSvc WindowsMedia Windows Update Agent Windows Script Host Windows File Protection Win32k WGA Wdf01007 Wdf01005 Wdf01000 W32Time w29n51 VolSnap viaide VgaSave USER32 UPS ultra udfs tunmp toside TermServSessDir TermService TermServDevices TermDD tdi TCPMon Tcpip6 Tcpip System Error SynTP sym_u3 sym_hi symc8xx symc810 StillImage SSDPSRV Srv SRTSP srservice sr sparrow sndblst SMSvcHost 4.0.0.0 SMSvcHost 3.0.0.0 SMCIRDA Simbad SideBySide sfloppy Setup Service Control Manager Server serial scsiport Schedule Schannel SCardSvr Save Dump SAM RTL8023xp RSVP Removable Storage Service RemoteAccess redbook Rdbss RasMan RasAuto ql1280 ql1240 ql12160 ql10wnt ql1080 PSched PrintFilterPipelineSvc Print PptpMiniport PolicyAgent PlugPlayManager perc2 pcmcia pciide pci parvdm partmgr parport OSPFMib OSPF null NtServicePack ntfs npfs Nla NIC1394 Netlogon NetDDE NetBT NetBIOS NdisWan ndis napipsec
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPSec]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\napipsecenf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\napipsecenf]
"EventMessageFile"="%SystemRoot%\System32\napipsec.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPSec]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPSec]
"DisplayName"="IPSEC driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPSec]
"Description"="IPSEC driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPSec\Enum]
"0"="Root\LEGACY_IPSEC\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent\Qecs\79619]
"Friendly Name"="IPSec Relying Party"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent\Qecs\79619]
"Description"="Provides IPSec based enforcement for Network Access Protection"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent]
"DisplayName"="IPSEC Services"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent]
"DependOnService"="RPCSS Tcpip IPSec"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip]
"DependOnService"="IPSec"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\ipsec6.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\ipseccmd.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\ipsecsnp.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\ipsecsvc.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_IPSEC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_IPSEC\0000]
"Service"="IPSec"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_IPSEC\0000]
"DeviceDesc"="IPSEC driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_POLICYAGENT\0000]
"DeviceDesc"="IPSEC Services"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System]
"Sources"="WZCSVC Wudf01000 WPDClassInstaller Workstation WMPNetworkSvc WindowsMedia Windows Update Agent Windows Script Host Windows File Protection Win32k WGA Wdf01007 Wdf01005 Wdf01000 W32Time w29n51 VolSnap viaide VgaSave USER32 UPS ultra udfs tunmp toside TermServSessDir TermService TermServDevices TermDD tdi TCPMon Tcpip6 Tcpip System Error SynTP sym_u3 sym_hi symc8xx symc810 StillImage SSDPSRV Srv SRTSP srservice sr sparrow sndblst SMSvcHost 4.0.0.0 SMSvcHost 3.0.0.0 SMCIRDA Simbad SideBySide sfloppy Setup Service Control Manager Server serial scsiport Schedule Schannel SCardSvr Save Dump SAM RTL8023xp RSVP Removable Storage Service RemoteAccess redbook Rdbss RasMan RasAuto ql1280 ql1240 ql12160 ql10wnt ql1080 PSched PrintFilterPipelineSvc Print PptpMiniport PolicyAgent PlugPlayManager perc2 pcmcia pciide pci parvdm partmgr parport OSPFMib OSPF null NtServicePack ntfs npfs Nla NIC1394 Netlogon NetDDE NetBT NetBIOS NdisWan ndis napipsec
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\IPSec]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\napipsecenf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\napipsecenf]
"EventMessageFile"="%SystemRoot%\System32\napipsec.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\IPSec]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\IPSec]
"DisplayName"="IPSEC driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\IPSec]
"Description"="IPSEC driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\napagent\Qecs\79619]
"Friendly Name"="IPSec Relying Party"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\napagent\Qecs\79619]
"Description"="Provides IPSec based enforcement for Network Access Protection"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PolicyAgent]
"DisplayName"="IPSEC Services"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PolicyAgent]
"DependOnService"="RPCSS Tcpip IPSec"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip]
"DependOnService"="IPSec"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ipsec6.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ipseccmd.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ipsecsnp.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\ipsecsvc.dll]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPSEC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPSEC\0000]
"Service"="IPSec"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPSEC\0000]
"DeviceDesc"="IPSEC driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPSEC\0000\Control]
"ActiveService"="IPSec"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POLICYAGENT\0000]
"DeviceDesc"="IPSEC Services"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System]
"Sources"="WZCSVC Wudf01000 WPDClassInstaller Workstation WMPNetworkSvc WindowsMedia Windows Update Agent Windows Script Host Windows File Protection Win32k WGA Wdf01007 Wdf01005 Wdf01000 W32Time w29n51 VolSnap viaide VgaSave USER32 UPS ultra udfs tunmp toside TermServSessDir TermService TermServDevices TermDD tdi TCPMon Tcpip6 Tcpip System Error SynTP sym_u3 sym_hi symc8xx symc810 StillImage SSDPSRV Srv SRTSP srservice sr sparrow sndblst SMSvcHost 4.0.0.0 SMSvcHost 3.0.0.0 SMCIRDA Simbad SideBySide sfloppy Setup Service Control Manager Server serial scsiport Schedule Schannel SCardSvr Save Dump SAM RTL8023xp RSVP Removable Storage Service RemoteAccess redbook Rdbss RasMan RasAuto ql1280 ql1240 ql12160 ql10wnt ql1080 PSched PrintFilterPipelineSvc Print PptpMiniport PolicyAgent PlugPlayManager perc2 pcmcia pciide pci parvdm partmgr parport OSPFMib OSPF null NtServicePack ntfs npfs Nla NIC1394 Netlogon NetDDE NetBT NetBIOS NdisWan ndis napi
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPSec]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\napipsecenf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\napipsecenf]
"EventMessageFile"="%SystemRoot%\System32\napipsec.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]
"DisplayName"="IPSEC driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]
"Description"="IPSEC driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Enum]
"0"="Root\LEGACY_IPSEC\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\napagent\Qecs\79619]
"Friendly Name"="IPSec Relying Party"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\napagent\Qecs\79619]
"Description"="Provides IPSec based enforcement for Network Access Protection"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]
"DisplayName"="IPSEC Services"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]
"DependOnService"="RPCSS Tcpip IPSec"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip]
"DependOnService"="IPSec"

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *Run *and copy and paste the following then click OK:

*regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec"*

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt.

Please do the same for this registry key as well (run the following command):

*regedit /e C:\look2.txt "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPSEC"*

The report will be at C:\look2.txt.

Please copy and paste the contents of both logs here.


----------



## PTgirl (Jan 22, 2012)

*Look.text*

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000005
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,69,00,70,00,73,00,65,00,63,00,2e,\
00,73,00,79,00,73,00,00,00
"DisplayName"="IPSEC driver"
"Group"="PNP_TDI"
"Description"="IPSEC driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Enum]
"0"="Root\\LEGACY_IPSEC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

*look2.txt*

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPSEC]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPSEC\0000]
"Service"="IPSec"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="IPSEC driver"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\\0016"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPSEC\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPSEC\0000\Control]
"ActiveService"="IPSec"


----------



## Cookiegal (Aug 27, 2003)

There have been a lot of problem with connections after ZeroAccess infection where all registry keys and settings appear correct. In those cases, we have to reinstall TCP\IP. Do you have your installation CD?


----------



## PTgirl (Jan 22, 2012)

Yes - I just located the one shipped with my laptop. I've never even broken the seal on it. What do I need to do?
(the disk is for SP2, but I upgraded online to SP3 - is that a problem?)


----------



## Cookiegal (Aug 27, 2003)

Actually, you won't have to insert the disk at all as we are telling it to install from the Windows\Inf directory rather than from the disk. Before following these instructions, be sure you have any important documents, photos, etc. backed up to external media such as an external hard drive or CDs.

First do this again:

Go to *Start *- *Run *- type in *cmd *and click OK.

At the command prompt type in:

*netsh winsock reset catalog*

Press enter.

then type in:

*netsh int ip reset resetlog.txt*

Press enter.

Reboot the machine.

1. Locate the file - *C:\Windows\inf\nettcpip.inf*
 It's important that you first make a copy of the file for backup purposes. Right-click the file and select "copy", then right-click in an empty space on your desktop and select "paste" to drop the copy of the file there.

 Once you have done that, use Notepad to open the original file for editing.










2. Locate the *[MS_TCPIP.PrimaryInstall]* section.

3. Edit the *Characteristics = 0xA0* entry and replace 0xA0 with 0x80.










4. Save the file, and then exit Notepad.










5. In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select *Properties*.

















6. On the *General *tab, click *Install*, select *Protocol*, and then click *Add*.










7. In the Select *Network Protocols* window, click *Have Disk*.










8. In the Copy manufacturers files from: text box, type *c:\windows\inf*, and then click *OK*.










9. Select *Internet Protocol (TCP/IP)*, and then click *OK*.










Note: This step will return you to the Local Area Connection Properties screen, but now the Uninstall button is available.

10. Select *Internet Protocol (TCP/IP)*, click *Uninstall*, and then click *Yes*.

11. It is important that you restart the computer to complete the uninstall.

------------

Step #2 - Reinstall of TCP/IP 










Take the nettcpip.inf which you have earlier copied to Desktop. Move it back to the directory C:\Windows\INF\ overwriting the existing copy. The file shall now look exactly like the sample above.

Redo sub-steps 4-11 to re-install TCP/IP.


----------



## PTgirl (Jan 22, 2012)

Hi Cookiegal, I seem to have hit a snag. Everything went well up until I was redoing sub step #9. When I was brought back to the Local Area Connection Properties screen and selrcted Internet Protocol (TCP/IP), the Uninstall button was not available. I retraced my steps for redoing sub steps 4-11 and carefully compared each screen to the ones in your post, and it all looked fine but uninstall remained greyed out. Should I have started over from the beginning?


----------



## Cookiegal (Aug 27, 2003)

Since you're connecting wirelessly, you may have to select your wireless connection rather than the LAN. Please try the same procedure but select that device in your Network Connections.


----------



## PTgirl (Jan 22, 2012)

Selecting the wireless network is not working either. When the nettcpip.inf file has Characteristics = 0x80' I can go through all of the steps. When I change it back to the original Characteristics = 0xA0, the uninstall button stays greyed out. 

I noticed that when I select my wireless network, there are some differences. I'm not sure if they are important, so here they are:

The first time through Step 9 after clicking Have Disk and typing in c:\\windows\inf then clicking OK
The Select Network Protocol list has Internet Protocol (TCP/IP) but it does not have the icon saying that the driver is digitally signed. (The icon was present when I went through the process for the LAN)
It still allows me to select it, and the uninstall button does become available.

On the redo Step 7, wireless network connections properties, I do not have an Internet Protocol (TCP/IP) option to highlight before clicking install and protocol. My choices are
Client for Microsoft Networks
File and Printer Sharing for Microsoft Networks
QoS Packet Scheduler
Microsoft TCP/IP version 6

Only the last two have a check mark in front of them
I have been highlighting version 6 since the regular TCP/IP option isn't available. 

In redo step 7, select network protocol, Internet Protocol (TCP/IP) Which was missing in the previos step appears on the list even though it didn't in your screen shot. I have been highlighting Network Monitor Driver since that is what your example shows. Once I select have disk and type in the inf location and OK, I then select Internet Protocol (TCP/IP) as shown in your instructions. When it returns me to the wireless properties general tab, all of the selections are now checked and Internet Protocol (TCP/IP) is now added to the list. Unfortunately, at this point the uninstall option is available for everything except the Internet Protocol (TCP/IP) option. I tried restarting the computer at this point to see if that helps for the changes to take effect. The TCP/IP option remains available, but going back through the steps does not make the uninstall button available. 

I have tried this several times with the same results.


----------



## Cookiegal (Aug 27, 2003)

Are you typing the directory as c:\windows\inf and not c:\\windows\inf (two slashes) as you indicated above?


----------



## PTgirl (Jan 22, 2012)

I'm fairly certain I ran it with the single back slash, but just in case, I ran it again. Same results with the uninstall button greyed out.


----------



## Cookiegal (Aug 27, 2003)

PTgirl said:


> Hi Cookiegal, I seem to have hit a snag. Everything went well up until I was redoing sub step #9. When I was brought back to the Local Area Connection Properties screen and selrcted Internet Protocol (TCP/IP), the Uninstall button was not available. I retraced my steps for redoing sub steps 4-11 and carefully compared each screen to the ones in your post, and it all looked fine but uninstall remained greyed out. Should I have started over from the beginning?


Let's return to performing the task on the LAN device. I just reread this post and realize what happened. When you go through the first steps and the Uninstall button appears the first time but the second time you don't click uninstall again and it will be grayed out. You stop the second time after step 9 and the reboot the machine.


----------



## PTgirl (Jan 22, 2012)

OK. Ran through all of the steps again for the LAN with no problems rebooting after step 9. 
You didn't say to check the Internet, but I gave it a try anyway. Still can't get online and IE is still saying DNS failure.


----------



## Cookiegal (Aug 27, 2003)

What browser are you using and have you tried other browsers?

Try entering the following in the address bar and let me know if a Google page comes up.

74.125.113.106


----------



## PTgirl (Jan 22, 2012)

Google Chrome was my default browser when all of this first started. It started crashing and freezing my computer, and I couldn't change it from my default browser. Then I kept forgetting and launched it every time I tried to check my Internet connection. I uninstalled it a couple of days ago. Internet Explorer is the only browser I have now.

Yes, I can get to Google with the IP address, and I can search for something I type in the box. I can't get to any websites by clicking on the results of the search - I just end up with "Internet explorer cannot display the web page"


----------



## Cookiegal (Aug 27, 2003)

What version of IE are you running?

Try running it without add-ons and see if the problem persists.

Are you able to download e-mail?


----------



## PTgirl (Jan 22, 2012)

I'm running IE 8.0.6001.18702
I disabled every single add-on, but there is no change to my access. 
I don't use a separate program for my email. I access it directly from comcast.net, and I can't get to that we page. I do have Outlook on the laptop, and it is set up. I opened it and tried to get email but nothing is downloading.


----------



## Cookiegal (Aug 27, 2003)

If you boot to safe mode with networking can you access sites?


----------



## PTgirl (Jan 22, 2012)

I've never booted to safe mode. How do I do that please?


----------



## TerryNet (Mar 23, 2005)

Upon power on (or restart) tap the F8 key until the Windows boot menu appears (if Windows begins booting you missed it). From that menu choose *Safe Mode with Networking*.


----------



## PTgirl (Jan 22, 2012)

Thanks, TerryNet 
Cookiegal, I still can't access the sites booting to safe mode with networking. 
"Internet explorer cannot display the web page"


----------



## Cookiegal (Aug 27, 2003)

Thanks Terry. 

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## PTgirl (Jan 22, 2012)

*No Application Errors*

*System Errors:*

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/30/2012
Time: 7:32:39 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 120 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/30/2012
Time: 7:32:39 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/30/2012
Time: 6:32:37 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 60 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/30/2012
Time: 6:32:37 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/30/2012
Time: 6:02:36 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 30 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/30/2012
Time: 6:02:36 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10010
Date: 1/30/2012
Time: 5:48:07 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-4105E587B6
Description:
The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/30/2012
Time: 5:47:30 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/30/2012
Time: 5:47:30 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/30/2012
Time: 5:47:30 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/30/2012
Time: 5:47:30 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 1/30/2012
Time: 5:46:00 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-4105E587B6
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 1/30/2012
Time: 5:44:10 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The following boot-start or system-start driver(s) failed to load: 
BHDrvx86
eabfiltr
eeCtrl
Fips
intelppm
SRTSPX
SymIRON
SYMTDI

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 1/30/2012
Time: 5:43:08 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-4105E587B6
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/30/2012
Time: 5:17:19 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 120 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/30/2012
Time: 5:17:19 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/30/2012
Time: 4:17:17 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 60 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/30/2012
Time: 4:17:17 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/30/2012
Time: 3:47:17 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 30 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/30/2012
Time: 3:47:17 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10010
Date: 1/30/2012
Time: 3:32:45 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-4105E587B6
Description:
The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/30/2012
Time: 3:32:11 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/30/2012
Time: 3:32:11 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/30/2012
Time: 3:32:10 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/30/2012
Time: 3:32:10 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/30/2012
Time: 1:26:44 AM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 240 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/30/2012
Time: 1:26:44 AM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 11:26:40 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 120 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 11:26:40 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Windows Update Agent
Event Category:	Software Sync 
Event ID:	16
Date: 1/29/2012
Time: 11:00:29 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 57 69 6e 33 32 48 52 65 Win32HRe
0008: 73 75 6c 74 3d 30 78 30 sult=0x0
0010: 30 30 30 30 30 30 30 20 0000000 
0018: 55 70 64 61 74 65 49 44 UpdateID
0020: 3d 7b 30 30 30 30 30 30 ={000000
0028: 30 30 2d 30 30 30 30 2d 00-0000-
0030: 30 30 30 30 2d 30 30 30 0000-000
0038: 30 2d 30 30 30 30 30 30 0-000000
0040: 30 30 30 30 30 30 7d 20 000000} 
0048: 52 65 76 69 73 69 6f 6e Revision
0050: 4e 75 6d 62 65 72 3d 30 Number=0
0058: 20 00 .

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 10:26:38 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 60 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 10:26:38 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 9:56:37 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 30 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 9:56:37 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 9:41:37 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 9:41:37 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 9:41:21 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 9:41:21 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 9:41:14 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 9:41:14 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 9:41:07 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 9:41:07 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 9:40:47 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 9:40:47 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 9:40:27 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 9:40:27 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 9:37:10 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 9:37:10 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 9:37:09 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 9:37:09 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 9:37:08 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 9:37:08 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 9:35:22 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The IPSEC Services service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 1/29/2012
Time: 9:35:22 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP Protocol Driver service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 9:35:22 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 1/29/2012
Time: 9:35:22 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP Protocol Driver service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 9:35:22 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: 
The dependency service or group failed to start.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 9:35:22 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The NetBios over Tcpip service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 1/29/2012
Time: 9:35:22 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP Protocol Driver service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 9:35:22 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip service which failed to start because of the following error: 
The dependency service or group failed to start.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 9:35:22 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The NetBios over Tcpip service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 1/29/2012
Time: 9:35:22 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP Protocol Driver service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 9:35:22 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The NetBios over Tcpip service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 1/29/2012
Time: 9:35:22 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP Protocol Driver service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 1/29/2012
Time: 9:35:22 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP Protocol Driver service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 1/29/2012
Time: 9:30:16 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 9:30:16 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: 
%%0

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7003
Date: 1/29/2012
Time: 9:30:16 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Bonjour Service service depends on the following nonexistent service: Tcpip

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7003
Date: 1/29/2012
Time: 9:30:16 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Apple Mobile Device service depends on the following nonexistent service: Tcpip

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Workstation
Event Category:	None
Event ID:	5728
Date: 1/29/2012
Time: 9:30:05 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Could not load any transport.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 9:22:36 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 9:22:36 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 9:22:29 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 9:22:29 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 9:22:29 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 9:22:29 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 9:22:29 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 8:48:54 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 59 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 8:48:54 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 8:18:53 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 30 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 8:18:53 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 8:03:52 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 8:03:52 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 8:03:45 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 8:03:45 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 8:03:45 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 8:03:45 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 8:00:19 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The IPSEC Services service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 1/29/2012
Time: 8:00:19 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP Protocol Driver service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 8:00:19 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 1/29/2012
Time: 8:00:19 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP Protocol Driver service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 8:00:19 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: 
The dependency service or group failed to start.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 8:00:19 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The NetBios over Tcpip service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 1/29/2012
Time: 8:00:19 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP Protocol Driver service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 8:00:19 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip service which failed to start because of the following error: 
The dependency service or group failed to start.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 8:00:19 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The NetBios over Tcpip service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 1/29/2012
Time: 8:00:19 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP Protocol Driver service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 8:00:19 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The NetBios over Tcpip service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 1/29/2012
Time: 8:00:19 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP Protocol Driver service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 1/29/2012
Time: 8:00:19 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP Protocol Driver service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 1/29/2012
Time: 7:56:14 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 7:56:14 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: 
%%0

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7003
Date: 1/29/2012
Time: 7:56:14 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Bonjour Service service depends on the following nonexistent service: Tcpip

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7003
Date: 1/29/2012
Time: 7:56:14 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Apple Mobile Device service depends on the following nonexistent service: Tcpip

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Workstation
Event Category:	None
Event ID:	5728
Date: 1/29/2012
Time: 7:56:05 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Could not load any transport.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 7:48:54 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 7:48:54 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 7:28:43 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 30 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 7:28:43 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 7:13:42 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 7:13:42 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 7:13:35 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 7:13:35 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 7:13:35 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 7:13:35 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 7:06:27 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 1/29/2012
Time: 7:06:27 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP Protocol Driver service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 7:06:27 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 1/29/2012
Time: 7:06:27 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP Protocol Driver service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 1/29/2012
Time: 7:06:27 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP Protocol Driver service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 6:47:58 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: 
%%0

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7003
Date: 1/29/2012
Time: 6:47:58 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Bonjour Service service depends on the following nonexistent service: Tcpip

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7003
Date: 1/29/2012
Time: 6:47:58 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Apple Mobile Device service depends on the following nonexistent service: Tcpip

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Workstation
Event Category:	None
Event ID:	5728
Date: 1/29/2012
Time: 6:47:46 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Could not load any transport.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 1/29/2012
Time: 6:43:17 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 6:43:17 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: 
%%0

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7003
Date: 1/29/2012
Time: 6:43:17 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Bonjour Service service depends on the following nonexistent service: Tcpip

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7003
Date: 1/29/2012
Time: 6:43:17 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Apple Mobile Device service depends on the following nonexistent service: Tcpip

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Workstation
Event Category:	None
Event ID:	5728
Date: 1/29/2012
Time: 6:43:03 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Could not load any transport.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 6:28:36 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 30 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 6:28:36 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 6:13:35 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 6:13:35 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 1/29/2012
Time: 6:13:35 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 1/29/2012
Time: 6:13:35 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 1/29/2012
Time: 5:57:57 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 5:57:57 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: 
%%0

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7003
Date: 1/29/2012
Time: 5:57:57 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Bonjour Service service depends on the following nonexistent service: Tcpip

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7003
Date: 1/29/2012
Time: 5:57:57 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Apple Mobile Device service depends on the following nonexistent service: Tcpip

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Workstation
Event Category:	None
Event ID:	5728
Date: 1/29/2012
Time: 5:57:45 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Could not load any transport.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 5:50:58 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 1/29/2012
Time: 5:50:58 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP Protocol Driver service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 5:50:56 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 1/29/2012
Time: 5:50:56 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP Protocol Driver service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 5:45:43 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 1/29/2012
Time: 5:45:43 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP Protocol Driver service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 5:45:42 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 1/29/2012
Time: 5:45:42 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP Protocol Driver service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 1/29/2012
Time: 5:42:02 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 1/29/2012
Time: 5:42:02 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The TCP/IP Protocol Driver service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

These same ones repeat over and over for the 24 hours previous to this - no new event codes used.


----------



## Cookiegal (Aug 27, 2003)

Use SystemLook again.
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
tcpip.*
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

Also, please run ComboFix again but first remove the version you have by dragging it to the recycle bin. Then grab the latest version. This time, do not rename it. Be sure to disable all security programs.

Please visit *Combofix Guide & Instructions * for instructions for downloading and running ComboFix.

Then also remove the Checkconns that you download before and download it again.

Please download *CheckConns.exe* and save it to your desktop.

Double click to run it. When finished, please post the contents of the report in your next reply.


----------



## PTgirl (Jan 22, 2012)

I tried several times but CheckConns wouldn't run. When I double-clicked on it, nothing happened.

*SystemLook*

SystemLook 30.07.11 by jpshortstuff
Log created at 22:56 on 30/01/2012 by Kathy
Administrator - Elevation successful

========== filefind ==========

Searching for "tcpip.*"
C:\I386\TCPIP.SY_	--a--c- 175712 bytes	[13:00 04/08/2004]	[13:00 04/08/2004] 71669FDFAB7BCB8C9182E07BF6464927
C:\Qoobox\Quarantine\Registry_backups\tcpip.reg	--a---- 7328 bytes	[23:50 23/01/2012]	[00:53 24/01/2012] A06008B4A8C75574A0B33061ED6288EA
C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys	--a---- 361600 bytes	[11:59 20/06/2008]	[11:59 20/06/2008] AD978A1B783B5719720CFF204B666C8E
C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys	--a--c- 361600 bytes	[11:59 20/06/2008]	[11:59 20/06/2008] AD978A1B783B5719720CFF204B666C8E
C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys	-----c- 359040 bytes	[19:43 05/12/2008]	[08:00 04/08/2004] 9F4B36614A0FC234525BA224957DE55C
C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys	-----c- 361344 bytes	[22:36 05/12/2008]	[19:20 13/04/2008] 93EA8D04EC73A85DB02EB8805988F733
C:\WINDOWS\ERDNT\cache\tcpip.sys	--a---- 361600 bytes	[00:10 24/01/2012]	[11:51 20/06/2008] 9AEFA14BD6B182D61E3119FA5F436D3D
C:\WINDOWS\Help\tcpip.chm	--a--c- 38234 bytes	[08:00 04/08/2004]	[08:00 04/08/2004] 11F1003A66472DBCBD02A54E9CB4163C
C:\WINDOWS\ServicePackFiles\i386\tcpip.sys	-----c- 361344 bytes	[19:20 13/04/2008]	[19:20 13/04/2008] 93EA8D04EC73A85DB02EB8805988F733
C:\WINDOWS\system32\dllcache\tcpip.sys	--a---- 361600 bytes	[08:00 04/08/2004]	[11:51 20/06/2008] 9AEFA14BD6B182D61E3119FA5F436D3D
C:\WINDOWS\system32\drivers\tcpip.sys	--a--c- 361600 bytes	[08:00 04/08/2004]	[11:51 20/06/2008] 9AEFA14BD6B182D61E3119FA5F436D3D

