# Solved: Virus removed no dhcp will not start automatically



## jomo60 (Mar 17, 2012)

Hi,
virus-other-malware-removal asked me to post here. The initial link is located at http://forums.techguy.org/virus-other-malware-removal/1045502-dhcp-will-not-start-automatically.html
I had a virus which I removed. Now my dhcp client will not start automatically. In fact it will not start until after at least 3 minutes after the computer boots when I try to manually start it.
Any help will be much appreciated. 
The log you requested is below 
Thank you,
Steven

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: AMD Athlon(tm) II X2 220 Processor, x86 Family 16 Model 6 Stepping 3
Processor Count: 2
RAM: 1791 Mb
Graphics Card: NVIDIA GeForce 6150SE nForce 430, 512 Mb
Hard Drives: C: Total - 476929 MB, Free - 72422 MB;
Motherboard: eMachines, EL1352G
Antivirus: Microsoft Security Essentials, Updated: Yes, On-Demand Scanner: Enabled


----------



## Phantom010 (Mar 9, 2009)

Is the *DHCP Client* service's *Startup Type* set to *Automatic*?


----------



## jomo60 (Mar 17, 2012)

Hi,
Yes, it is definitely set to automatic.
Thank you,
Steven


----------



## Phantom010 (Mar 9, 2009)

Please download *Farbar Service Scanner* to your desktop.

Make sure only the following option is checked:

*Internet Services*

Press "*Scan*".

It will create a log (FSS.txt) in the same directory the tool is run (which should be on the desktop).

Please copy and paste the log to your reply.


----------



## jomo60 (Mar 17, 2012)

Hi,
Here is the log you requested.
Thank you,
Steven

Farbar Service Scanner Version: 01-03-2012
Ran by Math On DVDs (administrator) on 10-04-2012 at 09:28:08
Running from "C:\Documents and Settings\Math On DVDs\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****


----------



## Phantom010 (Mar 9, 2009)

Click Start > Run > type (or copy/paste) the following command:


```
cmd /k reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp" /s
```
Copy (right-click and Select All > press Enter) the entire content of that window 
and paste it into your next reply.


----------



## jomo60 (Mar 17, 2012)

Here is the log you requested.
! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp
Type REG_DWORD 0x20
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
DisplayName REG_SZ DHCP Client
Group REG_SZ TDI
DependOnService REG_MULTI_SZ Tcpip\0Afd\0NetBT\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ LocalSystem
Description REG_SZ Manages network configuration by registering and updatin
g IP addresses and DNS names.
FailureActions REG_BINARY 0000000000000000000000000300000014000000
0000000060EA00000000000060EA00000000000060EA0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Configurations
Options REG_BINARY 32000000000000000400000000000000FFFFFF7F00000000
01000000000000000400000000000000FFFFFF7F00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Linkage

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Linkage\Disabled

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\dhcpcsvc.dll
{231F8E8E-67D4-4EBC-AB76-7E4C860417E1} REG_BINARY 3600000000000000
0000000000000000E1D1584F33000000000000000000000000000000E1D1584F0F00000000000000
0000000000000000E1D1584F06000000000000000000000000000000E1D1584F0300000000000000
0000000000000000E1D1584F01000000000000000000000000000000E1D1584F3500000000000000
0000000000000000E1D1584F
{93A801DE-CF7F-4027-8CCF-AB05AFB1F131} REG_BINARY 3600000000000000
04000000000000006E84854FC0A80101330000000000000004000000000000006E84854F00015180
0F000000000000000E000000000000006E84854F65617274686C696E6B2E6E657400000006000000
000000000C000000000000006E84854FCF45BCB9CF45BCBACF45BCBB030000000000000004000000
000000006E84854FC0A80101010000000000000004000000000000006E84854FFFFFFF0035000000
0000000001000000000000006E84854F05000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\1
KeyType REG_DWORD 0x7
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Paramete
rs\Interfaces\?\DhcpSubnetMaskOpt\0SYSTEM\CurrentControlSet\Services\?\Parameter
s\Tcpip\DhcpSubnetMaskOpt\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15
KeyType REG_DWORD 0x1
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Paramete
rs\Interfaces\?\DhcpDomain\0SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\D
hcpDomain\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\220

KeyType REG_DWORD 0x3
VendorType REG_DWORD 0x1
RegSendLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\
Parameters\Interfaces\?\SoHRequest\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\3
KeyType REG_DWORD 0x7
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Paramete
rs\Interfaces\?\DhcpDefaultGateway\0SYSTEM\CurrentControlSet\Services\?\Paramete
rs\Tcpip\DhcpDefaultGateway\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\44
KeyType REG_DWORD 0x1
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\NetBT\Paramete
rs\Interfaces\Tcpip_?\DhcpNameServerList\0SYSTEM\CurrentControlSet\Services\NetB
T\Adapters\?\DhcpNameServer\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\46
KeyType REG_DWORD 0x4
RegLocation REG_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\DhcpN
odeType

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\47
KeyType REG_DWORD 0x1
RegLocation REG_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\DhcpS
copeID

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\6
KeyType REG_DWORD 0x1
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Paramete
rs\Interfaces\?\DhcpNameServer\0SYSTEM\CurrentControlSet\Services\Tcpip\Paramete
rs\DhcpNameServer\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\Dhc
pNetbiosOptions
KeyType REG_DWORD 0x4
OptionId REG_DWORD 0x1
VendorType REG_DWORD 0x1
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\NetBT\Paramete
rs\Interfaces\Tcpip_?\DhcpNetbiosOptions\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C00
0100000002801400FF010F000101000000000001000000000200600004000000000014008D010200
01010000000000050B00000000001800FD0102000102000000000005200000002C02000000001800
FF010F000102000000000005200000002002000000001400FD010200010100000000000512000000
010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Enum
0 REG_SZ Root\LEGACY_DHCP\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

C:\Documents and Settings\Math On DVDs>


----------



## Phantom010 (Mar 9, 2009)

I see you've added a *Recovery* option for the *DHCP Client* service. Can you tell me how is your setup (take a screenshot)?

Open the *DHCP Client* service and select the *Recovery* tab.


----------



## Phantom010 (Mar 9, 2009)

Also, are there any error messages in the Event Viewer about the DHCP Client service?


----------



## jomo60 (Mar 17, 2012)

I tried adding a picture but got this message-The text that you have entered is too long (754907 characters). Please shorten it to 300000 characters long.
1st, 2nd, subsequent failures are all set to take no action. 
Reset fail count after 0 days
Restart service after 1 minute is grayed out
Thank you,
Steven


----------



## Phantom010 (Mar 9, 2009)

jomo60 said:


> I tried adding a picture but got this message-The text that you have entered is too long (754907 characters). Please shorten it to 300000 characters long.
> 1st, 2nd, subsequent failures are all set to take no action.
> Reset fail count after 0 days
> Restart service after 1 minute is grayed out
> ...


OK. Forget about that. It's alright. I missed that entry in my own registry and just noticed it.


----------



## jomo60 (Mar 17, 2012)

I do not know how to check if there any error messages in the Event Viewer about the DHCP Client service.


----------



## Deejay100six (Sep 27, 2011)

Here you are Steve, courtesy of Cookiegal.

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one. (Obviously you're looking for ones related to DHCP client)

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## jomo60 (Mar 17, 2012)

Hi,
I got two errors multiple times and one warning multiple times.
They do not say DHCP, but since it was just 3 errors/warnings I posted the logs below.
Thank you,
Steven

Event Type: Error
Event Source: MPSampleSubmission
Event Category: None
Event ID: 5000
Date: 4/9/2012
Time: 2:26:10 PM
User: N/A
Computer: MATHONDVDS
Description:
EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4 0, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 70 00 74 00 65 00 m.p.t.e.
0008: 6c 00 65 00 6d 00 65 00 l.e.m.e.
0010: 74 00 72 00 79 00 2c 00 t.r.y.,.
0018: 20 00 30 00 2c 00 20 00 .0.,. .
0020: 6d 00 6f 00 61 00 63 00 m.o.a.c.
0028: 63 00 61 00 70 00 61 00 c.a.p.a.
0030: 62 00 69 00 6c 00 69 00 b.i.l.i.
0038: 74 00 79 00 2c 00 20 00 t.y.,. .
0040: 33 00 2e 00 30 00 2e 00 3...0...
0048: 38 00 34 00 30 00 32 00 8.4.0.2.
0050: 2e 00 30 00 2c 00 20 00 ..0.,. .
0058: 30 00 2c 00 20 00 30 00 0.,. .0.
0060: 2c 00 20 00 75 00 6e 00 ,. .u.n.
0068: 73 00 70 00 65 00 63 00 s.p.e.c.
0070: 69 00 66 00 69 00 65 00 i.f.i.e.
0078: 64 00 2c 00 20 00 75 00 d.,. .u.
0080: 6e 00 73 00 70 00 65 00 n.s.p.e.
0088: 63 00 69 00 66 00 69 00 c.i.f.i.
0090: 65 00 64 00 2c 00 20 00 e.d.,. .
0098: 4e 00 49 00 4c 00 2c 00 N.I.L.,.
00a0: 20 00 4e 00 49 00 4c 00 .N.I.L.
00a8: 20 00 4e 00 49 00 4c 00 .N.I.L.
00b0: 0d 00 0a 00 ....

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 4/10/2012
Time: 9:07:40 AM
User: N/A
Computer: MATHONDVDS
Description:
The following boot-start or system-start driver(s) failed to load: 
AFD

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: i8042prt
Event Category: None
Event ID: 20
Date: 4/10/2012
Time: 9:05:13 AM
User: N/A
Computer: MATHONDVDS
Description:
Could not set the keyboard indicator lights.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 0c 00 01 00 66 00 ......f.
0008: 00 00 00 00 14 00 05 80 .......&#128;
0010: 09 06 00 00 b5 00 00 c0 ....µ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 00 00 00 00 00 00 00 00 ........
0030: ed 00 00 00 í...


----------



## Phantom010 (Mar 9, 2009)

First,

Click Start > Run > type* CMD* 

Click OK.

In the Command Prompt, type in the *bold* text, one command after the other, pressing Enter between each one of them:

Reset WINSOCK entries to installation defaults: *netsh winsock reset catalog*

Reset TCP/IP stack to installation defaults: *netsh int ip reset reset.log*

Restart the computer.

If still no luck with the *DHCP Client* service,

1- Run *HijackThis* again.

2- Click on *Open the Misc Tools section* from the Main Menu.

3- Check the *List also minor sections (full)* and *List empty sections (complete) *boxes.

