# Cannot Access Internet after Virus Removal - Netbt.sys, NetBios missing - Error 1075



## Lumpola (Oct 4, 2011)

After a Trojan attack, I used Kaspersky Virus Remover to remove them. It seems to have been successful, but now I can't access the internet. 

Below are clues to resolving the problem. I just don't know what to do next.

Can you help? I'm using XP sp3. 

=================

The following files are present in /Windows/System32/Drivers folder...
* afd.sys
* tcpip.sys 
* netbt.sys (*It was missing*; so I copied to here from ServicePackFiles/i386)

=================

CMD /K SC QC DHCP reported this...

[SC] GetServiceConfig SUCCESS

SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME : LocalSystem

=================

In Device Manager,
* AFD Networking Support Environment is running successfully
* TCP/IP Protocol Driver is running successfully
* NetBios over Tcpip - *DOES NOT EXIST*

=================

In services when attempting to Start these services

* DHCP Client Properties (Local Computer) and
* TCP/IP NetBIOS Helper

I got these errors...

* Could not start the DHCP Client service on Local Computer
* Could not start the TCP/IP NetBIOS Helper service on Local Computer
* Error 1075: The dependency service does not exist or has been marked for deletion.
* Under the dependencies tab: No Dependencies in either box.

=================

Start, Run, SFC /SCANNOW
It did ask for the XP disc and apparently installed some files.
No joy.

=================

I've run Winsock MicrosoftFixit50203. No joy.

=================

The following Services are Started except for those marked:
 COM+ Event System (for WZC issues)
 Computer Browser
*** *DHCP Client - CANNOT START - Error 1075* - See above
 DNS Client
 Network Connections
 Network Location Awareness
 Remote Procedure Call (RPC)
 Server
*** *TCP/IP Netbios helper - CANNOT START - Error 1075* - See above
 Wireless Zero Configuration (XP wireless configurations)
 WLAN AutoConfig (Vista wireless configurations)
 Workstation

=================

IPCONFIG /ALL yielded this information...

C:\Documents and Settings\Barry>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : ASUS
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Comcast High Speed Cable:

Connection-specific DNS Suffix . : hsd1.tn.comcast.net.
Description . . . . . . . . . . . : ASUSTeK/Broadcom 440x 10/100 Integra
ted Controller
Physical Address. . . . . . . . . : 00-E0-18-B0-6F-CC
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : *0.0.0.0*
Subnet Mask . . . . . . . . . . . : *0.0.0.0*
IP Address. . . . . . . . . . . . : fe80::2e0:18ff:feb0:6fcc%4
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 68.87.68.166
68.87.74.166
fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : *Disabled*

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : *Disabled*

C:\Documents and Settings\Barry>nbtstat -n
*Failed to access NetBT driver -- NetBT may not be loaded*

C:\Documents and Settings\Barry>

=================

SYSTEM INFO

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz, x86 Family 15 Model 2 Stepping 9
Processor Count: 1
RAM: 2047 Mb
Graphics Card: NVIDIA GeForce 6200 , 512 Mb
Hard Drives: C: Total - 117796 MB, Free - 88659 MB; D: Total - 152625 MB, Free - 71069 MB; S: Total - 715402 MB, Free - 93111 MB; 
Motherboard: ASUSTeK Computer INC., P4GE-V, REV 1.xx, xxxxxxxxxxx
Antivirus: Avanquest SystemSuite, Updated: Yes, On-Demand Scanner: Disabled


----------



## Lumpola (Oct 4, 2011)

Looks like it's time to reinstall XP.  Boo!


----------



## clb (Oct 6, 2011)

Hi Lumpola,

I got exactly the same problem as you, probably went through the same website as you as I made exactly the same tests. And still not able to find a solution... As my computer is a corporate one, and I have to change country to make it repair, I would like to find a solution by myself...
By the way, the name of the file which was infected is netbt.sys, right ? (And not betbt.sys as it is written in the title).
Sorry, this post does not help you, but I hope someone will come to rescue us.


----------



## Lumpola (Oct 4, 2011)

Sorry you're also having the same problem.

Yes, the title should have read "Netbt.sys." I'd make a correction, but the edit button is now gone from my post.

I tried replacing a missing Netbt fork in the registry from another XP computer. No joy. I'm sure there are other issues with the registry that I don't understand.

It looks right now like a reinstall is the only thing that's going to correct this.


----------



## thesweetdevilguy (Nov 9, 2005)

clb said:


> Hi Lumpola,
> 
> I got exactly the same problem as you, probably went through the same website as you as I made exactly the same tests. And still not able to find a solution... As my computer is a corporate one, and I have to change country to make it repair, I would like to find a solution by myself...
> By the way, the name of the file which was infected is netbt.sys, right ? (And not betbt.sys as it is written in the title).
> Sorry, this post does not help you, but I hope someone will come to rescue us.


hi there..

sorry to be ignorant just assuming that you have replaced the file have you tried registring it

Click Start, Run and type regsvr32 netbt.sys , and then press Enter

if this does not work .. you could repair your operating system .. Normally it is the same screen when you format the drive..

caution : please back your data and try it i hope it works


----------



## thesweetdevilguy (Nov 9, 2005)

Lumpola said:


> Sorry you're also having the same problem.
> 
> Yes, the title should have read "Netbt.sys." I'd make a correction, but the edit button is now gone from my post.
> 
> ...


hi there..

sorry to be ignorant just assuming that you have replaced the file have you tried registring it

Click Start, Run and type regsvr32 netbt.sys , and then press Enter

if this does not work .. you could repair your operating system .. Normally it is the same screen when you format the drive..

caution : please back your data and try it i hope it works

sorry i am writing the same thing ... hope this helps.. if it does not a complete format will be needed..


----------



## thesweetdevilguy (Nov 9, 2005)

*** [B said:


> DHCP Client - CANNOT START - Error 1075[/B] - See above


please find the article from microsoft

http://support.microsoft.com/kb/915162


----------



## Lumpola (Oct 4, 2011)

thesweetdevi,

I tried registering Netbi.sys as you suggested. Got...

LoadLibrary("netbr.sys") failed - The specified module could not be found.

I'll read up on your Microsoft link and let you know.

Thanks!


----------



## Cookiegal (Aug 27, 2003)

The registry entries for this NetBT service are probably messed up. There are likely still malware issues remaining as well but first let's try fixing the Internet connection.

Go to *Start *- *Run *and copy and paste the following:

*regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT"*

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then copy and paste the report here.


----------



## Lumpola (Oct 4, 2011)

thesweetdevi,

Sorry the Microsoft link didn't resolve the issue.


----------



## Lumpola (Oct 4, 2011)

Cookiegal,

I followed your instructions, but no file was created. I even did a search for look.txt. No joy.

Please note that I did an import of "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT" from another XP computer since it was missing from mine and attempted to register as it per thesweetdevi with no joy either (see above).

I can go back to the original damaged registry file if needed via System Restore.

Thanks for your help.

What's next?


----------



## Cookiegal (Aug 27, 2003)

The look.txt file would be in C:

Do you have a copy of the file you imported? 

Do you know your way around the registry? If so, can you take a look to see if this key exists?

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT


----------



## Lumpola (Oct 4, 2011)

> The look.txt file would be in C:

I looked in C: and did a search on look.txt just to me sure I hadn't missed it. It doesn't exist.

> Do you have a copy of the file you imported?

Yes and I just realized I imported ControlSet010 rather than CurrentControlSet. Shall I go back to my original file? I marked the change with System Restore.

> Do you know your way around the registry?

I'm not an expert, but I can get around fairly well.

> If so, can you take a look to see if this key exists?
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT

It does NOT exist.


----------



## Lumpola (Oct 4, 2011)

That should be ControlSet001 not 010.


----------



## Cookiegal (Aug 27, 2003)

Please upload the registry file that you imported as a zip file attachment so I can take a look at it.


----------



## Cookiegal (Aug 27, 2003)

Lumpola said:


> Shall I go back to my original file? I marked the change with System Restore.


No because the import would not have affected the key in the CurrentControlSet.


----------



## Cookiegal (Aug 27, 2003)

I would also like you to do another export.

Go to *Start *- *Run *and copy and paste the following:

regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services"

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. This file will be quite large so please zip it before uploading it as an attachement.


----------



## Lumpola (Oct 4, 2011)

Cookiegal,

Please find two attached files.


----------



## Cookiegal (Aug 27, 2003)

Did that come from a Vista machine?


----------



## Lumpola (Oct 4, 2011)

The donor is an XP Home.


----------



## Cookiegal (Aug 27, 2003)

I need another key exported please:

Go to *Start *- *Run *and copy and paste the following:


```
regedit /e C:\look2.txt "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services"
```
You won't see anything happen and it will only take a second. You will find the report it creates at C:\look2.txt. Please upload the log as an attachment.


----------



## Lumpola (Oct 4, 2011)

Here's look2.txt...


----------



## Cookiegal (Aug 27, 2003)

Please look and let me know if this key exists (note it's under ControlSet003):

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NetBT


----------



## Lumpola (Oct 4, 2011)

It does not exist.


----------



## Cookiegal (Aug 27, 2003)

OK. I'd like you to do a Search but only in a specific folder (so it won't take very long). So first go to *Start *- *Search *then click on "All files and folders". Then in the "Look in" box scroll down to the bottom and click on "Browse..." then expand all of these: "My Compter", Local Disk (C, Windows, pchealth, helpctr and DataColl (this last one is the directory we want to search) so you should see that listed in the box beside "Folder:" then click OK. Now back in the Search Box" enter the following in the box that says "A word or phrase in the file" (not the file name one):

*MSAFD NetBIOS*

Then click on "Search". This should give at least one result of a file named CollectedData_*.xml where the asterisk (*) represents a four digit number). Right-click on the file and select "Open with" and then choose "Notepad". Then copy and paste the contents in your next reply please.


----------



## Cookiegal (Aug 27, 2003)

Also, one more key to export please.

Go to *Start *- *Run *and copy and paste the following:

*regedit /e C:\look3.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip"*

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look3.txt. Please open it in Notepad and then copy and paste the report here.


----------



## Lumpola (Oct 4, 2011)

Below is CollectedData_44399 3/7/2011 6:41pm.

The next most recent is CollectedData_44130 11/3/2009 9:07pm. This file is included along with 8 others in the attached zip file.

Thanks!

======================

<?xml version="1.0" encoding="unicode"?>
<CIM CIMVERSION="2.0" DTDVERSION="2.0"><DECLARATION><DECLGROUP.WITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD NetBIOS [\Device\NetBT_Tcpip6_{665188A4-1B0C-45F2-B640-0F0753E37CC8}] DATAGRAM 6</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD NetBIOS [\Device\NetBT_Tcpip6_{665188A4-1B0C-45F2-B640-0F0753E37CC8}] DATAGRAM 6</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD NetBIOS [\Device\NetBT_Tcpip6_{665188A4-1B0C-45F2-B640-0F0753E37CC8}] SEQPACKET 6</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD NetBIOS [\Device\NetBT_Tcpip6_{665188A4-1B0C-45F2-B640-0F0753E37CC8}] SEQPACKET 6</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD NetBIOS [\Device\NetBT_Tcpip6_{71D43921-1816-4488-B026-4DD0E7C6818E}] DATAGRAM 7</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD NetBIOS [\Device\NetBT_Tcpip6_{71D43921-1816-4488-B026-4DD0E7C6818E}] DATAGRAM 7</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD NetBIOS [\Device\NetBT_Tcpip6_{71D43921-1816-4488-B026-4DD0E7C6818E}] SEQPACKET 7</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD NetBIOS [\Device\NetBT_Tcpip6_{71D43921-1816-4488-B026-4DD0E7C6818E}] SEQPACKET 7</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD NetBIOS [\Device\NetBT_Tcpip_{1202F90C-3A7E-43D4-9647-BB43523A4C3F}] DATAGRAM 5</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD NetBIOS [\Device\NetBT_Tcpip_{1202F90C-3A7E-43D4-9647-BB43523A4C3F}] DATAGRAM 5</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD NetBIOS [\Device\NetBT_Tcpip_{1202F90C-3A7E-43D4-9647-BB43523A4C3F}] SEQPACKET 5</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD NetBIOS [\Device\NetBT_Tcpip_{1202F90C-3A7E-43D4-9647-BB43523A4C3F}] SEQPACKET 5</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD NetBIOS [\Device\NetBT_Tcpip_{3492A6F0-68EC-4625-AD79-F1053FB02998}] DATAGRAM 3</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD NetBIOS [\Device\NetBT_Tcpip_{3492A6F0-68EC-4625-AD79-F1053FB02998}] DATAGRAM 3</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD NetBIOS [\Device\NetBT_Tcpip_{3492A6F0-68EC-4625-AD79-F1053FB02998}] SEQPACKET 3</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD NetBIOS [\Device\NetBT_Tcpip_{3492A6F0-68EC-4625-AD79-F1053FB02998}] SEQPACKET 3</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD NetBIOS [\Device\NetBT_Tcpip_{39E4E699-A925-4C61-8B7C-14ED9F5D15AF}] DATAGRAM 2</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD NetBIOS [\Device\NetBT_Tcpip_{39E4E699-A925-4C61-8B7C-14ED9F5D15AF}] DATAGRAM 2</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD NetBIOS [\Device\NetBT_Tcpip_{39E4E699-A925-4C61-8B7C-14ED9F5D15AF}] SEQPACKET 2</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD NetBIOS [\Device\NetBT_Tcpip_{39E4E699-A925-4C61-8B7C-14ED9F5D15AF}] SEQPACKET 2</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD NetBIOS [\Device\NetBT_Tcpip_{71D43921-1816-4488-B026-4DD0E7C6818E}] DATAGRAM 10</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD NetBIOS [\Device\NetBT_Tcpip_{71D43921-1816-4488-B026-4DD0E7C6818E}] DATAGRAM 10</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD NetBIOS [\Device\NetBT_Tcpip_{71D43921-1816-4488-B026-4DD0E7C6818E}] SEQPACKET 10</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD NetBIOS [\Device\NetBT_Tcpip_{71D43921-1816-4488-B026-4DD0E7C6818E}] SEQPACKET 10</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD NetBIOS [\Device\NetBT_Tcpip_{BC70DB95-1847-4277-ACE3-34E20C56588B}] DATAGRAM 0</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD NetBIOS [\Device\NetBT_Tcpip_{BC70DB95-1847-4277-ACE3-34E20C56588B}] DATAGRAM 0</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD NetBIOS [\Device\NetBT_Tcpip_{BC70DB95-1847-4277-ACE3-34E20C56588B}] SEQPACKET 0</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD NetBIOS [\Device\NetBT_Tcpip_{BC70DB95-1847-4277-ACE3-34E20C56588B}] SEQPACKET 0</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE4F3694-2C6E-4F1A-9336-005FF58F80AE}] DATAGRAM 1</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE4F3694-2C6E-4F1A-9336-005FF58F80AE}] DATAGRAM 1</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE4F3694-2C6E-4F1A-9336-005FF58F80AE}] SEQPACKET 1</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE4F3694-2C6E-4F1A-9336-005FF58F80AE}] SEQPACKET 1</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD NetBIOS [\Device\NetBT_Tcpip_{C849AE9D-001B-48D8-8D2B-99C59BDA8A0D}] DATAGRAM 4</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD NetBIOS [\Device\NetBT_Tcpip_{C849AE9D-001B-48D8-8D2B-99C59BDA8A0D}] DATAGRAM 4</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD NetBIOS [\Device\NetBT_Tcpip_{C849AE9D-001B-48D8-8D2B-99C59BDA8A0D}] SEQPACKET 4</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD NetBIOS [\Device\NetBT_Tcpip_{C849AE9D-001B-48D8-8D2B-99C59BDA8A0D}] SEQPACKET 4</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD Tcpip [TCP/IP]</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD Tcpip [TCP/IP]</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD Tcpip [TCP/IPv6]</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD Tcpip [TCP/IPv6]</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD Tcpip [UDP/IP]</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD Tcpip [UDP/IP]</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">MSAFD Tcpip [UDP/IPv6]</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>MSAFD Tcpip [UDP/IPv6]</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">RSVP TCP Service Provider</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>RSVP TCP Service Provider</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH><VALUE.OBJECTWITHPATH><INSTANCEPATH><NAMESPACEPATH><HOST>ASUS</HOST><LOCALNAMESPACEPATH><NAMESPACE NAME="root"/><NAMESPACE NAME="cimv2"/></LOCALNAMESPACEPATH></NAMESPACEPATH><INSTANCENAME CLASSNAME="Win32_NetworkProtocol"><KEYBINDING NAME="Name"><KEYVALUE VALUETYPE="string">RSVP UDP Service Provider</KEYVALUE></KEYBINDING></INSTANCENAME></INSTANCEPATH><INSTANCE CLASSNAME="Win32_NetworkProtocol"><PROPERTY NAME="ConnectionlessService" TYPE="boolean"><VALUE>TRUE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesDelivery" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="GuaranteesSequencing" TYPE="boolean"><VALUE>FALSE</VALUE></PROPERTY><PROPERTY NAME="Name" TYPE="string"><VALUE>RSVP UDP Service Provider</VALUE></PROPERTY></INSTANCE></VALUE.OBJECTWITHPATH></DECLGROUP.WITHPATH></DECLARATION></CIM>


----------



## Cookiegal (Aug 27, 2003)

Thanks. Please see my post no. 26 and export that registry key as well. Once I have that, we should be able to rebuild the registry key pertaining to NetBt.