-= EOF =-

*ComboFix*

ComboFix 12-01-30.02 - Kathy 01/30/2012 23:05:11.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.485 [GMT -5:00]
Running from: c:\documents and settings\Kathy.YOUR-4105E587B6\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\mru.xml
c:\windows\dasetup.log
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-21 22:05 . 2012-01-21 22:05	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-01-17 05:51 . 2004-08-04 08:00	138496	----a-w-	c:\windows\system32\drivers\afd.sys
2012-01-17 05:51 . 2004-08-04 08:00	138496	----a-w-	c:\windows\system32\dllcache\afd.sys
2012-01-17 05:22 . 2008-04-14 00:12	116224	----a-w-	c:\windows\system32\dllcache\xrxwiadr.dll
2012-01-17 05:22 . 2001-08-18 03:36	23040	----a-w-	c:\windows\system32\dllcache\xrxwbtmp.dll
2012-01-17 05:22 . 2008-04-14 00:12	18944	----a-w-	c:\windows\system32\dllcache\xrxscnui.dll
2012-01-17 05:22 . 2001-08-18 03:37	27648	----a-w-	c:\windows\system32\dllcache\xrxftplt.exe
2012-01-17 05:21 . 2001-08-18 03:37	4608	----a-w-	c:\windows\system32\dllcache\xrxflnch.exe
2012-01-17 05:21 . 2001-08-18 03:37	99865	----a-w-	c:\windows\system32\dllcache\xlog.exe
2012-01-17 05:21 . 2001-08-17 17:11	16970	----a-w-	c:\windows\system32\dllcache\xem336n5.sys
2012-01-17 05:21 . 2004-08-04 03:29	19455	----a-w-	c:\windows\system32\dllcache\wvchntxx.sys
2012-01-17 05:21 . 2008-04-13 18:46	19200	----a-w-	c:\windows\system32\dllcache\wstcodec.sys
2012-01-17 05:21 . 2004-08-04 03:29	12063	----a-w-	c:\windows\system32\dllcache\wsiintxx.sys
2012-01-17 05:21 . 2004-08-04 03:31	154624	----a-w-	c:\windows\system32\dllcache\wlluc48.sys
2012-01-17 05:21 . 2001-08-17 17:12	34890	----a-w-	c:\windows\system32\dllcache\wlandrv2.sys
2012-01-17 05:19 . 2001-08-17 18:28	604253	----a-w-	c:\windows\system32\dllcache\vmodem.sys
2012-01-17 05:18 . 2001-08-18 03:36	28160	----a-w-	c:\windows\system32\dllcache\umaxu40.dll
2012-01-17 05:17 . 2001-08-17 19:56	440576	----a-w-	c:\windows\system32\dllcache\tridkb.dll
2012-01-17 05:16 . 2001-08-17 17:13	17129	----a-w-	c:\windows\system32\dllcache\tdkcd31.sys
2012-01-17 05:15 . 2001-08-18 03:36	53760	----a-w-	c:\windows\system32\dllcache\sw_wheel.dll
2012-01-17 05:14 . 2001-08-17 17:51	20752	----a-w-	c:\windows\system32\dllcache\sonync.sys
2012-01-17 05:13 . 2001-08-17 17:12	94698	----a-w-	c:\windows\system32\dllcache\sk98xwin.sys
2012-01-17 05:12 . 2001-08-17 18:53	6912	----a-w-	c:\windows\system32\dllcache\seaddsmc.sys
2012-01-17 05:11 . 2001-08-17 19:56	182272	----a-w-	c:\windows\system32\dllcache\s3mt3d.dll
2012-01-17 05:10 . 2001-08-18 03:36	41472	----a-w-	c:\windows\system32\dllcache\qvusd.dll
2012-01-17 05:09 . 2001-08-17 18:53	7168	----a-w-	c:\windows\system32\dllcache\pnrmc.sys
2012-01-17 05:08 . 2001-08-17 17:12	30495	----a-w-	c:\windows\system32\dllcache\pc100nds.sys
2012-01-17 05:07 . 2001-08-17 17:50	198144	----a-w-	c:\windows\system32\dllcache\nv3.sys
2012-01-17 05:06 . 2008-04-13 18:46	85248	----a-w-	c:\windows\system32\dllcache\nabtsfec.sys
2012-01-17 05:05 . 2001-08-17 18:48	12416	----a-w-	c:\windows\system32\dllcache\msriffwv.sys
2012-01-17 05:04 . 2001-08-17 18:58	8320	----a-w-	c:\windows\system32\dllcache\memcard.sys
2012-01-17 05:03 . 2001-08-17 17:12	19016	----a-w-	c:\windows\system32\dllcache\ktc111.sys
2012-01-17 05:02 . 2001-08-18 03:36	90200	----a-w-	c:\windows\system32\dllcache\io8ports.dll
2012-01-17 05:01 . 2001-08-17 19:06	38528	----a-w-	c:\windows\system32\dllcache\ibmvcap.sys
2012-01-17 05:00 . 2001-08-18 03:36	19456	----a-w-	c:\windows\system32\dllcache\hr1w.dll
2012-01-17 04:59 . 2008-04-13 18:45	59136	----a-w-	c:\windows\system32\dllcache\gckernel.sys
2012-01-17 04:58 . 2001-08-17 17:12	16998	----a-w-	c:\windows\system32\dllcache\ex10.sys
2012-01-17 04:57 . 2001-08-17 18:28	241206	----a-w-	c:\windows\system32\dllcache\el656se5.sys
2012-01-17 04:56 . 2001-08-18 03:36	102484	----a-w-	c:\windows\system32\dllcache\digiinf.dll
2012-01-17 04:55 . 2001-08-17 18:50	14848	----a-w-	c:\windows\system32\dllcache\cyclom-y.sys
2012-01-17 04:54 . 2001-08-18 03:36	236032	----a-w-	c:\windows\system32\dllcache\camext20.dll
2012-01-17 04:53 . 2008-04-13 18:46	13696	----a-w-	c:\windows\system32\dllcache\avcstrm.sys
2012-01-17 04:52 . 2001-08-17 19:56	66048	----a-w-	c:\windows\system32\dllcache\s3legacy.dll
2012-01-16 22:28 . 2012-01-20 23:32	--------	d-----w-	c:\windows\system32\MpEngineStore
2012-01-16 18:12 . 2012-01-16 18:12	--------	d-----w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\Immunet
2012-01-16 18:12 . 2012-01-17 01:12	--------	d-----w-	c:\documents and settings\All Users\Immunet
2012-01-16 02:05 . 2012-01-16 02:05	664	----a-w-	c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2012-01-12 05:59 . 2012-01-12 05:59	--------	d-----w-	c:\program files\KingsIsle Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 05:51 . 2006-09-29 00:00	82944	-c--a-w-	c:\windows\system32\drivers\WudfRd.sys
2011-11-25 21:57 . 2004-08-04 08:00	293376	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-04 08:00	1859584	----a-w-	c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-04 08:00	60416	----a-w-	c:\windows\system32\packager.exe
2011-11-04 19:20 . 2004-08-04 08:00	916992	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 08:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 08:00	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 08:00	385024	----a-w-	c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-04 08:00	386048	----a-w-	c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-04 08:00	1292288	----a-w-	c:\windows\system32\quartz.dll
.
.
((((((((((((((((((((((((((((( [email protected]_00.57.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-30 22:48 . 2012-01-30 22:48	16384 c:\windows\Temp\Perflib_Perfdata_d0.dat
+ 2004-08-07 13:10 . 2012-01-30 02:35	89596 c:\windows\system32\perfc009.dat
+ 2004-08-07 13:10 . 2012-01-30 02:35	506298 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Freecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 17:47	333192	----a-w-	c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
2011-01-17 14:54	175912	----a-w-	c:\program files\Mininova-Vuze\prxtbMin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-11-18 01:10	194848	----a-w-	c:\program files\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d51d388b-f5dc-471a-a1ce-5e2d671091c0}"= "c:\program files\Mininova-Vuze\prxtbMin0.dll" [2011-01-17 175912]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D51D388B-F5DC-471A-A1CE-5E2D671091C0}"= "c:\program files\Mininova-Vuze\prxtbMin0.dll" [2011-01-17 175912]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-23 1434920]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 790528]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2009-04-17 197856]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-02-19 438272]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"ASUS Ai Charger"="c:\program files\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Kathy.YOUR-4105E587B6\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13	64592	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55	937920	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 22:57	86016	-c--a-w-	c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher]
2009-11-24 06:03	906640	----a-w-	c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
2010-06-26 17:09	167936	----a-w-	c:\program files\Freecorder\FLVSrvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24	54840	-c--a-w-	c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-12 00:01	46368	-c--a-w-	c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54	253952	-c--a-w-	c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MioNet]
2008-01-14 19:16	32768	-c--a-r-	c:\program files\MioNet\MioNetLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12	1695232	-csh--w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-03-24 03:28	2937528	----a-w-	c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-12 00:03	29984	-c--a-w-	c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoSysTray]
2011-01-05 23:19	15752	----a-w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Plaxo\3.25.0.87\plaxosystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
2011-01-05 23:19	813448	----a-w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 14:01	328992	-c--a-w-	c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
2011-06-02 09:42	67456	----a-w-	c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07	2260480	-csha-r-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49	249064	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-14 04:12	39408	-c--a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SSScsiSV"=3 (0x3)
"SonicStage Back-End Service"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"ose"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"MioNet"=3 (0x3)
"MemeoBackgroundService"=2 (0x2)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9bfb059d9f398"=2 (0x2)
"WDBtnMgrSvc.exe"=2 (0x2)
"LBTServ"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Brother\\Brmfl08b\\FAXRX.exe"=
"c:\\Program Files\\MioNet\\MioNetManager.exe"=
"c:\\Program Files\\MioNet\\jvm\\bin\\MioNet.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Kathy.YOUR-4105E587B6\\My Documents\\Computer Downloads\\PDFConverterSetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
"57448:TCP"= 57448:TCPando Media Booster
"57448:UDP"= 57448:UDPando Media Booster
.
R0 AiCharger;ASUS Charger Driver;c:\windows\system32\drivers\AiCharger.sys [12/26/2011 11:49 PM 13224]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [5/23/2011 3:45 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [5/23/2011 3:45 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx86.sys [11/30/2011 9:25 PM 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [5/23/2011 3:45 PM 136312]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [12/19/2009 8:56 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [12/19/2009 8:57 PM 234888]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/13/2009 3:56 PM 10448]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [5/23/2011 3:45 PM 130008]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [11/27/2010 12:55 AM 398176]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2/19/2008 2:15 AM 106496]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/10/2011 5:12 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120113.002\IDSXpx86.sys [1/13/2012 9:45 PM 356280]
S2 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [2/16/2009 4:30 PM 355840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1c9bfb059d9f398;Google Update Service (gupdate1c9bfb059d9f398);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 6:00 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 6:00 PM 133104]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [11/17/2009 5:16 AM 140632]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [9/29/2010 1:43 PM 582424]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [4/17/2009 12:51 PM 25824]
S4 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [1/14/2008 2:14 PM 139264]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NDISRD
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2012-01-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-14 16:58]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 22:59]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 22:59]
.
2012-01-30 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]
.
2012-01-29 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]
.
2012-01-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-732144715-682409029-181207730-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-01-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-732144715-682409029-181207730-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2011-05-12 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-15 08:26]
.
2011-12-15 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-12-15 20:28]
.
2012-01-31 c:\windows\Tasks\User_Feed_Synchronization-{5C259D8B-DEA8-464E-BEEA-F83CE1340DE9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
2012-01-29 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2010-09-29 18:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.weather.com/weather/my?showdatasavepop=T
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-30 23:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?0?2?9??????? ?,?B?????????????hLC? ?????? 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\09\01\1a\017\04?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1004)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2012-01-30 23:26:19
ComboFix-quarantined-files.txt 2012-01-31 04:26
ComboFix2.txt 2012-01-24 01:02
ComboFix3.txt 2012-01-24 00:13
.
Pre-Run: 4,668,952,576 bytes free
Post-Run: 4,654,731,264 bytes free
.
- - End Of File - - 8E01465A34F4C64622E495D9E5640812


----------



## Cookiegal (Aug 27, 2003)

I see you installed Immunet. Have you now uninstalled it?

Go to *Start *- *Run *and copy and paste the following then click OK:

*regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services"*

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then copy and paste the report here.


----------



## PTgirl (Jan 22, 2012)

Didn't even know I had immunet & don't even remember reading the name before.
Tried to post the file and got a message saying the text was over 4 times too long to post. Tried it as a single attachment and too big. Divided it and sending it as two attachments.


----------



## Cookiegal (Aug 27, 2003)

I need another key exported please:

Go to *Start *- *Run *and copy and paste the following then click OK:

*regedit /e C:\look2.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GroupOrderList"*

Please copy and paste the report found at C:\look2.txt here.


----------



## PTgirl (Jan 22, 2012)

Look2.txt

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GroupOrderList]
"Base"=hex:16,00,00,00,0e,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,\
00,00,05,00,00,00,06,00,00,00,07,00,00,00,08,00,00,00,09,00,00,00,0a,00,00,\
00,0b,00,00,00,0c,00,00,00,0d,00,00,00,0f,00,00,00,10,00,00,00,11,00,00,00,\
12,00,00,00,13,00,00,00,14,00,00,00,15,00,00,00,16,00,00,00
"Boot Bus Extender"=hex:06,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,\
00,00,05,00,00,00,06,00,00,00
"Extended Base"=hex:09,00,00,00,01,00,00,00,02,00,00,00,04,00,00,00,03,00,00,\
00,05,00,00,00,06,00,00,00,07,00,00,00,08,00,00,00,09,00,00,00
"Keyboard Class"=hex:01,00,00,00,01,00,00,00
"Keyboard Port"=hex:04,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,00,\
00
"Ndis"=hex:17,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,00,00,05,00,\
00,00,06,00,00,00,07,00,00,00,08,00,00,00,09,00,00,00,0a,00,00,00,0b,00,00,\
00,0c,00,00,00,0d,00,00,00,0e,00,00,00,0f,00,00,00,10,00,00,00,11,00,00,00,\
12,00,00,00,13,00,00,00,14,00,00,00,15,00,00,00,16,00,00,00,17,00,00,00
"Network"=hex:06,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,00,00,05,\
00,00,00,06,00,00,00
"Parallel arbitrator"=hex:01,00,00,00,01,00,00,00
"PNP_TDI"=hex:1d,00,00,00,1d,00,00,00,1a,00,00,00,17,00,00,00,13,00,00,00,10,\
00,00,00,0d,00,00,00,05,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,\
00,00,09,00,00,00,06,00,00,00,07,00,00,00,08,00,00,00,0b,00,00,00,0c,00,00,\
00,0e,00,00,00,0f,00,00,00,11,00,00,00,12,00,00,00,14,00,00,00,15,00,00,00,\
16,00,00,00,18,00,00,00,19,00,00,00,1b,00,00,00,1c,00,00,00,1e,00,00,00
"Pointer Class"=hex:01,00,00,00,01,00,00,00
"Pointer Port"=hex:08,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,00,00,\
05,00,00,00,06,00,00,00,07,00,00,00,08,00,00,00
"Primary Disk"=hex:05,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,00,00,\
05,00,00,00
"SCSI CDROM Class"=hex:02,00,00,00,01,00,00,00,02,00,00,00
"SCSI Class"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00
"SCSI Miniport"=hex:3f,00,00,00,00,01,00,00,01,01,00,00,19,00,00,00,01,00,00,\
00,02,00,00,00,03,00,00,00,04,00,00,00,05,00,00,00,06,00,00,00,07,00,00,00,\
08,00,00,00,09,00,00,00,0a,00,00,00,0b,00,00,00,0c,00,00,00,0d,00,00,00,0e,\
00,00,00,0f,00,00,00,10,00,00,00,11,00,00,00,12,00,00,00,13,00,00,00,14,00,\
00,00,15,00,00,00,16,00,00,00,17,00,00,00,1a,00,00,00,18,00,00,00,1b,00,00,\
00,1c,00,00,00,1d,00,00,00,1e,00,00,00,1f,00,00,00,20,00,00,00,23,00,00,00,\
24,00,00,00,25,00,00,00,26,00,00,00,27,00,00,00,28,00,00,00,29,00,00,00,2a,\
00,00,00,2b,00,00,00,2c,00,00,00,2d,00,00,00,2e,00,00,00,2f,00,00,00,30,00,\
00,00,31,00,00,00,32,00,00,00,33,00,00,00,34,00,00,00,35,00,00,00,36,00,00,\
00,37,00,00,00,38,00,00,00,39,00,00,00,3a,00,00,00,3b,00,00,00,3c,00,00,00,\
3d,00,00,00,3e,00,00,00,3f,00,00,00
"SpoolerGroup"=hex:02,00,00,00,01,00,00,00,02,00,00,00
"System Bus Extender"=hex:10,00,00,00,02,00,00,00,03,00,00,00,04,00,00,00,01,\
00,00,00,08,00,00,00,09,00,00,00,0a,00,00,00,0b,00,00,00,0c,00,00,00,0d,00,\
00,00,0e,00,00,00,06,00,00,00,05,00,00,00,07,00,00,00,0f,00,00,00,10,00,00,\
00
"Video"=hex:01,00,00,00,01,00,00,00
"Video Init"=hex:01,00,00,00,01,00,00,00
"Video Save"=hex:01,00,00,00,01,00,00,00
"FSFilter Infrastructure"=hex:04,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,\
04,00,00,00
"FSFilter System"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00
"FSFilter Bottom"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00
"FSFilter Copy Protection"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00
"FSFilter Security Enhancer"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,\
00
"FSFilter Open File"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00
"FSFilter Physical Quota Management"=hex:03,00,00,00,01,00,00,00,02,00,00,00,\
03,00,00,00
"FSFilter Encryption"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00
"FSFilter Compression"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00
"FSFilter HSM"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00
"FSFilter Cluster File System"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,\
00,00
"FSFilter System Recovery"=hex:04,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,\
04,00,00,00
"FSFilter Quota Management"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,\
00
"FSFilter Content Screener"=hex:05,00,00,00,01,00,00,00,02,00,00,00,03,00,00,\
00,04,00,00,00,05,00,00,00
"FSFilter Continuous Backup"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,\
00
"FSFilter Replication"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00
"FSFilter Anti-Virus"=hex:04,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,05,\
00,00,00
"FSFilter Undelete"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00
"FSFilter Activity Monitor"=hex:04,00,00,00,01,00,00,00,02,00,00,00,03,00,00,\
00,05,00,00,00
"FSFilter Top"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00
"Filter"=hex:06,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,00,00,05,00,\
00,00,06,00,00,00
"PNP Filter"=hex:04,00,00,00,01,00,00,00,03,00,00,00,02,00,00,00,04,00,00,00
"NetBIOSGroup"=hex:01,00,00,00,01,00,00,00
"Streams Drivers"=hex:01,00,00,00,01,00,00,00
"WdfLoadGroup"=hex:01,00,00,00,01,00,00,00


----------



## Cookiegal (Aug 27, 2003)

OK. I'd like to try something. I'm attaching a FixPTgirl.zip file to this post. Save it to the desktop. Unzip it and double-click the FixPTgirl.reg file and allow it to merge into the registry.

The reboot the machine and see if you can connect.


----------



## PTgirl (Jan 22, 2012)

The file successfully merged but I still couldn't connect after rebooting.


----------



## Cookiegal (Aug 27, 2003)

Are you currently connecting wirelessly with another PC or laptop?

If so, please post the ipconfig /all from that computer.


----------



## PTgirl (Jan 22, 2012)

Both laptop and desktop

*Laptop*
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\kathr.salvemini>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : CHAPF-6LNC0R1
Primary Dns Suffix . . . . . . . : pgcps.org
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : pgcps.org
hsd1.md.comcast.net.

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.md.comcast.net.
Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-24-D6-B0-22-D2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d0af:8c90:b917:1ef9%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.105(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, February 01, 2012 5:30:20 PM
Lease Expires . . . . . . . . . . : Thursday, February 02, 2012 5:30:20 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218113238
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-0B-F4-3C-00-26-B9-68-3D-A9

DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : pgcps.org
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controlle
r
Physical Address. . . . . . . . . : 00-26-B9-68-3D-A9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hsd1.md.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.md.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:439:37f1:3f57:fe96(Prefe
rred)
Link-local IPv6 Address . . . . . : fe80::439:37f1:3f57:fe96%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

C:\Users\kathr.salvemini>

*Desktop*
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Dell>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : D8C6CBB1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.md.comcast.net.

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . : hsd1.md.comcast.net.
Description . . . . . . . . . . . : Intel(R) 82562V-2 10/100 Network Con
nection #2
Physical Address. . . . . . . . . : 00-21-9B-25-94-2F
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.104
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
Lease Obtained. . . . . . . . . . : Wednesday, February 01, 2012 5:39:45
PM
Lease Expires . . . . . . . . . . : Thursday, February 02, 2012 5:39:45
PM

C:\Documents and Settings\Dell>


----------



## Cookiegal (Aug 27, 2003)

Please post the latest ipconfig /all from the problem computer.


----------



## PTgirl (Jan 22, 2012)

*problem laptop*

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Kathy.YOUR-4105E587B6>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : your-4105e587b6
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.md.comcast.net.

Ethernet adapter Wireless Network Connection 2:

Connection-specific DNS Suffix . : hsd1.md.comcast.net.
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG Network
Connection
Physical Address. . . . . . . . . : 00-15-00-3A-01-E7
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.102
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::215:ff:fe3a:1e7%4
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
fec0:0:0:ffff::1%2
fec0:0:0:ffff::2%2
fec0:0:0:ffff::3%2
Lease Obtained. . . . . . . . . . : Wednesday, February 01, 2012 5:32:16
PM
Lease Expires . . . . . . . . . . : Thursday, February 02, 2012 5:32:16
PM

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Eth
ernet NIC
Physical Address. . . . . . . . . : 00-16-36-33-EA-7A

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . : hsd1.md.comcast.net.
Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-01-66
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.102%2
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2
fec0:0:0:ffff::2%2
fec0:0:0:ffff::3%2
NetBIOS over Tcpip. . . . . . . . : Disabled

C:\Documents and Settings\Kathy.YOUR-4105E587B6>


----------



## Cookiegal (Aug 27, 2003)

When you go to Control Panel - Network Connections, right-click the LAN connection and select "properties" then highlight "Internet Protocol (TCP/IP)" and select "Properties" under the General tab, are "Obtain an IP address automatically" and "Obtain DNS Server Address Automatically" selected?


----------



## TerryNet (Mar 23, 2005)

Please excuse the interruption. Make sure you have the latest wireless driver from the laptop manufacturer's web site.

If you are using XP's WZC to manage the connection try the Intel Proset (also from the laptop manufacturer's site) instead. That adapter has issues, and most times it behaves better with the Intel Proset utility.


----------



## TerryNet (Mar 23, 2005)

Also, ipv6 sometimes causes trouble in XP. Do ...

Start - Run - *ipv6 uninstall* - OK


----------



## PTgirl (Jan 22, 2012)

Cookiegal, yes, automatically is selected for both. 

TerryNet, I have the latest driver. ipv6 now uninstalled. Intel Proset has now been installed to replace WZC. Still have strong network signal but unable to access Internet. Difference is that now instead of IE giving me the message that the web page can't be loaded, the tab seems to be permanently stuck on "connecting"


----------



## TerryNet (Mar 23, 2005)

If you ping yahoo.com or google.com does it resolve to the address and return replies?


----------



## PTgirl (Jan 22, 2012)

TerryNet - still only by the numbers:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Kathy.YOUR-4105E587B6>ping yahoo.com
Ping request could not find host yahoo.com. Please check the name and try again.

C:\Documents and Settings\Kathy.YOUR-4105E587B6>ping google.com
Ping request could not find host google.com. Please check the name and try again
.

C:\Documents and Settings\Kathy.YOUR-4105E587B6>ping 74.125.113.106

Pinging 74.125.113.106 with 32 bytes of data:

Reply from 74.125.113.106: bytes=32 time=55ms TTL=50
Reply from 74.125.113.106: bytes=32 time=79ms TTL=50
Reply from 74.125.113.106: bytes=32 time=103ms TTL=50
Reply from 74.125.113.106: bytes=32 time=127ms TTL=50

Ping statistics for 74.125.113.106:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 55ms, Maximum = 127ms, Average = 91ms

C:\Documents and Settings\Kathy.YOUR-4105E587B6>


----------



## Cookiegal (Aug 27, 2003)

Please download MiniToolBox, save it to your desktop and run it.

Put a checkmark to select the following options:

Flush DNS
Report IE Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Devices
Click *Go* and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


----------



## PTgirl (Jan 22, 2012)

*MiniToolBox results*

MiniToolBox by Farbar Version: 18-01-2012
Ran by Kathy (administrator) on 02-02-2012 at 12:33:10
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel(R) PRO/Wireless 2200BG Network Connection = Wireless Network Connection 2 (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)

# ---------------------------------- 
# Interface IP Configuration 
# ---------------------------------- 
pushd interface ip

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp 
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : your-4105e587b6

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.md.comcast.net.

Ethernet adapter Wireless Network Connection 2:

Connection-specific DNS Suffix . : hsd1.md.comcast.net.

Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG Network Connection

Physical Address. . . . . . . . . : 00-15-00-3A-01-E7

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 75.75.75.75

75.75.76.76

Lease Obtained. . . . . . . . . . : Thursday, February 02, 2012 12:16:15 PM

Lease Expires . . . . . . . . . . : Friday, February 03, 2012 12:16:15 PM

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-16-36-33-EA-7A

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.113.104, 74.125.113.147, 74.125.113.105, 74.125.113.99
74.125.113.106, 74.125.113.103

Ping request could not find host google.com. Please check the name and try again.

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56

Ping request could not find host yahoo.com. Please check the name and try again.

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 15 00 3a 01 e7 ...... Intel(R) PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
0x3 ...00 16 36 33 ea 7a ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.102 192.168.1.102 20
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 25
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 25
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 25
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
255.255.255.255 255.255.255.255 192.168.1.102 3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 02 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/23/2012 06:36:50 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/23/2012 06:36:50 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/23/2012 06:36:50 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/23/2012 06:36:49 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/23/2012 06:36:49 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/23/2012 06:36:49 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (01/23/2012 06:36:48 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (01/23/2012 06:33:21 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/23/2012 06:33:21 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/23/2012 06:33:21 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

System errors:
=============
Error: (02/02/2012 00:31:17 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 30 minutes.
NtpClient has no source of accurate time.

Error: (02/02/2012 00:31:17 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (02/02/2012 00:16:17 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (02/02/2012 00:16:17 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (02/02/2012 00:16:14 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (02/02/2012 00:38:12 AM) (Source: 0) (User: )
Description: [::]:2869

Error: (02/02/2012 00:38:12 AM) (Source: 0) (User: )
Description: [::]:2869

Error: (02/02/2012 00:33:43 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 239 minutes.
NtpClient has no source of accurate time.

Error: (02/02/2012 00:33:43 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (02/02/2012 00:17:54 AM) (Source: 0) (User: )
Description: [::]:2869

Microsoft Office Sessions:
=========================
Error: (07/27/2011 02:14:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5324 seconds with 1860 seconds of active time. This session ended with a crash.

Error: (09/09/2009 02:11:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2925 seconds with 1200 seconds of active time. This session ended with a crash.

Error: (07/02/2009 02:11:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/02/2009 02:11:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/29/2009 04:01:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/29/2009 04:01:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/13/2009 04:02:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 769 seconds with 720 seconds of active time. This session ended with a crash.

========================= Devices: ================================

**** End of log ****


----------



## TerryNet (Mar 23, 2005)

No expectation that this will help, but a year and a half ago *cybertech* (another moderator here) cleared up some networking problem by having the OP disable the 1394 connection (in Network Connections). May as well try that. If you don't know, 1394 is also called "firewire" and is for connecting some camcorders, camera, etc., and you've probably never used it.


----------



## Cookiegal (Aug 27, 2003)

By all means, try what TerryNet suggested. 

If that doesn't work, I feel it's probably Norton 360 that's blocking the connection.


----------



## PTgirl (Jan 22, 2012)

Hi TerryNet,
I disabled the 1394 connection. No change with connectivity, but IE is back to saying that it cannot display the webpage instead of the continuously "connecting" message of last night.


----------



## Cookiegal (Aug 27, 2003)

Do you have the media (and key) to be able to reinstall Norton 360? I assume you do because you said you did that in your earlier posts. But, you need to run the removal tool to be sure all components are removed then run these commands again:

Go to *Start *- *Run *- type in *cmd *and click OK.

At the command prompt type in:

*netsh winsock reset catalog*

Press enter.

then type in:

*netsh int ip reset resetlog.txt*

Press enter.

Then reboot the machine and see if you can start those services that wouldn't start and then try to connect:

https://www-secure.symantec.com/nor...10133834EN&product=home&version=1&pvid=f-home

I think it's work a shot.

Or have you ever had another Firewall such as Zone Alarm on this machine?


----------



## PTgirl (Jan 22, 2012)

Hi Cookiegal,
Before I received your most recent post, I had just finished running the Norton removal tool. 
I followed the rest of your instructions, but I still can't get online.
I did have Zone Alarm at one point, but I uninstalled it at least three years ago.


----------



## TerryNet (Mar 23, 2005)

Run the ZoneAlarm Removal Tool if you haven't done so already.


----------



## Cookiegal (Aug 27, 2003)

Thanks Terry. 

There could well be remnants left behind that have grabbed hold of something.


----------



## PTgirl (Jan 22, 2012)

Just back from my trip.
Ran the Zone Alarm Removal Tool. Still no change in online access.


----------



## Cookiegal (Aug 27, 2003)

I assume you rebooted after using the tool?

Go to Control Panel - Network Connections and right-click the Local Area Connection and click on Properties.

On the General tab, click on Internet Protocol (TCP/IP) and then on Properties.

Click on Advanced and then click on the Options tab.

In the Optional Settings dialog box, click on *TCP/IP Filtering* and then click on the Properties tab.

Is there a check mark in the box beside "Enable TCP/IP Filtering (All adapters)"?


----------



## PTgirl (Jan 22, 2012)

*Enable TCP/IP Filtering (All adapters)*
Yes, it is checked for both Local Area Connection and for Wireless Connection
Should it be unchecked?
Yes, rebooted after running the tool.


----------



## Cookiegal (Aug 27, 2003)

Perhaps but I'm not sure yet. Mine is unchecked. Can you post a screenshot of what you see there below that box please on both the LAN and the wireless?


----------



## PTgirl (Jan 22, 2012)

Please see attached.


----------



## Cookiegal (Aug 27, 2003)

Please upload an image, not a Word document. I can't open .docx documents.

Take the sceenshot and then open Paint (from All Programs - Accessories) and paste it there, then save it and upload that image. Thanks.


----------



## PTgirl (Jan 22, 2012)

images attached. Couldn't figure out how to place them in the post.
First is LAN, but both have the same settings.


----------



## Cookiegal (Aug 27, 2003)

Try unchecking the box beside "Enable TCP/IP Filtering (All adapters)" and then change all three options to "Permit All" then click OK.

Reboot and see if you can connect.


----------



## PTgirl (Jan 22, 2012)

Hi Cookiegal,
I unchecked the box and selected permit all for the three options. Rebooted, but still no internet connection.