4- Click on *Generate StartupList log*.

5- Copy and paste the StartupList log from Notepad into your next reply.


----------



## Phantom010 (Mar 9, 2009)

The first error "MPSampleSubmission" comes from Microsoft Security Essentials. It means the service could not check for definition updates while your Internet wasn't connected (without DHCP).


----------



## jomo60 (Mar 17, 2012)

StartupList report, 4/10/2012, 5:16:02 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Math On DVDs\Desktop\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v8.00 (8.00.6001.18702)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zoom\Zoom Phone Adaptor\ZoomMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SMART Board Software\SMARTBoardTools.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SMART Board Software\Aware.exe
C:\Program Files\SMART Board Software\Marker.exe
C:\Program Files\JellyFish Light 3.5\JFL3532.exe
C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\SMARTProductUpdate.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\Program Files\Zoom\Zoom Phone Adaptor\VServ.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Zoom\Zoom Phone Adaptor\ZoomAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Math On DVDs\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Math On DVDs\Start Menu\Programs\Startup]
Skype.lnk = ?

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
SMART Board Tools.lnk = C:\Program Files\SMART Board Software\SMARTBoardTools.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

GrooveMonitor = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
ZoomMonitor.exe = C:\Program Files\Zoom\Zoom Phone Adaptor\ZoomMonitor.exe
MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - (no file) - AutorunsDisabled
SMART Notebook Download Plugin - C:\Program Files\SMART Board Software\NotebookPlugin.dll - {67BCF957-85FC-4036-8DC4-D4D80E00A77B}
(no name) - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
(no name) - C:\Program Files\Java\jre6\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SkypeIEPluginBHO - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Adobe Flash Player Updater.job
MP Scheduled Scan.job

--------------------------------------------------

Enumerating Download Program Files:

[{7530BFB8-7293-4D34-9923-61A11451AFC5}]
CODEBASE = http://download.eset.com/special/eos/OnlineScanner.cab

[Java Plug-in 1.6.0_31]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

[Java Plug-in 1.6.0_31]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

[Java Plug-in 1.6.0_31]
InProcServer32 = C:\Program Files\Java\jre6\bin\npjpi160_31.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\System32\nwprovau.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\mswsock.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\rsvpsp.dll
Protocol #13: C:\WINDOWS\system32\rsvpsp.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Adobe Flash Player Update Service: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Ambfilt: system32\drivers\Ambfilt.sys (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
catchme: \??\C:\DOCUME~1\MATHON~1\LOCALS~1\Temp\catchme.sys (manual start)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Microsoft .NET Framework NGEN v4.0.30319_X86: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (autostart)
COM+ System Application: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
CryptSvc: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
dgderdrv: System32\drivers\dgderdrv.sys (manual start)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (autostart)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Extensible Authentication Protocol Service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
FlipShare Service: "C:\Program Files\Flip Video\FlipShare\FlipShareService.exe" (disabled)
FltMgr: system32\drivers\fltmgr.sys (system)
Windows Presentation Foundation Font Cache 3.0.0.0: c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
ForceWare Intelligent Application Manager (IAM): C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (disabled)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
glancedrv: system32\DRIVERS\glancedrv.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SMART Board Hidmini Driver: system32\DRIVERS\HidBoard.sys (manual start)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
Windows CardSpace: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (disabled)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: %systemroot%\system32\imapi.exe (manual start)
Service for Realtek HD Audio (WDM): system32\drivers\RtkHDAud.sys (manual start)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Java Quick Starter: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" (autostart)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
lmimirr: system32\DRIVERS\lmimirr.sys (manual start)
LogMeIn Remote File System Driver: \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microsoft Office Groove Audit Service: "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Monfilt: system32\drivers\Monfilt.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
Microsoft Malware Protection Driver: system32\DRIVERS\MpFilter.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Antimalware Service: "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" (autostart)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
SQL Server (ADCENTERDESKTOP): "c:\Program Files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe" -sADCENTERDESKTOP (disabled)
SQL Active Directory Helper Service: "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" (disabled)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (autostart)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (autostart)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Net.Tcp Port Sharing Service: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (autostart)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NMSAccessU: C:\Program Files\Super_DVD_Creator_9.5\NMSAccessU.exe (disabled)
ForceWare IP service: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (disabled)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA nForce Networking Controller Driver: System32\DRIVERS\NVENETFD.sys (manual start)
nvgts: System32\DRIVERS\nvgts.sys (system)
NVIDIA Network Bus Enumerator: System32\DRIVERS\nvnetbus.sys (manual start)
NVIDIA Driver Helper Service: %SystemRoot%\system32\nvsvc32.exe (disabled)
NVIDIA Update Service Daemon: C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (disabled)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Microsoft Office Diagnostics Service: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (disabled)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
RsFx0150 Driver: system32\DRIVERS\RsFx0150.sys (disabled)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
VL1800 USB Driver: system32\DRIVERS\scusbvip.sys (manual start)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Prolific2 Serial port driver: system32\DRIVERS\ser2pl.sys (manual start)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Zoom Virtual Audio Device: system32\drivers\slvad.sys (manual start)
SMART Board Service: "C:\Program Files\SMART Board Software\SMARTBoardService.exe" (autostart)
SMART Mirror Driver Monitor Service: C:\Documents and Settings\Math On DVDs\Application Data\SMART Technologies\Bridgit\4.2.146.0\monitorservice.exe (disabled)
SMART Technologies Inc. Mirror Driver: system32\DRIVERS\smrtdrv.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
SQL Server Agent (ADCENTERDESKTOP): "c:\Program Files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE" -i ADCENTERDESKTOP (disabled)
SQL Server Browser: "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" (disabled)
SQL Server VSS Writer: "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" (disabled)
System Restore Filter Driver: \SystemRoot\System32\DRIVERS\sr.sys (disabled)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{2E7B7530-B18F-4F5E-A143-65797789AE19} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost.exe -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start)
TLRecAgent: system32\DRIVERS\TLRecAgent.sys (system)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
TuneUp Theme Extension: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VService: C:\Program Files\Zoom\Zoom Phone Adaptor\VServ.exe (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Windows Management Interface for ACPI: System32\DRIVERS\wmiacpi.sys (system)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Presentation Foundation Font Cache 4.0.0.0: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
wscsvc: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\shell32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 36,359 bytes
Report generated in 0.140 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## Phantom010 (Mar 9, 2009)

Do you have your XP CD?


----------



## jomo60 (Mar 17, 2012)

No, I don't.


----------



## Phantom010 (Mar 9, 2009)

One more thing to check:

Click Start > Run > type *regedit*.

Press Enter.

Browse to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\*Dhcp*

Right-click *Dhcp* and choose *Permissions...*

Choose (Allow) for all listed groups and users, then press apply and 
ok.

Do the same for:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\*Tcpip*

Right-click *Tcpip*.

Exit the registry editor and restart your computer.


----------



## Cookiegal (Aug 27, 2003)

Netbios over tcpip was showing as disabled in your last ipconfig /all log. Can you post a new one please?


----------



## jomo60 (Mar 17, 2012)

Done (all setting were correct).
Thank you,
Steven


----------



## jomo60 (Mar 17, 2012)

ipconfig /all log--I think I typed in the wrong info (I typed in ipconfig /all log)

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Math On DVDs>ipconfig /all log

Error: unrecongnized or incomplete command line.

USAGE:
ipconfig [/? | /all | /renew [adapter] | /release [adapter] |
/flushdns | /displaydns | /registerdns |
/showclassid adapter |
/setclassid adapter [classid] ]

where
adapter Connection name
(wildcard characters * and ? allowed, see examples)

Options:
/? Display this help message
/all Display full configuration information.
/release Release the IP address for the specified adapter.
/renew Renew the IP address for the specified adapter.
/flushdns Purges the DNS Resolver cache.
/registerdns Refreshes all DHCP leases and re-registers DNS names
/displaydns Display the contents of the DNS Resolver Cache.
/showclassid Displays all the dhcp class IDs allowed for adapter.
/setclassid Modifies the dhcp class id.

The default is to display only the IP address, subnet mask and
default gateway for each adapter bound to TCP/IP.

For Release and Renew, if no adapter name is specified, then the IP address
leases for all adapters bound to TCP/IP will be released or renewed.

For Setclassid, if no ClassId is specified, then the ClassId is removed.

Examples:
> ipconfig ... Show information.
> ipconfig /all ... Show detailed information
> ipconfig /renew ... renew all adapters
> ipconfig /renew EL* ... renew any connection that has its
name starting with EL
> ipconfig /release *Con* ... release all matching connections,
eg. "Local Area Connection 1" or
"Local Area Connection 2"

C:\Documents and Settings\Math On DVDs>


----------



## Cookiegal (Aug 27, 2003)

It's just: ipconfig /all


----------



## Phantom010 (Mar 9, 2009)

Click Start > Run > type *ncpa.cpl *

Press Enter.

Right-click the local area network connection and click *Properties*.

Double-click *Internet Protocol (TCP/IP).*

Click *Advanced*.

Click *WINS*.

Under *NetBIOS setting*, what is selected?


----------



## Cookiegal (Aug 27, 2003)

I was going to ask for a screenshot but that will work.


----------



## Phantom010 (Mar 9, 2009)

A screenshot will also do. 

To take a screenshot,

1- Hit the Printscreen key on your keyboard. This will copy your entire screen to the clipboard. Hitting ALT + Printscreen will only copy the active window.

2- Open Paint. (click Start > Run > type *mspaint* and click OK)

3- Select Edit.

4- Click on Paste. (or simply press CTRL+V on your keyboard)

5- Select File.

6- Click on Save As...

7- Save your screenshot as a *JPEG* file.

8- Attach the screenshot to your next post.

*How to Attach a File on TSG*


----------



## jomo60 (Mar 17, 2012)

Under NetBIOS setting, what is selected?--Default

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Math On DVDs>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : mathondvds
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : earthlink.net

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . : earthlink.net
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ether
net
Physical Address. . . . . . . . . : F8-0F-41-0B-5E-1E
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 207.69.188.185
207.69.188.186
207.69.188.187
Lease Obtained. . . . . . . . . . : Tuesday, April 10, 2012 5:06:21 PM
Lease Expires . . . . . . . . . . : Wednesday, April 11, 2012 5:06:21 PM

C:\Documents and Settings\Math On DVDs>


----------



## Cookiegal (Aug 27, 2003)

Default is all that's showing? Is Enable LMHOSTS lookup unchecked? If so, try checking it.

Also, post a screenshot of what you see on the DNS tab please.