----------



## Lumpola (Oct 4, 2011)

Here's look3...

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000003
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,\
00,73,00,79,00,73,00,00,00
"DisplayName"="TCP/IP Protocol Driver"
"Group"="PNP_TDI"
"DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"Description"="TCP/IP Protocol Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage]
"Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,30,00,33,\
00,35,00,39,00,35,00,30,00,34,00,42,00,2d,00,45,00,44,00,42,00,41,00,2d,00,\
34,00,39,00,38,00,35,00,2d,00,42,00,30,00,38,00,45,00,2d,00,46,00,33,00,37,\
00,45,00,39,00,44,00,36,00,31,00,41,00,45,00,37,00,43,00,7d,00,00,00,5c,00,\
44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,43,00,38,00,34,00,39,00,41,\
00,45,00,39,00,44,00,2d,00,30,00,30,00,31,00,42,00,2d,00,34,00,38,00,44,00,\
38,00,2d,00,38,00,44,00,32,00,42,00,2d,00,39,00,39,00,43,00,35,00,39,00,42,\
00,44,00,41,00,38,00,41,00,30,00,44,00,7d,00,00,00,5c,00,44,00,65,00,76,00,\
69,00,63,00,65,00,5c,00,7b,00,31,00,32,00,30,00,32,00,46,00,39,00,30,00,43,\
00,2d,00,33,00,41,00,37,00,45,00,2d,00,34,00,33,00,44,00,34,00,2d,00,39,00,\
36,00,34,00,37,00,2d,00,42,00,42,00,34,00,33,00,35,00,32,00,33,00,41,00,34,\
00,43,00,33,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,\
5c,00,7b,00,37,00,31,00,44,00,34,00,33,00,39,00,32,00,31,00,2d,00,31,00,38,\
00,31,00,36,00,2d,00,34,00,34,00,38,00,38,00,2d,00,42,00,30,00,32,00,36,00,\
2d,00,34,00,44,00,44,00,30,00,45,00,37,00,43,00,36,00,38,00,31,00,38,00,45,\
00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,64,00,\
69,00,73,00,57,00,61,00,6e,00,49,00,70,00,00,00,00,00
"Route"=hex(7):22,00,7b,00,30,00,33,00,35,00,39,00,35,00,30,00,34,00,42,00,2d,\
00,45,00,44,00,42,00,41,00,2d,00,34,00,39,00,38,00,35,00,2d,00,42,00,30,00,\
38,00,45,00,2d,00,46,00,33,00,37,00,45,00,39,00,44,00,36,00,31,00,41,00,45,\
00,37,00,43,00,7d,00,22,00,00,00,22,00,7b,00,43,00,38,00,34,00,39,00,41,00,\
45,00,39,00,44,00,2d,00,30,00,30,00,31,00,42,00,2d,00,34,00,38,00,44,00,38,\
00,2d,00,38,00,44,00,32,00,42,00,2d,00,39,00,39,00,43,00,35,00,39,00,42,00,\
44,00,41,00,38,00,41,00,30,00,44,00,7d,00,22,00,00,00,22,00,7b,00,31,00,32,\
00,30,00,32,00,46,00,39,00,30,00,43,00,2d,00,33,00,41,00,37,00,45,00,2d,00,\
34,00,33,00,44,00,34,00,2d,00,39,00,36,00,34,00,37,00,2d,00,42,00,42,00,34,\
00,33,00,35,00,32,00,33,00,41,00,34,00,43,00,33,00,46,00,7d,00,22,00,00,00,\
22,00,7b,00,37,00,31,00,44,00,34,00,33,00,39,00,32,00,31,00,2d,00,31,00,38,\
00,31,00,36,00,2d,00,34,00,34,00,38,00,38,00,2d,00,42,00,30,00,32,00,36,00,\
2d,00,34,00,44,00,44,00,30,00,45,00,37,00,43,00,36,00,38,00,31,00,38,00,45,\
00,7d,00,22,00,00,00,22,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,\
70,00,22,00,00,00,00,00
"Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,\
00,69,00,70,00,5f,00,7b,00,30,00,33,00,35,00,39,00,35,00,30,00,34,00,42,00,\
2d,00,45,00,44,00,42,00,41,00,2d,00,34,00,39,00,38,00,35,00,2d,00,42,00,30,\
00,38,00,45,00,2d,00,46,00,33,00,37,00,45,00,39,00,44,00,36,00,31,00,41,00,\
45,00,37,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,\
00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,43,00,38,00,34,00,39,00,41,00,\
45,00,39,00,44,00,2d,00,30,00,30,00,31,00,42,00,2d,00,34,00,38,00,44,00,38,\
00,2d,00,38,00,44,00,32,00,42,00,2d,00,39,00,39,00,43,00,35,00,39,00,42,00,\
44,00,41,00,38,00,41,00,30,00,44,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,\
00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,31,00,32,00,\
30,00,32,00,46,00,39,00,30,00,43,00,2d,00,33,00,41,00,37,00,45,00,2d,00,34,\
00,33,00,44,00,34,00,2d,00,39,00,36,00,34,00,37,00,2d,00,42,00,42,00,34,00,\
33,00,35,00,32,00,33,00,41,00,34,00,43,00,33,00,46,00,7d,00,00,00,5c,00,44,\
00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,\
7b,00,37,00,31,00,44,00,34,00,33,00,39,00,32,00,31,00,2d,00,31,00,38,00,31,\
00,36,00,2d,00,34,00,34,00,38,00,38,00,2d,00,42,00,30,00,32,00,36,00,2d,00,\
34,00,44,00,44,00,30,00,45,00,37,00,43,00,36,00,38,00,31,00,38,00,45,00,7d,\
00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,\
69,00,70,00,5f,00,7b,00,42,00,45,00,34,00,46,00,33,00,36,00,39,00,34,00,2d,\
00,32,00,43,00,36,00,45,00,2d,00,34,00,46,00,31,00,41,00,2d,00,39,00,33,00,\
33,00,36,00,2d,00,30,00,30,00,35,00,46,00,46,00,35,00,38,00,46,00,38,00,30,\
00,41,00,45,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,\
54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,33,00,39,00,45,00,34,00,45,00,36,\
00,39,00,39,00,2d,00,41,00,39,00,32,00,35,00,2d,00,34,00,43,00,36,00,31,00,\
2d,00,38,00,42,00,37,00,43,00,2d,00,31,00,34,00,45,00,44,00,39,00,46,00,35,\
00,44,00,31,00,35,00,41,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,\
63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,42,00,43,00,37,\
00,30,00,44,00,42,00,39,00,35,00,2d,00,31,00,38,00,34,00,37,00,2d,00,34,00,\
32,00,37,00,37,00,2d,00,41,00,43,00,45,00,33,00,2d,00,33,00,34,00,45,00,32,\
00,30,00,43,00,35,00,36,00,35,00,38,00,38,00,42,00,7d,00,00,00,5c,00,44,00,\
65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,\
00,33,00,34,00,39,00,32,00,41,00,36,00,46,00,30,00,2d,00,36,00,38,00,45,00,\
43,00,2d,00,34,00,36,00,32,00,35,00,2d,00,41,00,44,00,37,00,39,00,2d,00,46,\
00,31,00,30,00,35,00,33,00,46,00,42,00,30,00,32,00,39,00,39,00,38,00,7d,00,\
00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"NV Hostname"="ASUS"
"DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
"NameServer"=""
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"Hostname"="ASUS"
"DeadGWDetectDefault"=dword:00000001
"MaxDupAcks"=dword:00000003
"MTU"=dword:000005dc
"DhcpDomain"="hsd1.tn.comcast.net."
"DhcpNameServer"="68.87.68.166 68.87.74.166"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp]
"LLInterface"="WANARP"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,42,00,45,00,34,00,46,00,33,00,36,00,\
39,00,34,00,2d,00,32,00,43,00,36,00,45,00,2d,00,34,00,46,00,31,00,41,00,2d,\
00,39,00,33,00,33,00,36,00,2d,00,30,00,30,00,35,00,46,00,46,00,35,00,38,00,\
46,00,38,00,30,00,41,00,45,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,\
00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,\
6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,33,00,39,\
00,45,00,34,00,45,00,36,00,39,00,39,00,2d,00,41,00,39,00,32,00,35,00,2d,00,\
34,00,43,00,36,00,31,00,2d,00,38,00,42,00,37,00,43,00,2d,00,31,00,34,00,45,\
00,44,00,39,00,46,00,35,00,44,00,31,00,35,00,41,00,46,00,7d,00,00,00,54,00,\
63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,\
00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,\
73,00,5c,00,7b,00,42,00,43,00,37,00,30,00,44,00,42,00,39,00,35,00,2d,00,31,\
00,38,00,34,00,37,00,2d,00,34,00,32,00,37,00,37,00,2d,00,41,00,43,00,45,00,\
33,00,2d,00,33,00,34,00,45,00,32,00,30,00,43,00,35,00,36,00,35,00,38,00,38,\
00,42,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,\
61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,\
00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,33,00,34,00,39,00,32,00,41,00,\
36,00,46,00,30,00,2d,00,36,00,38,00,45,00,43,00,2d,00,34,00,36,00,32,00,35,\
00,2d,00,41,00,44,00,37,00,39,00,2d,00,46,00,31,00,30,00,35,00,33,00,46,00,\
42,00,30,00,32,00,39,00,39,00,38,00,7d,00,00,00,00,00
"NumInterfaces"=dword:00000004
"IpInterfaces"=hex:94,36,4f,be,6e,2c,1a,4f,93,36,00,5f,f5,8f,80,ae,99,e6,e4,39,\
25,a9,61,4c,8b,7c,14,ed,9f,5d,15,af,95,db,70,bc,47,18,77,42,ac,e3,34,e2,0c,\
56,58,8b,f0,a6,92,34,ec,68,25,46,ad,79,f1,05,3f,b0,29,98

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{0359504B-EDBA-4985-B08E-F37E9D61AE7C}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,30,00,33,00,35,00,39,00,35,00,30,00,\
34,00,42,00,2d,00,45,00,44,00,42,00,41,00,2d,00,34,00,39,00,38,00,35,00,2d,\
00,42,00,30,00,38,00,45,00,2d,00,46,00,33,00,37,00,45,00,39,00,44,00,36,00,\
31,00,41,00,45,00,37,00,43,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{1202F90C-3A7E-43D4-9647-BB43523A4C3F}]
"LLInterface"="ARP1394"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,31,00,32,00,30,00,32,00,46,00,39,00,\
30,00,43,00,2d,00,33,00,41,00,37,00,45,00,2d,00,34,00,33,00,44,00,34,00,2d,\
00,39,00,36,00,34,00,37,00,2d,00,42,00,42,00,34,00,33,00,35,00,32,00,33,00,\
41,00,34,00,43,00,33,00,46,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{71D43921-1816-4488-B026-4DD0E7C6818E}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,31,00,44,00,34,00,33,00,39,00,\
32,00,31,00,2d,00,31,00,38,00,31,00,36,00,2d,00,34,00,34,00,38,00,38,00,2d,\
00,42,00,30,00,32,00,36,00,2d,00,34,00,44,00,44,00,30,00,45,00,37,00,43,00,\
36,00,38,00,31,00,38,00,45,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{C849AE9D-001B-48D8-8D2B-99C59BDA8A0D}]
"LLInterface"="ARP1394"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,43,00,38,00,34,00,39,00,41,00,45,00,\
39,00,44,00,2d,00,30,00,30,00,31,00,42,00,2d,00,34,00,38,00,44,00,38,00,2d,\
00,38,00,44,00,32,00,42,00,2d,00,39,00,39,00,43,00,35,00,39,00,42,00,44,00,\
41,00,38,00,41,00,30,00,44,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0359504B-EDBA-4985-B08E-F37E9D61AE7C}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):00,00
"UDPAllowedPorts"=hex(7):00,00
"RawIPAllowedProtocols"=hex(7):00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
33,00,00,00,00,00
"DhcpClassIdBin"=hex:
"AddressType"=dword:00000000
"DisableDynamicUpdate"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1202F90C-3A7E-43D4-9647-BB43523A4C3F}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):00,00
"UDPAllowedPorts"=hex(7):00,00
"RawIPAllowedProtocols"=hex(7):00,00
"AddressType"=dword:00000000
"DisableDynamicUpdate"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3492A6F0-68EC-4625-AD79-F1053FB02998}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{39E4E699-A925-4C61-8B7C-14ED9F5D15AF}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"NTEContextList"=hex(7):00,00
"DhcpClassIdBin"=hex:
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="0.0.0.0"
"Domain"=""
"RegistrationEnabled"=dword:00000000
"RegisterAdapterName"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{71D43921-1816-4488-B026-4DD0E7C6818E}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):00,00
"UDPAllowedPorts"=hex(7):00,00
"RawIPAllowedProtocols"=hex(7):00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
32,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="192.168.1.1"
"Lease"=dword:00015180
"LeaseObtainedTime"=dword:4e89f116
"T1"=dword:4e8a99d6
"T2"=dword:4e8b1866
"LeaseTerminatesTime"=dword:4e8b4296
"AddressType"=dword:00000000
"MSS"=dword:00000550
"DhcpIPAddress"="192.168.1.103"
"DhcpSubnetMask"="255.255.255.0"
"IsServerNapAware"=dword:00000000
"DhcpDomain"="hsd1.tn.comcast.net."
"DhcpNameServer"="68.87.68.166 68.87.74.166"
"DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,31,\
00,2e,00,31,00,00,00,00,00
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
00,35,00,35,00,2e,00,30,00,00,00,00,00
"DisableDynamicUpdate"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC70DB95-1847-4277-ACE3-34E20C56588B}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BE4F3694-2C6E-4F1A-9336-005FF58F80AE}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"RegisterAdapterName"=dword:00000000
"RegistrationEnabled"=dword:00000000
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="0.0.0.0"
"Domain"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C849AE9D-001B-48D8-8D2B-99C59BDA8A0D}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):00,00
"UDPAllowedPorts"=hex(7):00,00
"RawIPAllowedProtocols"=hex(7):00,00
"AddressType"=dword:00000000
"DisableDynamicUpdate"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock]
"UseDelayedAcceptance"=dword:00000000
"HelperDllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,00,6c,00,\
00,00
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"Mapping"=hex:0b,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,\
00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,00,00,\
00,00,00,00,00,00,06,00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,\
00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,00,\
00,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,11,00,00,00,00,00,00,00,02,\
00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance]
"Close"="CloseTcpIpPerformanceData"
"Collect"="CollectTcpIpPerformanceData"
"Library"="Perfctrs.dll"
"Open"="OpenTcpIpPerformanceData"
"Object List"="502 510 546 582 638 658"
"WbemAdapFileSignature"=hex:db,e2,b6,23,53,66,0e,cc,a0,d7,5e,a3,07,a7,17,e9
"WbemAdapFileTime"=hex:20,1b,b6,d6,9a,d7,c3,01
"WbemAdapFileSize"=dword:00009c00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider]
"Class"=dword:00000008
"DnsPriority"=dword:000007d0
"HostsPriority"=dword:000001f4
"LocalPriority"=dword:000001f3
"ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,73,00,6f,00,63,00,6b,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"NetbtPriority"=dword:000007d1
"Name"="TCP/IP"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Enum]
"0"="Root\\LEGACY_TCPIP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


----------



## Cookiegal (Aug 27, 2003)

Could I ask you to upload it as an attachment please? Because the format is important and the board software inserts spaces.