----------



## Cookiegal (Aug 27, 2003)

Then please put those settings back the way they were since it didn't solve the problem.

Please copy everything in the following code box and paste it into Notepad:


```
@echo off
echo Please post back the %SystemDrive%\MyNICDetails.txt on your next reply
echo.
echo CheckMyNIC by AdvancedSetup >%SystemDrive%\MyNICDetails.txt
echo ... >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc dhcp >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex dhcp >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc TCPIP >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex TCPIP >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc Afd >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex Afd >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc NetBT >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex NetBT >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc NetBIOS >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex NetBIOS >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc Lmhosts >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex Lmhosts >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc Dnscache >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex Dnscache >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc PolicyAgent >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex PolicyAgent >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc Nla >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex Nla >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc lanmanserver >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex lanmanserver >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc IPSEC >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex IPSEC >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc RPCSS >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex RPCSS >>%SystemDrive%\MyNICDetails.txt
pause
```
Change the "save as type" to "All Files" and name it *MyNICDetails.bat*. Double-click the MyNICDetails.bat to run it then copy and paste the contents of log it creates that will be located at C:\MyNICDetails.txt please.

I'm signing off for the night so will check back tomorrow morning.


----------



## PTgirl (Jan 22, 2012)

*MyNICDetails.txt* (please also see note at end of pasted text)

CheckMyNIC by AdvancedSetup 
... 
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS 
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs 
LOAD_ORDER_GROUP : TDI 
TAG : 0 
DISPLAY_NAME : DHCP Client 
DEPENDENCIES : Tcpip 
: Afd 
: NetBT 
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS 
STATE : 4 RUNNING 
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0	(0x0)
SERVICE_EXIT_CODE : 0	(0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1148
FLAGS : 
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: TCPIP
TYPE : 1 KERNEL_DRIVER 
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\tcpip.sys 
LOAD_ORDER_GROUP : PNP_TDI 
TAG : 28 
DISPLAY_NAME : TCP/IP Protocol Driver 
DEPENDENCIES : IPSec 
SERVICE_START_NAME :

SERVICE_NAME: TCPIP
TYPE : 1 KERNEL_DRIVER 
STATE : 4 RUNNING 
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0	(0x0)
SERVICE_EXIT_CODE : 0	(0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS : 
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: Afd
TYPE : 1 KERNEL_DRIVER 
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\System32\drivers\afd.sys 
LOAD_ORDER_GROUP : TDI 
TAG : 0 
DISPLAY_NAME : AFD 
DEPENDENCIES : 
SERVICE_START_NAME :

SERVICE_NAME: Afd
TYPE : 1 KERNEL_DRIVER 
STATE : 4 RUNNING 
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0	(0x0)
SERVICE_EXIT_CODE : 0	(0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS : 
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: NetBT
TYPE : 1 KERNEL_DRIVER 
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\netbt.sys 
LOAD_ORDER_GROUP : PNP_TDI 
TAG : 30 
DISPLAY_NAME : NetBios over Tcpip 
DEPENDENCIES : Tcpip 
SERVICE_START_NAME :

SERVICE_NAME: NetBT
TYPE : 1 KERNEL_DRIVER 
STATE : 4 RUNNING 
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0	(0x0)
SERVICE_EXIT_CODE : 0	(0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS : 
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: NetBIOS
TYPE : 2 FILE_SYSTEM_DRIVER 
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\netbios.sys 
LOAD_ORDER_GROUP : NetBIOSGroup 
TAG : 1 
DISPLAY_NAME : NetBIOS Interface 
DEPENDENCIES : 
SERVICE_START_NAME :

SERVICE_NAME: NetBIOS
TYPE : 2 FILE_SYSTEM_DRIVER 
STATE : 4 RUNNING 
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0	(0x0)
SERVICE_EXIT_CODE : 0	(0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS : 
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: Lmhosts
TYPE : 20 WIN32_SHARE_PROCESS 
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService 
LOAD_ORDER_GROUP : TDI 
TAG : 0 
DISPLAY_NAME : TCP/IP NetBIOS Helper 
DEPENDENCIES : NetBT 
: Afd 
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: Lmhosts
TYPE : 20 WIN32_SHARE_PROCESS 
STATE : 4 RUNNING 
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0	(0x0)
SERVICE_EXIT_CODE : 0	(0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1616
FLAGS : 
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS 
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k NetworkService 
LOAD_ORDER_GROUP : TDI 
TAG : 0 
DISPLAY_NAME : DNS Client 
DEPENDENCIES : Tcpip 
SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS 
STATE : 4 RUNNING 
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0	(0x0)
SERVICE_EXIT_CODE : 0	(0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1524
FLAGS : 
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: PolicyAgent
TYPE : 20 WIN32_SHARE_PROCESS 
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe 
LOAD_ORDER_GROUP : 
TAG : 0 
DISPLAY_NAME : IPSEC Services 
DEPENDENCIES : RPCSS 
: Tcpip 
: IPSec 
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: PolicyAgent
TYPE : 20 WIN32_SHARE_PROCESS 
STATE : 4 RUNNING 
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0	(0x0)
SERVICE_EXIT_CODE : 0	(0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 864
FLAGS : RUNS_IN_SYSTEM_PROCESS
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: Nla
TYPE : 20 WIN32_SHARE_PROCESS 
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs 
LOAD_ORDER_GROUP : 
TAG : 0 
DISPLAY_NAME : Network Location Awareness (NLA) 
DEPENDENCIES : Tcpip 
: Afd 
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Nla
TYPE : 20 WIN32_SHARE_PROCESS 
STATE : 4 RUNNING 
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0	(0x0)
SERVICE_EXIT_CODE : 0	(0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1148
FLAGS : 
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: lanmanserver
TYPE : 20 WIN32_SHARE_PROCESS 
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs 
LOAD_ORDER_GROUP : 
TAG : 0 
DISPLAY_NAME : Server 
DEPENDENCIES : 
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: lanmanserver
TYPE : 20 WIN32_SHARE_PROCESS 
STATE : 4 RUNNING 
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0	(0x0)
SERVICE_EXIT_CODE : 0	(0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1148
FLAGS  : 
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: IPSEC
TYPE : 1 KERNEL_DRIVER 
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\ipsec.sys 
LOAD_ORDER_GROUP : PNP_TDI 
TAG : 29 
DISPLAY_NAME : IPSEC driver 
DEPENDENCIES : 
SERVICE_START_NAME :

SERVICE_NAME: IPSEC
TYPE : 1 KERNEL_DRIVER 
STATE : 4 RUNNING 
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0	(0x0)
SERVICE_EXIT_CODE : 0	(0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS : 
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: RPCSS
TYPE : 10 WIN32_OWN_PROCESS 
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k rpcss 
LOAD_ORDER_GROUP : COM Infrastructure 
TAG : 0 
DISPLAY_NAME : Remote Procedure Call (RPC) 
DEPENDENCIES : 
SERVICE_START_NAME : NT Authority\NetworkService

SERVICE_NAME: RPCSS
TYPE : 10 WIN32_OWN_PROCESS 
STATE : 4 RUNNING 
IN32_EXIT_CODE : 0	(0x0)
S ERVICE_EXIT_CODE : 0	(0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1088
FLAGS :

I don't know if this is useful for you, but I just found out tonight that my nephew downloaded a game the night before I started having problems. It is from Kingsisle Entertainment and is called Wizard 101. He evidently tried to play it over a 30 minute period after downloading and the laptop kept freezing on him. He finally panicked and deleted the shortcut so I wouldn't see it on my desktop; he then shut it down. He said that he didn't think of uninstalling it. I started having problems when I booted up the next day, and I couldn't figure out why since to my knowledge, I hadn't downloaded anything new or opened any unknown files. Now that I know it's there, I can see it in my program list and in my program files. I have tried uninstalling it from my start > all programs list because it has an uninstall option, but when I click on the uninstall, nothing happens. I also tried uninstalling from my control panel > add/remove programs, but it won't uninstall from there either when I click on it. I believe my laptop was infected when he downloaded the exe file. Is it significant that it won't uninstall now? BTW, I've allowed him to live, but it was a close call.


----------



## Cookiegal (Aug 27, 2003)

The game itself doesn't look to be malicious but I suspect he downloaded it via torrents which would have likely come bundled with malware. Try the Revo uninstaller and see if that will get rid of it:

http://majorgeeks.com/Revo_Uninstaller_d5706.html

I'd like to see the current status of some registry keys again to try to examine everything overall and see if I can spot any problems so please do the following:

Go to *Start *- *Run *and copy and paste the following then click OK:


```
regedit /e C:\lookServices.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services"
```
You won't see anything happen and it will only take a second. You will find the report it creates at C:\lookServices.txt. It will be large so please zip it up and then upload it as an attachment.

Then please run this command to export another key:


```
regedit /e C:\lookEnum.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root"
```
This report will be found at C:\LookEnum.txt and will also be large so please zip and attach that one as well.


----------



## PTgirl (Jan 22, 2012)

The Revo uninstaller got rid of it.
two zip files attached for you.


----------



## Cookiegal (Aug 27, 2003)

I've gone through the entire Services key and found a few things that need fixing so we'll see if that helps.

But first, do you still have this program installed?

XoftSpySE

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## PTgirl (Jan 22, 2012)

Hi Cookiegal,
Yes, I still have XoftSpySE, but it's not running. Do you want me to use the uninstall option to remove it?

*Uninstall List*
7-Zip 4.57
ABC Amber LIT Converter
ABC FLV to Video Converter
Able2Doc v5.0
ActiveState ActivePython 2.6.1.1
Adobe AIR
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
ASUS Ai Charger
Avi Player 
AviSynth 2.5
Bonjour
Brother MFL-Pro Suite MFC-490CW
Build A Lot 3 Passport To Europe
Buildalot
Build-a-lot 4 Power Source
CachemanXP 1.8.0.14
calibre
Chapter and Verse
Chinese Traditional Fonts Support For Adobe Reader 9
Comcast Access
Comcast Access
Conexant AC-Link Audio
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
DING!
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
doPDF 6.2 printer
Easy Internet Sign-up
eReg
EZface ActiveX 210
Fast AVI MPEG Joiner 1.1.2
ffdshow [rev 918] [2007-02-12]
File Type Assistant
FLV to MP4 Converter 2009.2.20
FoxTab PDF Converter
Free FLV to AVI MP4 3GP WMV MP3 Converter v2.2
Free PDF to Word Doc Converter v1.1
Free WMA to MP3 Converter 1.16
Freecorder
Freecorder Toolbar
Frugal Video Poker
GearDrvs
GearDrvs
getPlus(R) for Adobe
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Help and Support
HP Product Detection
HP Update
HP User Guides 0001
HP Wireless Assistant
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
InterActual Player
InterVideo WinDVD
IP Hider 4.0
iTunes
J2SE Runtime Environment 5.0
Java(TM) 6 Update 24
Junk Mail filter update
Kindle Auto eBook Converter 0.4.21
Logitech SetPoint 6.20
mCore
mDrWiFi
Memory Stick Formatter
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Bootvis
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Entertainment Pack: The Puzzle Collection
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Reader
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Tool Web Package : EXCTRLST.EXE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mininova-Vuze Toolbar
MioNet
mIWA
mLogView
mMHouse
Mobipocket Creator 4.2
Mobipocket Reader 6.0
mPfMgr
mPfWiz
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
muvee autoProducer 4.0 - SE
mWlsSafe
mXML
mZConfig
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Pando Media Booster
PaperPort Image Printer
Plaxo Toolbar for Windows
PMB
PrimoPDF
PRS-500 USB driver
Quick Launch Buttons 5.10 B2
QuickTime
Reader Library by Sony
RealPlayer
RealUpgrade 1.1
RepliGo Viewer (remove only)
Revo Uninstaller 1.93
Safari
ScanSoft PaperPort 11
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SonicStage 4.3
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Tropical Swaps (remove only)
Tropical Swaps 2 (remove only)
Uniblue DriverScanner
Uniblue PowerSuite 2009
Uniblue PowerSuite 2009
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VantagePoint
VantagePoint
VC80CRTRedist - 8.0.50727.4053
Videora iPod touch Converter 6
VLC media player 1.1.11
VS10RuntimeWin32
Vuze
Vuze Toolbar
Vuze_Remote Toolbar
WD Anywhere Backup
WD Diagnostics
WD Drive Manager (x86)
WeFi 3.7.6.9
Windows Driver Package - Intel (NETw5x32) net (10/26/2009 12.4.4.5)
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
wunderlist
XoftSpySE
YouSendIt Express
YouSendIt Express
YouTube Downloader 3.4
YouTube Downloader App 3.00
Zone Deluxe Games


----------



## Cookiegal (Aug 27, 2003)

So you don't have any anti-virus program then?


----------



## PTgirl (Jan 22, 2012)

Not now. I was using Norton 360 for firewall and anti-virus, but you asked that I uninstall it. I run XoftSpySE and Spybot every couple of days to remove spyware.


----------



## Cookiegal (Aug 27, 2003)

I would uninstall all of these:

Freecorder Toolbar
J2SE Runtime Environment 5.0
Vuze Toolbar
Vuze_Remote Toolbar
XoftSpySE

Then reinstall Norton.

I'm also attaching a FixPTgirl2.zip file to this post. Save it to your desktop. Unzip it and double-click the FixPTgirl2.reg file and allow it to merge into the registry.

Then reboot the machine and see if you can start these services:

Computer Browser
Server
Workstation

Then see if you can connect. If not reboot and try again please.


----------



## PTgirl (Jan 22, 2012)

Uninstalled 5 programs, reinstalled Norton
Merged the reg file you provided. 
Rebooted - 3 services listed were already started. 
Tried to get online with no success
Rebooted and tried again -still no success.


----------



## Cookiegal (Aug 27, 2003)

Please go to Start - Run - type in *services.msc* and press Enter. Scroll down to the *Windows Firewall/Internet Connection Sharing (ICS) service*. Double-click to open the service and report back the status (started or stopped) and the startup type please.


----------



## PTgirl (Jan 22, 2012)

*Windows Firewall/Internet Connection Sharing (ICS) service*

Status: Started
Startup Type: Automatic


----------



## Cookiegal (Aug 27, 2003)

There was an error in the Event Viewer before relating to this service stopping so let's try resetting it.

Go to Start - Run - type in cmd and press Enter to open a Command Prompt. Then type the following command and press Enter.

*netsh firewall reset *

Then reboot and see if you can connect.


----------



## PTgirl (Jan 22, 2012)

Still unable to connect. 
Tried rebooting twice.


----------



## Cookiegal (Aug 27, 2003)

I've been seeking assistance from my colleagues and am going to try a suggestion. It involves a regfix that I'm attaching. Please save it to your desktop, unzip it and double-click the .reg file to run it, as you've done before.

Then reboot the machine and try to connect.


----------



## PTgirl (Jan 22, 2012)

Thanks, Cookiegal.
I merged the file but still couldn't get online after reboot. However, there was a difference this time. I have DING, the Southwest Airlines program that has an icon in my system tray. Up until now, it has always displayed a warning about no connection from the moment it loaded. This time when I rebooted, it looked good when it first loaded and up until near the end of the start process. I tried it again with the same result so it looks as if it thinks it's online when it first loads. I'm sure it is not online because the Intel PROset indicates that it is not yet connected. By the time the Intel PROset turns green to say it is connected to the network, the DING icon displays the no connection warning. Have no clue if this means anything.


----------



## Cookiegal (Aug 27, 2003)

Sounds like we're making some progress. I'll see if my colleagues have any other suggestions.


----------



## PTgirl (Jan 22, 2012)

Thanks, Cookiegal. I very much appreciate all of your help and that of your colleagues.


----------



## Cookiegal (Aug 27, 2003)

Another suggestion we'd like you to try is to do the following:

First, create a new system restore point.

To create a new restore point, click on *Start* - *All Programs* - *Accessories* - *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

Make sure you have anything of importance like documents, photos, etc. backed up to some external medial such as CDs or an external hard drive. This should always be done on a regular basis even if you're not having any problems with the computer.

Uninstall Service Pack 3 then reboot the machine and reinstall Service Pack 3.

Reboot once again and see if you can now connect.


----------



## PTgirl (Jan 22, 2012)

Hi Cookiegal,

You Rock! :up:

I got through your instructions to the point of uninstalling SP 3. I started the reboot and had to leave for an all day meeting. I arrived home to the lovely surprise of finding that my laptop had been online all day.  Thank you, thank you for having me reinstall Norton 360 for firewall and virus protection. While I was away, it even updated itself. Of course, I immediately tried to check email and found out that the version of IE SP 2 has is so old that it doesn't work well with current websites. I can type in the url line but I can't type anything into a webpage. Fortunately, I can click on things.

I am currently in the process of getting SP 3 back. It hasn't been as easy as it sounded. I kept getting error messages every time I tried to run the installation. Figured out that I needed a newer version of windows installer. Got that, and then still couldn't run the installation. Finally realized that since I can get online I could use the windows update site. There I found out that my SP 2 has to be updated before I can install SP 3. I just started a download of the 63 updates Microsoft says I need. This will take about an hour, and then I'll need to wait for SP 3 to download. I just couldn't wait any longer to tell you the news. 

I'll post again as soon as I finish this SP 3 process to verify that everything is working and that I can still get online. 

In the meantime, I don't think Norton 360 is the best firewall and virus protection for me, and it sure let me down in a big way this time. Now that you know my system far better than I ever will myself, what do you recommend I use in it's place?

Thank you, thank you, thank you, thank you! I was so sure my laptop was a lost cause, but you stuck with me and fixed it! You're amazing!


----------



## Cookiegal (Aug 27, 2003)

That is great news. :up: We were really running out of options. 

Among the paid anti-virus/firewall programs I think Kaspersky Internet Security and Eset Smart Security are the best ones. However, Kaspersky may weigh heavy on the system so if resources are an issue, I'd opt for Eset.

There are also free alternatives but I prefer to go with a paid program as it will have more features.

Please post a new HijackThis log when you can.


----------



## PTgirl (Jan 22, 2012)

Thanks for the advice - Eset sounds like the best for me. 

I'm about half way through the SP 2 updates. I will definitely post a HijackThis log once I get SP 3 back.

For spyware protection, should I reload Xoftspy SE or is there something else that would be better?


----------



## Cookiegal (Aug 27, 2003)

I would recommend MalwareBytes' Anti-Malware instead. In fact, once you're updated and have SP3 installed, please download and run MalwareBytes'. I will post the instructions here for you.

Please download Malwarebytes' Anti-Malware from *Here*.

Double Click *mbam-setup.exe* to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.*


----------



## PTgirl (Jan 22, 2012)

I will definitely do as you ask.
Do you want the HijackThis log run before or after MalwareBytes?


----------



## Cookiegal (Aug 27, 2003)

HijackThis run after MalwareBytes' would be best.


----------



## PTgirl (Jan 22, 2012)

Sorry for the delay. Microsoft held me hostage through two additional sets of SP 2 updates and then 3 more sets of SP 3 updates after SP 3 was installed.

I have discovered one area where online access is isn't working. When I click on a link in another program that should open my browser and show me a webpage, I get the error message:
*This operation has been canceled due to resrictions in effect on this computer. Please contact your system administrator.*

I am the only user and the sole administrator on my laptop. I'm sure there is some setting somewhere to fix this, but I can't find it. 
Two examples: When I first opened malwarebytes, I had the option of getting a trial of the full version. I clicked on the button to go to the website and got the error. Then to test it, I opened a Word document with a hyperlink, and when I clicked it, the same error message appeared.

(Is the free version of malwarebytes enough for my system, or do I need the full version?)

*mbam log*
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.13.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kathy :: YOUR-4105E587B6 [administrator]
2/12/2012 10:22:02 PM
mbam-log-2012-02-12 (22-22-02).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211630
Time elapsed: 18 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

*HijackThis (run after malwarebytes)*
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:42:52 PM, on 2/12/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Documents and Settings\Kathy.YOUR-4105E587B6\Desktop\connection problems\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/my?showdatasavepop=T
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Mininova-Vuze - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\prxtbMin0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WD Anywhere Backup] C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ASUS Ai Charger] C:\Program Files\ASUS\ASUS Ai Charger\AiChargerAP.exe
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [NortonUpdateAgent] C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9bfb059d9f398) (gupdate1c9bfb059d9f398) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: WeFi Engine Service (WefiEngSvc) - WeFi - C:\Program Files\WeFi\WefiEngSvc.exe
--
End of file - 11406 bytes


----------



## PTgirl (Jan 22, 2012)

I forgot to mention that for some reason, Internet Explorer is eating up my CPU to 100% and slowing everything down to a crawl. I reinstalled Google Chrome and am back to using it as my default browser.


----------



## Cookiegal (Aug 27, 2003)

OK, let's troubleshoot those problems one at a time.

The error message you describe often occurs if you've uninstalled Chrome. Since you've installed Chrome and set it as your default, try now setting IE as your default again and generally the links should now work. You can set it back to Chrome if you want but this is just to troubleshoot the problem. If that doesn't fix it, then I'll need you to export a couple of registry keys. I'll post the instructions now but it won't be necessary if the problem is fixed.

Go to *Start *- *Run *and copy and paste the following then click OK:

*regedit /e C:\lookLMhtml.txt "HKEY_Local_Machine\Software\Classes\htmlfile"*

You won't see anything happen and it will only take a second. You will find the report it creates at C:\lookLMhtml.txt. Please open it in Notepad and then copy and paste the report here.

Do the same for this one as well:

*regedit /e C:\lookCRhtml.txt "HKEY_CLASSES_ROOT \.html"*

The report will be named C:\lookCRhtml.txt.


----------



## PTgirl (Jan 22, 2012)

Thanks, Cookiegal, that fixed it. 
I've set the default back to Chrome because IE is still consuming my CPU.


----------



## Cookiegal (Aug 27, 2003)

OK. Let's run ComboFix but first remove the one you have by dragging it to the recycle bin. Then grab the latest version, disable your security programs, run a scan and post the log please.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.


----------



## PTgirl (Jan 22, 2012)

The first time I ran combofix it got all the way to preparing the log report, did nothing for a long time, then the laptop suddenly started shutting down and I couldn't stop it. When it rebooted, I looked for the C:\combofix.txt file, but by the date it was an old one and not the newly run log. Ran combofix again, and things went smoothly. Here is that report:

ComboFix 12-02-13.01 - Kathy 02/13/2012 20:18:04.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.475 [GMT -5:00]
Running from: c:\documents and settings\Kathy.YOUR-4105E587B6\Desktop\puppy.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-14 to 2012-02-14 )))))))))))))))))))))))))))))))
.
.
2012-02-14 01:09 . 2010-01-20 22:02	36400	----a-r-	c:\windows\system32\drivers\SymIM.sys
2012-02-14 01:07 . 2012-02-14 01:12	--------	d-----w-	c:\windows\LastGood
2012-02-13 21:55 . 2012-02-14 01:09	--------	d-----w-	c:\windows\system32\drivers\N360\0308030.006
2012-02-13 03:13 . 2012-02-13 03:13	--------	d-----w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\Malwarebytes
2012-02-13 03:12 . 2012-02-13 03:12	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-13 03:12 . 2012-02-13 03:14	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-13 03:12 . 2011-12-10 20:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-13 01:54 . 2012-02-13 02:01	--------	d-----w-	c:\windows\ServicePackFiles
2012-02-13 00:09 . 2012-02-13 00:42	--------	d-----w-	c:\windows\system32\drivers\N360\0308000.029
2012-02-12 23:16 . 2004-08-04 03:29	25471	------w-	c:\windows\system32\drivers\watv10nt.sys
2012-02-12 23:16 . 2004-08-04 03:29	22271	------w-	c:\windows\system32\drivers\watv06nt.sys
2012-02-12 23:16 . 2004-08-04 03:29	11935	------w-	c:\windows\system32\drivers\wadv11nt.sys
2012-02-12 23:16 . 2004-08-04 03:29	11871	------w-	c:\windows\system32\drivers\wadv09nt.sys
2012-02-12 23:16 . 2004-08-04 03:29	11807	------w-	c:\windows\system32\drivers\wadv07nt.sys
2012-02-12 23:16 . 2004-08-04 03:29	11295	------w-	c:\windows\system32\drivers\wadv08nt.sys
2012-02-12 23:16 . 2008-04-13 18:36	42240	------w-	c:\windows\system32\drivers\viaagp.sys
2012-02-12 23:14 . 2004-07-17 16:41	11053008	------w-	c:\program files\MSN\MSNCoreFiles\Install\MSN9Components\msncli.exe
2012-02-12 23:14 . 2008-04-14 00:11	81920	------w-	c:\windows\system32\ieencode.dll
2012-02-12 23:14 . 2004-08-04 03:41	1041536	------w-	c:\windows\system32\drivers\hsfdpsp2.sys
2012-02-12 23:14 . 2004-08-04 03:41	685056	------w-	c:\windows\system32\drivers\hsfcxts2.sys
2012-02-12 23:14 . 2004-08-04 03:41	220032	------w-	c:\windows\system32\drivers\hsfbs2s2.sys
2012-02-12 22:52 . 2008-06-13 11:05	272128	------w-	c:\windows\system32\dllcache\bthport.sys
2012-02-12 22:52 . 2008-06-13 11:05	272128	------w-	c:\windows\system32\drivers\bthport.sys
2012-02-10 00:36 . 2012-02-13 00:10	--------	d-----w-	c:\program files\Symantec
2012-02-10 00:36 . 2012-02-13 00:10	60808	----a-w-	c:\windows\system32\S32EVNT1.DLL
2012-02-10 00:36 . 2012-02-13 00:10	124976	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-10 00:35 . 2012-02-10 00:35	--------	d-----w-	c:\program files\Norton 360
2012-02-10 00:35 . 2012-02-10 00:35	--------	d-----w-	c:\program files\NortonInstaller
2012-02-08 16:33 . 2012-02-08 16:33	--------	d-----w-	c:\program files\VS Revo Group
2012-02-02 01:42 . 2006-08-23 16:48	53248	----a-w-	c:\windows\iwlanver.dll
2012-02-02 01:42 . 2012-02-02 01:42	--------	d-----w-	c:\documents and settings\NetworkService\Application Data\Intel
2012-02-02 01:42 . 2012-02-02 01:42	--------	d-----w-	c:\documents and settings\LocalService\Application Data\Intel
2012-02-02 01:42 . 2012-02-02 01:42	--------	d-----w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\Intel
2012-02-02 01:41 . 2012-02-02 01:41	21419	----a-w-	c:\windows\system32\drivers\AegisP.sys
2012-02-02 01:41 . 2012-02-02 01:41	--------	d-----w-	c:\documents and settings\All Users\Application Data\Intel
2012-01-21 22:05 . 2012-01-21 22:05	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-01-17 05:22 . 2008-04-14 00:12	116224	----a-w-	c:\windows\system32\dllcache\xrxwiadr.dll
2012-01-17 05:22 . 2001-08-18 03:36	23040	----a-w-	c:\windows\system32\dllcache\xrxwbtmp.dll
2012-01-17 05:22 . 2008-04-14 00:12	18944	----a-w-	c:\windows\system32\dllcache\xrxscnui.dll
2012-01-17 05:22 . 2001-08-18 03:37	27648	----a-w-	c:\windows\system32\dllcache\xrxftplt.exe
2012-01-17 05:21 . 2001-08-18 03:37	4608	----a-w-	c:\windows\system32\dllcache\xrxflnch.exe
2012-01-17 05:21 . 2001-08-18 03:37	99865	----a-w-	c:\windows\system32\dllcache\xlog.exe
2012-01-17 05:21 . 2001-08-17 17:11	16970	----a-w-	c:\windows\system32\dllcache\xem336n5.sys
2012-01-17 05:21 . 2004-08-04 03:29	19455	----a-w-	c:\windows\system32\dllcache\wvchntxx.sys
2012-01-17 05:21 . 2008-04-13 18:46	19200	----a-w-	c:\windows\system32\dllcache\wstcodec.sys
2012-01-17 05:21 . 2004-08-04 03:29	12063	----a-w-	c:\windows\system32\dllcache\wsiintxx.sys
2012-01-17 05:21 . 2004-08-04 03:31	154624	----a-w-	c:\windows\system32\dllcache\wlluc48.sys
2012-01-17 05:21 . 2001-08-17 17:12	34890	----a-w-	c:\windows\system32\dllcache\wlandrv2.sys
2012-01-17 05:19 . 2001-08-17 18:28	604253	----a-w-	c:\windows\system32\dllcache\vmodem.sys
2012-01-17 05:18 . 2001-08-18 03:36	28160	----a-w-	c:\windows\system32\dllcache\umaxu40.dll
2012-01-17 05:17 . 2001-08-17 19:56	440576	----a-w-	c:\windows\system32\dllcache\tridkb.dll
2012-01-17 05:16 . 2001-08-17 17:13	17129	----a-w-	c:\windows\system32\dllcache\tdkcd31.sys
2012-01-17 05:15 . 2001-08-18 03:36	53760	----a-w-	c:\windows\system32\dllcache\sw_wheel.dll
2012-01-17 05:14 . 2001-08-17 17:51	20752	----a-w-	c:\windows\system32\dllcache\sonync.sys
2012-01-17 05:13 . 2001-08-17 17:12	94698	----a-w-	c:\windows\system32\dllcache\sk98xwin.sys
2012-01-17 05:12 . 2001-08-17 18:53	6912	----a-w-	c:\windows\system32\dllcache\seaddsmc.sys
2012-01-17 05:11 . 2001-08-17 19:56	182272	----a-w-	c:\windows\system32\dllcache\s3mt3d.dll
2012-01-17 05:10 . 2001-08-18 03:36	41472	----a-w-	c:\windows\system32\dllcache\qvusd.dll
2012-01-17 05:09 . 2001-08-17 18:53	7168	----a-w-	c:\windows\system32\dllcache\pnrmc.sys
2012-01-17 05:08 . 2001-08-17 17:12	30495	----a-w-	c:\windows\system32\dllcache\pc100nds.sys
2012-01-17 05:07 . 2001-08-17 17:50	198144	----a-w-	c:\windows\system32\dllcache\nv3.sys
2012-01-17 05:06 . 2008-04-13 18:46	85248	----a-w-	c:\windows\system32\dllcache\nabtsfec.sys
2012-01-17 05:05 . 2001-08-17 18:48	12416	----a-w-	c:\windows\system32\dllcache\msriffwv.sys
2012-01-17 05:04 . 2001-08-17 18:58	8320	----a-w-	c:\windows\system32\dllcache\memcard.sys
2012-01-17 05:03 . 2001-08-17 17:12	19016	----a-w-	c:\windows\system32\dllcache\ktc111.sys
2012-01-17 05:02 . 2001-08-18 03:36	90200	----a-w-	c:\windows\system32\dllcache\io8ports.dll
2012-01-17 05:01 . 2001-08-17 19:06	38528	----a-w-	c:\windows\system32\dllcache\ibmvcap.sys
2012-01-17 05:00 . 2001-08-18 03:36	19456	----a-w-	c:\windows\system32\dllcache\hr1w.dll
2012-01-17 04:59 . 2008-04-13 18:45	59136	----a-w-	c:\windows\system32\dllcache\gckernel.sys
2012-01-17 04:58 . 2001-08-17 17:12	16998	----a-w-	c:\windows\system32\dllcache\ex10.sys
2012-01-17 04:57 . 2001-08-17 18:28	241206	----a-w-	c:\windows\system32\dllcache\el656se5.sys
2012-01-17 04:56 . 2001-08-18 03:36	102484	----a-w-	c:\windows\system32\dllcache\digiinf.dll
2012-01-17 04:55 . 2001-08-17 18:50	14848	----a-w-	c:\windows\system32\dllcache\cyclom-y.sys
2012-01-17 04:54 . 2001-08-18 03:36	236032	----a-w-	c:\windows\system32\dllcache\camext20.dll
2012-01-17 04:53 . 2008-04-13 18:46	13696	----a-w-	c:\windows\system32\dllcache\avcstrm.sys
2012-01-17 04:52 . 2001-08-17 19:56	66048	----a-w-	c:\windows\system32\dllcache\s3legacy.dll
2012-01-16 22:28 . 2012-01-20 23:32	--------	d-----w-	c:\windows\system32\MpEngineStore
2012-01-16 18:12 . 2012-01-16 18:12	--------	d-----w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\Immunet
2012-01-16 18:12 . 2012-01-17 01:12	--------	d-----w-	c:\documents and settings\All Users\Immunet
2012-01-16 02:05 . 2012-01-16 02:05	664	----a-w-	c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 05:51 . 2006-09-29 00:00	82944	-c--a-w-	c:\windows\system32\drivers\WudfRd.sys
2011-11-23 13:25 . 2008-12-05 19:43	1859584	----a-w-	c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-04 08:00	60416	----a-w-	c:\windows\system32\packager.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-14_00.48.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-14 01:11 . 2012-02-14 01:11	16384 c:\windows\Temp\Perflib_Perfdata_6f8.dat
+ 2012-02-14 01:07 . 2010-01-20 22:02	36400 c:\windows\LastGood\system32\DRIVERS\SymIM.sys
+ 2004-08-07 13:02 . 2012-02-14 01:05	364912 c:\windows\system32\FNTCACHE.DAT
- 2004-08-07 13:02 . 2012-02-13 02:34	364912 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
2011-01-17 14:54	175912	----a-w-	c:\program files\Mininova-Vuze\prxtbMin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-11-18 01:10	194848	----a-w-	c:\program files\Yontoo\YontooIEClient.dll
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D51D388B-F5DC-471A-A1CE-5E2D671091C0}"= "c:\program files\Mininova-Vuze\prxtbMin0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonUpdateAgent"="c:\documents and settings\All Users\Application Data\Norton\NUA.exe" [2011-10-12 2697656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-23 1434920]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 790528]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2009-04-17 197856]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-02-19 438272]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"ASUS Ai Charger"="c:\program files\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Kathy.YOUR-4105E587B6\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13	64592	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55	937920	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 22:57	86016	-c--a-w-	c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher]
2009-11-24 06:03	906640	----a-w-	c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24	54840	-c--a-w-	c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-12 00:01	46368	-c--a-w-	c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54	253952	-c--a-w-	c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MioNet]
2008-01-14 19:16	32768	-c--a-r-	c:\program files\MioNet\MioNetLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12	1695232	----a-w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-03-24 03:28	2937528	----a-w-	c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-12 00:03	29984	-c--a-w-	c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoSysTray]
2011-01-05 23:19	15752	----a-w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Plaxo\3.25.0.87\plaxosystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
2011-01-05 23:19	813448	----a-w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 14:01	328992	-c--a-w-	c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
2011-06-02 09:42	67456	----a-w-	c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07	2260480	-csha-r-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49	249064	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-14 04:12	39408	-c--a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SSScsiSV"=3 (0x3)
"SonicStage Back-End Service"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"ose"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"MioNet"=3 (0x3)
"MemeoBackgroundService"=2 (0x2)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9bfb059d9f398"=2 (0x2)
"WDBtnMgrSvc.exe"=2 (0x2)
"LBTServ"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 AiCharger;ASUS Charger Driver;c:\windows\system32\drivers\AiCharger.sys [12/26/2011 11:49 PM 13224]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308030.006\SymEFA.sys [2/13/2012 4:57 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308030.006\BHDrvx86.sys [2/13/2012 4:57 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308030.006\cchpx86.sys [2/13/2012 4:57 PM 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120210.002\IDSXpx86.sys [2/10/2012 4:27 PM 356280]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/13/2009 3:56 PM 10448]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe [2/13/2012 4:56 PM 117648]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [11/27/2010 12:55 AM 398176]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2/19/2008 2:15 AM 106496]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/11/2012 4:00 AM 106104]
S2 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [2/16/2009 4:30 PM 355840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1c9bfb059d9f398;Google Update Service (gupdate1c9bfb059d9f398);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 6:00 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 6:00 PM 133104]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [11/17/2009 5:16 AM 140632]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [4/17/2009 12:51 PM 25824]
S4 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [1/14/2008 2:14 PM 139264]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2012-02-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-14 16:58]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 22:59]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 22:59]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-732144715-682409029-181207730-1009Core.job
- c:\documents and settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-13 15:34]
.
2012-02-13 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]
.
2012-01-29 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]
.
2012-02-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-732144715-682409029-181207730-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-02-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-732144715-682409029-181207730-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2011-05-12 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-15 08:26]
.
2011-12-15 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-12-15 20:28]
.
2012-02-14 c:\windows\Tasks\User_Feed_Synchronization-{5C259D8B-DEA8-464E-BEEA-F83CE1340DE9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.weather.com/weather/my?showdatasavepop=T
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-13 20:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?0?2?9??????? ?,?B?????????????hLC? ?????? 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\09\01\1a\017\04?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1172)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(1436)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-13 20:36:37
ComboFix-quarantined-files.txt 2012-02-14 01:36
ComboFix2.txt 2012-02-14 00:52
ComboFix3.txt 2012-01-31 04:26
ComboFix4.txt 2012-01-24 01:02
ComboFix5.txt 2012-02-14 01:16
.
Pre-Run: 14,913,536,000 bytes free
Post-Run: 14,895,042,560 bytes free
.
- - End Of File - - 664DFFA9C2644FC631FA739D408E5238


----------



## Cookiegal (Aug 27, 2003)

It looks like other logs were created but in a different folder. Please post these logs:

C:\qoobox\ComboFix2.txt 
C:\qoobox\ComboFix5.txt


----------



## PTgirl (Jan 22, 2012)

Just amazed by how you know these things. ComboFix2 was too big so it is zipped and attached.

Here is* ComboFix5*

ComboFix 12-01-23.02 - Kathy 01/23/2012 18:39:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.626 [GMT -5:00]
Running from: c:\documents and settings\Kathy.YOUR-4105E587B6\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kathy.YOUR-4105E587B6\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\All Users\Application Data\tmp55.tmp
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Kathy.YOUR-4105E587B6\WINDOWS
c:\windows\$NtUninstallKB62280$
c:\windows\$NtUninstallKB62280$\2496955262
c:\windows\$NtUninstallKB62280$\485945278\@
c:\windows\$NtUninstallKB62280$\485945278\bckfg.tmp
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
c:\windows\$NtUninstallKB62280$\485945278\keywords
c:\windows\$NtUninstallKB62280$\485945278\kwrd.dll
c:\windows\$NtUninstallKB62280$\485945278\L\yaywbcos
c:\windows\$NtUninstallKB62280$\485945278\U\[email protected]
c:\windows\$NtUninstallKB62280$\485945278\U\[email protected]
c:\windows\$NtUninstallKB62280$\485945278\U\[email protected]
c:\windows\$NtUninstallKB62280$\485945278\U\[email protected]
c:\windows\$NtUninstallKB62280$\485945278\U\[email protected]
c:\windows\$NtUninstallKB62280$\485945278\U\[email protected]
c:\windows\system32\ndisapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
.
.
2012-01-21 22:05 . 2012-01-21 22:05	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-01-17 05:51 . 2004-08-04 08:00	138496	----a-w-	c:\windows\system32\drivers\afd.sys
2012-01-17 05:51 . 2004-08-04 08:00	138496	----a-w-	c:\windows\system32\dllcache\afd.sys
2012-01-17 04:56 . 2001-08-18 03:36	27648	----a-w-	c:\windows\system32\dllcache\cyzports.dll
2012-01-17 04:56 . 2001-08-17 18:50	49792	----a-w-	c:\windows\system32\dllcache\cyzport.sys
2012-01-17 04:56 . 2001-08-18 03:36	27136	----a-w-	c:\windows\system32\dllcache\cyzcoins.dll
2012-01-17 04:56 . 2001-08-18 03:36	27648	----a-w-	c:\windows\system32\dllcache\cyyports.dll
2012-01-17 04:56 . 2001-08-17 18:50	50176	----a-w-	c:\windows\system32\dllcache\cyyport.sys
2012-01-17 04:56 . 2001-08-18 03:36	28672	----a-w-	c:\windows\system32\dllcache\cyycoins.dll
2012-01-17 04:54 . 2001-08-18 03:36	236032	----a-w-	c:\windows\system32\dllcache\camext20.dll
2012-01-17 04:53 . 2008-04-13 18:46	13696	----a-w-	c:\windows\system32\dllcache\avcstrm.sys
2012-01-16 22:28 . 2012-01-20 23:32	--------	d-----w-	c:\windows\system32\MpEngineStore
2012-01-16 18:12 . 2012-01-16 18:12	--------	d-----w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\Immunet
2012-01-16 18:12 . 2012-01-17 01:12	--------	d-----w-	c:\documents and settings\All Users\Immunet
2012-01-16 02:05 . 2012-01-16 02:05	664	----a-w-	c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2012-01-12 05:59 . 2012-01-12 05:59	--------	d-----w-	c:\program files\KingsIsle Entertainment
2011-12-27 04:49 . 2010-05-05 21:38	13224	----a-w-	c:\windows\system32\drivers\AiCharger.sys
2011-12-27 04:49 . 2011-12-27 04:49	--------	d-----w-	c:\program files\ASUS
2011-12-26 06:34 . 2011-12-26 06:34	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-12-26 06:34 . 2011-12-26 06:34	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-12-26 06:34 . 2011-12-26 06:34	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-12-26 06:34 . 2011-12-26 06:34	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-12-26 06:34 . 2011-12-26 06:34	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-12-26 06:34 . 2011-12-26 06:34	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-12-26 06:33 . 2011-12-26 06:34	--------	d-----w-	c:\program files\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 05:51 . 2006-09-29 00:00	82944	-c--a-w-	c:\windows\system32\drivers\WudfRd.sys
2011-11-25 21:57 . 2004-08-04 08:00	293376	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-04 08:00	1859584	----a-w-	c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-04 08:00	60416	----a-w-	c:\windows\system32\packager.exe
2011-11-04 19:20 . 2004-08-04 08:00	916992	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 08:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 08:00	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 08:00	385024	----a-w-	c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-04 08:00	386048	----a-w-	c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-04 08:00	1292288	----a-w-	c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-04 08:00	1288704	----a-w-	c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 08:00	33280	----a-w-	c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Freecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 17:47	333192	----a-w-	c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
2011-01-17 14:54	175912	----a-w-	c:\program files\Mininova-Vuze\prxtbMin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-11-18 01:10	194848	----a-w-	c:\program files\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d51d388b-f5dc-471a-a1ce-5e2d671091c0}"= "c:\program files\Mininova-Vuze\prxtbMin0.dll" [2011-01-17 175912]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D51D388B-F5DC-471A-A1CE-5E2D671091C0}"= "c:\program files\Mininova-Vuze\prxtbMin0.dll" [2011-01-17 175912]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedUpMyPC"="c:\progra~1\Uniblue\SpeedUpMyPC\launcher.exe" [2011-10-19 67960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-23 1434920]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 790528]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2009-04-17 197856]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-02-19 438272]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"ASUS Ai Charger"="c:\program files\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Kathy.YOUR-4105E587B6\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13	64592	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55	937920	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 22:57	86016	-c--a-w-	c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher]
2009-11-24 06:03	906640	----a-w-	c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
2010-06-26 17:09	167936	----a-w-	c:\program files\Freecorder\FLVSrvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24	54840	-c--a-w-	c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-12 00:01	46368	-c--a-w-	c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54	253952	-c--a-w-	c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MioNet]
2008-01-14 19:16	32768	-c--a-r-	c:\program files\MioNet\MioNetLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12	1695232	-csh--w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-03-24 03:28	2937528	----a-w-	c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-12 00:03	29984	-c--a-w-	c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoSysTray]
2011-01-05 23:19	15752	----a-w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Plaxo\3.25.0.87\plaxosystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
2011-01-05 23:19	813448	----a-w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 14:01	328992	-c--a-w-	c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
2011-06-02 09:42	67456	----a-w-	c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07	2260480	-csha-r-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49	249064	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-14 04:12	39408	-c--a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SSScsiSV"=3 (0x3)
"SonicStage Back-End Service"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"ose"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"MioNet"=3 (0x3)
"MemeoBackgroundService"=2 (0x2)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9bfb059d9f398"=2 (0x2)
"WDBtnMgrSvc.exe"=2 (0x2)
"LBTServ"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Brother\\Brmfl08b\\FAXRX.exe"=
"c:\\Program Files\\MioNet\\MioNetManager.exe"=
"c:\\Program Files\\MioNet\\jvm\\bin\\MioNet.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Kathy.YOUR-4105E587B6\\My Documents\\Computer Downloads\\PDFConverterSetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
"57448:TCP"= 57448:TCPando Media Booster
"57448:UDP"= 57448:UDPando Media Booster
.
R0 AiCharger;ASUS Charger Driver;c:\windows\system32\drivers\AiCharger.sys [12/26/2011 11:49 PM 13224]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [5/23/2011 3:45 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [5/23/2011 3:45 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx86.sys [11/30/2011 9:25 PM 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [5/23/2011 3:45 PM 136312]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [12/19/2009 8:56 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [12/19/2009 8:57 PM 234888]
R2 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [2/16/2009 4:30 PM 355840]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/13/2009 3:56 PM 10448]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [5/23/2011 3:45 PM 130008]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [11/27/2010 12:55 AM 398176]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2/19/2008 2:15 AM 106496]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/10/2011 5:12 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120113.002\IDSXpx86.sys [1/13/2012 9:45 PM 356280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1c9bfb059d9f398;Google Update Service (gupdate1c9bfb059d9f398);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 6:00 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 6:00 PM 133104]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [11/17/2009 5:16 AM 140632]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [9/29/2010 1:43 PM 582424]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [4/17/2009 12:51 PM 25824]
S4 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [1/14/2008 2:14 PM 139264]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NDISRD
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2012-01-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-14 16:58]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 22:59]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 22:59]
.
2011-05-06 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]
.
2012-01-23 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]
.
2012-01-15 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]
.
2012-01-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-732144715-682409029-181207730-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-01-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-732144715-682409029-181207730-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2011-05-12 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-15 08:26]
.
2011-12-15 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-12-15 20:28]
.
2012-01-24 c:\windows\Tasks\User_Feed_Synchronization-{5C259D8B-DEA8-464E-BEEA-F83CE1340DE9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
2012-01-18 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2010-09-29 18:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.weather.com/weather/my?showdatasavepop=T
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-23 19:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????O?n??|?????? ?,?B?????????????hLC? ?????? 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\09\01\1a\017\04?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(544)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(4176)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\wscntfy.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\HPQ\SHARED\HPQWMI.exe
c:\progra~1\Uniblue\SpeedUpMyPC\sump.exe
c:\program files\WD\WD Anywhere Backup\MemeoBackup.exe
.
**************************************************************************
.
Completion time: 2012-01-23 19:13:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-24 00:13
.
Pre-Run: 3,596,836,864 bytes free
Post-Run: 4,717,146,112 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - 80439128C9EA0BCEC7DB6C45FA9BE10C


----------



## Cookiegal (Aug 27, 2003)

Thanks. The second one was longer because of the Snapshot section so I deleted that portion and am posting the rest here for easier reference.

ComboFix 12-02-13.01 - Kathy 02/13/2012 19:28:39.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.417 [GMT -5:00]
Running from: c:\documents and settings\Kathy.YOUR-4105E587B6\Desktop\puppy.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong
c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\PriceGong\Data\mru.xml
c:\windows\system32\_000018_.tmp.dll
c:\windows\system32\_000019_.tmp.dll
c:\windows\system32\_000020_.tmp.dll
c:\windows\system32\_000021_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\SET124.tmp
c:\windows\system32\SET125.tmp
c:\windows\system32\SET126.tmp
c:\windows\system32\SET12A.tmp
c:\windows\system32\SET136.tmp
c:\windows\system32\SET13A.tmp
c:\windows\system32\SET140.tmp
c:\windows\system32\SET144.tmp
c:\windows\system32\SET149.tmp
c:\windows\system32\SET158.tmp
c:\windows\system32\SET167.tmp
c:\windows\system32\SET8D.tmp
c:\windows\system32\SETBA.tmp
c:\windows\system32\SETBF.tmp
c:\windows\system32\SETC0.tmp
c:\windows\system32\SETC1.tmp
c:\windows\system32\SETDA.tmp
c:\windows\system32\SETE7.tmp
c:\windows\system32\SETF9.tmp
c:\windows\system32\SETFE.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-14 to 2012-02-14 )))))))))))))))))))))))))))))))
.
.
2012-02-13 22:03 . 2010-07-12 12:55	218112	----a-w-	c:\program files\Windows NT\Accessories\SET120.tmp
2012-02-13 22:02 . 2010-11-09 14:52	200704	----a-w-	c:\program files\Common Files\System\ado\SETE9.tmp
2012-02-13 22:02 . 2010-11-09 14:52	102400	----a-w-	c:\program files\Common Files\System\ado\SETE8.tmp
2012-02-13 22:02 . 2010-11-09 14:52	180224	----a-w-	c:\program files\Common Files\System\ado\SETEA.tmp
2012-02-13 22:02 . 2010-11-08 12:41	81920	----a-w-	c:\program files\Common Files\System\ado\SETED.tmp
2012-02-13 22:02 . 2010-11-08 12:41	81920	----a-w-	c:\program files\Common Files\System\ado\SETEC.tmp
2012-02-13 22:02 . 2010-11-08 12:41	61440	----a-w-	c:\program files\Common Files\System\ado\SETEE.tmp
2012-02-13 22:02 . 2010-11-09 14:52	536576	----a-w-	c:\program files\Common Files\System\ado\SETF0.tmp
2012-02-13 22:02 . 2010-11-08 12:41	61440	----a-w-	c:\program files\Common Files\System\ado\SETEF.tmp
2012-02-13 21:55 . 2012-02-13 21:57	--------	d-----w-	c:\windows\system32\drivers\N360\0308030.006
2012-02-13 21:51 . 2012-02-13 21:51	--------	d-----w-	c:\windows\LastGood
2012-02-13 03:13 . 2012-02-13 03:13	--------	d-----w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\Malwarebytes
2012-02-13 03:12 . 2012-02-13 03:12	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-13 03:12 . 2012-02-13 03:14	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-13 03:12 . 2011-12-10 20:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-13 01:54 . 2012-02-13 02:01	--------	d-----w-	c:\windows\ServicePackFiles
2012-02-13 00:41 . 2010-01-20 22:02	36400	----a-r-	c:\windows\system32\drivers\SymIM.sys
2012-02-13 00:09 . 2012-02-13 00:42	--------	d-----w-	c:\windows\system32\drivers\N360\0308000.029
2012-02-12 23:16 . 2004-08-04 03:29	25471	------w-	c:\windows\system32\drivers\watv10nt.sys
2012-02-12 23:16 . 2004-08-04 03:29	22271	------w-	c:\windows\system32\drivers\watv06nt.sys
2012-02-12 23:16 . 2004-08-04 03:29	11935	------w-	c:\windows\system32\drivers\wadv11nt.sys
2012-02-12 23:16 . 2004-08-04 03:29	11871	------w-	c:\windows\system32\drivers\wadv09nt.sys
2012-02-12 23:16 . 2004-08-04 03:29	11807	------w-	c:\windows\system32\drivers\wadv07nt.sys
2012-02-12 23:16 . 2004-08-04 03:29	11295	------w-	c:\windows\system32\drivers\wadv08nt.sys
2012-02-12 23:16 . 2008-04-13 18:36	42240	------w-	c:\windows\system32\drivers\viaagp.sys
2012-02-12 23:14 . 2004-07-17 16:41	11053008	------w-	c:\program files\MSN\MSNCoreFiles\Install\MSN9Components\msncli.exe
2012-02-12 23:14 . 2008-04-14 00:11	81920	------w-	c:\windows\system32\ieencode.dll
2012-02-12 23:14 . 2004-08-04 03:41	1041536	------w-	c:\windows\system32\drivers\hsfdpsp2.sys
2012-02-12 23:14 . 2004-08-04 03:41	685056	------w-	c:\windows\system32\drivers\hsfcxts2.sys
2012-02-12 23:14 . 2004-08-04 03:41	220032	------w-	c:\windows\system32\drivers\hsfbs2s2.sys
2012-02-12 22:52 . 2008-06-13 11:05	272128	------w-	c:\windows\system32\dllcache\bthport.sys
2012-02-12 22:52 . 2008-06-13 11:05	272128	------w-	c:\windows\system32\drivers\bthport.sys
2012-02-10 00:36 . 2012-02-13 00:10	--------	d-----w-	c:\program files\Symantec
2012-02-10 00:36 . 2012-02-13 00:10	60808	----a-w-	c:\windows\system32\S32EVNT1.DLL
2012-02-10 00:36 . 2012-02-13 00:10	124976	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-10 00:35 . 2012-02-10 00:35	--------	d-----w-	c:\program files\Norton 360
2012-02-10 00:35 . 2012-02-10 00:35	--------	d-----w-	c:\program files\NortonInstaller
2012-02-08 16:33 . 2012-02-08 16:33	--------	d-----w-	c:\program files\VS Revo Group
2012-02-02 01:42 . 2006-08-23 16:48	53248	----a-w-	c:\windows\iwlanver.dll
2012-02-02 01:42 . 2012-02-02 01:42	--------	d-----w-	c:\documents and settings\NetworkService\Application Data\Intel
2012-02-02 01:42 . 2012-02-02 01:42	--------	d-----w-	c:\documents and settings\LocalService\Application Data\Intel
2012-02-02 01:42 . 2012-02-02 01:42	--------	d-----w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\Intel
2012-02-02 01:41 . 2012-02-02 01:41	21419	----a-w-	c:\windows\system32\drivers\AegisP.sys
2012-02-02 01:41 . 2012-02-02 01:41	--------	d-----w-	c:\documents and settings\All Users\Application Data\Intel
2012-01-21 22:05 . 2012-01-21 22:05	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-01-17 05:22 . 2008-04-14 00:12	116224	----a-w-	c:\windows\system32\dllcache\xrxwiadr.dll
2012-01-17 05:22 . 2001-08-18 03:36	23040	----a-w-	c:\windows\system32\dllcache\xrxwbtmp.dll
2012-01-17 05:22 . 2008-04-14 00:12	18944	----a-w-	c:\windows\system32\dllcache\xrxscnui.dll
2012-01-17 05:22 . 2001-08-18 03:37	27648	----a-w-	c:\windows\system32\dllcache\xrxftplt.exe
2012-01-17 05:21 . 2001-08-18 03:37	4608	----a-w-	c:\windows\system32\dllcache\xrxflnch.exe
2012-01-17 05:21 . 2001-08-18 03:37	99865	----a-w-	c:\windows\system32\dllcache\xlog.exe
2012-01-17 05:21 . 2001-08-17 17:11	16970	----a-w-	c:\windows\system32\dllcache\xem336n5.sys
2012-01-17 05:21 . 2004-08-04 03:29	19455	----a-w-	c:\windows\system32\dllcache\wvchntxx.sys
2012-01-17 05:21 . 2008-04-13 18:46	19200	----a-w-	c:\windows\system32\dllcache\wstcodec.sys
2012-01-17 05:21 . 2004-08-04 03:29	12063	----a-w-	c:\windows\system32\dllcache\wsiintxx.sys
2012-01-17 05:21 . 2004-08-04 03:31	154624	----a-w-	c:\windows\system32\dllcache\wlluc48.sys
2012-01-17 05:21 . 2001-08-17 17:12	34890	----a-w-	c:\windows\system32\dllcache\wlandrv2.sys
2012-01-17 05:19 . 2001-08-17 18:28	604253	----a-w-	c:\windows\system32\dllcache\vmodem.sys
2012-01-17 05:18 . 2001-08-18 03:36	28160	----a-w-	c:\windows\system32\dllcache\umaxu40.dll
2012-01-17 05:17 . 2001-08-17 19:56	440576	----a-w-	c:\windows\system32\dllcache\tridkb.dll
2012-01-17 05:16 . 2001-08-17 17:13	17129	----a-w-	c:\windows\system32\dllcache\tdkcd31.sys
2012-01-17 05:15 . 2001-08-18 03:36	53760	----a-w-	c:\windows\system32\dllcache\sw_wheel.dll
2012-01-17 05:14 . 2001-08-17 17:51	20752	----a-w-	c:\windows\system32\dllcache\sonync.sys
2012-01-17 05:13 . 2001-08-17 17:12	94698	----a-w-	c:\windows\system32\dllcache\sk98xwin.sys
2012-01-17 05:12 . 2001-08-17 18:53	6912	----a-w-	c:\windows\system32\dllcache\seaddsmc.sys
2012-01-17 05:11 . 2001-08-17 19:56	182272	----a-w-	c:\windows\system32\dllcache\s3mt3d.dll
2012-01-17 05:10 . 2001-08-18 03:36	41472	----a-w-	c:\windows\system32\dllcache\qvusd.dll
2012-01-17 05:09 . 2001-08-17 18:53	7168	----a-w-	c:\windows\system32\dllcache\pnrmc.sys
2012-01-17 05:08 . 2001-08-17 17:12	30495	----a-w-	c:\windows\system32\dllcache\pc100nds.sys
2012-01-17 05:07 . 2001-08-17 17:50	198144	----a-w-	c:\windows\system32\dllcache\nv3.sys
2012-01-17 05:06 . 2008-04-13 18:46	85248	----a-w-	c:\windows\system32\dllcache\nabtsfec.sys
2012-01-17 05:05 . 2001-08-17 18:48	12416	----a-w-	c:\windows\system32\dllcache\msriffwv.sys
2012-01-17 05:04 . 2001-08-17 18:58	8320	----a-w-	c:\windows\system32\dllcache\memcard.sys
2012-01-17 05:03 . 2001-08-17 17:12	19016	----a-w-	c:\windows\system32\dllcache\ktc111.sys
2012-01-17 05:02 . 2001-08-18 03:36	90200	----a-w-	c:\windows\system32\dllcache\io8ports.dll
2012-01-17 05:01 . 2001-08-17 19:06	38528	----a-w-	c:\windows\system32\dllcache\ibmvcap.sys
2012-01-17 05:00 . 2001-08-18 03:36	19456	----a-w-	c:\windows\system32\dllcache\hr1w.dll
2012-01-17 04:59 . 2008-04-13 18:45	59136	----a-w-	c:\windows\system32\dllcache\gckernel.sys
2012-01-17 04:58 . 2001-08-17 17:12	16998	----a-w-	c:\windows\system32\dllcache\ex10.sys
2012-01-17 04:57 . 2001-08-17 18:28	241206	----a-w-	c:\windows\system32\dllcache\el656se5.sys
2012-01-17 04:56 . 2001-08-18 03:36	102484	----a-w-	c:\windows\system32\dllcache\digiinf.dll
2012-01-17 04:55 . 2001-08-17 18:50	14848	----a-w-	c:\windows\system32\dllcache\cyclom-y.sys
2012-01-17 04:54 . 2001-08-18 03:36	236032	----a-w-	c:\windows\system32\dllcache\camext20.dll
2012-01-17 04:53 . 2008-04-13 18:46	13696	----a-w-	c:\windows\system32\dllcache\avcstrm.sys
2012-01-17 04:52 . 2001-08-17 19:56	66048	----a-w-	c:\windows\system32\dllcache\s3legacy.dll
2012-01-16 22:28 . 2012-01-20 23:32	--------	d-----w-	c:\windows\system32\MpEngineStore
2012-01-16 18:12 . 2012-01-16 18:12	--------	d-----w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\Immunet
2012-01-16 18:12 . 2012-01-17 01:12	--------	d-----w-	c:\documents and settings\All Users\Immunet
2012-01-16 02:05 . 2012-01-16 02:05	664	----a-w-	c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 05:51 . 2006-09-29 00:00	82944	-c--a-w-	c:\windows\system32\drivers\WudfRd.sys
2011-11-23 13:25 . 2008-12-05 19:43	1859584	----a-w-	c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-04 08:00	60416	----a-w-	c:\windows\system32\packager.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
2011-01-17 14:54	175912	----a-w-	c:\program files\Mininova-Vuze\prxtbMin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-11-18 01:10	194848	----a-w-	c:\program files\Yontoo\YontooIEClient.dll
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D51D388B-F5DC-471A-A1CE-5E2D671091C0}"= "c:\program files\Mininova-Vuze\prxtbMin0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonUpdateAgent"="c:\documents and settings\All Users\Application Data\Norton\NUA.exe" [2011-10-12 2697656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-23 1434920]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 790528]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2009-04-17 197856]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-02-19 438272]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"ASUS Ai Charger"="c:\program files\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Kathy.YOUR-4105E587B6\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13	64592	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55	937920	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 22:57	86016	-c--a-w-	c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher]
2009-11-24 06:03	906640	----a-w-	c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24	54840	-c--a-w-	c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-12 00:01	46368	-c--a-w-	c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54	253952	-c--a-w-	c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MioNet]
2008-01-14 19:16	32768	-c--a-r-	c:\program files\MioNet\MioNetLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12	1695232	----a-w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-03-24 03:28	2937528	----a-w-	c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-12 00:03	29984	-c--a-w-	c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoSysTray]
2011-01-05 23:19	15752	----a-w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Plaxo\3.25.0.87\plaxosystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
2011-01-05 23:19	813448	----a-w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 14:01	328992	-c--a-w-	c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
2011-06-02 09:42	67456	----a-w-	c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07	2260480	-csha-r-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49	249064	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-14 04:12	39408	-c--a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SSScsiSV"=3 (0x3)
"SonicStage Back-End Service"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"ose"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"MioNet"=3 (0x3)
"MemeoBackgroundService"=2 (0x2)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9bfb059d9f398"=2 (0x2)
"WDBtnMgrSvc.exe"=2 (0x2)
"LBTServ"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 AiCharger;ASUS Charger Driver;c:\windows\system32\drivers\AiCharger.sys [12/26/2011 11:49 PM 13224]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308030.006\SymEFA.sys [2/13/2012 4:57 PM 310320]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120210.002\IDSXpx86.sys [2/10/2012 4:27 PM 356280]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/13/2009 3:56 PM 10448]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe [2/13/2012 4:56 PM 117648]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [11/27/2010 12:55 AM 398176]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2/19/2008 2:15 AM 106496]
R3 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/12/2012 7:10 PM 259632]
R3 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/12/2012 7:10 PM 482432]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/11/2012 4:00 AM 106104]
S2 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [2/16/2009 4:30 PM 355840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1c9bfb059d9f398;Google Update Service (gupdate1c9bfb059d9f398);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 6:00 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 6:00 PM 133104]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [11/17/2009 5:16 AM 140632]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [4/17/2009 12:51 PM 25824]
S4 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [1/14/2008 2:14 PM 139264]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2012-02-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-14 16:58]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 22:59]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 22:59]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-732144715-682409029-181207730-1009Core.job
- c:\documents and settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-13 15:34]
.
2012-02-13 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]
.
2012-01-29 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]
.
2012-02-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-732144715-682409029-181207730-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-02-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-732144715-682409029-181207730-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2011-05-12 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-15 08:26]
.
2011-12-15 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-12-15 20:28]
.
2012-02-14 c:\windows\Tasks\User_Feed_Synchronization-{5C259D8B-DEA8-464E-BEEA-F83CE1340DE9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.weather.com/weather/my?showdatasavepop=T
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-13 19:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ?,?B?????????????hLC? ?????? 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\09\01\1a\017\04?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1176)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2012-02-13 19:52:58
ComboFix-quarantined-files.txt 2012-02-14 00:52
ComboFix2.txt 2012-01-31 04:26
ComboFix3.txt 2012-01-24 01:02
ComboFix4.txt 2012-01-24 00:13
.
Pre-Run: 14,784,811,008 bytes free
Post-Run: 14,888,624,128 bytes free
.
- - End Of File - - A022E7A5803434043C8A887C27FE5B28