----------



## Phantom010 (Mar 9, 2009)

If no luck with the above,

I'm starting to wonder if one of your services might be interfering with DHCP. Everything else seems in order.

Try restarting your computer in Safe Mode with Networking? When booting into Safe Mode, the operating system only loads the bare minimum of software that is required for the operating system to work.

Any difference with DHCP?

*How to Boot in Safe Mode*

In the Advanced Boot Options menu, choose Safe Mode with Networking.


----------



## jomo60 (Mar 17, 2012)

Default is all that's showing? Is Enable LMHOSTS lookup unchecked? If so, try checking it.---Oops, yes LMHOSTS lookup IS checked-sorry about that.

No change in safemode with networking.
Thanks,
Steven


----------



## Cookiegal (Aug 27, 2003)

Just for clarification, are you able to connect to the Internet at times or not at all with this computer?


----------



## jomo60 (Mar 17, 2012)

I can always connect to the internet. DHCP client does not start automatically. After boot I have to wait at about 3 minutes before I can manually start dhcp client.
Thank you,
Steven


----------



## Phantom010 (Mar 9, 2009)

What if you let it start by its own? Have you tried waiting a few more minutes?


----------



## jomo60 (Mar 17, 2012)

It hangs on acquiring internet (something like that) for hours.


----------



## Cookiegal (Aug 27, 2003)

Can you run Farbar right after booting before you're able to connect as well as another ipconfig /all at the same time so we can we see if it shows what my be preventing it.


----------



## jomo60 (Mar 17, 2012)

Farbar Service Scanner Version: 01-03-2012
Ran by Math On DVDs (administrator) on 11-04-2012 at 12:09:56
Running from "C:\Documents and Settings\Math On DVDs\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Math On DVDs>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : mathondvds
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . : earthlink.net
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ether
net
Physical Address. . . . . . . . . : F8-0F-41-0B-5E-1E
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 207.69.188.185
207.69.188.186
207.69.188.187

C:\Documents and Settings\Math On DVDs>


----------



## Phantom010 (Mar 9, 2009)

Click Start > Run > type *ncpa.cpl *

Press Enter.

Right-click the local area network connection and click *Properties*.

Double-click *Internet Protocol (TCP/IP).*

Can you take a screenshot of that window?


----------



## Cookiegal (Aug 27, 2003)

Do you now or have you ever had Zone Alarm installed on this machine?


----------



## jomo60 (Mar 17, 2012)

Hi,
I never had zone alarm on this computer.


----------



## Phantom010 (Mar 9, 2009)

Has DHCP ever worked properly before, with this network card? Some cards can't handle DHCP properly.

You might need a driver update?


----------



## jomo60 (Mar 17, 2012)

It worked fine until I removed a virus.
Thank you,
Steven


----------



## jomo60 (Mar 17, 2012)

I had a virus which I removed. After that I had the dhcp issue which prompted my 1st thread with techguy.
Thank you,
Steven


----------



## Phantom010 (Mar 9, 2009)

If the virus removal process accidently deleted important system files, finding what's missing isn't going to be easy.


----------



## Cookiegal (Aug 27, 2003)

Let's try this:

Download the MS update KB951748 from the following link and place the installer on your desktop but do not run it yet.

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17852

Go to Control Panel - Add or Remove programs and uninstall update *XP (KB951748)* and then reboot the machine.

Reinstall update KB951748 by executing the file that you downloaded to your desktop.

Reboot again and see if the machine connects properly.


----------



## jomo60 (Mar 17, 2012)

Ok, are you willing to try?
Thank you,
Steven


----------



## jomo60 (Mar 17, 2012)

Hi,
I will try that in about 20 minutes.
Thanks,
Steven


----------



## Deejay100six (Sep 27, 2011)

If you don't mind me jumping in with my 2 cents, this in his event viewer logs;



> error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.


made me suspect afd.sys but I couldn't find anything wrong. Not really my field though. 

Could afd.sys be reinstalled and might that help?


----------



## Phantom010 (Mar 9, 2009)

> A device attached to the system is not functioning.


And what would that device be? The NIC?


----------



## Cookiegal (Aug 27, 2003)

Yes, I noticed that too but it is eventually starting or there would be no connection. If this doesn't work, we can try an export of some registry keys.


----------



## Phantom010 (Mar 9, 2009)

Reinstalling the NIC?


----------



## jomo60 (Mar 17, 2012)

Hi,
I looked 3 times in add/remove and do not see update XP (KB951748) and I did check show updates.


----------



## Phantom010 (Mar 9, 2009)

If you don't have it, you should. Download and install it.

However, you can download *WinUpdatesList*. It's a free program that doesn't need to be installed. Simply run the program and it'll show all Windows Updates on your computer.

Run the program.

Hit CTRL+F on your keyboard.

Type in *KB951748 *and press Enter.

If you're still not seeing that update, you'll need to download and install it from *HERE*. It's a very old update but somehow, it may have been damaged or removed by the virus.


----------



## Cookiegal (Aug 27, 2003)

Yes, you should have it to get the correct version of several files which may have been corrupted.


----------



## jomo60 (Mar 17, 2012)

I installed it!


----------



## Phantom010 (Mar 9, 2009)

After installing it, you should check for other Windows Updates that might need to install because of it.


----------



## jomo60 (Mar 17, 2012)

I installed winupdates list and it found the file that I just installed. I will try to run windows update and let you know how that went.
Thank you,
Steven


----------



## jomo60 (Mar 17, 2012)

According to microsofts website I am up to date on updates.


----------



## Phantom010 (Mar 9, 2009)

Did you restart your computer yet? Any change?


----------



## jomo60 (Mar 17, 2012)

Yes, I did start my computer and still have the same problem.


----------



## Cookiegal (Aug 27, 2003)

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 24 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.

I'd like to see if you're still getting the same errors as before.


----------



## Phantom010 (Mar 9, 2009)

Another thing to try:

The DHCP Client service is dependent on the following services. Their *Startup Type* is set to *System* (why these services more than others, I don't know):

*AFD*

*NetBios over Tcpip*

*TCP/IP Protocol Driver*

Click Start > Run > type *devmgmt.msc*

Press Enter.

Click *View*.

Tick *Show hidden devices*.

Scroll down to *Non-Plug and Play Drivers*.

Double-click *AFD*.

Click the *Driver* tab. (In there, the service should be Started)

Under *Startup*, select *Automatic*.

Restart the computer.

If no luck, you can do it for the other two services as well, but perhaps one after the other, rebooting after each switch.

I have no idea if this will work, but it can easily be reverted back to the way it was (System).


----------



## Phantom010 (Mar 9, 2009)

Sorry, Cookiegal, just noticed your post.


----------



## jomo60 (Mar 17, 2012)

Event Type: Error
Event Source: .NET Runtime Optimization Service
Event Category: None
Event ID: 1103
Date: 4/10/2012
Time: 5:06:18 PM
User: N/A
Computer: MATHONDVDS
Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: ASP.NET 2.0.50727.0
Event Category: Setup 
Event ID: 1020
Date: 4/10/2012
Time: 4:59:07 PM
User: N/A
Computer: MATHONDVDS
Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: MPSampleSubmission
Event Category: None
Event ID: 5000
Date: 4/10/2012
Time: 4:53:02 PM
User: N/A
Computer: MATHONDVDS
Description:
EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 70 00 74 00 65 00 m.p.t.e.
0008: 6c 00 65 00 6d 00 65 00 l.e.m.e.
0010: 74 00 72 00 79 00 2c 00 t.r.y.,.
0018: 20 00 38 00 30 00 32 00 .8.0.2.
0020: 34 00 30 00 30 00 31 00 4.0.0.1.
0028: 36 00 2c 00 20 00 62 00 6.,. .b.
0030: 65 00 67 00 69 00 6e 00 e.g.i.n.
0038: 69 00 6e 00 73 00 74 00 i.n.s.t.
0040: 61 00 6c 00 6c 00 2c 00 a.l.l.,.
0048: 20 00 69 00 6e 00 73 00 .i.n.s.
0050: 74 00 61 00 6c 00 6c 00 t.a.l.l.
0058: 2c 00 20 00 33 00 2e 00 ,. .3...
0060: 30 00 2e 00 38 00 34 00 0...8.4.
0068: 30 00 32 00 2e 00 30 00 0.2...0.
0070: 2c 00 20 00 6d 00 70 00 ,. .m.p.
0078: 73 00 69 00 67 00 64 00 s.i.g.d.
0080: 77 00 6e 00 2e 00 64 00 w.n...d.
0088: 6c 00 6c 00 2c 00 20 00 l.l.,. .
0090: 33 00 2e 00 30 00 2e 00 3...0...
0098: 38 00 34 00 30 00 32 00 8.4.0.2.
00a0: 2e 00 30 00 2c 00 20 00 ..0.,. .
00a8: 6d 00 69 00 63 00 72 00 m.i.c.r.
00b0: 6f 00 73 00 6f 00 66 00 o.s.o.f.
00b8: 74 00 20 00 73 00 65 00 t. .s.e.
00c0: 63 00 75 00 72 00 69 00 c.u.r.i.
00c8: 74 00 79 00 20 00 65 00 t.y. .e.
00d0: 73 00 73 00 65 00 6e 00 s.s.e.n.
00d8: 74 00 69 00 61 00 6c 00 t.i.a.l.
00e0: 73 00 20 00 28 00 65 00 s. .(.e.
00e8: 64 00 62 00 34 00 66 00 d.b.4.f.
00f0: 61 00 32 00 33 00 2d 00 a.2.3.-.
00f8: 35 00 33 00 62 00 38 00 5.3.b.8.
0100: 2d 00 34 00 61 00 66 00 -.4.a.f.
0108: 61 00 2d 00 38 00 63 00 a.-.8.c.
0110: 35 00 64 00 2d 00 39 00 5.d.-.9.
0118: 39 00 37 00 35 00 32 00 9.7.5.2.
0120: 63 00 63 00 61 00 37 00 c.c.a.7.
0128: 30 00 39 00 34 00 29 00 0.9.4.).
0130: 2c 00 20 00 4e 00 49 00 ,. .N.I.
0138: 4c 00 2c 00 20 00 4e 00 L.,. .N.
0140: 49 00 4c 00 20 00 4e 00 I.L. .N.
0148: 49 00 4c 00 0d 00 0a 00 I.L.....