This will take a little time and I may not be able to post back until later onthis afternoon.


----------



## Lumpola (Oct 4, 2011)

Look3.txt is attached.

Thanks!


----------



## Cookiegal (Aug 27, 2003)

OK. I'm attaching a FixNetBT.zip file to this post. Please save it to your desktop (transfer it via a flash drive). Unzip it (extract the file) and double-click on the FixNetBT.reg file and allow it to merge into the registry. Then reboot the machine.

Then go to *Start *- *Run *- type in *services.msc* and try to start these services:

*DHCP Client 
TCP/IP NetBIOS Helper*

If they start successfully, see if you can connect to the Internet.


----------



## Lumpola (Oct 4, 2011)

We have internet! THANK YOU!!!


----------



## Cookiegal (Aug 27, 2003)

I'm happy to hear that. :up:

Now please stay with me as I want to make sure all of the infection is gone.

Please download DDS by sUBs to your desktop from one of the following locations:

http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Save them both to your desktop. Copy and paste the contents of the DDS.txt and Attach.txt files in your reply please.


----------



## Lumpola (Oct 4, 2011)

DDS.txt...

.
DDS (Ver_2011-06-23.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Run by Barry at 12:19:13 on 2011-10-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1190 [GMT -5:00]
.
AV: Avanquest SystemSuite *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Programs\Avanquest\SystemSuite\AVQWinMonEngine.exe
D:\Programs\Service\SyncServicesBasics.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Programs\SecureBackupShare\ComcastSecureBackupSharebackup.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Programs\MozyHome\mozybackup.exe
D:\Programs\PCPitstopScheduleService.exe
C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\dllhost.exe
D:\Programs\AVANQU~1\SYSTEM~1\MXTask.exe
D:\Programs\uphclean.exe
D:\Programs\AVANQU~1\SYSTEM~1\mxtask2.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\programs\realplayer\update\realsched.exe
D:\Programs\CTNMRUN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Programs\Southwest Airlines\Ding\Ding.exe
C:\WINDOWS\Explorer.EXE
D:\Programs\MozyHome\mozystat.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = 
mSearch Bar = 
uInternet Settings,ProxyOverride = localhost;*.local;<local>
uSearchAssistant = 
uCustomizeSearch = 
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Avanquest Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\programs\avanquest\systemsuite\avgssie.dll
BHO: DataVault Object: {8373adc0-6330-11dd-9d77-22c856d89593} - d:\programs\avanquest\systemsuite\IE_ContextMenu_Vault.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {DFEFC2E4-F483-9FA6-4309-4E2EDB1D0426} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NOMAD Detector] "d:\programs\CTNMRUN.EXE"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\barry\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SystemTray] SysTray.Exe
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [TkBellExe] "d:\programs\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "d:\programs\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\barry\startm~1\programs\startup\ding!.lnk - d:\programs\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\barry\startm~1\programs\startup\mozyst~1.lnk - d:\programs\mozyhome\mozystat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cloudm~1.lnk - c:\windows\installer\{5ab0a110-c60a-4037-b9a5-f772bc647367}\SC_1.ico
mPolicies-explorer: <NO NAME> = 
IE: E&xport to Microsoft Excel
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} c:\program files\irfanview\ebay\ebay.htm - c:\program files\irfanview\ebay\ebay.htm\inprocserver32 does not exist!
Trusted Zone: adobe.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\system\iejava.cab
DPF: Microsoft XML Parser for Java
DPF: PCPitstop-Tracks-Checker - hxxp://pcpitstop.com/privacy/PCPTracks.cab
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/Oneclickfix/tgctlsr.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://help.bellsouth.net/sdccommon/download/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/da/PCPitStop.CAB
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://pcpitstop.com/internet/pcpConnCheck.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {31564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmvax.cab
DPF: {32564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8ax.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://pcpitstop.com/pestscan/pestscan.cab
DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} - hxxp://office.microsoft.com/productupdates/content/opuc.cab
DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239022486703
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} - hxxp://216.249.24.142/code/PWActiveXImgCtl.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239041191718
DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} - hxxp://pcpitstop.com/pcpitstop/diskhealth.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} - hxxp://www.fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://media.memphiszoo.org/AxisCamControl.ocx
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://pcpitstop.com/mhLbl.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37996.5242592593
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{71D43921-1816-4488-B026-4DD0E7C6818E} : DhcpNameServer = 68.87.68.166 68.87.74.166
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\program files\symantec\winfax\WfxSeh32.Dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /appe /caller:ie50 /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /appe /caller:ie50 /user /install - "c:\progra~1\outloo~1\setup50.exe" /appe /caller:win9x /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /app:wab /caller:win9x /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
mASetup: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - c:\windows\system32\updcrl.exe -e -u c:\windows\system\verisignpub1.crl
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\barry\application data\mozilla\firefox\profiles\jcb86ucr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - component: c:\documents and settings\barry\application data\mozilla\firefox\profiles\jcb86ucr.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: d:\programs\avanquest\systemsuite\firefox3dv\components\VaultComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\barry\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\barry\application data\mozilla\firefox\profiles\jcb86ucr.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\barry\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\barry\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\barry\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: d:\programs\firefox\plugins\npCouponPrinter.dll
FF - plugin: d:\programs\firefox\plugins\npMozCouponPrinter.dll
FF - plugin: d:\programs\firefox\plugins\nprmsl.dll
FF - plugin: d:\programs\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\programs\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\programs\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\programs\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\programs\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\programs\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\programs\quicktime\plugins\npqtplugin7.dll
FF - plugin: d:\programs\realplayer\netscape6\nppl3260.dll
FF - plugin: d:\programs\realplayer\netscape6\nprjplug.dll
FF - plugin: d:\programs\realplayer\netscape6\nprpjplug.dll
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2009-1-19 37864]
R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\PnP680.sys [2002-3-16 71720]
R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\windows\system32\drivers\ComcastSecureBackupShare.sys [2010-3-4 54776]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2011-3-11 203056]
R2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;d:\programs\avanquest\systemsuite\AVQWinMonEngine.exe [2010-8-20 328704]
R2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;d:\programs\securebackupshare\ComcastSecureBackupSharebackup.exe [2010-2-9 45896]
R2 PCPitstop Scheduling;PCPitstop Scheduling;d:\programs\PCPitstopScheduleService.exe [2008-11-21 77312]
R2 SBAMSvc;SystemSuite;c:\program files\common files\antivirus\SBAMSvc.exe [2010-2-22 1012080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 aawservice;Ad-Aware 2007 Service;d:\programs\aawservice.exe [2008-1-4 587096]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 cpuz132;cpuz132;\??\c:\docume~1\barry\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\barry\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 Jukebox3_1394;Jukebox3_1394;c:\windows\system32\drivers\ctpd1394.sys [2007-5-4 21978]
S3 MAUSBMOBILEPRE;Service for M-Audio MobilePre;c:\windows\system32\drivers\MAudioMobilePre.sys [2010-2-3 158344]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]
S3 seqcal;seqcal;c:\windows\system32\drivers\seqcal.sys --> c:\windows\system32\drivers\seqcal.sys [?]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [2009-4-6 129535]
S3 USR1806;U.S. Robotics Faxmodem Driver 1806;c:\windows\system32\drivers\USR1806.SYS [2004-1-10 793598]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2004-6-22 15576]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-1-10 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-07 18:46:33 -------- d-----w- c:\documents and settings\barry\local settings\application data\CutePDF Writer
2011-10-07 18:41:33 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-10-04 15:15:14 462848 ----a-w- c:\windows\system32\dllcache\a3dapi.dll
2011-10-04 13:19:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-03 19:31:09 -------- d-----w- C:\ERDNT
2011-10-03 16:20:43 465920 ------w- c:\windows\system32\imapi2fs.dll
2011-10-03 16:20:43 465920 ------w- c:\windows\system32\dllcache\imapi2fs.dll
2011-10-03 16:20:43 317952 ------w- c:\windows\system32\imapi2.dll
2011-10-03 16:20:43 317952 ------w- c:\windows\system32\dllcache\imapi2.dll
2011-10-03 13:01:12 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-03 13:01:12 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-03 00:23:49 -------- d-----w- c:\windows\$BLSTUN$
2011-09-28 15:19:11 -------- d-----w- c:\documents and settings\barry\application data\7FFCB7996AC212C26FA94A5C223AF4D0
2011-09-26 02:06:49 9608392 ----a-w- c:\documents and settings\all users\Tempmozy-manualupdate-8262dfa079e3ea66519693899238bbfb.exe
.
==================== Find3M ====================
.
2011-10-02 19:03:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-05 23:41:37 9396840 ----a-w- c:\documents and settings\all users\Tempmozy-autoupdate-fd378831154aecd3ff93f99a8cbdcdea.exe
2011-08-03 00:49:26 9506240 ----a-w- c:\documents and settings\all users\Tempmozy-autoupdate-9168e69c9b17c74056d68fc0f28ff63a.exe
2011-07-27 21:22:20 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 12:20:02.37 ===============

Attach.txt...

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/10/2004 12:26:48 PM
System Uptime: 10/8/2011 11:52:04 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P4GE-V
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | PGA 478 | 2806/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 115 GiB total, 85.316 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 69.361 GiB free.
E: is Removable
S: is FIXED (NTFS) - 699 GiB total, 90.703 GiB free.
Y: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMPLEXTOR_CD-R___PX-W4824A________________1.03____\5&E088E23&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: PLEXTOR CD-R PX-W4824A
PNP Device ID: IDE\CDROMPLEXTOR_CD-R___PX-W4824A________________1.03____\5&E088E23&0&0.0.0
Service: cdrom
.
==== System Restore Points ===================
.
RP1: 10/4/2011 11:29:10 AM - System Checkpoint
RP2: 10/4/2011 11:32:06 AM - After Viruses
RP3: 10/4/2011 12:04:08 PM - Installed Microsoft Fix it 50203
RP4: 10/4/2011 5:33:14 PM - Before WinSockFix
RP5: 10/5/2011 4:25:19 PM - Before RegImport
RP6: 10/7/2011 2:52:20 PM - Before Optimize
.
==== Installed Programs ======================
.
.
7-Zip 4.57
Acer System Information
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe InDesign 1.5
Adobe Photoshop 6.0
Adobe Product/Adobe Studio Update 10/2001
Adobe Reader 9.4.6
Adobe SVG Viewer 3.0
Ahead Nero - Burning Rom
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atomic Clock Sync
Audacity 1.2.6
Avanquest PerfectImage 11
Avanquest update
Belarc Advisor 7.2
Bing Bar
Bonjour
BroadJump Client Foundation
Cloudmark Desktop for Microsoft Outlook Express
Color LaserJet 2600n
Compatibility Pack for the 2007 Office system
Conversions Plus 6.05
Coupon Printer for Windows
Creative NOMAD II Driver
Creative PlayCenter
CutePDF Writer 2.8
DING!
DiscWizard for Windows
DreamStation DXi2
EasyCleaner
eDATA Unerase
EPSON Printer Software
EPSON Scan! II
EPSON TWAIN 5
EVEREST Home Edition v1.10
FLAC Installer 1.1.2a (remove only)
FTDI USB Serial Converter Drivers
Garmin City Navigator North America NT 2010.20
Garmin Communicator Plugin
Garmin USB Drivers
Gee Audio 1.1.3
getPlus(R)_dll
Google Earth
Google Talk Plugin
Grab & Burn, Version 4.0.1 ( Build 2005-09-21, Win32, CSS )
HDHomeRun
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Home Studio 2004
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB932716-v2)
hp LaserJet 1010 Series
HP Product Detection
ImgBurn
iolo technologies' System Mechanic
IrfanView (remove only)
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java(TM) 6 Update 18
jOrgan 3.8.3
Karen's Directory Printer
Logitech Desktop Messenger
Logitech MouseWare 9.79.1 
M-Audio MobilePre Driver 6.0.1 (x86)
Macromedia Flash Player 8
Malwarebytes' Anti-Malware version 1.51.2.1300
Mastering Effects Bundle for Sound Forge
MemTurbo
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Data Access Components KB870669
Microsoft FrontPage 2000 SR-1
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Office Live Meeting 2007
Microsoft Publisher 2002
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Journal Viewer
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works 4.0
Move Media Player
Mozilla Firefox 7.0 (x86 en-US)
MozyHome
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Musicnotes Player
My Sam's Club Digital Photo Center
MyOrgan
Neat Image 3.1 Home
Noise Reduction Plug-in 2.0i
NOMAD Jukebox 3
NOMAD Jukebox 3 Driver
NVIDIA Graphics Driver 260.99
NVIDIA nView 135.36
NVIDIA nView Desktop Manager
P.I.M. II Plug-In
Pando
PC Pitstop Driver Alert 1.0
PC Pitstop Exterminate2 2.0
PC Pitstop Optimize3 3.0
PConPoint v3.5
Photogize PrintWizard
QuickBooks Pro 2006
QuickTime
REALbasic 2005r2
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Rhapsody Player Engine
Rimage CD Designer Software Suite
SanDisk ImageMate CF-MS v1.00
Secure Backup and Share
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Sibelius Scorch (Firefox, Opera, Netscape only)
Skype Toolbars
Skype 4.2
Solero Music Control 1.0.1.7
Sonic Foundry Acoustics Modeler DirectX Plug-In 1.0
Sony ACID Music Studio 6.0b
Sony CD Architect 5.2
Sony Noise Reduction Plug-In 2.0h
Sony Preset Manager 2.0
Sound Forge 4.0 for Windows 95 and NT (x86)
Sound Forge Pro 10.0
SoundMAX
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 8
Steinberg Cubase LE
StuffIt Standard
Sunbelt CounterSpy
Symantec WinFax PRO 10.0
System Files Update
System Requirements Lab
System Requirements Lab for Intel
SystemSuite 11 Professional
TextBridge Pro 11.0
TextBridge Pro Millennium
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2009 wtniper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2010 wtniper
TurboTax Home & Business 2007
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
TurboTax Premier 2005
TurboTax Premier Investments 2006
Tweak UI
UDPixel.exe
Uninstall Windows 9x USB 2.0 Support
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
User Profile Hive Cleanup Service
Virtual Sound Canvas DXi
VLC media player 1.1.11
WexTech AnswerWorks
Winamp (remove only)
Windows 7 Upgrade Advisor Beta
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Windows XP Uninstall
WinSCP 3.7.1
XBMC
Xteq Systems X-Setup 6.3
YouSendIt Express
.
==== Event Viewer Messages From Past Week ========
.
10/8/2011 12:19:15 PM, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.
10/8/2011 11:56:13 AM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
10/7/2011 7:30:28 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
10/7/2011 1:42:49 PM, error: Print [6161] - The document Intuit owned by Barry failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 42608. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\ASUS. Win32 error code returned by the print processor: 6 (0x6). 
10/6/2011 8:06:32 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The Security Center service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The Remote Access Auto Connection Manager service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The Network Provisioning Service service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The IPv6 Helper Service service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
10/6/2011 8:05:38 AM, error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/6/2011 8:05:38 AM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/6/2011 8:05:38 AM, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/6/2011 8:05:38 AM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
10/5/2011 11:34:45 PM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
10/4/2011 5:39:08 PM, error: Service Control Manager [7022] - The IPv6 Helper Service service hung on starting.
10/4/2011 3:35:07 PM, error: NetDDE [69] - StartServiceCtrlDispatcher() Failed: 1063
10/4/2011 12:23:07 PM, error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT
10/3/2011 9:09:10 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/3/2011 9:09:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/3/2011 9:05:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BANTExt ComcastSecureBackupShareFilter eeCtrl Fips intelppm IPSec mozyFilter MRxSmb NetBIOS NetBT RasAcd Rdbss sbtis Tcpip Tcpip6 UimBus Uim_IM WS2IFSL
10/3/2011 9:05:07 AM, error: Service Control Manager [7001] - The Simple TCP/IP Services service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2011 9:05:07 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2011 9:05:07 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2011 9:05:07 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2011 9:05:07 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2011 7:40:15 AM, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 00E018B06FCC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/3/2011 2:52:27 PM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2011 2:11:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BANTExt ComcastSecureBackupShareFilter eeCtrl Fips intelppm IPSec mozyFilter MRxSmb NetBIOS RasAcd Rdbss sbtis Tcpip Tcpip6 UimBus Uim_IM WS2IFSL
10/3/2011 12:55:35 PM, error: Service Control Manager [7001] - The Network DDE service depends on the Network DDE DSDM service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/3/2011 12:37:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aic78xx PCIIde
10/3/2011 12:36:45 PM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: NetBT
10/3/2011 12:36:04 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
10/3/2011 11:29:48 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
10/3/2011 11:27:03 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
10/3/2011 11:26:06 AM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 00E018B06FCC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/3/2011 10:40:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/2/2011 8:02:43 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 00E018B06FCC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/1/2011 7:23:20 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00E018B06FCC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================