----------



## Cookiegal (Aug 27, 2003)

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, Drivers32, NetSvcs, SafeBoot Minimal and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## PTgirl (Jan 22, 2012)

OTS.txt attached


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.


```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< FireFox Extensions [User Folders] > -> 
YY -> "Ask Toolbar for Firefox"   -> C:\Documents and Settings\Kathy.YOUR-4105E587B6\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {d51d388b-f5dc-471a-a1ce-5e2d671091c0} [HKLM] -> C:\Program Files\Mininova-Vuze\prxtbMin0.dll [Mininova-Vuze Toolbar]
YY -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} [HKLM] -> C:\Program Files\Yontoo\YontooIEClient.dll [Yontoo]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YY -> WebBrowser\\"{D51D388B-F5DC-471A-A1CE-5E2D671091C0}" [HKLM] -> C:\Program Files\Mininova-Vuze\prxtbMin0.dll [Mininova-Vuze Toolbar]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY ->  3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  1 C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
[Files - No Company Name]
NY ->  2f256a52 -> C:\Documents and Settings\Kathy.YOUR-4105E587B6\Application Data\2f256a52
NY ->  7aa1ff29 -> C:\Documents and Settings\All Users\Application Data\7aa1ff29
NY ->  59af03d0 -> C:\Documents and Settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\59af03d0
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
```


----------



## Cookiegal (Aug 27, 2003)

Also, I know DING is a legitimate program but is it necessary for it to run at startup?


----------



## PTgirl (Jan 22, 2012)

Hi Cookiegal,
No I really don't need to have DING run at startup. What's the best way to disable it so it only opens manually?

*OTS Fix*

All Processes Killed
[Registry - Safe List]
C:\Documents and Settings\Kathy.YOUR-4105E587B6\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF folder moved successfully.
C:\Documents and Settings\Kathy.YOUR-4105E587B6\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Kathy.YOUR-4105E587B6\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults folder moved successfully.
C:\Documents and Settings\Kathy.YOUR-4105E587B6\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome folder moved successfully.
C:\Documents and Settings\Kathy.YOUR-4105E587B6\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}\ deleted successfully.
C:\Program Files\Mininova-Vuze\prxtbMin0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files\Yontoo\YontooIEClient.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D51D388B-F5DC-471A-A1CE-5E2D671091C0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D51D388B-F5DC-471A-A1CE-5E2D671091C0}\ not found.
File C:\Program Files\Mininova-Vuze\prxtbMin0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\002471_.tmp deleted successfully.
C:\WINDOWS\002484_.tmp deleted successfully.
C:\WINDOWS\LMI73.tmp\lmi_rescue.exe deleted successfully.
C:\WINDOWS\LMI73.tmp\logo.bmp deleted successfully.
C:\WINDOWS\LMI73.tmp\params.txt deleted successfully.
C:\WINDOWS\LMI73.tmp\ra64app.exe deleted successfully.
C:\WINDOWS\LMI73.tmp\rahook.dll deleted successfully.
C:\WINDOWS\LMI73.tmp\rescue.ico deleted successfully.
C:\WINDOWS\LMI73.tmp\rescue.log deleted successfully.
C:\WINDOWS\LMI73.tmp folder deleted successfully.
C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp deleted successfully.
[Files/Folders - Modified Within 30 Days]
File delete failed. C:\WINDOWS\Temp\JET437.tmp scheduled to be deleted on reboot.
[Files - No Company Name]
C:\Documents and Settings\Kathy.YOUR-4105E587B6\Application Data\2f256a52 moved successfully.
C:\Documents and Settings\All Users\Application Data\7aa1ff29 moved successfully.
C:\Documents and Settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\59af03d0 moved successfully.
[Empty Temp Folders]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56516 bytes

User: Kathy.YOUR-4105E587B6
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1505218 bytes
->Java cache emptied: 9374 bytes
->Google Chrome cache emptied: 236281299 bytes
->Apple Safari cache emptied: 12092416 bytes
->Flash cache emptied: 787111 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 5935 bytes
->Flash cache emptied: 9780 bytes

User: old profile

User: TEMP
->Temporary Internet Files folder emptied: 49152 bytes

User: TEMP.YOUR-4105E587B6.000
->Temporary Internet Files folder emptied: 49152 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29026 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 21449982 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 396511 bytes

Total Files Cleaned = 260.00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Kathy.YOUR-4105E587B6
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: old profile

User: TEMP

User: TEMP.YOUR-4105E587B6.000

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default User

User: Kathy.YOUR-4105E587B6
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

User: old profile

User: TEMP

User: TEMP.YOUR-4105E587B6.000

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.46.0 fix logfile created on 02152012_171717

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\Temp\JET437.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_3c4.dat not found!

Registry entries deleted on Reboot...

*HijackThis log*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:38:44 PM, on 2/15/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kathy.YOUR-4105E587B6\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/my?showdatasavepop=T
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.3.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.3.6\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.3.6\coIEPlg.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WD Anywhere Backup] C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ASUS Ai Charger] C:\Program Files\ASUS\ASUS Ai Charger\AiChargerAP.exe
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKCU\..\Run: [NortonUpdateAgent] C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.3.6\coIEPlg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9bfb059d9f398) (gupdate1c9bfb059d9f398) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: WeFi Engine Service (WefiEngSvc) - WeFi - C:\Program Files\WeFi\WefiEngSvc.exe

--
End of file - 11165 bytes


----------



## PTgirl (Jan 22, 2012)

Is it OK to replace Norton and install Eset Smart Security, or should I wait until after you finish?


----------



## Cookiegal (Aug 27, 2003)

No, its fine to do that. But before you do, please do the following:

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.

Then go ahead and uninstall Norton via the Control Panel and then run the removal tool that I believe you used the last time followed by a reboot to ensure complete uninstallation before installing Eset.

Navigate to this folder:

C:\Documents and Settings\Kathy.YOUR-4105E587B6\Start Menu\Programs\Startup

and delete this file so DING doesn't load at startup:

C:\Documents and Settings\Kathy.YOUR-4105E587B6\Start Menu\Programs\Startup\DING!.lnk


----------



## PTgirl (Jan 22, 2012)

*eventvwr.msc*

*Application*
Event Type:	Error
Event Source:	.NET Runtime Optimization Service
Event Category:	None
Event ID:	1103
Date: 2/15/2012
Time: 4:58:51 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 2/13/2012
Time: 8:15:33 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Faulting application iexplore.exe, version 0.0.0.0, faulting module iexplore.exe, version 0.0.0.0, fault address 0x0008d1c0.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 30 2e 30 2e 30 2e e 0.0.0.
0028: 30 20 69 6e 20 69 65 78 0 in iex
0030: 70 6c 6f 72 65 2e 65 78 plore.ex
0038: 65 20 30 2e 30 2e 30 2e e 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 30 30 30 38 set 0008
0050: 64 31 63 30 0d 0a d1c0..

Event Type:	Error
Event Source:	crypt32
Event Category:	None
Event ID:	8
Date: 2/13/2012
Time: 8:06:06 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 2/13/2012
Time: 7:23:27 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Faulting application iexplore.exe, version 0.0.0.0, faulting module iexplore.exe, version 0.0.0.0, fault address 0x0008d1c0.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 30 2e 30 2e 30 2e e 0.0.0.
0028: 30 20 69 6e 20 69 65 78 0 in iex
0030: 70 6c 6f 72 65 2e 65 78 plore.ex
0038: 65 20 30 2e 30 2e 30 2e e 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 30 30 30 38 set 0008
0050: 64 31 63 30 0d 0a d1c0..

*System*
Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/15/2012
Time: 7:30:00 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: 90 8a 07 00 00 00 00 00 ......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 48 c3 6e 85 .0ïHÃn
0058: 00 00 00 00 08 70 c1 85 .....pÁ
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/15/2012
Time: 7:29:56 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: 73 89 07 00 00 00 00 00 s......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 48 c3 6e 85 .0ïHÃn
0058: 00 00 00 00 08 70 c1 85 .....pÁ
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

*SAME ERROR REPEATS ANOTHER 56 TIMES TO END WITH ANOTHER REPEAT:*
Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/15/2012
Time: 7:25:35 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: 53 48 07 00 00 00 00 00 SH......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 48 48 83 85 .0ïHH
0058: 00 00 00 00 08 20 3b 85 ..... ;
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	Windows Update Agent
Event Category:	Installation 
Event ID:	20
Date: 2/15/2012
Time: 7:00:39 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Update for Windows XP (KB2633952).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 57 69 6e 33 32 48 52 65 Win32HRe
0008: 73 75 6c 74 3d 30 78 38 sult=0x8
0010: 30 30 37 66 30 66 34 20 007f0f4 
0018: 55 70 64 61 74 65 49 44 UpdateID
0020: 3d 7b 43 45 39 44 33 36 ={CE9D36
0028: 33 44 2d 44 35 37 30 2d 3D-D570-
0030: 34 37 43 33 2d 38 44 33 47C3-8D3
0038: 44 2d 33 36 46 32 44 46 D-36F2DF
0040: 34 34 45 38 42 37 7d 20 44E8B7} 
0048: 52 65 76 69 73 69 6f 6e Revision
0050: 4e 75 6d 62 65 72 3d 31 Number=1
0058: 30 33 20 00 03 .

Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/15/2012
Time: 5:23:06 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: 16 1b 00 00 00 00 00 00 ........
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 30 5c de 86 .0ï0\Þ
0058: 00 00 00 00 d8 2c 3d 86 ....Ø,=
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

*REPEATS ANOTHER 21 TIMES TO END WITH:*
Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/15/2012
Time: 5:21:29 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: b1 02 00 00 00 00 00 00 ±.......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 a8 8f f7 86 .0ï¨÷
0058: 00 00 00 00 78 bd f4 86 ....x½ô
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7034
Date: 2/15/2012
Time: 5:17:25 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The HP WMI Interface service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

*REPEATS 8 TIMES TO END WITH*
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7034
Date: 2/15/2012
Time: 5:17:19 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Information
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7036
Date: 2/15/2012
Time: 5:00:11 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The IMAPI CD-Burning COM Service service entered the running state.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/15/2012
Time: 4:55:03 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: 57 1b 00 00 00 00 00 00 W.......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 50 14 23 86 .0ïP.#
0058: 00 00 00 00 18 72 23 86 .....r#
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

*REPEATS 19 MORE TIMES TO END WITH:*
Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/15/2012
Time: 4:53:25 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: d1 02 00 00 00 00 00 00 Ñ.......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 f0 86 98 47 ea 86 .0ðGê
0058: 00 00 00 00 80 d8 e9 86 ....Øé
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/15/2012
Time: 3:41:54 AM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: 64 d5 2a 00 00 00 00 00 dÕ*.....
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 40 d4 84 85 .0ï@Ô
0058: 00 00 00 00 58 93 3c 86 ....X<
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/15/2012
Time: 3:41:50 AM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: 45 d4 2a 00 00 00 00 00 EÔ*.....
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 40 d4 84 85 .0ï@Ô
0058: 00 00 00 00 58 93 3c 86 ....X<
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/15/2012
Time: 3:41:46 AM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: 28 d3 2a 00 00 00 00 00 (Ó*.....
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 40 d4 84 85 .0ï@Ô
0058: 00 00 00 00 58 93 3c 86 ....X<
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/15/2012
Time: 3:41:41 AM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: 0b d2 2a 00 00 00 00 00 .Ò*.....
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 78 49 73 85 .0ïxIs
0058: 00 00 00 00 98 24 3f 86 ....$?
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	Windows Update Agent
Event Category:	Installation 
Event ID:	20
Date: 2/15/2012
Time: 3:30:49 AM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Update for Windows XP (KB2633952).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 57 69 6e 33 32 48 52 65 Win32HRe
0008: 73 75 6c 74 3d 30 78 38 sult=0x8
0010: 30 30 37 66 30 66 34 20 007f0f4 
0018: 55 70 64 61 74 65 49 44 UpdateID
0020: 3d 7b 43 45 39 44 33 36 ={CE9D36
0028: 33 44 2d 44 35 37 30 2d 3D-D570-
0030: 34 37 43 33 2d 38 44 33 47C3-8D3
0038: 44 2d 33 36 46 32 44 46 D-36F2DF
0040: 34 34 45 38 42 37 7d 20 44E8B7} 
0048: 52 65 76 69 73 69 6f 6e Revision
0050: 4e 75 6d 62 65 72 3d 31 Number=1
0058: 30 33 20 00 03 .

Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/14/2012
Time: 8:16:35 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: 11 ac 10 00 00 00 00 00 .¬......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 e8 b9 5b 85 .0ïè¹[
0058: 00 00 00 00 d8 fb 3f 85 ....Øû?
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/14/2012
Time: 8:16:30 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: c2 aa 10 00 00 00 00 00 Âª......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 a8 4f 89 85 .0ï¨O
0058: 00 00 00 00 f8 d1 72 85 ....øÑr
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/14/2012
Time: 8:15:18 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: b4 98 10 00 00 00 00 00 ´......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 88 29 b3 85 .0ï)³
0058: 00 00 00 00 08 50 78 85 .....Px
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/14/2012
Time: 8:15:13 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: 65 97 10 00 00 00 00 00 e......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 a8 4f 89 85 .0ï¨O
0058: 00 00 00 00 f8 d1 72 85 ....øÑr
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/14/2012
Time: 8:14:11 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: fa 87 10 00 00 00 00 00 ú......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 88 e5 de 86 .0ïåÞ
0058: 00 00 00 00 08 e0 71 85 .....àq
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/14/2012
Time: 8:14:00 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: 5a 85 10 00 00 00 00 00 Z......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 60 e5 e7 84 .0ï`åç
0058: 00 00 00 00 08 f0 6d 85 .....ðm
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/14/2012
Time: 6:30:59 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: 0f 7c 0a 00 00 00 00 00 .|......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 f0 db 6c 85 .0ïðÛl
0058: 00 00 00 00 e8 c2 79 85 ....èÂy
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

*REPEATS 58 MORE TIMES TO END WITH:*
Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/14/2012
Time: 6:26:31 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: 1d 39 0a 00 00 00 00 00 .9......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 90 12 96 85 .0ï.
0058: 00 00 00 00 28 ee fa 84 ....(îú
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/14/2012
Time: 3:59:55 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: f3 a1 01 00 00 00 00 00 ó¡......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 40 c8 96 85 .0ï@È
0058: 00 00 00 00 08 f0 6a 85 .....ðj
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/14/2012
Time: 3:59:50 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: df a0 01 00 00 00 00 00 ß*......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 f8 98 f4 86 .0ïøô
0058: 00 00 00 00 08 c0 66 85 .....Àf
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/14/2012
Time: 3:33:53 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: 65 1b 00 00 00 00 00 00 e.......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 ef 86 88 1a e9 86 .0ï.é
0058: 00 00 00 00 08 00 eb 86 ......ë
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

*REPEATS 20 MORE TIMES TO END WITH:*
Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/14/2012
Time: 3:32:15 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: 1e 03 00 00 00 00 00 00 ........
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 30 f0 86 a8 f5 f6 86 .0ð¨õö
0058: 00 00 00 00 08 b0 f7 86 .....°÷
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........


----------



## Cookiegal (Aug 27, 2003)

Bad blocks are never a good sign. There could be a problem with the hard drive or possible system corruption.

As I've already stated, it's important that you have everything backed up to external media but now it's imperative in case of pending hard drive failure. We'll run chkdsk that should give more information about the health of the drive.

Click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take a while, so run it when you don't need to use the computer for something else.

To view results log:

Go to *Start *- *Run *and type in *eventvwr.msc*, and hit enter.
When Event Viewer opens, click on "Application", then scroll
down to "Winlogon" and double-click on it to open it up. This is the log
created after running chkdsk. Click on the icon that looks like two pieces of paper to copy it and then paste it here please.


----------



## PTgirl (Jan 22, 2012)

*eventvwr.msc
Winlogon*

Event Type:	Information
Event Source:	Winlogon
Event Category:	None
Event ID:	1001
Date: 2/16/2012
Time: 6:53:57 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk. 
Cleaning up minor inconsistencies on the drive.
CHKDSK is recovering lost files.
Cleaning up 4521 unused index entries from index $SII of file 0x9.
Cleaning up 4521 unused index entries from index $SDH of file 0x9.
Cleaning up 4521 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc000009c at offset 0xe9f588000 for 0xb000 bytes.
Read failure with status 0xc000009c at offset 0xe9f58a000 for 0x1000 bytes.
Windows replaced bad clusters in file 44
of name \WINDOWS\system32\drivers\HSF_DP.sys.
Read failure with status 0xc000009c at offset 0x413260000 for 0x7000 bytes.
Read failure with status 0xc000009c at offset 0x413266000 for 0x1000 bytes.
Windows replaced bad clusters in file 31232
of name \PROGRA~1\MICROS~2\Office12\PUBWIZ\BROCHURE.DPV.
Read failure with status 0xc000009c at offset 0x99a9d000 for 0x6000 bytes.
Read failure with status 0xc000009c at offset 0x99a9e000 for 0x1000 bytes.
Windows replaced bad clusters in file 83474
of name \DOCUME~1\Kathy.YOUR-4105E587B6\Desktop\Medical\Guidelines Blood Sugar Levels Normal, Pre-diabetes, Diabetes_files\ads(1).htm.
Read failure with status 0xc000009c at offset 0x99a36000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x99a3a000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x99a5b000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x99a5e000 for 0x1000 bytes.
Windows replaced bad clusters in file 165724
of name \DOCUME~1\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Microsoft\Windows Live Contacts\{22f20203-afca-490c-a6cd-a24225e5ad73}\DBStore\LogFiles\edb.log.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
Adding 5 bad clusters to the Bad Clusters File.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

117001363 KB total disk space.
102932660 KB in 153991 files.
47244 KB in 16807 indexes.
20 KB in bad sectors.
201575 KB in use by the system.
4096 KB occupied by the log file.
13819864 KB available on disk.

4096 bytes in each allocation unit.
29250340 total allocation units on disk.
3454966 allocation units available on disk.

Internal Info:
90 df 02 00 39 9b 02 00 ec de 02 00 00 00 00 00 ....9...........
76 14 00 00 04 00 00 00 48 1a 00 00 00 00 00 00 v.......H.......
8c c1 9f 08 00 00 00 00 90 b2 a2 8d 00 00 00 00 ................
fc 01 88 38 00 00 00 00 a8 d0 d6 6c 0c 00 00 00 ...8.......l....
4c 07 fa c4 01 00 00 00 96 ab b1 07 0f 00 00 00 L...............
99 9e 36 00 00 00 00 00 98 38 07 00 87 59 02 00 ..6......8...Y..
00 00 00 00 00 d0 82 8a 18 00 00 00 a7 41 00 00 .............A..

Windows has finished checking your disk.
Please wait while your computer restarts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

How old is this computer?

What is the make and model of the hard drive?


----------



## PTgirl (Jan 22, 2012)

I originally purchased this laptop in December 2005 along with a three year warranty. It went back in 2007 for a damaged USB port and HP replaced the motherboard and USB port. In November 2008 it wouldn't power up and I sent it back in. It was sent back that time with another new motherboard and a new hard drive. I know the hard drive was new at that point because they gave me a larger size than the original hard drive by about 20GB. This is the first time since then that I've had any problems. 

Here is my hard drive info from the system information:

Description	Disk drive
Manufacturer	(Standard disk drives)
Model	ST9120822A
Bytes/Sector	512
Media Loaded	Yes
Media Type	Fixed&#x0009;hard disk media
Partitions	2
SCSI Bus	0
SCSI Logical Unit	0
SCSI Port	0
SCSI Target ID	0
Sectors/Track	63
Size	111.79 GB (120,031,511,040 bytes)
Total Cylinders	14,593
Total Sectors	234,436,545
Total Tracks	3,721,215
Tracks/Cylinder	255
Partition	Disk #0, Partition #0
Partition Size	111.58 GB (119,809,396,224 bytes)
Partition Starting Offset	32,256 bytes
Partition	Disk #0, Partition #1
Partition Size	203.95 MB (213,857,280 bytes)
Partition Starting Offset	119,817,653,760 bytes


----------



## Cookiegal (Aug 27, 2003)

So that's a Seagate. I suggest running diagnostics on the drive because it has bad sectors. The diagnostic may have an option to repair if necessary but please post the results. There should be two tests run, one short and one longer. Please post both.

http://www.seagate.com/www/en-us/support/downloads/seatools


----------



## PTgirl (Jan 22, 2012)

--------------- SeaTools for Windows v1.2.0.6 ---------------
2/17/2012 8:27:48 PM
Model: ST9120822A
Serial Number: 5LZ7CTN4
Firmware Revision: 3.ALD
Fix All Fast - Pass 2/17/2012 8:27:48 PM
Fix All Long - Pass 2/17/2012 9:37:31 PM
Long Generic - Started 2/17/2012 10:19:15 PM
Long Generic - Pass 2/17/2012 11:28:22 PM


----------



## Cookiegal (Aug 27, 2003)

That's good but we need to investigate further.

Please go to *Start *- *Run *- type in *cmd *to open a command prompt and type in the following (be sure to include the space between "chkdsk" and "/" then hit Enter:

*chkdsk /r*

This will attempt some repairs.

Then post the log the same way you did after running chkdsk.


----------



## PTgirl (Jan 22, 2012)

*chkdsk
winlogon*

Event Type:	Information
Event Source:	Winlogon
Event Category:	None
Event ID:	1001
Date: 2/18/2012
Time: 1:54:59 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk. 
Cleaning up minor inconsistencies on the drive.
Cleaning up 21 unused index entries from index $SII of file 0x9.
Cleaning up 21 unused index entries from index $SDH of file 0x9.
Cleaning up 21 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

117001363 KB total disk space.
103214960 KB in 155863 files.
48360 KB in 16947 indexes.
20 KB in bad sectors.
201651 KB in use by the system.
4096 KB occupied by the log file.
13536372 KB available on disk.

4096 bytes in each allocation unit.
29250340 total allocation units on disk.
3384093 allocation units available on disk.