Event Type: Error
Event Source: MPSampleSubmission
Event Category: None
Event ID: 5000
Date: 4/9/2012
Time: 2:26:10 PM
User: N/A
Computer: MATHONDVDS
Description:
EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4 0, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 70 00 74 00 65 00 m.p.t.e.
0008: 6c 00 65 00 6d 00 65 00 l.e.m.e.
0010: 74 00 72 00 79 00 2c 00 t.r.y.,.
0018: 20 00 30 00 2c 00 20 00 .0.,. .
0020: 6d 00 6f 00 61 00 63 00 m.o.a.c.
0028: 63 00 61 00 70 00 61 00 c.a.p.a.
0030: 62 00 69 00 6c 00 69 00 b.i.l.i.
0038: 74 00 79 00 2c 00 20 00 t.y.,. .
0040: 33 00 2e 00 30 00 2e 00 3...0...
0048: 38 00 34 00 30 00 32 00 8.4.0.2.
0050: 2e 00 30 00 2c 00 20 00 ..0.,. .
0058: 30 00 2c 00 20 00 30 00 0.,. .0.
0060: 2c 00 20 00 75 00 6e 00 ,. .u.n.
0068: 73 00 70 00 65 00 63 00 s.p.e.c.
0070: 69 00 66 00 69 00 65 00 i.f.i.e.
0078: 64 00 2c 00 20 00 75 00 d.,. .u.
0080: 6e 00 73 00 70 00 65 00 n.s.p.e.
0088: 63 00 69 00 66 00 69 00 c.i.f.i.
0090: 65 00 64 00 2c 00 20 00 e.d.,. .
0098: 4e 00 49 00 4c 00 2c 00 N.I.L.,.
00a0: 20 00 4e 00 49 00 4c 00 .N.I.L.
00a8: 20 00 4e 00 49 00 4c 00 .N.I.L.
00b0: 0d 00 0a 00 ....

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 4/11/2012
Time: 2:06:54 PM
User: N/A
Computer: MATHONDVDS
Description:
The following boot-start or system-start driver(s) failed to load: 
AFD

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/11/2012
Time: 2:06:54 PM
User: N/A
Computer: MATHONDVDS
Description:
The Human Interface Device Access service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 4/11/2012
Time: 2:06:54 PM
User: N/A
Computer: MATHONDVDS
Description:
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: 
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 4/11/2012
Time: 2:06:54 PM
User: N/A
Computer: MATHONDVDS
Description:
The DHCP Client service depends on the AFD service which failed to start because of the following error: 
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/11/2012
Time: 2:06:54 PM
User: N/A
Computer: MATHONDVDS
Description:
The TuneUp Theme Extension service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Print
Event Category: None
Event ID: 23
Date: 4/11/2012
Time: 2:05:04 PM
User: NT AUTHORITY\SYSTEM
Computer: MATHONDVDS
Description:
Printer HP Officejet 4500 G510a-f fax failed to initialize because a suitable HP Officejet 4500 G510a-f fax driver could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 4/11/2012
Time: 12:25:58 PM
User: N/A
Computer: MATHONDVDS
Description:
The following boot-start or system-start driver(s) failed to load: 
AFD

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/11/2012
Time: 12:25:57 PM
User: N/A
Computer: MATHONDVDS
Description:
The Human Interface Device Access service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 4/11/2012
Time: 12:25:57 PM
User: N/A
Computer: MATHONDVDS
Description:
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: 
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 4/11/2012
Time: 12:25:57 PM
User: N/A
Computer: MATHONDVDS
Description:
The DHCP Client service depends on the AFD service which failed to start because of the following error: 
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/11/2012
Time: 12:25:57 PM
User: N/A
Computer: MATHONDVDS
Description:
The TuneUp Theme Extension service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Print
Event Category: None
Event ID: 23
Date: 4/11/2012
Time: 12:24:12 PM
User: NT AUTHORITY\SYSTEM
Computer: MATHONDVDS
Description:
Printer HP Officejet 4500 G510a-f fax failed to initialize because a suitable HP Officejet 4500 G510a-f fax driver could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 4/11/2012
Time: 12:22:45 PM
User: NT AUTHORITY\SYSTEM
Computer: MATHONDVDS
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Phantom010 (Mar 9, 2009)

There seems to be something preventing AFD from starting correctly. Try the Device Manager tweak.


----------



## jomo60 (Mar 17, 2012)

Hi everyone,
Yep, setting AFD to automatic did the trick. My internet service turns on with the desktop! Thanks so much. How much for your service?
Steven


----------



## Phantom010 (Mar 9, 2009)

Send me a check by email. 

Glad it works! :up:


----------



## jomo60 (Mar 17, 2012)

Thanks, again.


----------



## Phantom010 (Mar 9, 2009)

jomo60 said:


> Thanks, again.


You're welcome!


----------



## Deejay100six (Sep 27, 2011)

Nice work guys.


----------



## Cookiegal (Aug 27, 2003)

That's great but it should be set to "system". See if setting it back to system causes the problem to return or not.


----------



## Phantom010 (Mar 9, 2009)

Deejay100six said:


> Nice work guys.


It really was a team effort.


----------



## Phantom010 (Mar 9, 2009)

Cookiegal said:


> That's great but it should be set to "system". See if setting it back to system causes the problem to return or not.


O Yee Of Little Faith!


----------



## jomo60 (Mar 17, 2012)

I set it back to system and the problem came back. Is it really a problem having it set to automatic?
Steven


----------



## Phantom010 (Mar 9, 2009)

If it's working fine that way, I don't see a problem with keeping it on Automatic.


----------



## Cookiegal (Aug 27, 2003)

If it's working that way then it should be fine. But if it won't work when it's set to "system" then that indicates there's still an underlying problem somewhere.


----------



## jomo60 (Mar 17, 2012)

Do you nice folks want to look further into this problem?


----------



## Phantom010 (Mar 9, 2009)

Cookiegal said:


> But if it won't work when it's set to "system" then that indicates there's still an underlying problem somewhere.


I agree, but what! 

The error message about AFD was mentionning a "device" as the probable cause. I'm still wondering about the NIC. Reinstalling or updating the driver could be something to try.


----------



## jomo60 (Mar 17, 2012)

Ok, please give me the instructions and I'll try it.


----------



## Phantom010 (Mar 9, 2009)

jomo60 said:


> Do you nice folks want to look further into this problem?


Well, I wouldn't lose too much sleep over it. It's working. Something has obviously been damaged by the infection or its removal process. Finding what it is could be very difficult and pointless. However, if you do have the software/driver for your NIC, it could be a place to start.


----------



## Cookiegal (Aug 27, 2003)

It could be like looking for a needle in a haystack but if you're willing, we can dig a little deeper. The message about the device generally means there's something wrong with the file (corruption). 

Certainly you can start with replacing the driver, it can't hurt.

The next step might be to uninstall SP3 and reinstall it but then you will have to reinstall all of the MS updates (100 or so) that came after SP2. But before trying that, let's check the version of the afd.sys file. Please navigate to the file:

C:\Windows\System32\drivers\afd.sys

Right-click on afd.sys file and select "properties" and then click on the version tab. Please let us know the version number of the file.


----------



## Phantom010 (Mar 9, 2009)

Cookiegal said:


> Please navigate to the file:
> 
> C:\Windows\System32\drivers\afd.sys
> 
> Right-click on afd.sys file and select "properties" and then click on the version tab. Please let us know the version number of the file.


Cookiegal, I'm not an expert with *Farbar* but doesn't the following entry tell us that *afd.sys* should be OK? Or is the MD5 algorithm not accurate enough?

*C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit*


----------



## jomo60 (Mar 17, 2012)

I have version 5.1.2600.6142 for AFD.


----------



## Cookiegal (Aug 27, 2003)

Phantom010 said:


> Cookiegal, I'm not an expert with *Farbar* but doesn't the following entry tell us that *afd.sys* should be OK? Or is the MD5 algorithm not accurate enough?
> 
> *C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit*


It just tells us the file is legitimate but not the version. Older versions would be legitimate as well.


----------



## Phantom010 (Mar 9, 2009)

Cookiegal said:


> It just tells us the file is legitimate but not the version. Older versions would be legitimate as well.


Yeah, but what about the integrity of the file? I thought this would give us an indication?


----------



## Cookiegal (Aug 27, 2003)

Phantom010 said:


> Yeah, but what about the integrity of the file? I thought this would give us an indication?


Do you mean if the file was corrupt the MD5 would indicate that?


----------



## Phantom010 (Mar 9, 2009)

Cookiegal said:


> Do you mean if the file was corrupt the MD5 would indicate that?


Yeah, something like that.


----------



## Cookiegal (Aug 27, 2003)

I'd like to check some other things that are easy to do before doing anything drastic.

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
afd.*
netbt.*
tcpip.*
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## Cookiegal (Aug 27, 2003)

Phantom010 said:


> Yeah, something like that.


I'm not sure about corruption but if you don't get many hits on Google on an MD5 chances are there's something wrong with it.


----------



## jomo60 (Mar 17, 2012)

SystemLook 30.07.11 by jpshortstuff
Log created at 11:26 on 12/04/2012 by Math On DVDs
Administrator - Elevation successful

========== filefind ==========

Searching for "afd.*"
C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys --a---- 138496 bytes [15:07 16/10/2008] [15:07 16/10/2008] 38D7B715504DA4741DF35E3594FE2099
C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys --a---- 138496 bytes [12:53 21/10/2011] [13:41 17/08/2011] F6B7B1ECD7B41736BDB6FF4B092BCB79
C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys --a---- 138496 bytes [18:02 11/04/2012] [11:48 20/06/2008] D6EE6014241D034E63C49A50CB2B442A
C:\WINDOWS\$NtServicePackUninstall$\afd.sys -----c- 138496 bytes [03:23 15/09/2011] [03:14 04/08/2004] 5AC495F4CB807B2B98AD2AD591E6D92E
C:\WINDOWS\$NtUninstallKB2509553$\afd.sys -----c- 138112 bytes [07:01 22/10/2011] [04:49 14/04/2008] 322D0E36693D6E24A2398BEE62A268CD
C:\WINDOWS\$NtUninstallKB2592799$\afd.sys -----c- 138496 bytes [07:05 22/10/2011] [14:43 16/10/2008] 7618D5218F2A614672EC61A80D854A37
C:\WINDOWS\ServicePackFiles\i386\afd.sys ------- 138112 bytes [03:02 15/09/2011] [04:49 14/04/2008] 322D0E36693D6E24A2398BEE62A268CD
C:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\SP3GDR\afd.sys --a---- 138496 bytes [19:25 29/02/2012] [13:49 17/08/2011] 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\SP3QFE\afd.sys --a---- 138496 bytes [19:25 29/02/2012] [13:41 17/08/2011] F6B7B1ECD7B41736BDB6FF4B092BCB79
C:\WINDOWS\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3gdr\afd.sys --a---- 138496 bytes [14:43 16/10/2008] [14:43 16/10/2008] 7618D5218F2A614672EC61A80D854A37
C:\WINDOWS\system32\dllcache\afd.sys --a--c- 138496 bytes [14:43 16/10/2008] [13:49 17/08/2011] 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\system32\drivers\afd.sys --a---- 138496 bytes [14:43 16/10/2008] [13:49 17/08/2011] 1E44BC1E83D8FD2305F8D452DB109CF9