----------



## Cookiegal (Aug 27, 2003)

It looks like you've been having trouble getting Microsoft critial updates, is that correct? Because there should be a lot more installed than what is showing there. Please tell me that this is a genuine installation of Windows?


----------



## Lumpola (Oct 4, 2011)

> It looks like you've been having trouble getting Microsoft critical updates, is that correct?

No. Critical update have been regular and often until the virus crash and virus removal issue.

> Because there should be a lot more installed than what is showing there.

That's not the only thing missing. Most of my Start Menu is gone. All of my task bar shortcuts are gone. There are some missing drivers: So far audio card, and Acrobat PDF Creator (Distiller). But... I can reinstall these.

I haven't yet found any missing data. Yea!

> Please tell me that this is a genuine installation of Windows?

Yes, its genuine. Would you like for me to provide you the key?


----------



## Cookiegal (Aug 27, 2003)

No I don't need to see the key but if you don't mind would you please run this MGDiag tool?

Please run the MGA Diagnostic Tool and post back the report it creates:
Download *MGADiag* to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.

Once it shows it's genuine then we can continue. The next tool we'll be running may restore some of those things for you.


----------



## Lumpola (Oct 4, 2011)

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-4TGMH-CC4HT-JFMDP
Windows Product Key Hash: iDa1fudmJhVgpAg5lCSdo1oIPV4=
Windows Product ID: 55285-015-8950686-21948
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {5CE2AA8E-BFA6-488E-82F2-20AC25A1B19C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Publisher 2002 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: D:\Programs\FireFox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{5CE2AA8E-BFA6-488E-82F2-20AC25A1B19C}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-JFMDP</PKey><PID>55285-015-8950686-21948</PID><PIDType>5</PIDType><SID>S-1-5-21-2025429265-1060284298-839522115</SID><SYSTEM><Manufacturer>System Manufacturer</Manufacturer><Model>System Name</Model></SYSTEM><BIOS><Manufacturer>Award Software, Inc.</Manufacturer><Version>ASUS P4GE-V ACPI BIOS Revision 1004</Version><SMBIOSVersion major="2" minor="3"/><Date>20031110000000.000000+000</Date></BIOS><HWID>E64F3E9F01843F72</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91190409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Publisher 2002</Name><Ver>10</Ver><Val>4583AC06D01CB3A</Val><Hash>Bn44Y/FKNM6eJe682xNUlKupBXQ=</Hash><Pid>54197-OEM-1691443-17053</Pid><PidType>4</PidType></Product></Products><Applications><App Id="19" Version="10" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 139D0:ASUSTeK Computer Inc|10196:GENUINE C&C INC
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A


----------



## Cookiegal (Aug 27, 2003)

Thanks. Sorry to have you do that but it's for your own protection as often people are not aware their systems were not genuine. 

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## Lumpola (Oct 4, 2011)

The two requested logs are below...

ComboFix 11-10-08.03 - Barry 10/08/2011 14:29:48.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1553 [GMT -5:00]
Running from: c:\documents and settings\Barry\Desktop\Puppy.exe
AV: Avanquest SystemSuite *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\5215.exe
C:\6619.exe
c:\documents and settings\All Users\Tempmozy-manualupdate-8262dfa079e3ea66519693899238bbfb.exe
c:\documents and settings\Barry\Application Data\7FFCB7996AC212C26FA94A5C223AF4D0
c:\documents and settings\Barry\Application Data\7FFCB7996AC212C26FA94A5C223AF4D0\enemies-names.txt
c:\documents and settings\Barry\Application Data\Adobe\plugs
c:\documents and settings\Barry\Application Data\AuditionManagerMyPrefs.txt
c:\documents and settings\Barry\WINDOWS
c:\program files\messenger\msmsgsin.exe
c:\windows\$BLSTUN$
c:\windows\$NtUninstallKB34077$
c:\windows\$NtUninstallKB34077$\3756303622\@
c:\windows\$NtUninstallKB34077$\3756303622\bckfg.tmp
c:\windows\$NtUninstallKB34077$\3756303622\cfg.ini
c:\windows\$NtUninstallKB34077$\3756303622\Desktop.ini
c:\windows\$NtUninstallKB34077$\3756303622\kwrd.dll
c:\windows\$NtUninstallKB34077$\3756303622\L\pnoijggi
c:\windows\$NtUninstallKB34077$\3756303622\lsflt7.ver
c:\windows\$NtUninstallKB34077$\3756303622\U\[email protected]
c:\windows\$NtUninstallKB34077$\3756303622\U\[email protected]
c:\windows\$NtUninstallKB34077$\3756303622\U\[email protected]
c:\windows\$NtUninstallKB34077$\3756303622\U\[email protected]
c:\windows\$NtUninstallKB34077$\440404192
c:\windows\bwUnin-6.1.4.61-8876480L.exe
c:\windows\bwUnin-7.2.0.157-8876480SL.exe
c:\windows\dasetup.log
c:\windows\Downloaded Program Files\Quarantine
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\ST6UNST.000
c:\windows\start.exe
c:\windows\system32\bszip.dll
c:\windows\system32\d3d9caps.dat
c:\windows\system32\encapi32.dll
c:\windows\system32\SysInfo.dll
c:\windows\tsoc.log
c:\windows\Web\default.htt
S:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-09-08 to 2011-10-08 )))))))))))))))))))))))))))))))
.
.
2011-10-08 18:37 . 2011-10-08 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-10-07 18:46 . 2011-10-08 15:24 -------- d-----w- c:\documents and settings\Barry\Local Settings\Application Data\CutePDF Writer
2011-10-07 18:41 . 2009-11-05 13:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-10-04 15:15 . 2001-08-18 03:36 462848 ----a-w- c:\windows\system32\dllcache\a3dapi.dll
2011-10-04 13:19 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-03 19:31 . 2011-10-04 22:34 -------- d-----w- C:\ERDNT
2011-10-03 16:20 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2011-10-03 16:20 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\dllcache\imapi2fs.dll
2011-10-03 16:20 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2011-10-03 16:20 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\dllcache\imapi2.dll
2011-10-03 13:01 . 2011-10-03 13:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-03 02:12 . 2011-10-03 02:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-10-03 00:49 . 2011-10-03 00:59 -------- d-----w- c:\documents and settings\Administrator.ASUS.001
2011-09-11 13:08 . 2011-09-11 13:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-02 19:03 . 2011-05-17 12:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2004-01-10 19:39 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-05 23:41 . 2011-08-05 23:41 9396840 ----a-w- c:\documents and settings\All Users\Tempmozy-autoupdate-fd378831154aecd3ff93f99a8cbdcdea.exe
2011-08-03 00:49 . 2011-08-03 00:49 9506240 ----a-w- c:\documents and settings\All Users\Tempmozy-autoupdate-9168e69c9b17c74056d68fc0f28ff63a.exe
2011-07-27 21:22 . 2010-12-10 23:02 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2011-07-15 13:29 . 2005-08-25 15:24 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare]
@="{72bcb80d-7778-eb4a-ec51-22340ad33e07}"
[HKEY_CLASSES_ROOT\CLSID\{72bcb80d-7778-eb4a-ec51-22340ad33e07}]
2010-02-09 15:02 2848584 ----a-w- d:\programs\SecureBackupShare\ComcastSecureBackupShareshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare2]
@="{b723586e-9ca0-5b27-341a-4990a8c342cf}"
[HKEY_CLASSES_ROOT\CLSID\{b723586e-9ca0-5b27-341a-4990a8c342cf}]
2010-02-09 15:02 2848584 ----a-w- d:\programs\SecureBackupShare\ComcastSecureBackupShareshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare3]
@="{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}"
[HKEY_CLASSES_ROOT\CLSID\{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}]
2010-02-09 15:02 2848584 ----a-w- d:\programs\SecureBackupShare\ComcastSecureBackupShareshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-09-12 15:18 3546904 ----a-w- d:\programs\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-09-12 15:18 3546904 ----a-w- d:\programs\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2011-01-21 14:44 8462336 ----a-w- c:\windows\SYSTEM32\shell32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NOMAD Detector"="d:\programs\CTNMRUN.EXE" [2002-03-05 18432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-09-02 643592]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
"TkBellExe"="d:\programs\realplayer\update\realsched.exe" [2011-05-26 273544]
"QuickTime Task"="d:\programs\Quicktime\qttask.exe" [2010-11-29 421888]
.
c:\documents and settings\Barry\Start Menu\Programs\Startup\
DING!.lnk - d:\programs\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
mozystat.exe.lnk - d:\programs\MozyHome\mozystat.exe [2011-9-12 3706648]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-2-21 82026]
Cloudmark Desktop for Outlook Express.lnk - c:\windows\Installer\{5AB0A110-C60A-4037-B9A5-F772BC647367}\SC_1.ico [2008-7-30 22486]
MacName.lnk - c:\program files\Conversions Plus\MacName.exe [2003-1-18 53340]
MonacoGamma.lnk - c:\program files\Monaco Systems\MonacoEZcolor 2.5\MonacoGamma.exe [N/A]
MozyHome Status.lnk - d:\programs\MozyHome\mozystat.exe [2011-9-12 3706648]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-6 815104]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=xgusb.cpl
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeltTray]
2002-12-06 21:19 56320 ----a-w- c:\windows\SYSTEM32\delttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 16:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"MacLicense"="c:\program files\Conversions Plus\MacLic.exe"
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"StillImageMonitor"=c:\windows\SYSTEM32\STIMON.EXE
"StatusClient"=c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programs\\HDHomeRun\\hdhomerun_config_gui.exe"=
"d:\\Programs\\HDHomeRun\\hdhomerun_quicktv.exe"=
"d:\\Programs\\HDHomeRun\\hdhomerun_setup.exe"=
"d:\\Programs\\HDHomeRun\\hdhomerun_config.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Programs\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Documents and Settings\\Barry\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"d:\\Programs\\MozyHome\\mozyconf.exe"=
"d:\\Programs\\MozyHome\\mozystat.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 hotcore3;hotcore3;c:\windows\SYSTEM32\DRIVERS\hotcore3.sys [1/19/2009 10:02 AM 37864]
R0 Pnp680;SiI 680 ATA Controller;c:\windows\SYSTEM32\DRIVERS\PnP680.sys [3/16/2002 7:09 PM 71720]
R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\windows\SYSTEM32\DRIVERS\ComcastSecureBackupShare.sys [3/4/2010 7:55 PM 54776]
R1 sbtis;sbtis;c:\windows\SYSTEM32\DRIVERS\sbtis.sys [3/11/2011 9:29 AM 203056]
R2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;d:\programs\Avanquest\SystemSuite\AVQWinMonEngine.exe [8/20/2010 8:20 PM 328704]
R2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;d:\programs\SecureBackupShare\ComcastSecureBackupSharebackup.exe [2/9/2010 10:02 AM 45896]
R2 SBAMSvc;SystemSuite;c:\program files\Common Files\AntiVirus\SBAMSvc.exe [2/22/2010 2:29 PM 1012080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 PCPitstop Scheduling;PCPitstop Scheduling;d:\programs\PCPitstopScheduleService.exe [11/21/2008 9:25 AM 77312]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
S3 Jukebox3_1394;Jukebox3_1394;c:\windows\SYSTEM32\DRIVERS\ctpd1394.sys [5/4/2007 1:58 PM 21978]
S3 MAUSBMOBILEPRE;Service for M-Audio MobilePre;c:\windows\SYSTEM32\DRIVERS\MAudioMobilePre.sys [2/3/2010 5:22 PM 158344]
S3 SBRE;SBRE;c:\windows\SYSTEM32\DRIVERS\SBREDrv.sys [10/13/2009 9:22 AM 95024]
S3 seqcal;seqcal;c:\windows\system32\drivers\seqcal.sys --> c:\windows\system32\drivers\seqcal.sys [?]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\SYSTEM32\DRIVERS\slnt7554.sys [4/6/2009 8:02 AM 129535]
S3 USR1806;U.S. Robotics Faxmodem Driver 1806;c:\windows\SYSTEM32\DRIVERS\USR1806.SYS [1/10/2004 12:12 PM 793598]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\SYSTEM32\DRIVERS\usbbc.sys [6/22/2004 8:49 AM 15576]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [1/10/2004 11:58 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
2003-01-17 15:52 7168 ------w- c:\windows\SYSTEM32\updcrl.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1060284298-839522115-1004Core.job
- c:\documents and settings\Barry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-20 00:48]
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1060284298-839522115-1004UA.job
- c:\documents and settings\Barry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-20 00:48]
.
2011-10-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-1060284298-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-10-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-1060284298-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-10-08 c:\windows\Tasks\User_Feed_Synchronization-{9394913E-76A8-4FFB-A7EE-001A44F4D937}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = 
uInternet Settings,ProxyOverride = localhost;*.local;<local>
uSearchAssistant = 
uCustomizeSearch = 
IE: E&xport to Microsoft Excel
Trusted Zone: adobe.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java
DPF: PCPitstop-Tracks-Checker - hxxp://pcpitstop.com/privacy/PCPTracks.cab
FF - ProfilePath - c:\documents and settings\Barry\Application Data\Mozilla\Firefox\Profiles\jcb86ucr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
.
- - - - ORPHANS REMOVED - - - -
.
Notify-AtiExtEvent - (no file)
SafeBoot-26518344.sys
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil10w_Plugin.exe
AddRemove-BroadJump Client Foundation - c:\program files\BroadJump\Client Foundation\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-08 14:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\$$$\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3876)
c:\windows\system32\WININET.dll
d:\programs\SecureBackupShare\ComcastSecureBackupShareshell.dll
d:\programs\MozyHome\mozyshell.dll
d:\programs\MozyHome\LIBEAY32.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP3\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\netdde.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\programs\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
d:\programs\MozyHome\mozybackup.exe
c:\windows\System32\msdtc.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\windows\System32\locator.exe
c:\windows\system32\wscript.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\windows\System32\snmp.exe
c:\windows\System32\dllhost.exe
d:\programs\AVANQU~1\SYSTEM~1\MXTask.exe
d:\programs\uphclean.exe
d:\programs\AVANQU~1\SYSTEM~1\mxtask2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\System32\MsPMSPSv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2011-10-08 14:54:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-08 19:54
.
Pre-Run: 92,826,173,440 bytes free
Post-Run: 93,015,896,064 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout =5
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 0088E148962D080463315EF486E2CF63