Internal Info:
90 df 02 00 16 a3 02 00 b6 f5 02 00 00 00 00 00 ................
88 14 00 00 04 00 00 00 c0 08 00 00 00 00 00 00 ................
04 a9 08 09 00 00 00 00 e8 72 07 98 00 00 00 00 .........r......
34 df 74 18 00 00 00 00 1c 00 8b c9 0c 00 00 00 4.t.............
2a 1c 92 f3 01 00 00 00 be 50 73 7d 0f 00 00 00 *........Ps}....
99 9e 36 00 00 00 00 00 98 38 07 00 d7 60 02 00 ..6......8...`..
00 00 00 00 00 c0 bd 9b 18 00 00 00 33 42 00 00 ............3B..

Windows has finished checking your disk.
Please wait while your computer restarts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Please check the Event Viewer again under System and let me know how far back this particular error goes:

You will see it in the list as Event ID: 7 before opening it to read the contents.

*The device, \Device\Harddisk0\D, has a bad block.*

I would like to know exactly when this started occuring.


----------



## PTgirl (Jan 22, 2012)

The event viewer goes back to 2/13/12 @ 4:57PM
This is the first incident recorded after this start point:

Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 2/13/2012
Time: 5:46:11 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 58 9f 0e 00 00 00 .þX....
0028: 4a f3 03 00 00 00 00 00 Jó......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 60 ef 86 a0 e8 3e 85 .`ï*è>
0058: 00 00 00 00 48 42 0a 85 ....HB.
0060: 02 00 00 00 7f ac 4f 07 ....¬O.
0068: 28 00 07 4f ac 7f 00 00 (..O¬..
0070: 58 00 00 00 00 00 00 00 X.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........


----------



## Cookiegal (Aug 27, 2003)

I'm sorry to put you through all this but we need to carry out more tests.

Please go to Start - Run - type in cmd and press Enter. Then type in this command and press Enter.

*chkdsk /f*

Please post that log after it's finished.


----------



## PTgirl (Jan 22, 2012)

More than happy to run any scans you need - I'm sorry to put YOU through this!
You didn't say, but the file would be another winlogon in applications under event viewer?

Event Type:	Information
Event Source:	Winlogon
Event Category:	None
Event ID:	1001
Date: 2/18/2012
Time: 5:04:11 PM
User: N/A
Computer:	YOUR-4105E587B6
Description:
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk. 
Cleaning up minor inconsistencies on the drive.
Cleaning up 1 unused index entries from index $SII of file 0x9.
Cleaning up 1 unused index entries from index $SDH of file 0x9.
Cleaning up 1 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

117001363 KB total disk space.
103150628 KB in 155895 files.
48372 KB in 16948 indexes.
20 KB in bad sectors.
201395 KB in use by the system.
4096 KB occupied by the log file.
13600948 KB available on disk.

4096 bytes in each allocation unit.
29250340 total allocation units on disk.
3400237 allocation units available on disk.

Internal Info:
90 df 02 00 37 a3 02 00 e6 f5 02 00 00 00 00 00 ....7...........
8d 14 00 00 04 00 00 00 ac 08 00 00 00 00 00 00 ................
3e 7c 7d 09 00 00 00 00 64 33 66 8e 00 00 00 00 >|}.....d3f.....
ca 1e 13 18 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 64 2d ee b6 00 00 00 00 ........d-......
99 9e 36 00 00 00 00 00 98 38 07 00 f7 60 02 00 ..6......8...`..
00 00 00 00 00 90 d0 97 18 00 00 00 34 42 00 00 ............4B..

Windows has finished checking your disk.
Please wait while your computer restarts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Yes, that's correct. It's still showing bad sectors so let's do another diagnostic using a different utility.

Please download the trial version of HDTune:

http://www.hdtune.com/

Click the Error Scan tab and then uncheck quick scan so it scans all sectors.

Please post those results.

Then also click on the Health tab and run a scan and post those results as well.


----------



## PTgirl (Jan 22, 2012)

*HD Tune Pro: ST9120822A Error Scan*

Scanned data : 119 gB
Damaged Blocks : 0.0 %
Elapsed Time : 1:08:28

*HD Tune Pro: ST9120822A Health*

ID Current Worst ThresholdData Status 
(01) Raw Read Error Rate 100 100 6 3110527 ok 
(03) Spin Up Time 99 99 0 0 ok 
(04) Start/Stop Count 98 98 20 2193 ok 
(05) Reallocated Sector Count 100 100 36 0 ok 
(07) Seek Error Rate 81 55 30 546628451 ok 
(09) Power On Hours Count 89 89 0 10145 ok 
(0A) Spin Retry Count 100 100 34 0 ok 
(0C) Power Cycle Count 98 98 20 2179 ok 
(BB) Reported Uncorrectable Errors 1 1 0 12544 ok 
(BD) (unknown attribute) 100 100 0 0 ok 
(BE) Airflow Temperature 52 45 45 890765360 ok 
(C0) Unsafe Shutdown Count 100 100 0 76 ok 
(C1) Load Cycle Count 1 1 0 227159 ok 
(C2) Temperature 48 55 0 48 ok 
(C3) Hardware ECC Recovered 64 47 0 54303249 ok 
(C5) Current Pending Sector 100 100 0 4 warning 
(C6) Offline Uncorrectable 100 100 0 4 ok 
(C7) Ultra DMA CRC Error Count 200 200 0 0 ok 
(C8) Write Error Rate 100 253 0 0 ok 
(CA) Data Address Marker errors 100 253 0 0 ok

Health Status : warning


----------



## Cookiegal (Aug 27, 2003)

If you highlight this entry:

(C5) Current Pending Sector 100 100 0 4 warning 

What does it say at the bottom? It should be something about how many bad sectors were found.


----------



## PTgirl (Jan 22, 2012)

Description: *Number of unstable sectors: 4*
Status: *The drive has unstable sectors*


----------



## Cookiegal (Aug 27, 2003)

So the drive definitely has some bad sectors and that's not a good thing. It could last a long time or it could fail suddenly, there's really no way to know but once you start getting bad sectors, more usually follow soon after. I've been consulting with other moderators since hardware issues are not my area of expertise. These are the options, as I understand them, in order of preference (meaning, which would be the best solution).

1) Go ahead and back up everything, replace the drive and reload Windows.

2) There is a way to partition around the bad sectors but if your operating system in an OEM version and there's a recovery partition, this would wipe out the recovery partition and would not guarantee other problems won't show up later.

3) Continue to use it but be vigilent about making regular backups so you don't lose anything important if it does fail suddenly.


----------



## PTgirl (Jan 22, 2012)

Hi Cookiegal,
I'm a bit torn. Replacing the drive makes sense, but given the age of the laptop, I would hate to go through reloading everything on the new drive only to have something else go wrong with another part. I am operating an OEM version, so chances are that there is a recovery partition.

I'm tempted to keep going until it dies and then get a new laptop. Now that you've cleaned up the system and gotten me back online, the laptop is definitely usable. In fact, it even boots up more quickly than it has in years. I back up my files almost every day, so that's not a problem. I'll keep my fingers crossed for your first scenario of the drive lasting a long time instead of dying a quick death.

I really can't tell you how grateful I am for all of the time you've spent with me. Even if I only get a small window of time until the drive fails, you've breathed new life into my laptop for now.


----------



## Cookiegal (Aug 27, 2003)

As long as you're aware and do the backups then you should be fine until it bites the dust. I hope it will go on for a long time without any problems. You could run chkdsk periodically just to keep an eye on things. You'll see if the 20 KB in bad sectors increases so that will give you an indication. 

Please post one final HijackThis log so I can see if anything needs to be addressed there before I post final instructions for you.

BTW, it was a pleasure working with you. You carried out all of the instructions precisely and that was important to our success.


----------



## PTgirl (Jan 22, 2012)

*Logfile of Trend Micro HijackThis v2.0.4*
Scan saved at 6:37:33 PM, on 2/19/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Documents and Settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kathy.YOUR-4105E587B6\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/my?showdatasavepop=T
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WD Anywhere Backup] C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ASUS Ai Charger] C:\Program Files\ASUS\ASUS Ai Charger\AiChargerAP.exe
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9bfb059d9f398) (gupdate1c9bfb059d9f398) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: WeFi Engine Service (WefiEngSvc) - WeFi - C:\Program Files\WeFi\WefiEngSvc.exe

--
End of file - 10554 bytes


----------



## Cookiegal (Aug 27, 2003)

That looks fine. 

Here are some final instructions for you.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration purposes but the actual command uses the entire word "uninstall" and not just the "u" as shown in the picture).










Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

***

You should trim down your start-ups (these show as the 04 entries in your HijackThis log) as there are too many running. You can research them at these sites and if they arent required at start-up then you can uncheck them in msconfig via Start - Run - type msconfig click OK and then click on the start-up tab.

http://www.systemlookup.com/lists.php?list=2
http://www.bleepingcomputer.com/startups/


----------



## PTgirl (Jan 22, 2012)

Tried to uninstall and got the message:
Windows cannot find "combofix"
I have no idea why because I don't remember uninstalling it. I also did a search and only came up with the text files in c:\Qoobox. I remember that the last time you had me run it I was to rename it puppy.exe. Looked for that file but couldn't find it, either. 
Where did it go, and should I just proceed with the instructions after that point?


----------



## Cookiegal (Aug 27, 2003)

That's odd because we just used it the other day. The name change wouldn't matter, the command works just the same. 

You could just delete the c:\Qoobox folder and proceed with the rest.


----------



## PTgirl (Jan 22, 2012)

I can't delete the Qoobox folder. 
"Cannot delete BackEnv: Access is Denied"
I clicked on the BackEnv folder to see what is in it, 

"C:\Qoobos\BackEnv is not accessible.
Access is denied."

I went ahead and created a restore point and reduced the startup items.


----------



## Cookiegal (Aug 27, 2003)

Let's download ComboFix again and run a new scan. I'd like to see if anything has changed. Then afterward, we should be able to delete it. Don't bother renaming it this time.

Here's the link:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


----------



## PTgirl (Jan 22, 2012)

I thought I disabled ESET antivirus and firewall, but it appears that only the antivirus was disabled. Should I run ComboFix again with both disabled, or is it OK since it ran all the way through?