Searching for "netbt.*"
C:\WINDOWS\$NtServicePackUninstall$\netbt.sys -----c- 162816 bytes [03:23 15/09/2011] [03:14 04/08/2004] 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\ServicePackFiles\i386\netbt.sys ------- 162816 bytes [03:02 15/09/2011] [04:51 14/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\system32\drivers\netbt.sys --a---- 162816 bytes [12:00 23/08/2001] [04:51 14/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D

Searching for "tcpip.*"
C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys --a---- 361600 bytes [11:59 20/06/2008] [11:59 20/06/2008] AD978A1B783B5719720CFF204B666C8E
C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys --a---- 361600 bytes [18:02 11/04/2012] [11:59 20/06/2008] AD978A1B783B5719720CFF204B666C8E
C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys -----c- 359040 bytes [03:23 15/09/2011] [03:14 04/08/2004] 9F4B36614A0FC234525BA224957DE55C
C:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys -----c- 361344 bytes [07:01 22/10/2011] [04:50 14/04/2008] 93EA8D04EC73A85DB02EB8805988F733
C:\WINDOWS\Help\tcpip.chm --a---- 50586 bytes [12:00 23/08/2001] [12:00 23/08/2001] 24FC18A9ED0AA561C5F5DC295F9AA9F2
C:\WINDOWS\ServicePackFiles\i386\tcpip.sys ------- 361344 bytes [03:03 15/09/2011] [04:50 14/04/2008] 93EA8D04EC73A85DB02EB8805988F733
C:\WINDOWS\system32\dllcache\tcpip.sys -----c- 361600 bytes [11:51 20/06/2008] [11:51 20/06/2008] 9AEFA14BD6B182D61E3119FA5F436D3D
C:\WINDOWS\system32\drivers\tcpip.sys --a---- 361600 bytes [12:00 23/08/2001] [11:51 20/06/2008] 9AEFA14BD6B182D61E3119FA5F436D3D

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

I'm not seeing what I was looking for there.

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, Drivers32, NetSvcs, Winsock2 Catalogs and EventViewer logs (Last 10 errors)
At the top, change the "file age" in the drop down menu from 30 days to 60 days.
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## jomo60 (Mar 17, 2012)

Hi,
OTS had an error and stopped. I attached a screen shot of the error. After clicking on ok on the error popup I left ots on for another 5 minutes but it never started up again.
Steve


----------



## Cookiegal (Aug 27, 2003)

Please try again without Winsock2 Catalogs checked.


----------



## jomo60 (Mar 17, 2012)

ots notebook log is attached.
Steven


----------



## Cookiegal (Aug 27, 2003)

While I'm looking at that can you please try running another scan with file age 60 days but with only Winsock2 Catalogs checked. I'd like to see if that will complete on its own.


----------



## jomo60 (Mar 17, 2012)

Hi,
I tried but it gave me the same error.
Thanks


----------



## Cookiegal (Aug 27, 2003)

OK, we'll export the key from the registry and look at it that way.

Go to *Start *- *Run *and copy and paste the following then click OK:

*regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2"*

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then copy and paste the report here.

I have to take the dog for a walk so I'll check back later.


----------



## jomo60 (Mar 17, 2012)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters]
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5]
"Num_Catalog_Entries"=dword:00000004
"Serial_Access_Num"=dword:00000005