========================================================================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:31:07 PM, on 10/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Programs\Avanquest\SystemSuite\AVQWinMonEngine.exe
D:\Programs\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Programs\SecureBackupShare\ComcastSecureBackupSharebackup.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Programs\MozyHome\mozybackup.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
D:\Programs\AVANQU~1\SYSTEM~1\MXTask.exe
D:\Programs\uphclean.exe
D:\Programs\AVANQU~1\SYSTEM~1\mxtask2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\programs\realplayer\update\realsched.exe
D:\Programs\CTNMRUN.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\Programs\Southwest Airlines\Ding\Ding.exe
D:\Programs\MozyHome\mozystat.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Barry\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local;<local>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programs\Avanquest\SystemSuite\avgssie.dll
O2 - BHO: Data Vault - {8373ADC0-6330-11DD-9D77-22C856D89593} - D:\Programs\Avanquest\SystemSuite\IE_ContextMenu_Vault.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [TkBellExe] "D:\programs\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programs\Quicktime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NOMAD Detector] "D:\Programs\CTNMRUN.EXE"
O4 - Startup: DING!.lnk = D:\Programs\Southwest Airlines\Ding\Ding.exe
O4 - Startup: mozystat.exe.lnk = D:\Programs\MozyHome\mozystat.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O4 - Global Startup: MacName.lnk = C:\Program Files\Conversions Plus\MacName.exe
O4 - Global Startup: MonacoGamma.lnk = C:\Program Files\Monaco Systems\MonacoEZcolor 2.5\MonacoGamma.exe
O4 - Global Startup: MozyHome Status.lnk = D:\Programs\MozyHome\mozystat.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.adobe.com
O16 - DPF: PCPitstop-Tracks-Checker - http://pcpitstop.com/privacy/PCPTracks.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/Oneclickfix/tgctlsr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239022486703
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239041191718
O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) - http://pcpitstop.com/pcpitstop/diskhealth.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://media.memphiszoo.org/AxisCamControl.ocx
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) - 
O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03) - 
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Protocol: bw+0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Programs\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AvanquestWindowsMonitorService - Avanquest Publishing USA, Inc. - D:\Programs\Avanquest\SystemSuite\AVQWinMonEngine.exe
O23 - Service: Basics Service - Seagate Technology LLC - D:\Programs\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comcast Secure Backup & Share Backup Service (ComcastSecureBackupSharebackup) - Secure Backup and Share - D:\Programs\SecureBackupShare\ComcastSecureBackupSharebackup.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - D:\Programs\MozyHome\mozybackup.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCPitstop Scheduling - Unknown owner - D:\Programs\PCPitstopScheduleService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SystemSuite (SBAMSvc) - Sunbelt Software - C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software - D:\Programs\AVANQU~1\SYSTEM~1\MXTask.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

--
End of file - 25172 bytes


----------



## Cookiegal (Aug 27, 2003)

That looks good now.

Can you tell me what would have been your "S" drive? Was that an external or flash drive?

Go to Control Panel - Add or Remove Programs and remove:

Your *Java* is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of *Java* components and upgrade the application.

*Upgrading Java*:


Download the latest version of *Java Runtime Environment (JRE) 6 Update 27*.
Select the option to download the *Windows 7, XP Offline* version 
Save the executable file to your desktop.
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with * Java Runtime Environment, JRE, J2SE or Java(TM)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download and follow the prompts to install the newest version.

Also, please update MalwareBytes and run a full system scan and post the log.


----------



## Lumpola (Oct 4, 2011)

1. The "S" drive is a Seagate 750GB USB Hard Drive used primarily for WAV and backup files.

2. Java has been successfully updated as per your specifications.

3. Should I have hit the Analyze button on HighjackThis before sending you a log?

Thanks!


----------



## Cookiegal (Aug 27, 2003)

Lumpola said:


> 1. The "S" drive is a Seagate 750GB USB Hard Drive used primarily for WAV and backup files.


I'd like to check it to make sure it's not infected. Please insert it and then do the following.

I'm attaching a MountPoints Diagnostic.zip file to this post. Save it to your desktop. Unzjip it and double click the MountPoints Diagnostic.bat file and let it run. It will create a report in Notepad named Diagnostic.txt. Please upload the Diagnostic.txt file as an attachment.



> 2. Java has been successfully updated as per your specifications.


That's good. :up:


> 3. Should I have hit the Analyze button on HighjackThis before sending you a log?


No, you did it properly. 

Also, please perform the scan with MalwareBytes that I asked for previously.


----------



## Lumpola (Oct 4, 2011)

While I'm running the Diagnostic, I'll let you know there's a new problem. On boot, I get this message...

Generic Host process for WIN32 Services has encountered a problem and needs to close. The Window title: Generic Host Process for WIN32 Services.


----------



## Lumpola (Oct 4, 2011)

Mountpoints Diagnostic opens and prints "File Not Found" several times then stops.

I'm running MalewareBytes now with the most current revision. It will take about 5 hours to finish.


----------



## Cookiegal (Aug 27, 2003)

Lumpola said:


> While I'm running the Diagnostic, I'll let you know there's a new problem. On boot, I get this message...
> 
> Generic Host process for WIN32 Services has encountered a problem and needs to close. The Window title: Generic Host Process for WIN32 Services.


That error can be caused by a number of things. Please do the following:

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## Cookiegal (Aug 27, 2003)

Lumpola said:


> Mountpoints Diagnostic opens and prints "File Not Found" several times then stops.
> 
> I'm running MalewareBytes now with the most current revision. It will take about 5 hours to finish.


Did you save it to the desktop and unzip it and click on the MountPoints Diagnostic.bat file to run it?


----------



## Lumpola (Oct 4, 2011)

Before you responded to the WIN32 problem, I turned off SystemSuite's firewall. WIN32 needing to shut down is no longer an issue. I should probably remove SystemSuite and use the XP Firewall and Virus protection. SystemSuite isn't always stable. Shall we drop this issue?

> Did you save it to the desktop and unzip it and click on the MountPoints Diagnostic.bat file to run it?

Yes.


----------



## Cookiegal (Aug 27, 2003)

Lumpola said:


> Before you responded to the WIN32 problem, I turned off SystemSuite's firewall. WIN32 needing to shut down is no longer an issue. I should probably remove SystemSuite and use the XP Firewall and Virus protection. SystemSuite isn't always stable. Shall we drop this issue?


Yes, I agree. You should get an anti-virus program like Avast and a third party firewall such as Comodo.

When you tried to run the batch file from your desktop, did it open up a black screen with a command prompt briefly? If not, can you take a screenshot of the error message you get and upload it here please?


----------



## Lumpola (Oct 4, 2011)

The black screen opens. Inside the black screen "File not found." is listed several times. Then the screen closes.

I see no messages other than "File not found." If there's anything else on the screen, it disappears so quickly I can't read it.

Any way to keep the screen open or retrieve an error message?

So far, Malewarebytes reports no infections.


----------



## Lumpola (Oct 4, 2011)

Here's the Malewarebytes report...

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7904

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/8/2011 7:59:43 PM
mbam-log-2011-10-08 (19-59-43).txt

Scan type: Full scan (C:\|D:\|S:\|)
Objects scanned: 484929
Time elapsed: 1 hour(s), 56 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## Cookiegal (Aug 27, 2003)

Go to Start - Run - copy and paste the following into the run box and click OK.
*
c:\documents and settings\Barry\Desktop\Mountpoints Diagnostic.bat*

Let me know if you get the same message or post the diagnostic.txt log if it gets created on your desktop.


----------



## Lumpola (Oct 4, 2011)

Exactly the same behavior... black box, file not found, black block closes.


----------



## Cookiegal (Aug 27, 2003)

OK. We'll come back to that. I'm signing off for the night shortly but I can give you some homework to do. 

I'll check back in the morning.

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
In *Additional Scans *section put a check in Disabled MS Config Items and EventViewer logs
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.

Please run the following on-line scanner. Note that you must use Internet Explorer to perform the scan.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\EsetOnlineScanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## Lumpola (Oct 4, 2011)

Here's my homework.  OTS file attached. ESET below...

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=daee9abcdb6d304a85c238187430f785
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-09 05:49:09
# local_time=2011-10-09 12:49:09 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=256 16777215 100 0 205541021 205541021 0 0
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 178070065 178070065 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 0 4 252581565 252581565 0 0
# scanned=306374
# found=6
# cleaned=6
# scan_time=6837
C:\Program Files\Avanquest\SystemSuite\W32Int13.dll a variant of Win32/Kryptik.FNT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\PConPoint\PConPoint.exe a variant of Win32/Adware.ErrorClean application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Barry\Application Data\7FFCB7996AC212C26FA94A5C223AF4D0\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3C1B5F79-5690-409F-AF2A-8079ACE58B86}\RP7\A0000424.dll a variant of Win32/Kryptik.FNT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3C1B5F79-5690-409F-AF2A-8079ACE58B86}\RP7\A0000425.exe a variant of Win32/Adware.ErrorClean application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Programs\Avanquest\SystemSuite\W32Int13.dll a variant of Win32/Kryptik.FNT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.

```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
YN -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MonacoGamma.lnk -> 
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{5E638779-1818-4754-A595-EF1C63B87A56}" [HKLM] -> [Reg Error: Key error.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk -> Reg Error: Value error.
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> DeltTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YN -> NeroCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
[Files/Folders - Created Within 30 Days]
NY ->  3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  111535327 -> C:\WINDOWS\111535327
NY ->  6DSS92c31Apgjk -> C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
NY ->  ~6DSS92c31Apgjk -> C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
NY ->  ~6DSS92c31Apgjkr -> C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
NY ->  3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp
[Files - No Company Name]
NY ->  ~6DSS92c31Apgjkr -> C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
NY ->  6DSS92c31Apgjk -> C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
NY ->  111535327 -> C:\WINDOWS\111535327
[Empty Temp Folders]
[EmptyFlash]
[Start Explorer]
[Reboot]
```


----------



## Cookiegal (Aug 27, 2003)

Also, please export this key for me and upload it as an attachment.

Go to *Start *- *Run *and copy and paste the following:

*regedit /e C:\look4.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT"*

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look4.txt.


----------



## Lumpola (Oct 4, 2011)

Here's the OTS fix with the HijackThis log below. Look4.txt is attached.

All Processes Killed
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MonacoGamma.lnk moved successfully.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MonacoGamma.lnk not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E638779-1818-4754-A595-EF1C63B87A56}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\Contains\Files\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\DownloadInformation\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\Contains\Files\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\DownloadInformation\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\ deleted successfully.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk\ deleted successfully.
File C:\WINDOWS\pss\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DeltTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET1D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET1E.tmp deleted successfully.
[Files/Folders - Modified Within 30 Days]
C:\WINDOWS\111535327 moved successfully.
C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk moved successfully.
C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk moved successfully.
C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr moved successfully.
[Files - No Company Name]
File C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr not found!
File C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk not found!
File C:\WINDOWS\111535327 not found!
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 0 bytes

User: Administrator.ASUS
->Temp folder emptied: 0 bytes

User: Administrator.ASUS.000
->Temp folder emptied: 0 bytes
->Flash cache emptied: 2870 bytes

User: Administrator.ASUS.001
->Temp folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: All Users

User: Barry
->Temp folder emptied: 10635945 bytes
->Java cache emptied: 26764880 bytes
->FireFox cache emptied: 134037003 bytes
->Flash cache emptied: 536066 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 3352512 bytes
->Flash cache emptied: 1994 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 9698 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 278528 bytes
Session Manager Temp folder emptied: 32768 bytes
Session Manager Tmp folder emptied: 32768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 7422951 bytes
RecycleBin emptied: 80809441 bytes

Total Files Cleaned = 252.00 mb

[EMPTYFLASH]

User: Administrator

User: Administrator.ASUS

User: Administrator.ASUS.000
->Flash cache emptied: 0 bytes

User: Administrator.ASUS.001
->Flash cache emptied: 0 bytes

User: All Users

User: Barry
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.44.6 fix logfile created on 10092011_171121

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_140.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_f14.dat moved successfully.

Registry entries deleted on Reboot...

==========================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:31:08 PM, on 10/9/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Programs\Avanquest\SystemSuite\AVQWinMonEngine.exe
D:\Programs\Service\SyncServicesBasics.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Programs\SecureBackupShare\ComcastSecureBackupSharebackup.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
D:\Programs\Java\bin\jqs.exe
D:\Programs\MozyHome\mozybackup.exe
D:\Programs\PCPitstopScheduleService.exe
C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
D:\Programs\AVANQU~1\SYSTEM~1\MXTask.exe
D:\Programs\uphclean.exe
D:\Programs\AVANQU~1\SYSTEM~1\mxtask2.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\programs\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Programs\CTNMRUN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\Programs\Southwest Airlines\Ding\Ding.exe
D:\Programs\MozyHome\mozystat.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
D:\Programs\FireFox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Barry\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local;<local>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programs\Avanquest\SystemSuite\avgssie.dll
O2 - BHO: Data Vault - {8373ADC0-6330-11DD-9D77-22C856D89593} - D:\Programs\Avanquest\SystemSuite\IE_ContextMenu_Vault.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programs\Java\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programs\Java\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [TkBellExe] "D:\programs\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programs\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [NOMAD Detector] "D:\Programs\CTNMRUN.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: DING!.lnk = D:\Programs\Southwest Airlines\Ding\Ding.exe
O4 - Startup: mozystat.exe.lnk = D:\Programs\MozyHome\mozystat.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O4 - Global Startup: MacName.lnk = C:\Program Files\Conversions Plus\MacName.exe
O4 - Global Startup: MozyHome Status.lnk = D:\Programs\MozyHome\mozystat.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.adobe.com
O16 - DPF: PCPitstop-Tracks-Checker - http://pcpitstop.com/privacy/PCPTracks.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/Oneclickfix/tgctlsr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239022486703
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239041191718
O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) - http://pcpitstop.com/pcpitstop/diskhealth.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://media.memphiszoo.org/AxisCamControl.ocx
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Protocol: bw+0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Programs\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AvanquestWindowsMonitorService - Avanquest Publishing USA, Inc. - D:\Programs\Avanquest\SystemSuite\AVQWinMonEngine.exe
O23 - Service: Basics Service - Seagate Technology LLC - D:\Programs\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comcast Secure Backup & Share Backup Service (ComcastSecureBackupSharebackup) - Secure Backup and Share - D:\Programs\SecureBackupShare\ComcastSecureBackupSharebackup.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programs\Java\bin\jqs.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - D:\Programs\MozyHome\mozybackup.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCPitstop Scheduling - Unknown owner - D:\Programs\PCPitstopScheduleService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SystemSuite (SBAMSvc) - Sunbelt Software - C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software - D:\Programs\AVANQU~1\SYSTEM~1\MXTask.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

--
End of file - 25390 bytes


----------



## Cookiegal (Aug 27, 2003)

I have to make an adjustment on the NetBT registry key but won't be able to do that until tomorrow morning so I'll post back then.