*ComboFix 12-02-19.02 - Kathy 02/19/2012 21:11:23.6.1 - x86*
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.500 [GMT -5:00]
Running from: c:\documents and settings\Kathy.YOUR-4105E587B6\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-19 18:04 . 2012-02-19 18:04	--------	d-----w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\HD Tune Pro
2012-02-19 18:04 . 2012-02-19 18:04	--------	d-----w-	c:\program files\HD Tune Pro
2012-02-18 07:43 . 2012-02-18 07:43	--------	d-----w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\ElevatedDiagnostics
2012-02-18 06:42 . 2012-02-18 06:42	--------	d-----w-	c:\program files\iPod
2012-02-17 23:23 . 2012-02-17 23:23	--------	d-----w-	c:\program files\Seagate
2012-02-17 23:22 . 2007-11-21 09:43	68672	----a-w-	C:\wiseprereq.exe
2012-02-17 23:22 . 2007-11-21 09:43	52288	----a-w-	C:\wiseprereq.dll
2012-02-17 23:22 . 2011-12-07 20:32	16937472	----a-w-	C:\SeaToolsforWindows.exe
2012-02-16 22:09 . 2012-02-16 22:09	--------	d-----w-	C:\found.000
2012-02-16 02:35 . 2012-02-16 02:35	--------	d-----w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\ESET
2012-02-16 02:35 . 2012-02-16 02:35	--------	d-----w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\ESET
2012-02-16 02:34 . 2012-02-16 02:34	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-02-16 02:33 . 2012-02-16 02:33	--------	d-----w-	c:\program files\ESET
2012-02-16 02:33 . 2012-02-16 02:33	--------	d-----w-	c:\documents and settings\All Users\Application Data\ESET
2012-02-15 22:17 . 2012-02-15 22:17	--------	d-----w-	C:\_OTS
2012-02-15 02:56 . 2012-01-11 19:06	3072	------w-	c:\windows\system32\iacenc.dll
2012-02-15 02:56 . 2012-01-11 19:06	3072	------w-	c:\windows\system32\dllcache\iacenc.dll
2012-02-13 03:13 . 2012-02-13 03:13	--------	d-----w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\Malwarebytes
2012-02-13 03:12 . 2012-02-13 03:12	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-13 03:12 . 2012-02-13 03:14	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-13 03:12 . 2011-12-10 20:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-13 01:54 . 2012-02-13 02:01	--------	d-----w-	c:\windows\ServicePackFiles
2012-02-12 23:16 . 2004-08-04 03:29	25471	------w-	c:\windows\system32\drivers\watv10nt.sys
2012-02-12 23:16 . 2004-08-04 03:29	22271	------w-	c:\windows\system32\drivers\watv06nt.sys
2012-02-12 23:16 . 2004-08-04 03:29	11935	------w-	c:\windows\system32\drivers\wadv11nt.sys
2012-02-12 23:16 . 2004-08-04 03:29	11871	------w-	c:\windows\system32\drivers\wadv09nt.sys
2012-02-12 23:16 . 2004-08-04 03:29	11807	------w-	c:\windows\system32\drivers\wadv07nt.sys
2012-02-12 23:16 . 2004-08-04 03:29	11295	------w-	c:\windows\system32\drivers\wadv08nt.sys
2012-02-12 23:16 . 2008-04-13 18:36	42240	------w-	c:\windows\system32\drivers\viaagp.sys
2012-02-12 23:14 . 2004-07-17 16:41	11053008	------w-	c:\program files\MSN\MSNCoreFiles\Install\MSN9Components\msncli.exe
2012-02-12 23:14 . 2008-04-14 00:11	81920	------w-	c:\windows\system32\ieencode.dll
2012-02-12 23:14 . 2004-08-04 03:41	1041536	------w-	c:\windows\system32\drivers\hsfdpsp2.sys
2012-02-12 23:14 . 2004-08-04 03:41	685056	------w-	c:\windows\system32\drivers\hsfcxts2.sys
2012-02-12 23:14 . 2004-08-04 03:41	220032	------w-	c:\windows\system32\drivers\hsfbs2s2.sys
2012-02-12 22:52 . 2008-06-13 11:05	272128	------w-	c:\windows\system32\dllcache\bthport.sys
2012-02-12 22:52 . 2008-06-13 11:05	272128	------w-	c:\windows\system32\drivers\bthport.sys
2012-02-08 16:33 . 2012-02-08 16:33	--------	d-----w-	c:\program files\VS Revo Group
2012-02-02 01:42 . 2006-08-23 16:48	53248	----a-w-	c:\windows\iwlanver.dll
2012-02-02 01:42 . 2012-02-02 01:42	--------	d-----w-	c:\documents and settings\NetworkService\Application Data\Intel
2012-02-02 01:42 . 2012-02-02 01:42	--------	d-----w-	c:\documents and settings\LocalService\Application Data\Intel
2012-02-02 01:42 . 2012-02-02 01:42	--------	d-----w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\Intel
2012-02-02 01:41 . 2012-02-02 01:41	21419	----a-w-	c:\windows\system32\drivers\AegisP.sys
2012-02-02 01:41 . 2012-02-02 01:41	--------	d-----w-	c:\documents and settings\All Users\Application Data\Intel
2012-01-21 22:05 . 2012-01-21 22:05	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 05:51 . 2006-09-29 00:00	82944	-c--a-w-	c:\windows\system32\drivers\WudfRd.sys
2012-01-12 16:53 . 2008-12-05 19:43	1859968	----a-w-	c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-04 08:00	916992	----a-w-	c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 08:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-04 08:00	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 08:00	385024	----a-w-	c:\windows\system32\html.iec
2011-11-25 21:57 . 2004-08-04 08:00	293376	----a-w-	c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-14_00.48.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 08:00 . 2008-04-14 00:12	90112 c:\windows\system32\wshext.dll
+ 2004-08-04 08:00 . 2008-05-09 10:53	90112 c:\windows\system32\wshext.dll
+ 2012-02-18 07:41 . 2007-11-01 04:48	20992 c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
+ 2008-12-05 19:43 . 2010-08-27 05:57	99840 c:\windows\system32\srvsvc.dll
+ 2004-08-04 08:00 . 2010-08-17 13:17	58880 c:\windows\system32\spoolsv.exe
- 2004-08-07 13:10 . 2012-02-13 03:05	89596 c:\windows\system32\perfc009.dat
+ 2004-08-07 13:10 . 2012-02-15 08:55	89596 c:\windows\system32\perfc009.dat
- 2004-08-04 08:00 . 2011-11-04 19:20	66560 c:\windows\system32\mshtmled.dll
+ 2004-08-04 08:00 . 2011-12-17 19:46	66560 c:\windows\system32\mshtmled.dll
- 2007-08-13 23:54 . 2011-11-04 19:20	55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 23:54 . 2011-12-17 19:46	55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-04 08:00 . 2011-11-04 19:20	25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 08:00 . 2011-12-17 19:46	25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 08:00 . 2008-04-14 00:11	81920 c:\windows\system32\isign32.dll
+ 2004-08-04 08:00 . 2010-11-18 18:12	81920 c:\windows\system32\isign32.dll
+ 2011-08-04 14:20 . 2011-08-04 14:20	61936 c:\windows\system32\drivers\epfwtdi.sys
+ 2011-08-09 14:37 . 2011-08-09 14:37	39824 c:\windows\system32\drivers\epfwndis.sys
+ 2004-08-04 08:00 . 2009-04-20 17:17	45568 c:\windows\system32\dnsrslvr.dll
- 2004-08-04 08:00 . 2008-04-14 00:11	45568 c:\windows\system32\dnsrslvr.dll
+ 2009-06-12 00:57 . 2011-12-17 19:46	12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-12 00:57 . 2011-11-04 19:20	12800 c:\windows\system32\dllcache\xpshims.dll
- 2004-08-04 08:00 . 2011-11-04 19:20	66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 08:00 . 2011-12-17 19:46	66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-05 20:39 . 2011-12-17 19:46	55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-12-05 20:39 . 2011-11-04 19:20	55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-04 08:00 . 2011-12-17 19:46	43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-04 08:00 . 2011-11-04 19:20	43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 08:00 . 2011-12-17 19:46	25600 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 08:00 . 2011-11-04 19:20	25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-01-12 00:11 . 2012-01-12 00:11	87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-01-12 00:11 . 2012-01-12 00:11	93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-01-12 00:11 . 2012-01-12 00:11	35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-01-12 00:11 . 2012-01-12 00:11	17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-01-12 00:11 . 2012-01-12 00:11	58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-01-12 00:10 . 2012-01-12 00:10	97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-17 23:23 . 2012-02-17 23:23	11264 c:\windows\Installer\{98613C99-1399-416C-A07C-1EE1C585D872}\Icon98613C992.exe
+ 2008-12-05 18:16 . 2012-02-16 02:36	35088 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-05 18:16 . 2012-02-02 19:16	35088 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-05 18:16 . 2012-02-02 19:16	18704 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-05 18:16 . 2012-02-16 02:36	18704 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-12-05 18:16 . 2012-02-02 19:16	20240 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-05 18:16 . 2012-02-16 02:36	20240 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-06-03 23:02 . 2011-10-13 00:47	49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-03 23:02 . 2012-02-16 00:02	49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-02-16 02:34 . 2012-02-16 02:34	10134 c:\windows\Installer\{83E3F4E4-CEA1-452B-9180-A40813CD111C}\callmsi.exe
+ 2012-02-15 08:33 . 2011-11-04 19:20	12800 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
+ 2012-02-15 08:33 . 2011-11-04 19:20	66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
+ 2012-02-15 08:33 . 2011-11-04 19:20	55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
+ 2012-02-15 08:33 . 2011-11-04 19:20	43520 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
+ 2012-02-15 08:33 . 2011-11-04 19:20	25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
+ 2012-02-15 08:49 . 2012-02-15 08:49	55808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\4cfa0d99fd3e867fc223f2f2ec5bbd02\System.Xaml.Hosting.ni.dll
+ 2012-02-15 08:53 . 2012-02-15 08:53	35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\604691fa729c36593aa141b07addb1da\System.Windows.Presentation.ni.dll
+ 2012-02-15 08:52 . 2012-02-15 08:52	46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\424e8ca4d7f4801c44945180bbe46ca4\System.Web.DynamicData.Design.ni.dll
+ 2012-02-15 08:41 . 2012-02-15 08:41	71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\df5e961346901ef1662daac2708f3888\System.Web.ApplicationServices.ni.dll
+ 2012-02-15 08:50 . 2012-02-15 08:50	82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ce55cdba82e9103fc891b17d90f5a38f\System.ServiceModel.Channels.ni.dll
+ 2012-02-15 08:38 . 2012-02-15 08:38	37888 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\296f7d103134885dd98e7664faef0915\Microsoft.Workflow.Compiler.ni.exe
+ 2012-02-15 23:22 . 2012-02-15 23:22	37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
+ 2012-02-15 23:20 . 2012-02-15 23:20	94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
+ 2012-02-18 15:46 . 2012-02-18 15:46	30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9855d3fb15e6c63a811b1f0b66d78428\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2012-02-18 15:46 . 2012-02-18 15:46	17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7618f444d33b1311e952ba9285e4a4b2\Microsoft.PowerShell.Security.resources.ni.dll
+ 2012-02-18 15:46 . 2012-02-18 15:46	19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1b23e2c0707d81e7eb14f78552562635\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2012-02-18 15:46 . 2012-02-18 15:46	35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\05bbffbe100ede49139819641a41dfda\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-01-12 00:33 . 2012-01-12 00:33	81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-01-12 00:35 . 2012-01-12 00:35	81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-18 07:42 . 2012-02-18 07:42	65536 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
+ 2012-02-18 07:42 . 2012-02-18 07:42	36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll
+ 2012-02-18 07:42 . 2012-02-18 07:42	32768 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll
+ 2012-02-18 07:42 . 2012-02-18 07:42	11264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.resources.dll
- 2012-01-12 00:35 . 2012-01-12 00:35	77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-01-12 00:35 . 2012-01-12 00:35	36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	72192  c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-15 08:38 . 2007-11-30 12:39	17272 c:\windows\$NtUninstallKB951978$\spmsg.dll
+ 2012-02-15 08:38 . 2007-11-30 12:39	26488 c:\windows\$NtUninstallKB951978$\spcustom.dll
+ 2012-02-15 08:47 . 2010-07-05 13:15	17272 c:\windows\$NtUninstallKB2646524$\spmsg.dll
+ 2012-02-15 08:47 . 2010-07-05 13:15	26488 c:\windows\$NtUninstallKB2646524$\spcustom.dll
+ 2012-02-15 08:40 . 2010-07-05 13:15	17272 c:\windows\$NtUninstallKB2631813$\spmsg.dll
+ 2012-02-15 08:40 . 2010-07-05 13:15	26488 c:\windows\$NtUninstallKB2631813$\spcustom.dll
+ 2012-02-15 08:49 . 2010-07-05 13:15	17272 c:\windows\$NtUninstallKB2544893-v2$\spmsg.dll
+ 2012-02-15 08:49 . 2010-07-05 13:15	26488 c:\windows\$NtUninstallKB2544893-v2$\spcustom.dll
+ 2012-02-15 08:48 . 2010-07-05 13:15	17272 c:\windows\$NtUninstallKB2536276-v2$\spmsg.dll
+ 2012-02-15 08:48 . 2010-07-05 13:15	26488 c:\windows\$NtUninstallKB2536276-v2$\spcustom.dll
+ 2012-02-15 08:49 . 2010-07-05 13:15	17272 c:\windows\$NtUninstallKB2479943$\spmsg.dll
+ 2012-02-15 08:49 . 2010-07-05 13:15	26488 c:\windows\$NtUninstallKB2479943$\spcustom.dll
+ 2012-02-15 08:49 . 2010-07-05 13:15	17272 c:\windows\$NtUninstallKB2478971$\spmsg.dll
+ 2012-02-15 08:49 . 2010-07-05 13:15	26488 c:\windows\$NtUninstallKB2478971$\spcustom.dll
+ 2012-02-15 08:38 . 2010-02-22 14:23	17272 c:\windows\$NtUninstallKB2443105$\spmsg.dll
+ 2012-02-15 08:38 . 2010-02-22 14:23	26488 c:\windows\$NtUninstallKB2443105$\spcustom.dll
+ 2012-02-15 08:57 . 2010-02-22 14:23	17272 c:\windows\$NtUninstallKB2387149$\spmsg.dll
+ 2012-02-15 08:57 . 2010-02-22 14:23	26488 c:\windows\$NtUninstallKB2387149$\spcustom.dll
+ 2012-02-15 08:48 . 2010-02-22 14:23	17272 c:\windows\$NtUninstallKB2345886$\spmsg.dll
+ 2012-02-15 08:48 . 2010-02-22 14:23	26488 c:\windows\$NtUninstallKB2345886$\spcustom.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-02-18 07:42 . 2007-06-30 18:49	4608 c:\windows\system32\windowspowershell\v1.0\pwrshmsg.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-01-12 00:35 . 2012-01-12 00:35	5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-18 07:42 . 2012-02-18 07:42	8704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.resources.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-04 08:00 . 2008-04-14 00:12	155648 c:\windows\system32\wscript.exe
+ 2004-08-04 08:00 . 2008-05-08 11:24	155648 c:\windows\system32\wscript.exe
- 2004-08-04 08:00 . 2008-04-14 00:12	176128 c:\windows\system32\winmm.dll
+ 2004-08-04 08:00 . 2011-10-14 14:47	176128 c:\windows\system32\winmm.dll
- 2004-08-04 08:00 . 2009-08-25 09:17	354816 c:\windows\system32\winhttp.dll
+ 2004-08-04 08:00 . 2011-11-16 14:21	354816 c:\windows\system32\winhttp.dll
+ 2012-02-18 07:41 . 2007-10-30 09:15	330240 c:\windows\system32\windowspowershell\v1.0\powershell.exe
- 2004-08-04 08:00 . 2008-04-14 00:12	406016 c:\windows\system32\usp10.dll
+ 2004-08-04 08:00 . 2010-04-16 15:36	406016 c:\windows\system32\usp10.dll
- 2004-08-04 08:00 . 2009-03-08 09:34	105984 c:\windows\system32\url.dll
+ 2004-08-04 08:00 . 2011-12-17 19:46	105984 c:\windows\system32\url.dll
- 2004-08-04 08:00 . 2008-04-14 00:12	135168 c:\windows\system32\shsvcs.dll
+ 2004-08-04 08:00 . 2009-07-27 23:17	135168 c:\windows\system32\shsvcs.dll
+ 2004-08-04 08:00 . 2008-05-09 10:53	172032 c:\windows\system32\scrrun.dll
- 2004-08-04 08:00 . 2008-04-14 00:12	172032 c:\windows\system32\scrrun.dll
- 2004-08-04 08:00 . 2008-04-14 00:12	180224 c:\windows\system32\scrobj.dll
+ 2004-08-04 08:00 . 2008-05-09 10:53	180224 c:\windows\system32\scrobj.dll
+ 2008-12-05 19:43 . 2011-11-16 14:21	152064 c:\windows\system32\schannel.dll
- 2004-08-04 08:00 . 2008-04-14 00:12	270848 c:\windows\system32\sbe.dll
+ 2004-08-04 08:00 . 2011-02-09 13:53	270848 c:\windows\system32\sbe.dll
+ 2004-08-04 08:00 . 2010-08-16 08:45	590848 c:\windows\system32\rpcrt4.dll
+ 2004-08-04 08:00 . 2011-11-03 15:28	386048 c:\windows\system32\qdvd.dll
- 2004-08-04 08:00 . 2008-04-14 00:12	386048 c:\windows\system32\qdvd.dll
- 2004-08-07 13:10 . 2012-02-13 03:05	506298 c:\windows\system32\perfh009.dat
+ 2004-08-07 13:10 . 2012-02-15 08:55	506298 c:\windows\system32\perfh009.dat
- 2004-08-04 08:00 . 2008-04-14 00:12	249856 c:\windows\system32\odbc32.dll
+ 2004-08-04 08:00 . 2010-11-09 14:52	249856 c:\windows\system32\odbc32.dll
+ 2004-08-04 08:00 . 2011-12-17 19:46	206848 c:\windows\system32\occache.dll
- 2004-08-04 08:00 . 2011-11-04 19:20	206848 c:\windows\system32\occache.dll
+ 2004-08-04 08:00 . 2008-06-20 16:02	245248 c:\windows\system32\mswsock.dll
- 2004-08-04 08:00 . 2008-06-20 17:46	245248 c:\windows\system32\mswsock.dll
+ 2004-08-04 08:00 . 2011-12-17 19:46	611840 c:\windows\system32\mstime.dll
- 2004-08-04 08:00 . 2011-11-04 19:20	611840 c:\windows\system32\mstime.dll
+ 2007-08-13 23:54 . 2011-12-17 19:46	602112 c:\windows\system32\msfeeds.dll
- 2007-08-13 23:54 . 2011-11-04 19:20	602112 c:\windows\system32\msfeeds.dll
+ 2004-08-04 08:00 . 2010-09-18 06:53	953856 c:\windows\system32\mfc40u.dll
+ 2004-08-04 08:00 . 2010-12-22 12:34	301568 c:\windows\system32\kerberos.dll
- 2004-08-04 08:00 . 2009-06-25 08:25	301568 c:\windows\system32\kerberos.dll
+ 2004-08-04 08:00 . 2011-03-04 06:37	726528 c:\windows\system32\jscript.dll
- 2004-08-04 08:00 . 2009-03-08 09:33	726528 c:\windows\system32\jscript.dll
+ 2004-08-04 08:00 . 2011-10-10 14:22	692736 c:\windows\system32\inetcomm.dll
+ 2004-08-04 08:00 . 2011-12-17 19:46	184320 c:\windows\system32\iepeers.dll
- 2004-08-04 08:00 . 2011-11-04 19:20	184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 08:00 . 2011-12-17 19:46	387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 08:00 . 2011-11-04 19:20	387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 08:00 . 2011-11-04 11:24	174080 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 08:00 . 2011-12-16 12:23	174080 c:\windows\system32\ie4uinit.exe
- 2004-08-07 13:02 . 2012-02-13 02:34	364912 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-07 13:02 . 2012-02-15 21:55	364912 c:\windows\system32\FNTCACHE.DAT
+ 2008-12-05 19:43 . 2011-07-15 13:29	456320 c:\windows\system32\drivers\mrxsmb.sys
+ 2011-08-04 14:20 . 2011-08-04 14:20	147480 c:\windows\system32\drivers\epfw.sys
+ 2011-08-04 14:20 . 2011-08-04 14:20	118104 c:\windows\system32\drivers\ehdrv.sys
+ 2011-08-09 19:24 . 2011-08-09 19:24	154136 c:\windows\system32\drivers\eamon.sys
+ 2004-08-04 08:00 . 2011-03-03 06:55	149504 c:\windows\system32\dnsapi.dll
- 2004-08-04 08:00 . 2011-11-04 19:20	916992 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 08:00 . 2011-12-17 19:46	916992 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2011-11-16 14:21	354816 c:\windows\system32\dllcache\winhttp.dll
- 2008-12-16 12:30 . 2009-08-25 09:17	354816 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-04 08:00 . 2011-11-04 19:20	105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 08:00 . 2011-12-17 19:46	105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 08:00 . 2011-11-16 14:21	152064 c:\windows\system32\dllcache\schannel.dll
+ 2011-02-09 13:53 . 2011-02-09 13:53	270848 c:\windows\system32\dllcache\sbe.dll
+ 2004-08-04 08:00 . 2011-12-17 19:46	206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 08:00 . 2011-11-04 19:20	206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 08:00 . 2011-12-17 19:46	611840 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 08:00 . 2011-11-04 19:20	611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-12-05 20:39 . 2011-12-17 19:46	602112 c:\windows\system32\dllcache\msfeeds.dll
- 2008-12-05 20:39 . 2011-11-04 19:20	602112 c:\windows\system32\dllcache\msfeeds.dll
- 2009-06-12 00:57 . 2011-11-04 19:20	247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-12 00:57 . 2011-12-17 19:46	247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2004-08-04 08:00 . 2011-12-17 19:46	184320 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-04 08:00 . 2011-11-04 19:20	184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-09 22:51 . 2011-11-04 19:20	743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-09 22:51 . 2011-12-17 19:46	743424 c:\windows\system32\dllcache\iedvtool.dll
- 2004-08-04 08:00 . 2011-11-04 19:20	387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 08:00 . 2011-12-17 19:46	387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 08:00 . 2011-11-04 11:24	174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 08:00 . 2011-12-16 12:23	174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 08:00 . 2008-05-07 09:07	135168 c:\windows\system32\cscript.exe
+ 2004-08-04 08:00 . 2011-09-28 07:06	599040 c:\windows\system32\crypt32.dll
- 2004-08-04 08:00 . 2008-04-14 00:11	599040 c:\windows\system32\crypt32.dll
+ 2008-12-05 19:43 . 2010-08-23 16:12	617472 c:\windows\system32\comctl32.dll
- 2008-12-05 19:43 . 2008-04-14 00:11	617472 c:\windows\system32\comctl32.dll
+ 2004-08-04 08:00 . 2011-02-15 12:56	290432 c:\windows\system32\atmfd.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-01-12 00:11 . 2012-01-12 00:11	581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-17 23:23 . 2012-02-17 23:23	872960 c:\windows\Installer\86ca8a.msi
+ 2012-02-18 06:45 . 2012-02-18 06:45	380928 c:\windows\Installer\{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}\iTunesIco.exe
- 2008-12-05 18:16 . 2012-02-02 19:16	888080 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-05 18:16 . 2012-02-16 02:36	888080 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-05 18:16 . 2012-02-02 19:16	272648 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-05 18:16 . 2012-02-16 02:36	272648 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-05 18:16 . 2012-02-16 02:36	922384 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-05 18:16 . 2012-02-02 19:16	922384 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-05 18:16 . 2012-02-16 02:36	845584 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-12-05 18:16 . 2012-02-02 19:16	845584 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-12-05 18:16 . 2012-02-02 19:16	217864 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-05 18:16 . 2012-02-16 02:36	217864 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-12-05 18:16 . 2012-02-02 19:16	159504 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-12-05 18:16 . 2012-02-16 02:36	159504 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-02-16 02:34 . 2012-02-16 02:34	105624 c:\windows\Installer\{83E3F4E4-CEA1-452B-9180-A40813CD111C}\egui.exe
+ 2012-02-15 08:33 . 2009-03-08 09:34	914944 c:\windows\ie8updates\KB2647516-IE8\wininet.dll
+ 2012-02-15 08:33 . 2009-03-08 09:34	105984 c:\windows\ie8updates\KB2647516-IE8\url.dll
+ 2012-02-15 08:33 . 2010-07-05 13:16	382840 c:\windows\ie8updates\KB2647516-IE8\spuninst\updspapi.dll
+ 2012-02-15 08:33 . 2010-07-05 13:15	231288 c:\windows\ie8updates\KB2647516-IE8\spuninst\spuninst.exe
+ 2012-02-15 08:33 . 2011-11-04 19:20	206848 c:\windows\ie8updates\KB2647516-IE8\occache.dll
+ 2012-02-15 08:33 . 2011-11-04 19:20	611840 c:\windows\ie8updates\KB2647516-IE8\mstime.dll
+ 2012-02-15 08:33 . 2011-11-04 19:20	602112 c:\windows\ie8updates\KB2647516-IE8\msfeeds.dll
+ 2012-02-15 08:33 . 2011-11-04 19:20	247808 c:\windows\ie8updates\KB2647516-IE8\ieproxy.dll
+ 2012-02-15 08:33 . 2011-11-04 19:20	184320 c:\windows\ie8updates\KB2647516-IE8\iepeers.dll
+ 2012-02-15 08:33 . 2011-11-04 19:20	743424 c:\windows\ie8updates\KB2647516-IE8\iedvtool.dll
+ 2012-02-15 08:33 . 2011-11-04 19:20	387584 c:\windows\ie8updates\KB2647516-IE8\iedkcs32.dll
+ 2012-02-15 08:33 . 2011-11-04 11:24	174080 c:\windows\ie8updates\KB2647516-IE8\ie4uinit.exe
+ 2012-02-12 22:50 . 2011-07-15 13:29	456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2012-02-15 23:24 . 2012-02-15 23:24	404480 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\d20ad8f0a8ae4396393e1f12acb68546\XamlBuildTask.ni.dll
+ 2012-02-15 08:36 . 2012-02-15 08:36	356864 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\05519155c428dd154d4d948d7c232427\WsatConfig.ni.exe
+ 2012-02-15 23:24 . 2012-02-15 23:24	252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\5b2066cece646c758c73a13cca7c82b7\WindowsFormsIntegration.ni.dll
+ 2012-02-15 23:24 . 2012-02-15 23:24	482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\1bc856ec98668f28b06dc195e6f73603\UIAutomationClient.ni.dll
+ 2012-02-15 08:40 . 2012-02-15 08:40	391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8a6f500c40e3fa7da71110af6c0a60ac\System.Xml.Linq.ni.dll
+ 2012-02-15 08:41 . 2012-02-15 08:41	188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\ca11ffdc7fa5af9ba6902d72b0b932c2\System.Windows.Input.Manipulations.ni.dll
+ 2012-02-15 08:53 . 2012-02-15 08:53	194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\0f9b1fb6e45b53adb5cb15e6ee4c3924\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-02-15 08:41 . 2012-02-15 08:41	224256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\9d010b26cae10628874cb8ff61cc52af\System.Web.RegularExpressions.ni.dll
+ 2012-02-15 08:52 . 2012-02-15 08:52	864256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\ba6a1c633c78faeadb3964fa3db07513\System.Web.Extensions.Design.ni.dll
+ 2012-02-15 08:52 . 2012-02-15 08:52	334848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\533d991b3590f1347e7b727941335c55\System.Web.Entity.ni.dll
+ 2012-02-15 08:52 . 2012-02-15 08:52	297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\2daf972ea44ef790b2e329a5e41a398f\System.Web.Entity.Design.ni.dll
+ 2012-02-15 08:52 . 2012-02-15 08:52	708096 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\585c4aabbec8a372b5e8c198e4854c0f\System.Web.DynamicData.ni.dll
+ 2012-02-15 08:52 . 2012-02-15 08:52	260096 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\ef1f49de0f7db7644d2c32fd40147339\System.Web.DataVisualization.Design.ni.dll
+ 2012-02-15 08:40 . 2012-02-15 08:40	646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll
+ 2012-02-15 08:41 . 2012-02-15 08:41	221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d7fbfc6836ce7e53486ddb79b598ca8d\System.ServiceProcess.ni.dll
+ 2012-02-15 08:51 . 2012-02-15 08:51	365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f1a00750deae84241a140f4e4233fe71\System.ServiceModel.Routing.ni.dll
+ 2012-02-15 08:48 . 2012-02-15 08:48	425472 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\73a9874c15a0abf44b5db8aab1fe4dce\System.ServiceModel.Activation.ni.dll
+ 2012-02-15 08:29 . 2012-02-15 08:29	729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\09ee8d91e80e00991226aec062aa1e92\System.Security.ni.dll
+ 2012-02-15 08:40 . 2012-02-15 08:40	771584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
+ 2012-02-15 08:41 . 2012-02-15 08:41	241664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\bdd675ae53cdf3ac2225468388f396ca\System.Runtime.Caching.ni.dll
+ 2012-02-15 08:50 . 2012-02-15 08:50	653312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\ecf10c574f8bd9a05b021e7880a1041c\System.Net.ni.dll
+ 2012-02-15 08:48 . 2012-02-15 08:48	626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\f751ad889c61578ae7e1d656e798cd72\System.Messaging.ni.dll
+ 2012-02-15 08:50 . 2012-02-15 08:50	395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\98ec4a836fdbe4d88306206d6fc326ec\System.Management.Instrumentation.ni.dll
+ 2012-02-15 08:50 . 2012-02-15 08:50	413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\3aada4dce5c9f819d192b0bba0a298bc\System.IO.Log.ni.dll
+ 2012-02-15 08:48 . 2012-02-15 08:48	229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\015d3fcedc60e04e3fce6aa3b63057d9\System.IdentityModel.Selectors.ni.dll
+ 2012-02-15 08:40 . 2012-02-15 08:40	236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.Wrapper.dll
+ 2012-02-15 08:40 . 2012-02-15 08:40	786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll
+ 2012-02-15 08:29 . 2012-02-15 08:29	377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\30bdf637fad5e84fc46d7322f487c801\System.Dynamic.ni.dll
+ 2012-02-15 08:41 . 2012-02-15 08:41	224768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\55f621652cd3b962fd8dac08ba1d4934\System.Drawing.Design.ni.dll
+ 2012-02-15 08:41 . 2012-02-15 08:41	468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e05bc4bfe46686b77f1e28b466f79363\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-15 08:50 . 2012-02-15 08:50	913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\9ada0ce9819a2eeb6d3b7d4942cf278f\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-15 08:50 . 2012-02-15 08:50	112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\fa66f17c3937c91c1b480c24aa602812\System.Device.ni.dll
+ 2012-02-15 08:50 . 2012-02-15 08:50	508416 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\63c40de47bb41198fa1786142223861d\System.Data.Services.Design.ni.dll
+ 2012-02-15 08:43 . 2012-02-15 08:43	134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\8b353356367e7da5d31e49057a59c749\System.Data.DataSetExtensions.ni.dll
+ 2012-02-15 08:29 . 2012-02-15 08:29	980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
+ 2012-02-15 08:41 . 2012-02-15 08:41	148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\8e28c1bf907bc67c6685db26050c19bd\System.Configuration.Install.ni.dll
+ 2012-02-15 08:43 . 2012-02-15 08:43	194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\ac4bd5fece3ee7b1632817a509bcd909\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-15 08:29 . 2012-02-15 08:29	690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\768ccd38c2bf1f7045e79ac03cb679f1\System.ComponentModel.Composition.ni.dll
+ 2012-02-15 08:43 . 2012-02-15 08:43	617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\266d00e0694b48964ead82a67657462b\System.AddIn.ni.dll
+ 2012-02-15 08:42 . 2012-02-15 08:42	404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\754d38ef09a80e6bc721a0039d72b65b\System.Activities.DurableInstancing.ni.dll
+ 2012-02-15 08:36 . 2012-02-15 08:36	317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\024df3845eee3a86a396d972162fffc4\SMSvcHost.ni.exe
+ 2012-02-15 08:40 . 2012-02-15 08:40	142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ba4bc24df463a622c0e918d8c49672ed\SMDiagnostics.ni.dll
+ 2012-02-15 08:29 . 2012-02-15 08:29	450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\daec0a92c216faca879f205a2e8e8169\PresentationFramework.Aero.ni.dll
+ 2012-02-15 08:28 . 2012-02-15 08:28	656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\942a5e3ee871f5f4a323d95505f9667c\PresentationFramework.Luna.ni.dll
+ 2012-02-15 08:29 . 2012-02-15 08:29	327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\65bd29660d00ac08c14edad26ce38e2c\PresentationFramework.Royale.ni.dll
+ 2012-02-15 08:29 . 2012-02-15 08:29	284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\446fc2e471272940ddac8c8c949000cf\PresentationFramework.Classic.ni.dll
+ 2012-02-15 08:35 . 2012-02-15 08:35	274432 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\b170601bfe8cde2cead79961480b7e4f\MSBuild.ni.exe
+ 2012-02-15 08:38 . 2012-02-15 08:38	303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1650e4aa6645d4b8a1172331cc2afde9\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-02-15 08:37 . 2012-02-15 08:37	418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\d6386aaa2c8ab67caaee9684c3842c04\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-15 08:37 . 2012-02-15 08:37	631808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\36330de8cde960b7d3bec7dbe1231db2\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-02-15 08:35 . 2012-02-15 08:35	258048 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\3453f6201843fdfc6d2ac069c467dc84\Microsoft.Build.Framework.ni.dll
+ 2012-02-15 08:37 . 2012-02-15 08:37	135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\e42d59aac3d8e773efa64f5ba215c9c3\Microsoft.Build.Conversion.v4.0.ni.dll
+ 2012-02-15 08:35 . 2012-02-15 08:35	474624 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\0f8c22531e68be9cb2448b66e9837f75\ComSvcConfig.ni.exe
+ 2012-02-15 08:35 . 2012-02-15 08:35	851968 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\3d51fcb4e792ab05fe48d21fc61f4b23\AspNetMMCExt.ni.dll
+ 2012-02-15 23:20 . 2012-02-15 23:20	321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe
+ 2012-02-15 22:06 . 2012-02-15 22:06	240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4ad8369d6a60765d7e9b43cdf9023f41\WindowsFormsIntegration.ni.dll
+ 2012-02-15 22:05 . 2012-02-15 22:05	447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\68f4157e570c77df653057c0583395bd\UIAutomationClient.ni.dll
+ 2012-02-15 23:23 . 2012-02-15 23:23	400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
+ 2012-02-15 23:20 . 2012-02-15 23:20	679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a4b2b1ee81acd843970d9a81b281f1c1\System.Net.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
+ 2012-02-15 23:21 . 2012-02-15 23:21	330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e3436edde657a5111d39d5b2eecf9715\System.Management.Instrumentation.ni.dll
+ 2012-02-18 15:46 . 2012-02-18 15:46	160256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\5d6a0e02b8e1cff94d07d2507667edc7\System.Management.Automation.resources.ni.dll
+ 2012-02-15 23:13 . 2012-02-15 23:13	381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\974ded7dd3bca225a1b90de778846c78\System.IO.Log.ni.dll
+ 2012-02-15 23:13 . 2012-02-15 23:13	212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\01eba24390736a59c39becd825b5756e\System.IdentityModel.Selectors.ni.dll
+ 2012-02-15 23:21 . 2012-02-15 23:21	280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
+ 2012-02-15 23:21 . 2012-02-15 23:21	627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
+ 2012-02-15 22:02 . 2012-02-15 22:02	208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e9ae7ae6d1e9edc7aaf819889cd1c692\System.Drawing.Design.ni.dll
+ 2012-02-15 23:21 . 2012-02-15 23:21	455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\78a370dc153011708dd9e4cb0e606bfc\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-15 23:21 . 2012-02-15 23:21	881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6e644fc7464d9fe23fc9cd6001296f2f\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-15 23:21 . 2012-02-15 23:21	939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bac39be66bb9f987c1948b766833f8e6\System.Data.Services.Client.ni.dll
+ 2012-02-15 23:21 . 2012-02-15 23:21	354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\2b5ecd231320e57010043c408783d80b\System.Data.Services.Design.ni.dll
+ 2012-02-15 23:21 . 2012-02-15 23:21	756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\4ac9ac2326720485aefd4d79d2024945\System.Data.Entity.Design.ni.dll
+ 2012-02-15 23:20 . 2012-02-15 23:20	135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\d504d550fd0a6994fcb1466ea7be92af\System.Data.DataSetExtensions.ni.dll
+ 2012-02-15 23:20 . 2012-02-15 23:20	971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
+ 2012-02-15 23:21 . 2012-02-15 23:21	141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll
+ 2012-02-15 23:20 . 2012-02-15 23:20	633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\958b5c0114d664ab5ba72575c301e2ea\System.AddIn.ni.dll
+ 2012-02-15 23:20 . 2012-02-15 23:20	366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4dcff3b0e79fc27e31549bb2af00efb5\SMSvcHost.ni.exe
+ 2012-02-15 23:20 . 2012-02-15 23:20	256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
+ 2012-02-15 23:20 . 2012-02-15 23:20	320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\edec83be646eb52204c991371751a428\ServiceModelReg.ni.exe
+ 2012-02-15 23:20 . 2012-02-15 23:20	133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7c51497b188c82e2ccbe6315549ce023\MSBuild.ni.exe
+ 2012-02-15 23:20 . 2012-02-15 23:20	386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0f6dd614d294295c5d8386cc4192034\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-18 15:46 . 2012-02-18 15:46	148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fb938a1d399e2cfca2304bdca4fe76dc\Microsoft.PowerShell.Security.ni.dll
+ 2012-02-18 15:46 . 2012-02-18 15:46	968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a03adbb7c3084d986da6e22dcce9805f\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-18 15:46 . 2012-02-18 15:46	433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8a25afef0d57ac430ba392595eba639f\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-18 15:46 . 2012-02-18 15:46	492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\875af0c2a5e8a4bed88232b6f445cfaa\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-15 23:20 . 2012-02-15 23:20	144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fd1338828beec8737fed8f50f4fcc567\Microsoft.Build.Utilities.ni.dll
+ 2012-02-15 23:20 . 2012-02-15 23:20	175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0d5f999c4b7e51151548c37c676c1b8e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-15 23:20 . 2012-02-15 23:20	839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\792168ce8fe03a3db43e12cf736cf91e\Microsoft.Build.Engine.ni.dll
+ 2012-02-15 23:20 . 2012-02-15 23:20	222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0a5277c34ddc1f55df1defb4231e814f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-15 23:20 . 2012-02-15 23:20	410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a8df37aadb089f1f34d3d2f103966fbc\ComSvcConfig.ni.exe
+ 2012-02-15 23:13 . 2012-02-15 23:13	842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\25ce400b547f517258c8afb0480390ea\AspNetMMCExt.ni.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	835584  c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-12 00:35 . 2012-01-12 00:35	258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-01-12 00:35 . 2012-01-12 00:35	372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-18 07:42 . 2012-02-18 07:42	163840 c:\windows\assembly\GAC_MSIL\System.Management.Automation.resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.resources.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-12 00:35 . 2012-01-12 00:35	970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-01-12 00:35 . 2012-01-12 00:35	745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-01-12 00:35 . 2012-01-12 00:35	425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-12 00:35 . 2012-01-12 00:35	110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-18 07:42 . 2012-02-18 07:42	200704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
+ 2012-02-18 07:42 . 2012-02-18 07:42	294912 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
+ 2012-02-18 07:42 . 2012-02-18 07:42	139264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-01-12 00:35 . 2012-01-12 00:35	655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-01-12 00:33 . 2012-01-12 00:33	507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-15 08:53 . 2012-02-15 08:53	507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2012-01-12 00:35 . 2012-01-12 00:35	486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-02-15 08:38 . 2007-11-30 12:39	382840 c:\windows\$NtUninstallKB951978$\updspapi.dll
+ 2012-02-15 08:38 . 2007-11-30 12:39	755576 c:\windows\$NtUninstallKB951978$\update.exe
+ 2012-02-15 08:38 . 2007-11-30 12:39	231288 c:\windows\$NtUninstallKB951978$\spuninst.exe
+ 2012-01-12 00:56 . 2011-04-26 11:07	293376 c:\windows\$NtUninstallKB2646524$\winsrv.dll
- 2012-01-12 00:56 . 2011-06-20 17:44	293376 c:\windows\$NtUninstallKB2646524$\winsrv.dll
+ 2012-02-15 08:47 . 2010-07-05 13:16	382840 c:\windows\$NtUninstallKB2646524$\updspapi.dll
+ 2012-02-15 08:47 . 2010-07-05 13:15	755576 c:\windows\$NtUninstallKB2646524$\update.exe
+ 2012-02-15 08:47 . 2010-07-05 13:15	231288 c:\windows\$NtUninstallKB2646524$\spuninst.exe
+ 2012-02-15 08:40 . 2010-07-05 13:16	382840 c:\windows\$NtUninstallKB2631813$\updspapi.dll
+ 2012-02-15 08:40 . 2010-07-05 13:15	755576 c:\windows\$NtUninstallKB2631813$\update.exe
+ 2012-02-15 08:40 . 2010-07-05 13:15	231288 c:\windows\$NtUninstallKB2631813$\spuninst.exe
+ 2012-02-15 08:49 . 2010-07-05 13:16	382840 c:\windows\$NtUninstallKB2544893-v2$\updspapi.dll
+ 2012-02-15 08:49 . 2010-07-05 13:15	755576 c:\windows\$NtUninstallKB2544893-v2$\update.exe
+ 2012-02-15 08:49 . 2010-07-05 13:15	231288 c:\windows\$NtUninstallKB2544893-v2$\spuninst.exe
+ 2011-11-09 01:50 . 2010-01-29 15:01	691712 c:\windows\$NtUninstallKB2544893-v2$\inetcomm.dll
+ 2012-02-15 08:48 . 2010-07-05 13:16	382840 c:\windows\$NtUninstallKB2536276-v2$\updspapi.dll
+ 2012-02-15 08:48 . 2010-07-05 13:15	755576 c:\windows\$NtUninstallKB2536276-v2$\update.exe
+ 2012-02-15 08:48 . 2010-07-05 13:15	231288 c:\windows\$NtUninstallKB2536276-v2$\spuninst.exe
+ 2011-08-09 23:42 . 2010-02-24 13:11	455680 c:\windows\$NtUninstallKB2536276-v2$\mrxsmb.sys
+ 2012-02-15 08:49 . 2010-07-05 13:16	382840 c:\windows\$NtUninstallKB2479943$\updspapi.dll
+ 2012-02-15 08:49 . 2010-07-05 13:15	755576 c:\windows\$NtUninstallKB2479943$\update.exe
+ 2012-02-15 08:49 . 2010-07-05 13:15	231288 c:\windows\$NtUninstallKB2479943$\spuninst.exe
+ 2012-02-15 08:49 . 2010-07-05 13:16	382840 c:\windows\$NtUninstallKB2478971$\updspapi.dll
+ 2012-02-15 08:49 . 2010-07-05 13:15	755576 c:\windows\$NtUninstallKB2478971$\update.exe
+ 2012-02-15 08:49 . 2010-07-05 13:15	231288 c:\windows\$NtUninstallKB2478971$\spuninst.exe
+ 2012-02-15 08:38 . 2010-02-22 14:23	382840 c:\windows\$NtUninstallKB2443105$\updspapi.dll
+ 2012-02-15 08:38 . 2010-02-22 14:23	755576 c:\windows\$NtUninstallKB2443105$\update.exe
+ 2012-02-15 08:38 . 2010-02-22 14:23	231288 c:\windows\$NtUninstallKB2443105$\spuninst.exe
+ 2012-02-15 08:57 . 2010-02-22 14:23	382840 c:\windows\$NtUninstallKB2387149$\updspapi.dll
+ 2012-02-15 08:57 . 2010-07-05 13:15	755576 c:\windows\$NtUninstallKB2387149$\update.exe
+ 2012-02-15 08:57 . 2010-02-22 14:23	231288 c:\windows\$NtUninstallKB2387149$\spuninst.exe
+ 2012-02-15 08:48 . 2010-02-22 14:23	382840 c:\windows\$NtUninstallKB2345886$\updspapi.dll
+ 2012-02-15 08:48 . 2010-02-22 14:23	755576 c:\windows\$NtUninstallKB2345886$\update.exe
+ 2012-02-15 08:48 . 2010-02-22 14:23	231288 c:\windows\$NtUninstallKB2345886$\spuninst.exe
+ 2012-02-13 21:59 . 2010-08-23 16:12	1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
- 2010-10-14 23:50 . 2010-08-23 16:12	1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2010-10-14 23:50 . 2010-08-23 16:12	1054208 c:\windows\WinSxS\InstallTemp\47515921\comctl32.dll
+ 2004-08-04 08:00 . 2011-12-17 19:46	1212416 c:\windows\system32\urlmon.dll
+ 2004-08-04 08:00 . 2011-01-21 14:44	8462336 c:\windows\system32\shell32.dll
+ 2004-08-04 08:00 . 2011-11-03 15:28	1292288 c:\windows\system32\quartz.dll
+ 2004-08-04 08:00 . 2011-11-01 16:07	1288704 c:\windows\system32\ole32.dll
+ 2004-08-04 08:00 . 2010-06-14 07:41	1172480 c:\windows\system32\msxml3.dll
- 2004-08-04 08:00 . 2009-07-31 04:35	1172480 c:\windows\system32\msxml3.dll
+ 2004-08-04 08:00 . 2011-12-17 19:46	5979136 c:\windows\system32\mshtml.dll
+ 2007-08-13 23:34 . 2011-12-17 19:46	2000384 c:\windows\system32\iertutil.dll
- 2007-08-13 23:34 . 2011-11-04 19:20	2000384 c:\windows\system32\iertutil.dll
+ 2004-08-04 08:00 . 2012-01-12 16:53	1859968 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 08:00 . 2011-12-17 19:46	1212416 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-04 08:00 . 2011-11-04 19:20	1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 08:00 . 2011-12-17 19:46	5979136 c:\windows\system32\dllcache\mshtml.dll
- 2008-12-05 20:39 . 2011-11-04 19:20	2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2008-12-05 20:39 . 2011-12-17 19:46	2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-10-26 19:46 . 2011-10-26 19:46	3511880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-10-26 08:39 . 2011-10-26 08:39	3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-01-12 00:09 . 2012-01-12 00:09	5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-15 08:25 . 2012-02-15 08:25	5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-01-12 00:10 . 2012-01-12 00:10	2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-02-15 08:26 . 2012-02-15 08:26	2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-10-31 03:54 . 2011-10-31 03:54	2748416 c:\windows\Installer\2a4f2aa.msp
+ 2011-10-26 20:38 . 2011-10-26 20:38	2830848 c:\windows\Installer\28a5c58.msp
+ 2012-02-03 20:13 . 2012-02-03 20:13	4988928 c:\windows\Installer\28a5c51.msp
+ 2012-02-18 06:45 . 2012-02-18 06:45	5421056 c:\windows\Installer\17f8f7d.msi
+ 2012-02-16 02:34 . 2012-02-16 02:34	1037824 c:\windows\Installer\1208f5.msi
+ 2008-12-05 18:16 . 2012-02-16 02:36	1172240 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-12-05 18:16 . 2012-02-02 19:16	1172240 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-06-12 05:03 . 2012-02-16 02:36	1165584 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2009-06-12 05:03 . 2012-02-02 19:16	1165584 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-02-15 08:33 . 2009-03-08 09:34	1206784  c:\windows\ie8updates\KB2647516-IE8\urlmon.dll
+ 2012-02-15 08:33 . 2009-03-08 09:41	5937152 c:\windows\ie8updates\KB2647516-IE8\mshtml.dll
+ 2012-02-15 08:33 . 2011-11-04 19:20	2000384 c:\windows\ie8updates\KB2647516-IE8\iertutil.dll
+ 2012-02-15 08:28 . 2012-02-15 08:28	3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ff4ecc058f27a9c36136e5d38e43fb59\WindowsBase.ni.dll
+ 2012-02-15 23:24 . 2012-02-15 23:24	1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\e06dfa0ecf8c6c4f9848eedb9f8db0c5\UIAutomationClientsideProviders.ni.dll
+ 2012-02-15 08:27 . 2012-02-15 08:27	9090560 c:\windows\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
+ 2012-02-15 08:29 . 2012-02-15 08:29	5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
+ 2012-02-15 08:36 . 2012-02-15 08:36	1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\04326608ac9ad05c2a1e8bd46a068a91\System.Xaml.ni.dll
+ 2012-02-15 23:24 . 2012-02-15 23:24	1208320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\c556009e0e5660e595e96c8892d71a20\System.WorkflowServices.ni.dll
+ 2012-02-15 23:24 . 2012-02-15 23:24	1969152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\a06075c7db129fbbbad91a3ef8a86ed7\System.Workflow.Runtime.ni.dll
+ 2012-02-15 23:24 . 2012-02-15 23:24	4461568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\48ca9317dcbbaeb689d7cbbd87396789\System.Workflow.ComponentModel.ni.dll
+ 2012-02-15 23:24 . 2012-02-15 23:24	2871808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\6f0669228cfa028d659248150a946773\System.Workflow.Activities.ni.dll
+ 2012-02-15 08:53 . 2012-02-15 08:53	4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\f9d4746b5e5edf68c3001feaa0f03893\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-02-15 08:41 . 2012-02-15 08:41	1897472 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\5b3533ea2220d8154fda41196ccfd5fd\System.Web.Services.ni.dll
+ 2012-02-15 08:53 . 2012-02-15 08:53	2334720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\14859997ddfb00554d8279249476a707\System.Web.Mobile.ni.dll
+ 2012-02-15 08:49 . 2012-02-15 08:49	3123200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\a0bb870affb51da775bf7a8b719909c3\System.Web.Extensions.ni.dll
+ 2012-02-15 08:51 . 2012-02-15 08:51	4535808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\c18257390b26f04ab49544c32eb8d474\System.Web.DataVisualization.ni.dll
+ 2012-02-15 08:51 . 2012-02-15 08:51	2011136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\7a9b2475f61a6db6393750142765c5f1\System.Speech.ni.dll
+ 2012-02-15 08:51 . 2012-02-15 08:51	1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b663714058d4a0c1fcaa56e4ac223be5\System.ServiceModel.Discovery.ni.dll
+ 2012-02-15 08:49 . 2012-02-15 08:49	1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\685616ff1660152acefb312db7061435\System.ServiceModel.Activities.ni.dll
+ 2012-02-15 08:47 . 2012-02-15 08:47	1051648 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4eccdb29b32f74d134b8ee7cc6bf6742\System.ServiceModel.Web.ni.dll
+ 2012-02-15 08:40 . 2012-02-15 08:40	2637312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9db486997d651f0646a089ff6cfb605e\System.Runtime.Serialization.ni.dll
+ 2012-02-15 08:40 . 2012-02-15 08:40	1020928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f56869ede7c0fddb751c39e050dd62a8\System.Runtime.DurableInstancing.ni.dll
+ 2012-02-15 08:42 . 2012-02-15 08:42	1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\1393672b78ebd95ec154740a55fe600b\System.Printing.ni.dll
+ 2012-02-15 08:49 . 2012-02-15 08:49	1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\b1b57351a88c0c9c46bd9424347336ea\System.Management.ni.dll
+ 2012-02-15 08:48 . 2012-02-15 08:48	1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a0204aa75b8665f3c674ff18eebbf13f\System.IdentityModel.ni.dll
+ 2012-02-15 08:29 . 2012-02-15 08:29	1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll
+ 2012-02-15 08:40 . 2012-02-15 08:40	1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\b828e979c92841bd6a2ddd05ee2b0b73\System.DirectoryServices.ni.dll
+ 2012-02-15 08:37 . 2012-02-15 08:37	1878016 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\c100e2bfd00aa5b9f3c8e4ab6e2bfaf8\System.Deployment.ni.dll
+ 2012-02-15 08:29 . 2012-02-15 08:29	6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll
+ 2012-02-15 08:29 . 2012-02-15 08:29	2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\cc02699121b243dc52e77197ad973fc3\System.Data.SqlXml.ni.dll
+ 2012-02-15 08:46 . 2012-02-15 08:46	2018304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\99fc8fa36147938abddc97f8595cadb6\System.Data.Services.ni.dll
+ 2012-02-15 08:49 . 2012-02-15 08:49	1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\81b00eddd2b081f8f7546a290d5ad9ef\System.Data.Services.Client.ni.dll
+ 2012-02-15 08:41 . 2012-02-15 08:41	1189376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\ba4294072ddc543e75aeab023c8b29ec\System.Data.OracleClient.ni.dll
+ 2012-02-15 08:29 . 2012-02-15 08:29	2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\3d105e94140b8c742ed50a2c6194394c\System.Data.Linq.ni.dll
+ 2012-02-15 08:46 . 2012-02-15 08:46	1408512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\1551e538d73af8f244efccb2ab3f0f19\System.Data.Entity.Design.ni.dll
+ 2012-02-15 08:29 . 2012-02-15 08:29	7054336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
+ 2012-02-15 08:42 . 2012-02-15 08:42	4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\9ecc40af067f2aca2dda1f71500020fa\System.Activities.ni.dll
+ 2012-02-15 08:43 . 2012-02-15 08:43	3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\17f4e3e5193e8b645d7405eda38596be\System.Activities.Presentation.ni.dll
+ 2012-02-15 08:42 . 2012-02-15 08:42	1518080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\d0abf08a9033e02b1ac26da22a51b586\System.Activities.Core.Presentation.ni.dll
+ 2012-02-15 08:42 . 2012-02-15 08:42	2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\9e16cb68553721cdf0bfdb8a74f428ef\ReachFramework.ni.dll
+ 2012-02-15 08:39 . 2012-02-15 08:39	1630208 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\f511ee77a639501cf892d90f33927451\PresentationUI.ni.dll
+ 2012-02-15 08:39 . 2012-02-15 08:39	1478144 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\f3e86ceb8dc35190a68617b479f91742\PresentationBuildTasks.ni.dll
+ 2012-02-15 08:38 . 2012-02-15 08:38	1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\910f1781ed5873e2f9ffec2b687c3e99\Microsoft.VisualBasic.ni.dll
+ 2012-02-15 08:38 . 2012-02-15 08:38	1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\22738616581c44126c2197ef222e2f01\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-02-15 08:38 . 2012-02-15 08:38	1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1d3556e5e6be255dde120df39bd18709\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-02-15 08:37 . 2012-02-15 08:37	1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\a05d0a2bece90cfc10cb64ff7fe39e94\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-15 08:49 . 2012-02-15 08:49	2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\101b3fc8861dc9ed88896666432ae7c0\Microsoft.JScript.ni.dll
+ 2012-02-15 08:29 . 2012-02-15 08:29	1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\5e4d35f27edcdebe56cc5bb5b5174275\Microsoft.CSharp.ni.dll
+ 2012-02-15 08:36 . 2012-02-15 08:36	4243456 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\4191345983216f38c5b1ffd936848fc8\Microsoft.Build.ni.dll
+ 2012-02-15 08:37 . 2012-02-15 08:37	2868736 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\0100369f2f245fc120ff01ce380098b6\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-02-15 08:36 . 2012-02-15 08:36	1929216 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\fefa53ed523f5e8ee5f5d479587cbaab\Microsoft.Build.Engine.ni.dll
+ 2012-02-15 22:05 . 2012-02-15 22:05	3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
+ 2012-02-15 22:05 . 2012-02-15 22:05	1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94f5164ff4f664c5e4e7fb4c3af1abad\UIAutomationClientsideProviders.ni.dll
+ 2012-02-15 08:56 . 2012-02-15 08:56	7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
+ 2012-02-15 22:04 . 2012-02-15 22:04	5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
+ 2012-02-15 23:23 . 2012-02-15 23:23	1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll
+ 2012-02-15 23:23 . 2012-02-15 23:23	1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll
+ 2012-02-15 23:23 . 2012-02-15 23:23	4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\80a288b6611668160334668cc2608e4a\System.Workflow.ComponentModel.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4c27548df5897320840ee0d65db38742\System.Workflow.Activities.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll
+ 2012-02-15 22:03 . 2012-02-15 22:03	1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e456140d5d6c43d7383bd36d3f9e12c6\System.Speech.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\285dfbf2380436e187cb624bd1cd4683\System.ServiceModel.Web.ni.dll
+ 2012-02-15 23:19 . 2012-02-15 23:19	2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
+ 2012-02-15 22:02 . 2012-02-15 22:02	1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d51e6bb07124a1d780d1e024858e0dc1\System.Printing.ni.dll
+ 2012-02-18 15:46 . 2012-02-18 15:46	4950016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\10fdfb918f01ebc41f38a391334146a9\System.Management.Automation.ni.dll
+ 2012-02-15 23:13 . 2012-02-15 23:13	1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll
+ 2012-02-15 22:01 . 2012-02-15 22:01	1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
+ 2012-02-15 23:21 . 2012-02-15 23:21	1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77d0e93f024055d04c07cc2700b4c590\System.DirectoryServices.ni.dll
+ 2012-02-15 23:21 . 2012-02-15 23:21	1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\707a05a7d5a8d99dd56d1d50311a60d2\System.Deployment.ni.dll
+ 2012-02-15 08:57 . 2012-02-15 08:57	6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
+ 2012-02-15 23:20 . 2012-02-15 23:20	2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\857300fa64d09c69125451fd8894f3da\System.Data.SqlXml.ni.dll
+ 2012-02-15 23:21 . 2012-02-15 23:21	1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e9d4a1fb13572c769ddd9b86e55baab4\System.Data.Services.ni.dll
+ 2012-02-15 23:21 . 2012-02-15 23:21	9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\19cca2921cfe3d20265389e596ebfd69\System.Data.Entity.ni.dll
+ 2012-02-15 23:20 . 2012-02-15 23:20	2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
+ 2012-02-15 23:20 . 2012-02-15 23:20	1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
+ 2012-02-15 23:20 . 2012-02-15 23:20	1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f7071f9a1c0523540f6aa7f11c302fb6\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\806b1d127ed3e906db972751e87585c4\Microsoft.JScript.ni.dll
+ 2012-02-15 23:20 . 2012-02-15 23:20	1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\912789fd859e0887e10a935cade08e72\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-15 23:20 . 2012-02-15 23:20	1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6c1d3eec78906cc2a2ecffb013114c50\Microsoft.Build.Tasks.ni.dll
+ 2012-02-15 23:20 . 2012-02-15 23:20	1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d6edd4b4619a9052d3dfe50c3067d5e0\Microsoft.Build.Engine.ni.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-01-12 00:34 . 2012-01-12 00:34	5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-18 07:42 . 2012-02-18 07:42	1564672 c:\windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-01-12 00:33 . 2012-01-12 00:33	5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-15 08:53 . 2012-02-15 08:53	5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-01-12 00:33 . 2012-01-12 00:33	5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-01-12 00:35 . 2012-01-12 00:35	2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-12 00:35 . 2012-01-12 00:35	4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-15 08:54 . 2012-02-15 08:54	4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-12-05 20:29 . 2012-02-15 08:40	52550552 c:\windows\system32\MRT.exe
+ 2007-08-13 23:54 . 2011-12-18 19:46	11082240 c:\windows\system32\ieframe.dll
+ 2008-12-05 20:39 . 2011-12-18 19:46	11082240 c:\windows\system32\dllcache\ieframe.dll
+ 2012-02-16 00:00 . 2012-02-16 00:00	20333056 c:\windows\Installer\5b120f.msp
+ 2012-01-03 17:58 . 2012-01-03 17:58	15929344 c:\windows\Installer\17f904b.msp
+ 2012-02-15 08:33 . 2011-11-04 19:20	11081728 c:\windows\ie8updates\KB2647516-IE8\ieframe.dll
+ 2012-02-15 08:30 . 2012-02-15 08:30	13137920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll
+ 2012-02-15 08:40 . 2012-02-15 08:40	12076032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\b75185e1ebcf4c5c9fce7a9795db574e\System.Web.ni.dll
+ 2012-02-15 08:48 . 2012-02-15 08:48	17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\7c73ac0ffec7d226ca3dac70df184f18\System.ServiceModel.ni.dll
+ 2012-02-15 08:30 . 2012-02-15 08:30	10980352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\c32461220989dd7f16069ea1e6d6430f\System.Design.ni.dll
+ 2012-02-15 08:46 . 2012-02-15 08:46	13325312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\a275181f49dcdf245ec6a9d9287bb6c6\System.Data.Entity.ni.dll
+ 2012-02-15 08:28 . 2012-02-15 08:28	17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b72152b4330e2f009a868aa16c47acb4\PresentationFramework.ni.dll
+ 2012-02-15 08:28 . 2012-02-15 08:28	11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ed36e9ff00f2fb0f33f1c08b20a7afc0\PresentationCore.ni.dll
+ 2012-02-15 22:04 . 2012-02-15 22:04	12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
+ 2012-02-15 23:22 . 2012-02-15 23:22	11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
+ 2012-02-15 23:19 . 2012-02-15 23:19	17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll
+ 2012-02-15 22:00 . 2012-02-15 22:00	10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c8f8fb506c32500acc1b6190d054f26\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-23 1434920]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2009-04-17 197856]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-02-19 438272]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"ASUS Ai Charger"="c:\program files\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 790528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2008-12-5 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13	64592	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2008-04-11 19:13	1085440	----a-r-	c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 22:57	86016	-c--a-w-	c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2004-11-05 20:52	233534	-c--a-w-	c:\program files\HPQ\Default Settings\Cpqset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher]
2009-11-24 06:03	906640	----a-w-	c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-01-13 13:47	163840	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24	54840	-c--a-w-	c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-01-13 13:47	131072	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-12 00:01	46368	-c--a-w-	c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 22:22	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54	253952	-c--a-w-	c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MioNet]
2008-01-14 19:16	32768	-c--a-r-	c:\program files\MioNet\MioNetLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12	1695232	----a-w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-03-24 03:28	2937528	----a-w-	c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-12 00:03	29984	-c--a-w-	c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoSysTray]
2011-01-05 23:19	15752	----a-w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Plaxo\3.25.0.87\plaxosystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
2011-01-05 23:19	813448	----a-w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2010-11-27 05:55	648032	----a-w-	c:\program files\Sony\PMB\PMBVolumeWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 14:01	328992	-c--a-w-	c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
2011-06-02 09:42	67456	----a-w-	c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07	2260480	-csha-r-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03	210472	-c--a-w-	c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49	249064	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-14 04:12	39408	-c--a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SSScsiSV"=3 (0x3)
"SonicStage Back-End Service"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"ose"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"MioNet"=3 (0x3)
"MemeoBackgroundService"=2 (0x2)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9bfb059d9f398"=2 (0x2)
"WDBtnMgrSvc.exe"=2 (0x2)
"LBTServ"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 AiCharger;ASUS Charger Driver;c:\windows\system32\drivers\AiCharger.sys [12/26/2011 11:49 PM 13224]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8/4/2011 9:20 AM 118104]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9/22/2011 12:03 PM 974944]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/13/2009 3:56 PM 10448]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [11/27/2010 12:55 AM 398176]
S2 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [2/16/2009 4:30 PM 355840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 6:00 PM 133104]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [11/17/2009 5:16 AM 140632]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 gupdate1c9bfb059d9f398;Google Update Service (gupdate1c9bfb059d9f398);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 6:00 PM 133104]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [4/17/2009 12:51 PM 25824]
S4 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [1/14/2008 2:14 PM 139264]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2/19/2008 2:15 AM 106496]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2012-02-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-14 16:58]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 22:59]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 22:59]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-732144715-682409029-181207730-1009Core.job
- c:\documents and settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-13 15:34]
.
2012-02-19 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]
.
2012-02-19 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]
.
2012-02-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-732144715-682409029-181207730-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-02-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-732144715-682409029-181207730-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2011-05-12 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-15 08:26]
.
2011-12-15 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-12-15 20:28]
.
2012-02-20 c:\windows\Tasks\User_Feed_Synchronization-{5C259D8B-DEA8-464E-BEEA-F83CE1340DE9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.weather.com/weather/my?showdatasavepop=T
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-19 21:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\09\01\1a\017\04?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(3140)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-19 21:25:53
ComboFix-quarantined-files.txt 2012-02-20 02:25
ComboFix2.txt 2012-02-14 01:36
ComboFix3.txt 2012-02-14 00:52
ComboFix4.txt 2012-01-31 04:26
ComboFix5.txt 2012-02-20 02:10
.
Pre-Run: 16,994,435,072 bytes free
Post-Run: 17,121,570,816 bytes free
.
- - End Of File - - D434A0B1E27B6997DE69B93559547182