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001]
"LibraryPath"="%SystemRoot%\\System32\\mswsock.dll"
"DisplayString"="Tcpip"
"ProviderId"=hex:40,9d,05,22,9e,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002]
"LibraryPath"="%SystemRoot%\\System32\\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=hex:ee,37,26,3b,80,e5,cf,11,a5,55,00,c0,4f,d8,d4,ac
"SupportedNameSpace"=dword:00000020
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003]
"LibraryPath"="%SystemRoot%\\System32\\mswsock.dll"
"DisplayString"="Network Location Awareness (NLA) Namespace"
"ProviderId"=hex:3a,24,42,66,a8,3b,a6,4a,ba,a5,2e,0b,d7,1f,dd,83
"SupportedNameSpace"=dword:0000000f
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004]
"LibraryPath"="%SystemRoot%\\System32\\nwprovau.dll"
"DisplayString"="NWLink IPX/SPX/NetBIOS Compatible Transport Protocol"
"ProviderId"=hex:f0,aa,2d,e0,9f,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:00000001
"Enabled"=dword:00000001
"Version"=dword:00000001
"StoresServiceClassInfo"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9]
"Num_Catalog_Entries"=dword:0000000d
"Next_Catalog_Entry_ID"=dword:000003f6
"Serial_Access_Num"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,0c,01,00,00,00,00,1c,05,0c,\
01,00,00,00,00,46,06,0c,01,00,00,00,00,68,07,0c,01,00,00,00,00,92,08,0c,01,\
00,00,00,00,bc,09,0c,01,00,00,00,00,e6,0a,0c,01,00,00,00,00,10,0c,0c,01,00,\
00,00,00,32,0d,0c,01,0b,00,00,00,54,0e,0c,01,00,00,00,00,7e,0f,0c,01,00,00,\
00,00,a0,10,0c,01,00,00,00,00,c2,11,0c,01,00,00,00,00,e4,12,0c,01,00,00,00,\
00,06,14,0c,01,11,00,00,00,28,15,0c,01,00,00,00,00,4a,16,0c,01,13,00,00,00,\
6c,17,0c,01,00,00,00,00,8e,18,0c,01,00,00,00,00,b0,19,0c,01,00,00,00,00,da,\
1a,0c,01,00,00,00,00,fc,1b,0c,01,00,00,00,00,1e,1d,0c,01,00,00,00,00,48,1e,\
0c,01,00,00,00,00,6a,1f,0c,01,00,00,00,00,94,20,0c,01,00,00,00,00,be,21,0c,\
01,0f,00,00,00,e0,22,0c,01,00,00,00,00,02,24,0c,01,66,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,e9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,54,00,43,00,50,00,2f,00,49,00,50,00,5d,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,0c,01,00,00,00,00,1c,05,0c,\
01,00,00,00,00,46,06,0c,01,00,00,00,00,68,07,0c,01,00,00,00,00,92,08,0c,01,\
00,00,00,00,bc,09,0c,01,00,00,00,00,e6,0a,0c,01,00,00,00,00,10,0c,0c,01,00,\
00,00,00,32,0d,0c,01,0b,00,00,00,54,0e,0c,01,00,00,00,00,7e,0f,0c,01,00,00,\
00,00,a0,10,0c,01,00,00,00,00,c2,11,0c,01,00,00,00,00,e4,12,0c,01,00,00,00,\
00,06,14,0c,01,11,00,00,00,28,15,0c,01,00,00,00,00,4a,16,0c,01,13,00,00,00,\
6c,17,0c,01,00,00,00,00,8e,18,0c,01,00,00,00,00,b0,19,0c,01,00,00,00,00,da,\
1a,0c,01,00,00,00,00,fc,1b,0c,01,00,00,00,00,1e,1d,0c,01,00,00,00,00,48,1e,\
0c,01,00,00,00,00,6a,1f,0c,01,00,00,00,00,94,20,0c,01,00,00,00,00,be,21,0c,\
01,0f,00,00,00,e0,22,0c,01,00,00,00,00,02,24,0c,01,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,ea,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
bb,ff,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,55,00,44,00,50,00,2f,00,49,00,50,00,5d,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,0c,01,00,00,00,00,1c,05,0c,\
01,00,00,00,00,46,06,0c,01,00,00,00,00,68,07,0c,01,00,00,00,00,92,08,0c,01,\
00,00,00,00,bc,09,0c,01,00,00,00,00,e6,0a,0c,01,00,00,00,00,10,0c,0c,01,00,\
00,00,00,32,0d,0c,01,0b,00,00,00,54,0e,0c,01,00,00,00,00,7e,0f,0c,01,00,00,\
00,00,a0,10,0c,01,00,00,00,00,c2,11,0c,01,00,00,00,00,e4,12,0c,01,00,00,00,\
00,06,14,0c,01,11,00,00,00,28,15,0c,01,00,00,00,00,4a,16,0c,01,13,00,00,00,\
6c,17,0c,01,00,00,00,00,8e,18,0c,01,00,00,00,00,b0,19,0c,01,00,00,00,00,da,\
1a,0c,01,00,00,00,00,fc,1b,0c,01,00,00,00,00,1e,1d,0c,01,00,00,00,00,48,1e,\
0c,01,00,00,00,00,6a,1f,0c,01,00,00,00,00,94,20,0c,01,00,00,00,00,be,21,0c,\
01,0f,00,00,00,e0,22,0c,01,00,00,00,00,02,24,0c,01,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,0c,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,eb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,03,00,00,00,00,00,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,\
bb,ff,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,52,00,41,00,57,00,2f,00,49,00,50,00,5d,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,0c,01,00,00,00,00,1c,05,0c,\
01,00,00,00,00,46,06,0c,01,00,00,00,00,68,07,0c,01,00,00,00,00,92,08,0c,01,\
00,00,00,00,bc,09,0c,01,00,00,00,00,e6,0a,0c,01,00,00,00,00,10,0c,0c,01,00,\
00,00,00,32,0d,0c,01,0b,00,00,00,54,0e,0c,01,00,00,00,00,7e,0f,0c,01,00,00,\
00,00,a0,10,0c,01,00,00,00,00,c2,11,0c,01,00,00,00,00,e4,12,0c,01,00,00,00,\
00,06,14,0c,01,11,00,00,00,28,15,0c,01,00,00,00,00,4a,16,0c,01,13,00,00,00,\
6c,17,0c,01,00,00,00,00,8e,18,0c,01,00,00,00,00,b0,19,0c,01,00,00,00,00,da,\
1a,0c,01,00,00,00,00,fc,1b,0c,01,00,00,00,00,1e,1d,0c,01,00,00,00,00,48,1e,\
0c,01,00,00,00,00,6a,1f,0c,01,00,00,00,00,94,20,0c,01,00,00,00,00,be,21,0c,\
01,0f,00,00,00,e0,22,0c,01,00,00,00,00,02,24,0c,01,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,ec,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,00,00,00,80,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,39,00,33,00,41,00,38,00,30,00,31,00,44,00,45,00,2d,00,43,00,\
46,00,37,00,46,00,2d,00,34,00,30,00,32,00,37,00,2d,00,38,00,43,00,43,00,46,\
00,2d,00,41,00,42,00,30,00,35,00,41,00,46,00,42,00,31,00,46,00,31,00,33,00,\
31,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,0c,01,00,00,00,00,1c,05,0c,\
01,00,00,00,00,46,06,0c,01,00,00,00,00,68,07,0c,01,00,00,00,00,92,08,0c,01,\
00,00,00,00,bc,09,0c,01,00,00,00,00,e6,0a,0c,01,00,00,00,00,10,0c,0c,01,00,\
00,00,00,32,0d,0c,01,0b,00,00,00,54,0e,0c,01,00,00,00,00,7e,0f,0c,01,00,00,\
00,00,a0,10,0c,01,00,00,00,00,c2,11,0c,01,00,00,00,00,e4,12,0c,01,00,00,00,\
00,06,14,0c,01,11,00,00,00,28,15,0c,01,00,00,00,00,4a,16,0c,01,13,00,00,00,\
6c,17,0c,01,00,00,00,00,8e,18,0c,01,00,00,00,00,b0,19,0c,01,00,00,00,00,da,\
1a,0c,01,00,00,00,00,fc,1b,0c,01,00,00,00,00,1e,1d,0c,01,00,00,00,00,48,1e,\
0c,01,00,00,00,00,6a,1f,0c,01,00,00,00,00,94,20,0c,01,00,00,00,00,be,21,0c,\
01,0f,00,00,00,e0,22,0c,01,00,00,00,00,02,24,0c,01,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,ed,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,00,00,00,80,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,39,00,33,00,41,00,38,00,30,00,31,00,44,00,45,00,2d,00,43,00,\
46,00,37,00,46,00,2d,00,34,00,30,00,32,00,37,00,2d,00,38,00,43,00,43,00,46,\
00,2d,00,41,00,42,00,30,00,35,00,41,00,46,00,42,00,31,00,46,00,31,00,33,00,\
31,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,0c,01,00,00,00,00,1c,05,0c,\
01,00,00,00,00,46,06,0c,01,00,00,00,00,68,07,0c,01,00,00,00,00,92,08,0c,01,\
00,00,00,00,bc,09,0c,01,00,00,00,00,e6,0a,0c,01,00,00,00,00,10,0c,0c,01,00,\
00,00,00,32,0d,0c,01,0b,00,00,00,54,0e,0c,01,00,00,00,00,7e,0f,0c,01,00,00,\
00,00,a0,10,0c,01,00,00,00,00,c2,11,0c,01,00,00,00,00,e4,12,0c,01,00,00,00,\
00,06,14,0c,01,11,00,00,00,28,15,0c,01,00,00,00,00,4a,16,0c,01,13,00,00,00,\
6c,17,0c,01,00,00,00,00,8e,18,0c,01,00,00,00,00,b0,19,0c,01,00,00,00,00,da,\
1a,0c,01,00,00,00,00,fc,1b,0c,01,00,00,00,00,1e,1d,0c,01,00,00,00,00,48,1e,\
0c,01,00,00,00,00,6a,1f,0c,01,00,00,00,00,94,20,0c,01,00,00,00,00,be,21,0c,\
01,0f,00,00,00,e0,22,0c,01,00,00,00,00,02,24,0c,01,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,ee,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,fd,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,31,00,43,00,30,00,31,00,32,00,46,00,32,00,30,00,2d,00,46,00,\
30,00,41,00,43,00,2d,00,34,00,38,00,34,00,44,00,2d,00,39,00,33,00,43,00,32,\
00,2d,00,41,00,31,00,44,00,37,00,37,00,30,00,45,00,46,00,42,00,38,00,31,00,\
30,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,0c,01,00,00,00,00,1c,05,0c,\
01,00,00,00,00,46,06,0c,01,00,00,00,00,68,07,0c,01,00,00,00,00,92,08,0c,01,\
00,00,00,00,bc,09,0c,01,00,00,00,00,e6,0a,0c,01,00,00,00,00,10,0c,0c,01,00,\
00,00,00,32,0d,0c,01,0b,00,00,00,54,0e,0c,01,00,00,00,00,7e,0f,0c,01,00,00,\
00,00,a0,10,0c,01,00,00,00,00,c2,11,0c,01,00,00,00,00,e4,12,0c,01,00,00,00,\
00,06,14,0c,01,11,00,00,00,28,15,0c,01,00,00,00,00,4a,16,0c,01,13,00,00,00,\
6c,17,0c,01,00,00,00,00,8e,18,0c,01,00,00,00,00,b0,19,0c,01,00,00,00,00,da,\
1a,0c,01,00,00,00,00,fc,1b,0c,01,00,00,00,00,1e,1d,0c,01,00,00,00,00,48,1e,\
0c,01,00,00,00,00,6a,1f,0c,01,00,00,00,00,94,20,0c,01,00,00,00,00,be,21,0c,\
01,0f,00,00,00,e0,22,0c,01,00,00,00,00,02,24,0c,01,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,ef,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,fd,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,31,00,43,00,30,00,31,00,32,00,46,00,32,00,30,00,2d,00,46,00,\
30,00,41,00,43,00,2d,00,34,00,38,00,34,00,44,00,2d,00,39,00,33,00,43,00,32,\
00,2d,00,41,00,31,00,44,00,37,00,37,00,30,00,45,00,46,00,42,00,38,00,31,00,\
30,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,0c,01,00,00,00,00,1c,05,0c,\
01,00,00,00,00,46,06,0c,01,00,00,00,00,68,07,0c,01,00,00,00,00,92,08,0c,01,\
00,00,00,00,bc,09,0c,01,00,00,00,00,e6,0a,0c,01,00,00,00,00,10,0c,0c,01,00,\
00,00,00,32,0d,0c,01,0b,00,00,00,54,0e,0c,01,00,00,00,00,7e,0f,0c,01,00,00,\
00,00,a0,10,0c,01,00,00,00,00,c2,11,0c,01,00,00,00,00,e4,12,0c,01,00,00,00,\