----------



## Lumpola (Oct 4, 2011)

See you tomorrow and thanks for all your work!


----------



## Lumpola (Oct 4, 2011)

Should System Restore be OFF while we do all the procedures?


----------



## Cookiegal (Aug 27, 2003)

Lumpola said:


> Should System Restore be OFF while we do all the procedures?


No, it's always best to leave it on. If something happens you can restore to an earlier restore point even if it restores infection or a problem that can be dealt with. It's better to be able to restore. When we're done, we will be flushing all of the restore points.


----------



## Cookiegal (Aug 27, 2003)

I'm attaching a LumpolaNetBT.zip file to this post. Please save it to your desktop. Then unzip it and double-click on the LumpolaNetBT.reg file to run it and allow it to merge into the registry. Then reboot the machine.

Once you've done that, please post a new HijackThis log.


----------



## Lumpola (Oct 4, 2011)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:36:53 PM, on 10/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Programs\Avanquest\SystemSuite\AVQWinMonEngine.exe
D:\Programs\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Programs\SecureBackupShare\ComcastSecureBackupSharebackup.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
D:\Programs\Java\bin\jqs.exe
D:\Programs\MozyHome\mozybackup.exe
C:\WINDOWS\Explorer.EXE
D:\Programs\PCPitstopScheduleService.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
D:\Programs\AVANQU~1\SYSTEM~1\MXTask.exe
D:\Programs\uphclean.exe
D:\Programs\AVANQU~1\SYSTEM~1\mxtask2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\programs\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Programs\CTNMRUN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\Programs\Southwest Airlines\Ding\Ding.exe
D:\Programs\MozyHome\mozystat.exe
C:\Documents and Settings\Barry\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local;<local>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programs\Avanquest\SystemSuite\avgssie.dll
O2 - BHO: Data Vault - {8373ADC0-6330-11DD-9D77-22C856D89593} - D:\Programs\Avanquest\SystemSuite\IE_ContextMenu_Vault.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programs\Java\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programs\Java\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [TkBellExe] "D:\programs\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programs\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [NOMAD Detector] "D:\Programs\CTNMRUN.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: DING!.lnk = D:\Programs\Southwest Airlines\Ding\Ding.exe
O4 - Startup: mozystat.exe.lnk = D:\Programs\MozyHome\mozystat.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O4 - Global Startup: MacName.lnk = C:\Program Files\Conversions Plus\MacName.exe
O4 - Global Startup: MozyHome Status.lnk = D:\Programs\MozyHome\mozystat.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.adobe.com
O16 - DPF: PCPitstop-Tracks-Checker - http://pcpitstop.com/privacy/PCPTracks.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/Oneclickfix/tgctlsr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239022486703
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239041191718
O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) - http://pcpitstop.com/pcpitstop/diskhealth.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://media.memphiszoo.org/AxisCamControl.ocx
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Protocol: bw+0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1F4E98C0-5FBE-428A-8D2C-D2BCCDE2D463} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Programs\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AvanquestWindowsMonitorService - Avanquest Publishing USA, Inc. - D:\Programs\Avanquest\SystemSuite\AVQWinMonEngine.exe
O23 - Service: Basics Service - Seagate Technology LLC - D:\Programs\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comcast Secure Backup & Share Backup Service (ComcastSecureBackupSharebackup) - Secure Backup and Share - D:\Programs\SecureBackupShare\ComcastSecureBackupSharebackup.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programs\Java\bin\jqs.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - D:\Programs\MozyHome\mozybackup.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCPitstop Scheduling - Unknown owner - D:\Programs\PCPitstopScheduleService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SystemSuite (SBAMSvc) - Sunbelt Software - C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software - D:\Programs\AVANQU~1\SYSTEM~1\MXTask.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

--
End of file - 25343 bytes


----------



## Cookiegal (Aug 27, 2003)

You can uninstall Logitech Desktop Messenger via the Control Panel. It's just clutter that gets installed with third party applications.

How are things with the system now?

Weren't you going to uninstall Avanquest?


----------



## Lumpola (Oct 4, 2011)

I have now uninstalled SystemSuite and Logitech.

Before the virus, I was networked to my Windows7 and iMac boxes. The local network is not working. Do I need to reinstall something?

You suggest Avast/Comodo for virus protection. Right?

MozyHome is popping up at strange times. Maybe I should just delete and reinstall.

Many of my programs are missing from the Start/All Programs listing. I can fix this.

Things are MUCH better than they were!!! The XP box seems to be under control now. Internet is working great.

Thank you!


----------



## Cookiegal (Aug 27, 2003)

You're welcome.  We can work on some of the issues.

Please download * Unhide* and save it to your desktop. Double-click the *Unhide.exe* icon on your desktop and allow the program to run. This program will remove the hidden attribute from all the files on your hard drives, some of which were set by malware. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

This may take some time so please be patient and wait for it to finish.

I don't know about the networking questions but you could start a new thread for assistance with that in the Networking forum.

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## Lumpola (Oct 4, 2011)

My Start/All Programs is back! Yea!!

There were so many errors in eventvwr.msc that I zipped 'em and attached 'em.


----------



## Cookiegal (Aug 27, 2003)

Many of those errors are from before we restored the Internet connection and haven't repeated since then so we'll only deal with ones that occurred on October 10th. Then we'll see if any errors continue.

So, we'll start with the easiest.

Go to *Start *- *Run *- type in *services.msc* and click OK.

Scroll down the list and double-click on:

*Application Management*

and click on the downward arrow to get the drop down menu and set the Startup type to "Disabled" then click OK.

In your list of errors, you questioned this one:

*An error was detected on device \Device\Harddisk2\D during a paging operation.*

Did you possible insert a blank CD or DVD while a USB device was also connected? This error can occur if that happens and is generally harmless but we'll keep an eye out to see if it repeats.


----------



## Lumpola (Oct 4, 2011)

Application Management has been disabled.


----------



## Lumpola (Oct 4, 2011)

My network is back up... printer, iMac, Windows7. Wow!

> Did you possible insert a blank CD or DVD while a USB

I've inserted/removed USB thumb drives so many times during this repair, I don't remember. As you say... we'll keep a watch.


----------



## Cookiegal (Aug 27, 2003)

That's good news. 

Since fixing some things also fixes others, please run it for the rest of the day and then tomorrow post any new errors that have occurred in the Event Viewer under both Application and System only since say 2:00 p.m. EST today. There shouldn't be nearly as many (most were due to Application Management errors). Then we'll deal with the remaining ones.

Are there any problems that persist though?


----------



## Lumpola (Oct 4, 2011)

Will do. Thanks!!!


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## Lumpola (Oct 4, 2011)

Still have a few errors (see attachment), but what a difference!  The only errors were under the System category.

My Seagate internal hard drive doesn't seem to be doing well. It has lots of warnings.


----------



## Cookiegal (Aug 27, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
mcstrm.sys
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## Lumpola (Oct 4, 2011)

SystemLook Results...


SystemLook 30.07.11 by jpshortstuff
Log created at 17:12 on 13/10/2011 by Barry
Administrator - Elevation successful

========== filefind ==========

Searching for "mcstrm.sys"
No files found.

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

The file is related to a RealNetworks program. Did you uninstall one of those recently?

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## Lumpola (Oct 4, 2011)

> Did you uninstall one of those recently?

I don't think so, but I'm not 100% sure.

Here's the Uninstall Manager List...


7-Zip 4.57
Acer System Information
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe InDesign 1.5
Adobe Photoshop 6.0
Adobe Product/Adobe Studio Update 10/2001
Adobe Reader 9.4.6
Adobe SVG Viewer 3.0
Ahead Nero - Burning Rom
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atomic Clock Sync
Audacity 1.2.6
Avanquest PerfectImage 11
Avanquest update
avast! Free Antivirus
Belarc Advisor 7.2
Bing Bar
Bonjour
Cloudmark Desktop for Microsoft Outlook Express
Color LaserJet 2600n
Compatibility Pack for the 2007 Office system
Conversions Plus 6.05
Coupon Printer for Windows
Creative NOMAD II Driver
Creative PlayCenter
CutePDF Writer 2.8
DING!
DiscWizard for Windows
DreamStation DXi2
EasyCleaner
eDATA Unerase
EPSON Printer Software
EPSON Scan! II
EPSON TWAIN 5
ESET Online Scanner v3
EVEREST Home Edition v1.10
FLAC Installer 1.1.2a (remove only)
FTDI USB Serial Converter Drivers
Garmin City Navigator North America NT 2010.20
Garmin Communicator Plugin
Garmin USB Drivers
Gee Audio 1.1.3
getPlus(R)_dll
Google Earth
Google Talk Plugin
Grab & Burn, Version 4.0.1 ( Build 2005-09-21, Win32, CSS )
HDHomeRun
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Home Studio 2004
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB932716-v2)
hp LaserJet 1010 Series
HP Product Detection
ImgBurn
iolo technologies' System Mechanic
IrfanView (remove only)
Japanese Fonts Support For Adobe Reader 8
Java(TM) 6 Update 27
jOrgan 3.8.3
Karen's Directory Printer
Logitech MouseWare 9.79.1 
Macromedia Flash Player 8
Malwarebytes' Anti-Malware version 1.51.2.1300
Mastering Effects Bundle for Sound Forge
M-Audio MobilePre Driver 6.0.1 (x86)
MemTurbo
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Data Access Components KB870669
Microsoft FrontPage 2000 SR-1
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Office Live Meeting 2007
Microsoft Publisher 2002
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Journal Viewer
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works 4.0
Mozilla Firefox 7.0 (x86 en-US)
MozyHome
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Musicnotes Player
My Sam's Club Digital Photo Center
MyOrgan
Neat Image 3.1 Home
Noise Reduction Plug-in 2.0i
NOMAD Jukebox 3
NOMAD Jukebox 3 Driver
NVIDIA Graphics Driver 260.99
NVIDIA nView 135.36
NVIDIA nView Desktop Manager
P.I.M. II Plug-In
Pando
PC Pitstop Driver Alert 1.0
PC Pitstop Exterminate2 2.0
PC Pitstop Optimize3 3.0
PConPoint v3.5
Photogize PrintWizard
QuickBooks Pro 2006
QuickTime
REALbasic 2005r2
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Rhapsody Player Engine
Rimage CD Designer Software Suite
SanDisk ImageMate CF-MS v1.00
Secure Backup and Share
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Sibelius Scorch (Firefox, Opera, Netscape only)
Skype Toolbars
Skype&#8482; 4.2
Solero Music Control 1.0.1.7
Sonic Foundry Acoustics Modeler DirectX Plug-In 1.0
Sony ACID Music Studio 6.0b
Sony CD Architect 5.2
Sony Noise Reduction Plug-In 2.0h
Sony Preset Manager 2.0
Sound Forge 4.0 for Windows 95 and NT (x86)
Sound Forge Pro 10.0
SoundMAX
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 8
Steinberg Cubase LE
StuffIt Standard
Sunbelt CounterSpy
Symantec WinFax PRO 10.0
System Files Update
System Requirements Lab
System Requirements Lab for Intel
TextBridge Pro 11.0
TextBridge Pro Millennium
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2009 wtniper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2010 wtniper
TurboTax Home & Business 2007
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
TurboTax Premier 2005
TurboTax Premier Investments 2006
Tweak UI
UDPixel.exe
Uninstall Windows 9x USB 2.0 Support
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
User Profile Hive Cleanup Service
Virtual Sound Canvas DXi
VLC media player 1.1.11
WexTech AnswerWorks
Winamp (remove only)
Windows 7 Upgrade Advisor Beta
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Windows XP Uninstall
WinSCP 3.7.1
Xteq Systems X-Setup 6.3
YouSendIt Express
YouSendIt Express


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *Run *and copy and paste the following:


```
regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MCSTRM"
```
You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then copy and paste the report here.


----------



## Lumpola (Oct 4, 2011)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MCSTRM]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"DisplayName"="MCSTRM"
"Group"="MCSTRM"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MCSTRM\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MCSTRM\Enum]
"0"="Root\\LEGACY_MCSTRM\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
"INITSTARTFAILED"=dword:00000001


----------



## Cookiegal (Aug 27, 2003)

The problem is with Real Player. Do you use it? If so, you can try uninstalling and reinstalling it.


----------



## Lumpola (Oct 4, 2011)

Real Player has been uninstalled.


----------



## Lumpola (Oct 4, 2011)

After deleting Real Player I thought we were home free, but on boot this morning I got...

Generic Host Process for WIN32 has encountered a problem and needs to close.

I encountered this error on boot several times, but it's been gone for a while after the correction procedures.


----------



## Cookiegal (Aug 27, 2003)

Please post any more errors that have occurred since uninstalling Real Player.


----------



## Lumpola (Oct 4, 2011)

Since we last chatted...

I lost sound.
Reinstalled RealPlayer.
Reinstalled the audio card driver.
I now have sound.

Shall I remove RealPlayer then get back to you or shall I send you what I have now?


----------



## Cookiegal (Aug 27, 2003)

No, please just send what you have now. Reinstalling it may have fixed that error.


----------



## Lumpola (Oct 4, 2011)

Application Errors...

Event Type: Error
Event Source: PCPitstop Scheduling
Event Category: None
Event ID: 1
Date: 10/14/2011
Time: 11:44:33 AM
User: NT AUTHORITY\SYSTEM
Computer: ASUS
Description:
Failed to start program 'wscript checkschedule.wsf', error code = 5

System Errors...

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 10/14/2011
Time: 12:16:30 PM
User: N/A
Computer: ASUS
Description:
The MCSTRM service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support

Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 3095
Date: 10/14/2011
Time: 12:15:27 PM
User: N/A
Computer: ASUS
Description:
This computer is configured as a member of a workgroup, not as a member of a domain. The

Netlogon service does not need to run in this configuration.

For more information, see

Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7011
Date: 10/14/2011
Time: 10:50:26 AM
User: N/A
Computer: ASUS
Description:
Timeout (30000 milliseconds) waiting for a transaction response from the stisvc

service.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Please open HijackThis.
Click on *Open Misc Tools Section*
Make sure that both boxes beside "Generate StartupList Log" are checked:

*List all minor sections(Full)*
*List Empty Sections(Complete)*
Click *Generate StartupList Log*.
Click *Yes* at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here.