----------



## Cookiegal (Aug 27, 2003)

There are a couple of registry entries from Norton that we can clean up and a null value just to tidy up.

Open Notepad and copy and paste the text in the code box below into it:


```
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


----------



## PTgirl (Jan 22, 2012)

ComboFix 12-02-19.02 - Kathy 02/20/2012 14:03:13.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.418 [GMT -5:00]
Running from: c:\documents and settings\Kathy.YOUR-4105E587B6\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kathy.YOUR-4105E587B6\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-19 18:04 . 2012-02-19 18:04	--------	d-----w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\HD Tune Pro
2012-02-19 18:04 . 2012-02-19 18:04	--------	d-----w-	c:\program files\HD Tune Pro
2012-02-18 07:43 . 2012-02-18 07:43	--------	d-----w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\ElevatedDiagnostics
2012-02-18 06:42 . 2012-02-18 06:42	--------	d-----w-	c:\program files\iPod
2012-02-17 23:23 . 2012-02-17 23:23	--------	d-----w-	c:\program files\Seagate
2012-02-17 23:22 . 2007-11-21 09:43	68672	----a-w-	C:\wiseprereq.exe
2012-02-17 23:22 . 2007-11-21 09:43	52288	----a-w-	C:\wiseprereq.dll
2012-02-17 23:22 . 2011-12-07 20:32	16937472	----a-w-	C:\SeaToolsforWindows.exe
2012-02-16 22:09 . 2012-02-16 22:09	--------	d-----w-	C:\found.000
2012-02-16 02:35 . 2012-02-16 02:35	--------	d-----w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\ESET
2012-02-16 02:35 . 2012-02-16 02:35	--------	d-----w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\ESET
2012-02-16 02:34 . 2012-02-16 02:34	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-02-16 02:33 . 2012-02-16 02:33	--------	d-----w-	c:\program files\ESET
2012-02-16 02:33 . 2012-02-16 02:33	--------	d-----w-	c:\documents and settings\All Users\Application Data\ESET
2012-02-15 22:17 . 2012-02-15 22:17	--------	d-----w-	C:\_OTS
2012-02-15 02:56 . 2012-01-11 19:06	3072	------w-	c:\windows\system32\iacenc.dll
2012-02-15 02:56 . 2012-01-11 19:06	3072	------w-	c:\windows\system32\dllcache\iacenc.dll
2012-02-13 03:13 . 2012-02-13 03:13	--------	d-----w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\Malwarebytes
2012-02-13 03:12 . 2012-02-13 03:12	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-13 03:12 . 2012-02-13 03:14	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-13 03:12 . 2011-12-10 20:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-13 01:54 . 2012-02-13 02:01	--------	d-----w-	c:\windows\ServicePackFiles
2012-02-12 23:16 . 2004-08-04 03:29	25471	------w-	c:\windows\system32\drivers\watv10nt.sys
2012-02-12 23:16 . 2004-08-04 03:29	22271	------w-	c:\windows\system32\drivers\watv06nt.sys
2012-02-12 23:16 . 2004-08-04 03:29	11935	------w-	c:\windows\system32\drivers\wadv11nt.sys
2012-02-12 23:16 . 2004-08-04 03:29	11871	------w-	c:\windows\system32\drivers\wadv09nt.sys
2012-02-12 23:16 . 2004-08-04 03:29	11807	------w-	c:\windows\system32\drivers\wadv07nt.sys
2012-02-12 23:16 . 2004-08-04 03:29	11295	------w-	c:\windows\system32\drivers\wadv08nt.sys
2012-02-12 23:16 . 2008-04-13 18:36	42240	------w-	c:\windows\system32\drivers\viaagp.sys
2012-02-12 23:14 . 2004-07-17 16:41	11053008	------w-	c:\program files\MSN\MSNCoreFiles\Install\MSN9Components\msncli.exe
2012-02-12 23:14 . 2008-04-14 00:11	81920	------w-	c:\windows\system32\ieencode.dll
2012-02-12 23:14 . 2004-08-04 03:41	1041536	------w-	c:\windows\system32\drivers\hsfdpsp2.sys
2012-02-12 23:14 . 2004-08-04 03:41	685056	------w-	c:\windows\system32\drivers\hsfcxts2.sys
2012-02-12 23:14 . 2004-08-04 03:41	220032	------w-	c:\windows\system32\drivers\hsfbs2s2.sys
2012-02-12 22:52 . 2008-06-13 11:05	272128	------w-	c:\windows\system32\dllcache\bthport.sys
2012-02-12 22:52 . 2008-06-13 11:05	272128	------w-	c:\windows\system32\drivers\bthport.sys
2012-02-08 16:33 . 2012-02-08 16:33	--------	d-----w-	c:\program files\VS Revo Group
2012-02-02 01:42 . 2006-08-23 16:48	53248	----a-w-	c:\windows\iwlanver.dll
2012-02-02 01:42 . 2012-02-02 01:42	--------	d-----w-	c:\documents and settings\NetworkService\Application Data\Intel
2012-02-02 01:42 . 2012-02-02 01:42	--------	d-----w-	c:\documents and settings\LocalService\Application Data\Intel
2012-02-02 01:42 . 2012-02-02 01:42	--------	d-----w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Application Data\Intel
2012-02-02 01:41 . 2012-02-02 01:41	21419	----a-w-	c:\windows\system32\drivers\AegisP.sys
2012-02-02 01:41 . 2012-02-02 01:41	--------	d-----w-	c:\documents and settings\All Users\Application Data\Intel
2012-01-21 22:05 . 2012-01-21 22:05	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 05:51 . 2006-09-29 00:00	82944	-c--a-w-	c:\windows\system32\drivers\WudfRd.sys
2012-01-12 16:53 . 2008-12-05 19:43	1859968	----a-w-	c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-04 08:00	916992	----a-w-	c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 08:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-04 08:00	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 08:00	385024	----a-w-	c:\windows\system32\html.iec
2011-11-25 21:57 . 2004-08-04 08:00	293376	----a-w-	c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-23 1434920]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2009-04-17 197856]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-02-19 438272]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"ASUS Ai Charger"="c:\program files\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 790528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2008-12-5 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13	64592	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2008-04-11 19:13	1085440	----a-r-	c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 22:57	86016	-c--a-w-	c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2004-11-05 20:52	233534	-c--a-w-	c:\program files\HPQ\Default Settings\Cpqset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher]
2009-11-24 06:03	906640	----a-w-	c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-01-13 13:47	163840	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24	54840	-c--a-w-	c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-01-13 13:47	131072	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-12 00:01	46368	-c--a-w-	c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 22:22	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54	253952	-c--a-w-	c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MioNet]
2008-01-14 19:16	32768	-c--a-r-	c:\program files\MioNet\MioNetLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12	1695232	----a-w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-03-24 03:28	2937528	----a-w-	c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-12 00:03	29984	-c--a-w-	c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoSysTray]
2011-01-05 23:19	15752	----a-w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Plaxo\3.25.0.87\plaxosystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
2011-01-05 23:19	813448	----a-w-	c:\documents and settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2010-11-27 05:55	648032	----a-w-	c:\program files\Sony\PMB\PMBVolumeWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 14:01	328992	-c--a-w-	c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
2011-06-02 09:42	67456	----a-w-	c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07	2260480	-csha-r-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03	210472	-c--a-w-	c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49	249064	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-14 04:12	39408	-c--a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SSScsiSV"=3 (0x3)
"SonicStage Back-End Service"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"ose"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"MioNet"=3 (0x3)
"MemeoBackgroundService"=2 (0x2)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9bfb059d9f398"=2 (0x2)
"WDBtnMgrSvc.exe"=2 (0x2)
"LBTServ"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 AiCharger;ASUS Charger Driver;c:\windows\system32\drivers\AiCharger.sys [12/26/2011 11:49 PM 13224]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8/4/2011 9:20 AM 118104]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9/22/2011 12:03 PM 974944]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/13/2009 3:56 PM 10448]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [11/27/2010 12:55 AM 398176]
S2 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [2/16/2009 4:30 PM 355840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 6:00 PM 133104]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [11/17/2009 5:16 AM 140632]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 gupdate1c9bfb059d9f398;Google Update Service (gupdate1c9bfb059d9f398);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 6:00 PM 133104]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [4/17/2009 12:51 PM 25824]
S4 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [1/14/2008 2:14 PM 139264]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2/19/2008 2:15 AM 106496]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2012-02-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-14 16:58]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 22:59]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 22:59]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-732144715-682409029-181207730-1009Core.job
- c:\documents and settings\Kathy.YOUR-4105E587B6\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-13 15:34]
.
2012-02-19 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]
.
2012-02-19 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]
.
2012-02-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-732144715-682409029-181207730-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-02-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-732144715-682409029-181207730-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2011-05-12 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-15 08:26]
.
2011-12-15 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-12-15 20:28]
.
2012-02-20 c:\windows\Tasks\User_Feed_Synchronization-{5C259D8B-DEA8-464E-BEEA-F83CE1340DE9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.weather.com/weather/my?showdatasavepop=T
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-20 14:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(3920)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-20 14:16:30
ComboFix-quarantined-files.txt 2012-02-20 19:16
ComboFix2.txt 2012-02-20 02:25
ComboFix3.txt 2012-02-14 01:36
ComboFix4.txt 2012-02-14 00:52
ComboFix5.txt 2012-02-20 19:02
.
Pre-Run: 16,992,841,728 bytes free
Post-Run: 16,968,171,520 bytes free
.
- - End Of File - - 07327B1B19565F6DFE44308B4F9E9E6E


----------



## Cookiegal (Aug 27, 2003)

Sorry, I forgot one but instead of running ComboFix again, I'll upload a registry fix that you can merge. I'm attaching a FixPTGirl4.zip file. Save it to your desktop. Unzip it and double-click the FixPTGirl4.reg file and allow it to merge into the registry.

The reboot the machine and proceed with the following instructions to uninstall ComboFix.


 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration purposes but the actual command uses the entire word "uninstall" and not just the "u" as shown in the picture).


----------



## PTgirl (Jan 22, 2012)

Registry fix merged and ComboFix uninstalled.
I have a program called RegistryBooster by Uniblue that cleans the registry and defrags it. I believe I remember you mentioning early on something about not using a registry cleaner because it can do damage. Should I dump this program?


----------



## TerryNet (Mar 23, 2005)

The short answer is: yes, dump any registry "cleaners."

I have used, and would use one, only when/if three conditions are met:

a. I'm having a particular problem that seems to be registry caused;
b. I first backup the registry;
c. I am prepared to (re)install Windows or re-image from a backup.


----------



## Cookiegal (Aug 27, 2003)

Yes, I agree with Terry. I would uninstall that one and SpeedUpMyPC as well.


----------



## PTgirl (Jan 22, 2012)

OK, thanks to both of you. I didn't realize SpeedUpMyPC fell into the same category. No wonder ESET keeps flagging them as unwanted applications 

Any other instructions?


----------



## Cookiegal (Aug 27, 2003)

That should be it PTGirl.


----------



## PTgirl (Jan 22, 2012)

Cookiegal,

Your knowledge and patience are amazing, and I appreciate all of the time you spent on me. Thanks so much again for all of your help.

I"ll mark this solved to close it


----------



## Cookiegal (Aug 27, 2003)

It was my pleasure.


----------