00,06,14,0c,01,11,00,00,00,28,15,0c,01,00,00,00,00,4a,16,0c,01,13,00,00,00,\
6c,17,0c,01,00,00,00,00,8e,18,0c,01,00,00,00,00,b0,19,0c,01,00,00,00,00,da,\
1a,0c,01,00,00,00,00,fc,1b,0c,01,00,00,00,00,1e,1d,0c,01,00,00,00,00,48,1e,\
0c,01,00,00,00,00,6a,1f,0c,01,00,00,00,00,94,20,0c,01,00,00,00,00,be,21,0c,\
01,0f,00,00,00,e0,22,0c,01,00,00,00,00,02,24,0c,01,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f0,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,35,00,38,00,35,00,38,00,35,00,46,00,41,00,38,00,2d,00,39,00,\
38,00,46,00,32,00,2d,00,34,00,39,00,38,00,45,00,2d,00,42,00,36,00,30,00,38,\
00,2d,00,32,00,30,00,34,00,30,00,44,00,45,00,39,00,30,00,42,00,32,00,44,00,\
32,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,0c,01,00,00,00,00,1c,05,0c,\
01,00,00,00,00,46,06,0c,01,00,00,00,00,68,07,0c,01,00,00,00,00,92,08,0c,01,\
00,00,00,00,bc,09,0c,01,00,00,00,00,e6,0a,0c,01,00,00,00,00,10,0c,0c,01,00,\
00,00,00,32,0d,0c,01,0b,00,00,00,54,0e,0c,01,00,00,00,00,7e,0f,0c,01,00,00,\
00,00,a0,10,0c,01,00,00,00,00,c2,11,0c,01,00,00,00,00,e4,12,0c,01,00,00,00,\
00,06,14,0c,01,11,00,00,00,28,15,0c,01,00,00,00,00,4a,16,0c,01,13,00,00,00,\
6c,17,0c,01,00,00,00,00,8e,18,0c,01,00,00,00,00,b0,19,0c,01,00,00,00,00,da,\
1a,0c,01,00,00,00,00,fc,1b,0c,01,00,00,00,00,1e,1d,0c,01,00,00,00,00,48,1e,\
0c,01,00,00,00,00,6a,1f,0c,01,00,00,00,00,94,20,0c,01,00,00,00,00,be,21,0c,\
01,0f,00,00,00,e0,22,0c,01,00,00,00,00,02,24,0c,01,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f1,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,35,00,38,00,35,00,38,00,35,00,46,00,41,00,38,00,2d,00,39,00,\
38,00,46,00,32,00,2d,00,34,00,39,00,38,00,45,00,2d,00,42,00,36,00,30,00,38,\
00,2d,00,32,00,30,00,34,00,30,00,44,00,45,00,39,00,30,00,42,00,32,00,44,00,\
32,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,0c,01,00,00,00,00,1c,05,0c,\
01,00,00,00,00,46,06,0c,01,00,00,00,00,68,07,0c,01,00,00,00,00,92,08,0c,01,\
00,00,00,00,bc,09,0c,01,00,00,00,00,e6,0a,0c,01,00,00,00,00,10,0c,0c,01,00,\
00,00,00,32,0d,0c,01,0b,00,00,00,54,0e,0c,01,00,00,00,00,7e,0f,0c,01,00,00,\
00,00,a0,10,0c,01,00,00,00,00,c2,11,0c,01,00,00,00,00,e4,12,0c,01,00,00,00,\
00,06,14,0c,01,11,00,00,00,28,15,0c,01,00,00,00,00,4a,16,0c,01,13,00,00,00,\
6c,17,0c,01,00,00,00,00,8e,18,0c,01,00,00,00,00,b0,19,0c,01,00,00,00,00,da,\
1a,0c,01,00,00,00,00,fc,1b,0c,01,00,00,00,00,1e,1d,0c,01,00,00,00,00,48,1e,\
0c,01,00,00,00,00,6a,1f,0c,01,00,00,00,00,94,20,0c,01,00,00,00,00,be,21,0c,\
01,0f,00,00,00,e0,22,0c,01,00,00,00,00,02,24,0c,01,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f2,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,fe,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,39,00,36,00,37,00,33,00,38,00,44,00,31,00,30,00,2d,00,38,00,\
45,00,37,00,44,00,2d,00,34,00,46,00,41,00,37,00,2d,00,39,00,31,00,36,00,33,\
00,2d,00,44,00,37,00,32,00,37,00,37,00,31,00,38,00,37,00,31,00,41,00,35,00,\
38,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,0c,01,00,00,00,00,1c,05,0c,\
01,00,00,00,00,46,06,0c,01,00,00,00,00,68,07,0c,01,00,00,00,00,92,08,0c,01,\
00,00,00,00,bc,09,0c,01,00,00,00,00,e6,0a,0c,01,00,00,00,00,10,0c,0c,01,00,\
00,00,00,32,0d,0c,01,0b,00,00,00,54,0e,0c,01,00,00,00,00,7e,0f,0c,01,00,00,\
00,00,a0,10,0c,01,00,00,00,00,c2,11,0c,01,00,00,00,00,e4,12,0c,01,00,00,00,\
00,06,14,0c,01,11,00,00,00,28,15,0c,01,00,00,00,00,4a,16,0c,01,13,00,00,00,\
6c,17,0c,01,00,00,00,00,8e,18,0c,01,00,00,00,00,b0,19,0c,01,00,00,00,00,da,\
1a,0c,01,00,00,00,00,fc,1b,0c,01,00,00,00,00,1e,1d,0c,01,00,00,00,00,48,1e,\
0c,01,00,00,00,00,6a,1f,0c,01,00,00,00,00,94,20,0c,01,00,00,00,00,be,21,0c,\
01,0f,00,00,00,e0,22,0c,01,00,00,00,00,02,24,0c,01,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f3,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,fe,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,39,00,36,00,37,00,33,00,38,00,44,00,31,00,30,00,2d,00,38,00,\
45,00,37,00,44,00,2d,00,34,00,46,00,41,00,37,00,2d,00,39,00,31,00,36,00,33,\
00,2d,00,44,00,37,00,32,00,37,00,37,00,31,00,38,00,37,00,31,00,41,00,35,00,\
38,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,72,73,76,70,73,70,2e,64,6c,6c,00,00,0c,01,00,00,00,00,1c,05,0c,\
01,00,00,00,00,46,06,0c,01,00,00,00,00,68,07,0c,01,00,00,00,00,92,08,0c,01,\
00,00,00,00,bc,09,0c,01,00,00,00,00,e6,0a,0c,01,00,00,00,00,10,0c,0c,01,00,\
00,00,00,32,0d,0c,01,0b,00,00,00,54,0e,0c,01,00,00,00,00,7e,0f,0c,01,00,00,\
00,00,a0,10,0c,01,00,00,00,00,c2,11,0c,01,00,00,00,00,e4,12,0c,01,00,00,00,\
00,06,14,0c,01,11,00,00,00,28,15,0c,01,00,00,00,00,4a,16,0c,01,13,00,00,00,\
6c,17,0c,01,00,00,00,00,8e,18,0c,01,00,00,00,00,b0,19,0c,01,00,00,00,00,da,\
1a,0c,01,00,00,00,00,fc,1b,0c,01,00,00,00,00,1e,1d,0c,01,00,00,00,00,48,1e,\
0c,01,00,00,00,00,6a,1f,0c,01,00,00,00,00,94,20,0c,01,00,00,00,00,be,21,0c,\
01,0f,00,00,00,e0,22,0c,01,00,00,00,00,02,24,0c,01,09,26,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,f4,03,00,00,01,00,00,00,44,00,37,00,32,00,37,00,37,00,31,00,38,00,\
37,00,31,00,41,00,35,00,38,00,7d,00,5d,00,06,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
bb,ff,00,00,00,00,00,00,52,00,53,00,56,00,50,00,20,00,55,00,44,00,50,00,20,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,\
69,00,64,00,65,00,72,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,78,01,07,01,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,80,\
45,07,01,ee,cf,90,7c,b8,77,13,00,5c,f6,90,7c,61,f6,90,7c,ee,cf,90,7c,ce,dd,\
90,7c,00,59,07,01,0a,00,00,00,36,0a,91,7c,e0,02,00,00,2d,f6,90,7c,68,78,13,\
00,34,00,00,c0,e8,77,13,00,5c,f6,90,7c,61,f6,90,7c,34,00,00,c0,68,78,13,00,\
2d,f6,90,7c,c4,77,13,00,88,45,07,01,30,78,13,00,20,e9,90,7c,68,f6,90,7c,ff,\
ff,ff,ff,61,f6,90,7c,4e,6a,dd,77,87,6a,dd,77,ae,3e,07,01,48,05,00,00,48,05,\
00,00,18,00,00,00,48,05,00,00,00,00,07,01,88,1e,07,01,00,00,00,00,e8,78,13,\
00,78,01,07,01,e8,78,13,00,81,09,91,7c,08,06,07,01,5d,00,91,7c,00,00,00,00,\
2d,ff,90,7c,00,00,00,00,00,00,00,00,68,f6,90,7c,88,1e,07,01,78,01,07,01,5b,\
d7,dd,77,90,1e,07,01,00,00,00,00,c0,3e,07,01,40,05,00,00,a8,40,07,01,00,00,\
00,00,80,45,07,01,00,00,00,00,00,00,00,00,40,05,00,00,c0,78,13,00,38,d8,dd,\
77,40,05,00,00,9c,78,13,00,88,45,07,01,f0,1f,00,00,4a,d8,dd,77,60,45,07,01,\
c0,3e,07,01,0e,00,00,00,1a,00,1c,00,6c,5d,a6,71,00,00,00,00,90,78,13,00,00,\
00,00,00,00,00,07,01,78,17,df,77,50,d8,dd,77,ff,ff,ff,ff,00,00,00,00,00,00,\
00,00,40,05,01,01,fe,03,00,00,2c,78,13,00,fa,cf,90,7c,b0,ff,13,00,20,e9,90,\
7c,60,00,91,7c,ff,ff,ff,ff,5d,00,91,7c,91,30,a7,71,00,00,07,01,00,00,00,00,\
90,1e,07,01,00,00,00,00,cc,05,e0,66,b0,30,a7,71,94,7b,13,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,72,73,76,70,73,70,2e,64,6c,6c,00,00,0c,01,00,00,00,00,1c,05,0c,\
01,00,00,00,00,46,06,0c,01,00,00,00,00,68,07,0c,01,00,00,00,00,92,08,0c,01,\
00,00,00,00,bc,09,0c,01,00,00,00,00,e6,0a,0c,01,00,00,00,00,10,0c,0c,01,00,\
00,00,00,32,0d,0c,01,0b,00,00,00,54,0e,0c,01,00,00,00,00,7e,0f,0c,01,00,00,\
00,00,a0,10,0c,01,00,00,00,00,c2,11,0c,01,00,00,00,00,e4,12,0c,01,00,00,00,\
00,06,14,0c,01,11,00,00,00,28,15,0c,01,00,00,00,00,4a,16,0c,01,13,00,00,00,\
6c,17,0c,01,00,00,00,00,8e,18,0c,01,00,00,00,00,b0,19,0c,01,00,00,00,00,da,\
1a,0c,01,00,00,00,00,fc,1b,0c,01,00,00,00,00,1e,1d,0c,01,00,00,00,00,48,1e,\
0c,01,00,00,00,00,6a,1f,0c,01,00,00,00,00,94,20,0c,01,00,00,00,00,be,21,0c,\
01,0f,00,00,00,e0,22,0c,01,00,00,00,00,02,24,0c,01,66,20,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,f5,03,00,00,01,00,00,00,d0,3e,07,01,80,3e,07,01,60,45,07,01,90,1e,\
07,01,c0,3e,07,01,3c,05,00,00,00,00,00,00,06,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,52,00,53,00,56,00,50,00,20,00,54,00,43,00,50,00,20,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,\
69,00,64,00,65,00,72,00,00,00,00,00,15,00,22,02,91,7c,03,00,00,00,18,07,15,\
00,00,00,15,00,50,35,18,00,bc,79,13,00,22,02,91,7c,00,7c,13,00,20,e9,90,7c,\
28,02,91,7c,ff,ff,ff,ff,22,02,91,7c,9b,01,91,7c,db,01,91,7c,61,ac,80,7c,34,\
7b,13,00,6e,d9,90,7c,74,7a,13,00,30,7a,13,00,5c,f6,90,7c,61,f6,90,7c,74,7a,\
13,00,6e,d9,90,7c,34,7b,13,00,0c,7a,13,00,7a,d9,90,7c,b0,ff,13,00,20,e9,90,\
7c,68,f6,90,7c,ff,ff,ff,ff,61,f6,90,7c,eb,6f,dd,77,00,00,00,00,00,00,00,00,\
b0,23,18,00,f6,6f,dd,77,58,7b,13,00,4c,05,00,00,50,7b,13,00,48,7b,13,00,4c,\
05,00,00,b0,23,18,00,74,7a,13,00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,01,00,00,00,24,00,00,00,50,00,72,00,6f,00,74,00,6f,00,63,\
00,6f,00,6c,00,5f,00,43,00,61,00,74,00,61,00,6c,00,6f,00,67,00,39,00,00,00,\
d4,7a,13,00,5c,f6,90,7c,61,f6,90,7c,00,00,00,00,54,7b,13,00,2d,f6,90,7c,b0,\
7a,13,00,b4,7a,13,00,1c,7b,13,00,20,e9,90,7c,68,f6,90,7c,ff,ff,ff,ff,61,f6,\
90,7c,4e,6a,dd,77,87,6a,dd,77,2c,4d,df,66,58,05,00,00,06,00,00,00,18,00,00,\
00,58,05,00,00,54,7b,13,00,40,00,00,00,00,00,00,00,00,00,00,00,90,b9,00,00,\
40,7b,13,00,8b,70,dd,77,4c,05,00,00,34,7b,13,00,58,7b,13,00,b0,23,18,00,50,\
7b,13,00,48,7b,13,00,08,00,00,00,00,00,00,00,ff,6f,dd,77,30,00,32,00,54,4d,\
df,66,00,00,00,00,78,7b,13,00,6e,dc,df,66,24,00,00,00,54,4d,df,66,24,00,00,\
00,70,7b,13,00,01,00,00,00,74,7b,13,00,00,00,00,00,cc,05,e0,66,00,00,00,00,\
b0,23,18,00,01,00,00,00,2d,f6,00,00,a8,7b,13,00,44,dd,df,66