----------



## Lumpola (Oct 4, 2011)

StartupList report, 10/14/2011, 10:04:21 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Barry\Desktop\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v8.00 (8.00.6001.18702)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Programs\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Programs\SecureBackupShare\ComcastSecureBackupSharebackup.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
D:\Programs\Java\bin\jqs.exe
D:\Programs\MozyHome\mozybackup.exe
C:\WINDOWS\Explorer.EXE
D:\Programs\PCPitstopScheduleService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
D:\Programs\uphclean.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
D:\Programs\CTNMRUN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
D:\Programs\MozyHome\mozystat.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\Programs\Southwest Airlines\Ding\Ding.exe
D:\Programs\FireFox\firefox.exe
C:\Documents and Settings\Barry\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Barry\Start Menu\Programs\Startup]
DING!.lnk = D:\Programs\Southwest Airlines\Ding\Ding.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Cloudmark Desktop for Outlook Express.lnk = ?
MacName.lnk = C:\Program Files\Conversions Plus\MacName.exe
MozyHome Status.lnk = D:\Programs\MozyHome\mozystat.exe
QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

M-Audio Taskbar Icon = C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
avast = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
COMODO = C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
CPA = C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
COMODO Internet Security = "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
TkBellExe = "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

NOMAD Detector = "D:\Programs\CTNMRUN.EXE"
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\ComFile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= C:\WINDOWS\system32\guard32.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA}
(no name) - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
SkypeIEPluginBHO - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
(no name) - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f}
(no name) - D:\Programs\Java\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
JQSIEStartDetectorImpl - D:\Programs\Java\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
GoogleUpdateTaskUserS-1-5-21-2025429265-1060284298-839522115-1004Core.job
GoogleUpdateTaskUserS-1-5-21-2025429265-1060284298-839522115-1004UA.job
RealUpgradeLogonTaskS-1-5-21-2025429265-1060284298-839522115-1004.job
RealUpgradeScheduledTaskS-1-5-21-2025429265-1060284298-839522115-1004.job
User_Feed_Synchronization-{9394913E-76A8-4FFB-A7EE-001A44F4D937}.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Internet Explorer Classes for Java]
CODEBASE = file://C:\WINDOWS\SYSTEM\iejava.cab
OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd

[Microsoft XML Parser for Java]
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[PCPitstop-Tracks-Checker]
CODEBASE = http://pcpitstop.com/privacy/PCPTracks.cab
OSD = C:\WINDOWS\Downloaded Program Files\PCPTracks.osd

[SupportSoft Script Runner Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlsr.dll
CODEBASE = http://www.comcastsupport.com/Oneclickfix/tgctlsr.cab

[Support.com Configuration Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlcm.dll
CODEBASE = http://help.bellsouth.net/sdccommon/download/tgctlcm.cab

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\DOWNLO~1\PCPitstop.dll
CODEBASE = http://utilities.pcpitstop.com/da/PCPitStop.CAB

[Musicnotes Viewer]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\mnviewer.dll
CODEBASE = http://www.musicnotes.com/download/mnviewer.cab

[iCC Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\pcpConnCheck.dll
CODEBASE = http://pcpitstop.com/internet/pcpConnCheck.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

[{31435657-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

[{31564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmvax.cab

[{32564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe

[EPUImageControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll
CODEBASE = http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab

[PSFormX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\PESTSC~1.OCX
CODEBASE = http://pcpitstop.com/pestscan/pestscan.cab

[OPUCatalog Class]
InProcServer32 = C:\WINDOWS\SYSTEM32\opuc.dll
CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab

[{62475759-9E84-458E-A1AB-5D2C442ADFDE}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239022486703

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

[PCPitstop AntiVirus]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\pcpitstopAntiVirus.dll
CODEBASE = http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

[PWMediaSendControl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PWACTIVEXIMGCTL.DLL
CODEBASE = http://216.249.24.142/code/PWActiveXImgCtl.CAB

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239041191718

[DiskHealth Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\DISKHEALTH.DLL
CODEBASE = http://pcpitstop.com/pcpitstop/diskhealth.cab

[GMNRev Class]
InProcServer32 = C:\Program Files\HP\Common\HPGMNRev.dll
CODEBASE = http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

[OnlineScanner Control]
InProcServer32 = C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX
CODEBASE = http://download.eset.com/special/eos/OnlineScanner.cab

[BLS_SpeedOP.systemcheck]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\BLS_SpeedOP.ocx
CODEBASE = http://www.fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab

[Java Plug-in 1.6.0_27]
InProcServer32 = D:\Programs\Java\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

[CamImage Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx
CODEBASE = http://media.memphiszoo.org/AxisCamControl.ocx

[mhLabel Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MHLBL.DLL
CODEBASE = http://pcpitstop.com/mhLbl.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37996.5242592593

[Crucial cpcScan]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\cpcScan.dll
CODEBASE = http://www.crucial.com/controls/cpcScanner.cab

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

[Java Plug-in 1.6.0_27]
InProcServer32 = D:\Programs\Java\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

[Java Plug-in 1.6.0_27]
InProcServer32 = D:\Programs\Java\bin\npjpi160_27.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

[Live365Player Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\Play365.dll
CODEBASE = http://www.live365.com/players/play365.cab

[{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}]
CODEBASE = http://www.symantec.com/techsupp/asa/SymAData.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[{D719897A-B07A-4C0C-AEA9-9B663A28DFCB}]
CODEBASE = http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab

[PCPitstop Exam]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.3\pcpitstop2.dll
CODEBASE = http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\System32\nwprovau.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

IPv6 Helper Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Ad-Aware 2007 Service: D:\Programs\aawservice.exe (manual start)
Intel(r) 82801DB/DBM Audio Driver Service (WDM): system32\drivers\ac97ich4.sys (manual start)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
aeaudio: system32\drivers\aeaudio.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
aic78xx: System32\DRIVERS\aic78xx.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Apple Mobile Device: "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
avast! Antivirus: "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" (autostart)
Belarc SMBios Access: \SystemRoot\System32\Drivers\BANTExt.sys (system)
Basics Service: D:\Programs\Service\SyncServicesBasics.exe (autostart)
Bing Bar Update Service: "C:\Program Files\Microsoft\BingBar\BBSvc.EXE" (manual start)
ASUSTeK/Broadcom 440x 10/100 Integrated Controller XP Driver: System32\DRIVERS\bcm4sbxp.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Bonjour Service: "C:\Program Files\Bonjour\mDNSResponder.exe" (autostart)
MAC Bridge: System32\DRIVERS\bridge.sys (manual start)
MAC Bridge Miniport: System32\DRIVERS\bridge.sys (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
catchme: \??\C:\Puppy\catchme.sys (manual start)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
COMODO livePCsupport Service: C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (autostart)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Microsoft .NET Framework NGEN v4.0.30319_X86: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (autostart)
COMODO Internet Security Helper Service: "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" (autostart)
COMODO Internet Security Sandbox Driver: System32\DRIVERS\cmdguard.sys (system)
COMODO Internet Security Helper Driver: System32\DRIVERS\cmdhlp.sys (system)
Comcast Secure Backup & Share Backup Service: D:\Programs\SecureBackupShare\ComcastSecureBackupSharebackup.exe (autostart)
ComcastSecureBackupShareFilter: system32\DRIVERS\ComcastSecureBackupShare.sys (system)
COM+ System Application: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
cpuz132: \??\C:\DOCUME~1\Barry\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys (manual start)
Creative Service for CDROM Access: C:\WINDOWS\System32\CTsvcCDA.exe (autostart)
CryptSvc: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
Service for Delta Driver (WDM): system32\drivers\delta.sys (manual start)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)
MS IEEE-1284.4 Driver: System32\DRIVERS\Dot4.sys (manual start)
Print Class Driver for IEEE-1284.4: System32\DRIVERS\Dot4Prt.sys (manual start)
MS Dot4USB Filter Dot4USB Filter: System32\DRIVERS\dot4usb.sys (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Extensible Authentication Protocol Service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)
Symantec Eraser Control driver: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (system)
Eplpdx02: \??\C:\WINDOWS\System32\Drivers\EPLPDX02.SYS (manual start)
EPSON Printer Status Agent2: C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Windows Presentation Foundation Font Cache 3.0.0.0: C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
USB Serial Converter Driver: system32\drivers\ftdibus.sys (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
USB Serial Port Driver: system32\drivers\ftser2k.sys (manual start)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
GEAR ASPI Filter Driver: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
giveio: System32\giveio.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
grmnusb: system32\drivers\grmnusb.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
hotcore3: system32\drivers\hotcore3.sys (system)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
Windows CardSpace: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: %systemroot%\system32\imapi.exe (manual start)
COMODO Internet Security Firewall Driver: System32\DRIVERS\inspect.sys (system)
IntelIde: System32\DRIVERS\intelide.sys (system)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
Intuit Update Service: "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" (autostart)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Java Quick Starter: "D:\Programs\Java\bin\jqs.exe" -service -config "D:\Programs\Java\lib\deploy\jqs\jqs.conf" (autostart)
Jukebox3_1394: System32\DRIVERS\ctpd1394.sys (manual start)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Logitech PS/2 Mouse Filter Driver: System32\DRIVERS\L8042pr2.Sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Logitech HID/USB Mouse Filter Driver: System32\DRIVERS\LHidFlt2.Sys (manual start)
Logitech USB Receiver device driver: System32\Drivers\LHidUsb.Sys (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Logitech Mouse Class Filter Driver: System32\DRIVERS\LMouFlt2.Sys (manual start)
Service for M-Audio MobilePre: system32\DRIVERS\MAudioMobilePre.sys (manual start)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
MozyHome Backup Service: D:\Programs\MozyHome\mozybackup.exe (autostart)
mozyFilter: system32\DRIVERS\mozy.sys (system)
BDA MPE Filter: system32\DRIVERS\MPE.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (autostart)
Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Mtlmnt5: system32\DRIVERS\Mtlmnt5.sys (manual start)
Mtlstrm: system32\DRIVERS\Mtlstrm.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (autostart)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (autostart)
Net Logon: %SystemRoot%\system32\lsass.exe (autostart)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Net.Tcp Port Sharing Service: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (autostart)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Monitor Driver: system32\DRIVERS\NMnt.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (autostart)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NtMtlFax: system32\DRIVERS\NtMtlFax.sys (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
NEC FireWarden OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCPitstop Scheduling: D:\Programs\PCPitstopScheduleService.exe (autostart)
PfModNT: \??\C:\WINDOWS\System32\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (manual start)
SiI 680 ATA Controller: System32\DRIVERS\pnp680.sys (system)
IPSEC Services: %SystemRoot%\system32\lsass.exe (manual start)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
RecAgent: system32\DRIVERS\RecAgent.sys (system)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (disabled)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SBP-2 Transport/Protocol Bus Driver: System32\DRIVERS\sbp2port.sys (system)
SBRE: \??\C:\WINDOWS\system32\drivers\SBREdrv.sys (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (disabled)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SeaPort: "C:\Program Files\Microsoft\BingBar\SeaPort.EXE" (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
seqcal: system32\drivers\seqcal.sys (manual start)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
USB Soft Modem Driver: system32\DRIVERS\slnt7554.sys (manual start)
SlNtHal: system32\DRIVERS\Slnthal.sys (manual start)
SmartLinkService: slserv.exe (autostart)
SlWdmSup: system32\DRIVERS\SlWdmSup.sys (manual start)
smwdm: system32\drivers\smwdm.sys (manual start)
SNMP Service: %SystemRoot%\System32\snmp.exe (autostart)
SNMP Trap Service: %SystemRoot%\System32\snmptrap.exe (manual start)
speedfan: system32\speedfan.sys (system)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{6ACAF334-F771-4CBC-8D9D-E9B7932EC7F0} (autostart)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Microsoft IPv6 Protocol Driver: System32\DRIVERS\tcpip6.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost.exe -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microsoft Tun Miniport Adapter Driver: System32\DRIVERS\tunmp.sys (manual start)
Universal Image Mounter Controller: System32\DRIVERS\UimBus.sys (system)
UIM Drive Backup Image Plugin: System32\Drivers\Uim_IM.sys (system)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
User Profile Hive Cleanup: D:\Programs\uphclean.exe (autostart)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
USB Video Device (WDM): System32\Drivers\usbvideo.sys (manual start)
U.S. Robotics Faxmodem Driver 1806: System32\DRIVERS\USR1806.SYS (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
USB Bridge Cable Driver: System32\Drivers\usbbc.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
WinFax PRO: C:\WINDOWS\System32\WFXSVC.EXE (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Remote Management (WS-Management): %SystemRoot%\system32\svchost.exe -k WINRM (manual start)
Windows Live ID Sign-in Assistant: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" (autostart)
WMDM PMSP Service: C:\WINDOWS\System32\MsPMSPSv.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (disabled)
Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
Windows Presentation Foundation Font Cache 4.0.0.0: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
YAMAHA Corporation USB MIDI Driver: System32\Drivers\ymidusb.sys (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\shell32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 48,535 bytes
Report generated in 0.734 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## Cookiegal (Aug 27, 2003)

Did you have Rhapsody installed? That's another Real Networks program.


----------



## Lumpola (Oct 4, 2011)

I have "Rhapsody Player Engine" listed in Add/Remove programs. I don't remember using it or even downloading it.

Should I take some action?


----------



## Cookiegal (Aug 27, 2003)

It's an online streaming music service. I believe that is what is causing the error in the Event Viewer. I would go ahead and uninstall it.


----------



## Lumpola (Oct 4, 2011)

It has been removed. What's next?


----------



## Cookiegal (Aug 27, 2003)

I would like you to post new errors that occur from this point forward sometime tomorrow please. Then we'll deal with the rest, one at a time.


----------



## Lumpola (Oct 4, 2011)

Will do. Thanks!


----------



## Lumpola (Oct 4, 2011)

Sorry for the delay. I had an out-of-town recording session.

I've installed Comodo and Avast. The computer is much slower now.

Here are the error listings that you requested...

APPLICATIONS...

Event Type: Error
Event Source: COM+
Event Category: Unknown
Event ID: 4689
Date: 10/18/2011
Time: 1:43:09 PM
User: N/A
Computer: ASUS
Description:
The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041d: InitEventCollector failed

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

SYSTEM...