----------



## Cookiegal (Aug 27, 2003)

We can try uninstalling and reinstalling TCPIP.

1. Locate the file - *C:\Windows\inf\nettcpip.inf*
 It's important that you first make a copy of the file for backup purposes. Right-click the file and select "copy", then right-click in an empty space on your desktop and select "paste" to drop the copy of the file there.
 Once you have done that, use Notepad to open the original file for editing.










2. Locate the *[MS_TCPIP.PrimaryInstall]* section.

3. Edit the *Characteristics = 0xA0* entry and replace 0xA0 with 0x80.










4. Save the file, and then exit Notepad.










5. In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select *Properties*.

















6. On the *General *tab, click *Install*, select *Protocol*, and then click *Add*.










7. In the Select *Network Protocols* window, click *Have Disk*.










8. In the Copy manufacturer's files from: text box, type *c:\windows\inf*, and then click *OK*.










9. Select *Internet Protocol (TCP/IP)*, and then click *OK*.










Note: This step will return you to the Local Area Connection Properties screen, but now the Uninstall button is available.

10. Select *Internet Protocol (TCP/IP)*, click *Uninstall*, and then click *Yes*.

11. It is important that you restart the computer to complete the uninstall.

------------

Step #2 - Reinstall of TCP/IP 










Take the nettcpip.inf which you have earlier copied to Desktop. Move it back to the directory C:\Windows\INF\ overwriting the existing copy. The file shall now look exactly like the sample above.

Redo sub-steps 4-11 to re-install TCP/IP (in step no. 10 click on "Install")

Then reboot the machine.

Then change afd's startup type to "system" in Device Manager. Reboot again and see if it works now.


----------



## Deejay100six (Sep 27, 2011)

Wow!


----------



## Phantom010 (Mar 9, 2009)

Deejay100six said:


> Wow!


I agree!


----------



## Cookiegal (Aug 27, 2003)

Deejay100six said:


> Wow!





Phantom010 said:


> I agree!


Wimps, the both a ya. It's not as hard as it looks.


----------



## Phantom010 (Mar 9, 2009)

Cookiegal said:


> Wimps, the both a ya. It's not as hard as it looks.


Wasn't the thread already marked as solved?


----------



## jomo60 (Mar 17, 2012)

Yes, it was marked solved. What was I thinking continuing...
Ok, I think we are moving sideways now. The internet now will not start on its own, however I can manually start it without a 3 minute lag, in fact no lag time at all.


----------



## jomo60 (Mar 17, 2012)

How about I just put a bat file in my start up to get the dhcp going?


----------



## Cookiegal (Aug 27, 2003)

Did you reboot after?

Please run Farbar again.


----------



## jomo60 (Mar 17, 2012)

Yes, I did reeboot.


Farbar Service Scanner Version: 01-03-2012
Ran by Math On DVDs (administrator) on 12-04-2012 at 18:55:08
Running from "C:\Documents and Settings\Math On DVDs\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(9) NetBT(10) PSched(7) Tcpip(8) 
0x0A0000000900000005000000010000000200000003000000040000000600000007000000080000000A000000


**** End of log ****


----------



## Cookiegal (Aug 27, 2003)

Is afd still set to system?

Go to *Start *- *Run *- type in *cmd *and click OK.

At the command prompt type in:

*netsh winsock reset catalog*

Press enter.

then type in:

*netsh int ip reset resetlog.txt*

Press enter.

You will need to reboot afterwards.

Let us know if that makes any difference.


----------



## Deejay100six (Sep 27, 2011)

OMG, Cookiegal called me a wimp! Theres no hope for me now.


----------



## jomo60 (Mar 17, 2012)

I followed the last set of instructions and rebooted. When AFD is set to system I need to manually start dhcp client which now turns on automatically. When AFD is set to automatic the internet starts right up.
Thank you so much,
Steven


----------



## Phantom010 (Mar 9, 2009)

Deejay100six said:


> OMG, Cookiegal called me a wimp! Theres no hope for me now.


Yeah, you might stay a trainee for a long time...


----------



## Cookiegal (Aug 27, 2003)

jomo60 said:


> I followed the last set of instructions and rebooted. When AFD is set to system I need to manually start dhcp client which now turns on automatically. When AFD is set to automatic the internet starts right up.
> Thank you so much,
> Steven


So, in other words, nothing's changed?


----------



## jomo60 (Mar 17, 2012)

The last set of instructions which I followed had no effect on my computer. However un/installing AFD did have an effect--If AFD is set to system I still need to manually start dhcp but now I can do this immediately where before I had to wait at least three minutes. If I have AFD set to automatic then everything is fine both before and after un/installing AFD.
Steven


----------



## Cookiegal (Aug 27, 2003)

OK, so uninstalling and reinstalling TCPIP (not AFD) did result in some improvement so we are making progress. I'd like you to export the Services key from the registry so I can examine it to see if I can spot what the problem is. This file will be large so you will have to zip it before uploading it as an attachment here.

Go to *Start *- *Run *and copy and paste the following then click OK:

*regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services"*

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. To zip the file, right-click on it and from the right-click menu select "Send To" and then "Compressed (zipped) Folder". This will create a second file in the same location with the same name but a .zip file extension (instead of .txt). Please upload that one here.


----------



## jomo60 (Mar 17, 2012)

I attached the zip file.
Thank you,
Steven


----------



## Cookiegal (Aug 27, 2003)

There is a section missing from the dhcp service key in the registry. I don't know if that will fix the problem but it should be added in so I'm attaching a Fixjomo.zip file to this post. Save it to your desktop. Unzip it (extract the file) and double-click the Fixjomo.reg file to run it and allow it to merge into the registry.

Then with afd set to "system" reboot the machine and see if the dhcp service starts automatically please.


----------



## Phantom010 (Mar 9, 2009)

That *RegSendLocation *string value for the following key, Cookiegal, is quite different from jomo60's and mine.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Parameters\Options\220

Ours is:


```
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\SoHRequest\0\0
```


----------



## Cookiegal (Aug 27, 2003)

Phantom010 said:


> That *RegSendLocation *string value for the following key, Cookiegal, is quite different from jomo60's and mine.
> 
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Parameters\Options\220
> 
> ...


First, your exports are in ! REG.EXE VERSION 3.0 format which is an old version and very confusing to compare to current registry values which are generally REGEDIT4 or Windows Registry Editor Version 5.00.

Secondly, if you look at the look.txt file you will see that this key no longer exists in the registry at all. 

In Windows Registry Editor Version 5.00 the hex value translates to:

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\SoHRequest


----------



## Phantom010 (Mar 9, 2009)

This is all very confusing. Why REG 3-4-5!?! Why the conversions?
















What I'm seeing from jomo60 is what I'm seeing in my registry. So, that's not very confusing to me.

Sorry for the mix-up.


----------



## Phantom010 (Mar 9, 2009)

However, I'll try using your method from now on. It might actually make it easier to compare my values to the ones from a member (both as text files), using WinMerge. Can't imagine why I haven't been doing it like this all along, geez!


----------



## Cookiegal (Aug 27, 2003)

Your reg query in version 3 shows the hex values converted to ASCII to read:


```
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\SoHRequest\0\0
```
But in version 5 of the registry editor (and in your own registry) you should not see those zeros at the end, it should just be:


```
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\SoHRequest
```
However, this is a REG_MULTI_SZ value that needs to be converted to hex when merging into the registry.


----------



## Phantom010 (Mar 9, 2009)

Cookiegal said:


> But in version 5 of the registry editor (and in your own registry) you should not see those zeros at the end, it should just be:
> 
> 
> ```
> ...


Yes, you are correct, there are no zeros in the registry.


----------



## jomo60 (Mar 17, 2012)

Hi,
I'm sorry to say that this did not help.
Thank you,
Steven


----------



## Cookiegal (Aug 27, 2003)

Did you reboot the machine after importing the registry fix?


----------



## jomo60 (Mar 17, 2012)

Yes I did.


----------



## Cookiegal (Aug 27, 2003)

Do you have your installation CD? If so, we can try running the system file checker:

To to *Start *- *Run *and type in:

*sfc /scannow*

This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem.

Reboot after and see if that makes any difference.


----------



## jomo60 (Mar 17, 2012)

No, I do not have the installation CD.


----------



## Phantom010 (Mar 9, 2009)

There's always the NIC driver... 

Frankly, I don't think it's worth the hassle. 

If you're getting your Internet right away after booting, without any intervention on your part, not noticing any difference from before getting infected, Automatic or System isn't going to change anything. Both are in the Startup options, so both should be acceptable. Default doesn't always mean mandatory.


----------



## Cookiegal (Aug 27, 2003)

If you want to throw in the towel that's fine with me. It's your machine.


----------



## Phantom010 (Mar 9, 2009)

Cookiegal said:


> If you want to throw in the towel that's fine with me. It's your machine.


As I said, reinstalling the NIC, or updating it, might be the next thing to try, if you feel up to it.


----------



## Cookiegal (Aug 27, 2003)

I thought that had been suggested and done before. I guess it was suggested but not yet done.


----------



## Phantom010 (Mar 9, 2009)

Cookiegal said:


> I thought that had been suggested and done before. I guess it was suggested but not yet done.


I think jomo60 forgot about the NIC after post #88.


----------



## jomo60 (Mar 17, 2012)

Hi everyone,
Sorry for the delay in my response. I am possibly ready to accept the way the machine is running, which for me is perfectly. I just want how much is involved with reinstalling/updating the NIC before I decide.
Thanks,
Steven


----------



## Phantom010 (Mar 9, 2009)

Do you have your NIC's installation CD?

The NIC is a *NVIDIA nForce Ethernet* Adapter.

Click Start > Run > type *devmgmt.msc*

Press Enter.

Expand *Network adapters*.

You'll find the make and model of your NIC.

Under the *Driver* tab, you'll see the driver details.


----------



## jomo60 (Mar 17, 2012)

No, I do not have the CD. Can I download the driver?
Steven


----------



## Phantom010 (Mar 9, 2009)

Try finding it on the *NVIDIA website*. There might be an update availbable.


----------



## jomo60 (Mar 17, 2012)

Hi,
I tried the update but it did not help. I had enough of this. As far as I can tell my computer works perfectly.
Thank you for all your help.
Steven


----------



## Phantom010 (Mar 9, 2009)

You're welcome!

It's hard to tire out Cookiegal when she's started...  

Good to know we got helpers like her around.


----------



## jomo60 (Mar 17, 2012)

Yes, everyone involved with this thread was extremely helpful. Thank you very much.
Steven


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------



## Deejay100six (Sep 27, 2011)

I'm happy too now that I know it wasn't something malware related that I missed. 

Glad to see your issue was finally resolved Steven.

Take care and any more problems, you know where we are.


----------