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2011
Date: 10/19/2011
Time: 10:42:04 AM
User: N/A
Computer: ASUS
Description:
The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 50 00 ......P.
0008: 00 00 00 00 db 07 00 c0 ....Û..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2011
Date: 10/19/2011
Time: 9:56:11 AM
User: N/A
Computer: ASUS
Description:
The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 50 00 ......P.
0008: 00 00 00 00 db 07 00 c0 ....Û..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2011
Date: 10/19/2011
Time: 9:56:11 AM
User: N/A
Computer: ASUS
Description:
The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 50 00 ......P.
0008: 00 00 00 00 db 07 00 c0 ....Û..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 10/19/2011
Time: 9:21:59 AM
User: N/A
Computer: ASUS
Description:
The MCSTRM service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 3095
Date: 10/19/2011
Time: 9:20:55 AM
User: N/A
Computer: ASUS
Description:
This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Print
Event Category: None
Event ID: 6161
Date: 10/18/2011
Time: 8:18:23 PM
User: ASUS\Barry
Computer: ASUS
Description:
The document ZlmsHttpServer - 23977437 owned by Barry failed to print on printer HP Color LaserJet 2600n. Data type: IMF. Size of the spool file in bytes: 16. Number of bytes printed: 16. Total number of pages in the document: 0. Number of pages printed: 0. Client machine: \\ASUS. Win32 error code returned by the print processor: 13 (0xd).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Print
Event Category: None
Event ID: 6161
Date: 10/18/2011
Time: 1:49:26 PM
User: ASUS\Barry
Computer: ASUS
Description:
The document ZlmsHttpServer - 640500 owned by Barry failed to print on printer HP Color LaserJet 2600n. Data type: IMF. Size of the spool file in bytes: 16. Number of bytes printed: 16. Total number of pages in the document: 0. Number of pages printed: 0. Client machine: \\ASUS. Win32 error code returned by the print processor: 13 (0xd).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7032
Date: 10/18/2011
Time: 1:43:38 PM
User: N/A
Computer: ASUS
Description:
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: 
An instance of the service is already running.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/18/2011
Time: 1:43:16 PM
User: N/A
Computer: ASUS
Description:
The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7011
Date: 10/18/2011
Time: 1:43:16 PM
User: N/A
Computer: ASUS
Description:
Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 10/18/2011
Time: 1:43:09 PM
User: N/A
Computer: ASUS
Description:
The COM+ System Application service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 10/18/2011
Time: 1:43:09 PM
User: N/A
Computer: ASUS
Description:
Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 10/18/2011
Time: 1:43:09 PM
User: NT AUTHORITY\SYSTEM
Computer: ASUS
Description:
DCOM got error "The service did not respond to the start or control request in a timely fashion. " attempting to start the service COMSysApp with arguments "" in order to run the server:
{ECABAFBC-7F19-11D2-978E-0000F8757E2A}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 10/18/2011
Time: 1:40:38 PM
User: N/A
Computer: ASUS
Description:
The MCSTRM service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Print
Event Category: None
Event ID: 19
Date: 10/18/2011
Time: 1:40:09 PM
User: NT AUTHORITY\SYSTEM
Computer: ASUS
Description:
Sharing printer failed + 1722, Printer WinFax (Photo Quality) share name Printer.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 3095
Date: 10/18/2011
Time: 1:39:36 PM
User: N/A
Computer: ASUS
Description:
This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7032
Date: 10/18/2011
Time: 1:16:05 PM
User: N/A
Computer: ASUS
Description:
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: 
An instance of the service is already running.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7032
Date: 10/18/2011
Time: 1:16:05 PM
User: N/A
Computer: ASUS
Description:
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: 
An instance of the service is already running.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7011
Date: 10/18/2011
Time: 1:15:39 PM
User: N/A
Computer: ASUS
Description:
Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 10/18/2011
Time: 1:13:04 PM
User: N/A
Computer: ASUS
Description:
The MCSTRM service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 3095
Date: 10/18/2011
Time: 1:11:57 PM
User: N/A
Computer: ASUS
Description:
This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2011
Date: 10/17/2011
Time: 11:39:16 AM
User: N/A
Computer: ASUS
Description:
The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 50 00 ......P.
0008: 00 00 00 00 db 07 00 c0 ....Û..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2011
Date: 10/17/2011
Time: 11:39:16 AM
User: N/A
Computer: ASUS
Description:
The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 50 00 ......P.
0008: 00 00 00 00 db 07 00 c0 ....Û..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2011
Date: 10/17/2011
Time: 10:52:19 AM
User: N/A
Computer: ASUS
Description:
The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 50 00 ......P.
0008: 00 00 00 00 db 07 00 c0 ....Û..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2011
Date: 10/17/2011
Time: 10:52:19 AM
User: N/A
Computer: ASUS
Description:
The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 50 00 ......P.
0008: 00 00 00 00 db 07 00 c0 ....Û..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2011
Date: 10/17/2011
Time: 10:52:15 AM
User: N/A
Computer: ASUS
Description:
The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 50 00 ......P.
0008: 00 00 00 00 db 07 00 c0 ....Û..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2011
Date: 10/17/2011
Time: 10:52:15 AM
User: N/A
Computer: ASUS
Description:
The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 50 00 ......P.
0008: 00 00 00 00 db 07 00 c0 ....Û..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2011
Date: 10/17/2011
Time: 10:52:15 AM
User: N/A
Computer: ASUS
Description:
The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 50 00 ......P.
0008: 00 00 00 00 db 07 00 c0 ....Û..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2011
Date: 10/17/2011
Time: 10:52:15 AM
User: N/A
Computer: ASUS
Description:
The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 50 00 ......P.
0008: 00 00 00 00 db 07 00 c0 ....Û..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2011
Date: 10/17/2011
Time: 10:15:19 AM
User: N/A
Computer: ASUS
Description:
The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 50 00 ......P.
0008: 00 00 00 00 db 07 00 c0 ....Û..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2011
Date: 10/17/2011
Time: 10:15:19 AM
User: N/A
Computer: ASUS
Description:
The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 50 00 ......P.
0008: 00 00 00 00 db 07 00 c0 ....Û..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2011
Date: 10/17/2011
Time: 9:53:13 AM
User: N/A
Computer: ASUS
Description:
The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 50 00 ......P.
0008: 00 00 00 00 db 07 00 c0 ....Û..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2011
Date: 10/17/2011
Time: 9:53:13 AM
User: N/A
Computer: ASUS
Description:
The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 50 00 ......P.
0008: 00 00 00 00 db 07 00 c0 ....Û..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2011
Date: 10/17/2011
Time: 9:32:35 AM
User: N/A
Computer: ASUS
Description:
The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 50 00 ......P.
0008: 00 00 00 00 db 07 00 c0 ....Û..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2011
Date: 10/17/2011
Time: 9:32:35 AM
User: N/A
Computer: ASUS
Description:
The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 50 00 ......P.
0008: 00 00 00 00 db 07 00 c0 ....Û..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7011
Date: 10/17/2011
Time: 9:14:15 AM
User: N/A
Computer: ASUS
Description:
Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 10/17/2011
Time: 9:13:30 AM
User: N/A
Computer: ASUS
Description:
The MCSTRM service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 3095
Date: 10/17/2011
Time: 9:12:25 AM
User: N/A
Computer: ASUS
Description:
This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7032
Date: 10/17/2011
Time: 7:26:24 AM
User: N/A
Computer: ASUS
Description:
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: 
An instance of the service is already running.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 10/17/2011
Time: 7:23:25 AM
User: N/A
Computer: ASUS
Description:
The MCSTRM service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 3095
Date: 10/17/2011
Time: 7:22:18 AM
User: N/A
Computer: ASUS
Description:
This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

There is a fix for this one:

"The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter."

But sometimes it resolves simply by rebooting the machine. If you haven't rebooted yet, please do so and let's see if it repeats. If it does repeat, then I will need another export of a key from the registry. I'll give you the instructions now so you can go ahead and do that if necessary.

Go to *Start *- *Run *and copy and paste the following:


```
regedit /e C:\look5.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\parameters"
```
You won't see anything happen and it will only take a second. You will find the report it creates at C:\look5.txt. Please open it in Notepad and then copy and paste the report here.

```

```


----------



## Lumpola (Oct 4, 2011)

There are no more "irpstacksize" issues.

Current issues...

1. This box is off network but can access internet.

2. Sound sometimes comes on, sometimes does not.

There are no application errors. Yea!

Here are yesterday and today's System errors...

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7032
Date: 10/22/2011
Time: 8:42:01 AM
User: N/A
Computer: ASUS
Description:
The Service Control Manager tried to take a corrective action (Restart the service) after

the unexpected termination of the Windows Management Instrumentation service, but this

action failed with the following error: 
An instance of the service is already running.

For more information, see Help and

Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7032
Date: 10/22/2011
Time: 8:42:01 AM
User: N/A
Computer: ASUS
Description:
The Service Control Manager tried to take a corrective action (Restart the service) after

the unexpected termination of the Background Intelligent Transfer Service service, but

this action failed with the following error: 
An instance of the service is already running.

For more information, see Help and

Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:24 AM
User: N/A
Computer: ASUS
Description:
The Wireless Zero Configuration service terminated unexpectedly. It has done this 1

time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:24 AM
User: N/A
Computer: ASUS
Description:
The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).

For

more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:24 AM
User: N/A
Computer: ASUS
Description:
The Security Center service terminated unexpectedly. It has done this 1 time(s).

For

more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 10/22/2011
Time: 8:41:24 AM
User: N/A
Computer: ASUS
Description:
The Windows Management Instrumentation service terminated unexpectedly. It has done this

1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart

the service.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 10/22/2011
Time: 8:41:24 AM
User: N/A
Computer: ASUS
Description:
The Windows Time service terminated unexpectedly. It has done this 1 time(s). The

following corrective action will be taken in 60000 milliseconds: Restart the service.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:24 AM
User: N/A
Computer: ASUS
Description:
The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1

time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:24 AM
User: N/A
Computer: ASUS
Description:
The Telephony service terminated unexpectedly. It has done this 1 time(s).

For more

information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:24 AM
User: N/A
Computer: ASUS
Description:
The System Restore Service service terminated unexpectedly. It has done this 1

time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The Shell Hardware Detection service terminated unexpectedly. It has done this 1

time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly.

It has done this 1 time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The System Event Notification service terminated unexpectedly. It has done this 1

time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).

For

more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The Task Scheduler service terminated unexpectedly. It has done this 1 time(s).

For

more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The Remote Access Connection Manager service terminated unexpectedly. It has done this 1

time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The Remote Access Auto Connection Manager service terminated unexpectedly. It has done

this 1 time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1

time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The Network Connections service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The Workstation service terminated unexpectedly. It has done this 1 time(s).

For more

information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:23 AM
User:  N/A
Computer: ASUS
Description:
The Server service terminated unexpectedly. It has done this 1 time(s).

For more

information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The Help and Support service terminated unexpectedly. It has done this 1 time(s). The

following corrective action will be taken in 100 milliseconds: Restart the service.

For

more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).

For

more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The Error Reporting Service service terminated unexpectedly. It has done this 1

time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The DHCP Client service terminated unexpectedly. It has done this 1 time(s).

For more

information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The CryptSvc service terminated unexpectedly. It has done this 1 time(s).

For more

information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The Computer Browser service terminated unexpectedly. It has done this 1 time(s).

For

more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The Background Intelligent Transfer Service service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The Windows Audio service terminated unexpectedly. It has done this 1 time(s).

For more

information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The IPv6 Helper Service service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7022
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The Automatic Updates service hung on starting.

For more information, see Help and

Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 10/22/2011
Time: 8:41:23 AM
User: N/A
Computer: ASUS
Description:
The MCSTRM service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support

Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 3095
Date: 10/22/2011
Time: 8:38:11 AM
User: N/A
Computer: ASUS
Description:
This computer is configured as a member of a workgroup, not as a member of a domain. The

Netlogon service does not need to run in this configuration.

For more information, see

Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 10/21/2011
Time: 12:39:57 PM
User: N/A
Computer: ASUS
Description:
The MCSTRM service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support

Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 3095
Date: 10/21/2011
Time: 12:39:04 PM
User: N/A
Computer: ASUS
Description:
This computer is configured as a member of a workgroup, not as a member of a domain. The

Netlogon service does not need to run in this configuration.

For more information, see

Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7032
Date: 10/21/2011
Time: 11:21:25 AM
User: N/A
Computer: ASUS
Description:
The Service Control Manager tried to take a corrective action (Restart the service) after

the unexpected termination of the Windows Management Instrumentation service, but this

action failed with the following error: 
An instance of the service is already running.

For more information, see Help and

Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 3095
Date: 10/21/2011
Time: 11:17:37 AM
User: N/A
Computer: ASUS
Description:
This computer is configured as a member of a workgroup, not as a member of a domain. The

Netlogon service does not need to run in this configuration.

For more information, see

Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Print
Event Category: None
Event ID: 6161
Date: 10/21/2011
Time: 11:01:51 AM
User: ASUS\Barry
Computer: ASUS
Description:
The document ZlmsHttpServer - 4932765 owned by Barry failed to print on printer HP Color

LaserJet 2600n. Data type: IMF. Size of the spool file in bytes: 16. Number of bytes

printed: 16. Total number of pages in the document: 0. Number of pages printed: 0. Client

machine: \\ASUS. Win32 error code returned by the print processor: 2 (0x2).

For more

information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Print
Event Category: None
Event ID: 6161
Date: 10/21/2011
Time: 11:00:57 AM
User: ASUS\Barry
Computer: ASUS
Description:
The document ZlmsHttpServer - 4878734 owned by Barry failed to print on printer HP Color

LaserJet 2600n. Data type: IMF. Size of the spool file in bytes: 16. Number of bytes

printed: 16. Total number of pages in the document: 0. Number of pages printed: 0. Client

machine: \\ASUS. Win32 error code returned by the print processor: 2 (0x2).

For more

information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Print
Event Category: None
Event ID: 6161
Date: 10/21/2011
Time: 10:14:33 AM
User: ASUS\Barry
Computer: ASUS
Description:
The document ZlmsHttpServer - 2079828 owned by Barry failed to print on printer HP Color

LaserJet 2600n. Data type: IMF. Size of the spool file in bytes: 16. Number of bytes

printed: 16. Total number of pages in the document: 0. Number of pages printed: 0. Client

machine: \\ASUS. Win32 error code returned by the print processor: 2 (0x2).

For more

information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7032
Date: 10/21/2011
Time: 9:44:05 AM
User: N/A
Computer: ASUS
Description:
The Service Control Manager tried to take a corrective action (Restart the service) after

the unexpected termination of the Windows Management Instrumentation service, but this

action failed with the following error: 
An instance of the service is already running.

For more information, see Help and

Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:28 AM
User: N/A
Computer: ASUS
Description:
The Wireless Zero Configuration service terminated unexpectedly. It has done this 1

time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:28 AM
User: N/A
Computer: ASUS
Description:
The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).

For

more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:28 AM
User: N/A
Computer: ASUS
Description:
The Security Center service terminated unexpectedly. It has done this 1 time(s).

For

more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 10/21/2011
Time: 9:43:28 AM
User: N/A
Computer: ASUS
Description:
The Windows Management Instrumentation service terminated unexpectedly. It has done this

1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart

the service.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 10/21/2011
Time: 9:43:28 AM
User: N/A
Computer: ASUS
Description:
The Windows Time service terminated unexpectedly. It has done this 1 time(s). The

following corrective action will be taken in 60000 milliseconds: Restart the service.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:28 AM
User: N/A
Computer: ASUS
Description:
The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1

time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:28 AM
User: N/A
Computer: ASUS
Description:
The Telephony service terminated unexpectedly. It has done this 1 time(s).

For more

information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:28 AM
User: N/A
Computer: ASUS
Description:
The System Restore Service service terminated unexpectedly. It has done this 1

time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:28 AM
User: N/A
Computer: ASUS
Description:
The Shell Hardware Detection service terminated unexpectedly. It has done this 1

time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:28 AM
User: N/A
Computer: ASUS
Description:
The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly.

It has done this 1 time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:28 AM
User: N/A
Computer: ASUS
Description:
The System Event Notification service terminated unexpectedly. It has done this 1

time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:28 AM
User: N/A
Computer: ASUS
Description:
The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).

For

more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:28 AM
User: N/A
Computer: ASUS
Description:
The Task Scheduler service terminated unexpectedly. It has done this 1 time(s).

For

more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:28 AM
User: N/A
Computer: ASUS
Description:
The Remote Access Connection Manager service terminated unexpectedly. It has done this 1

time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:28 AM
User: N/A
Computer: ASUS
Description:
The Remote Access Auto Connection Manager service terminated unexpectedly. It has done

this 1 time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:28 AM
User: N/A
Computer: ASUS
Description:
The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1

time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:27 AM
User: N/A
Computer: ASUS
Description:
The Network Connections service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:27 AM
User: N/A
Computer: ASUS
Description:
The Workstation service terminated unexpectedly. It has done this 1 time(s).

For more

information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:27 AM
User: N/A
Computer: ASUS
Description:
The Server service terminated unexpectedly. It has done this 1 time(s).

For more

information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 10/21/2011
Time: 9:43:27 AM
User: N/A
Computer: ASUS
Description:
The Help and Support service terminated unexpectedly. It has done this 1 time(s). The

following corrective action will be taken in 100 milliseconds: Restart the service.

For

more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:27 AM
User: N/A
Computer: ASUS
Description:
The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).

For

more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:27 AM
User: N/A
Computer: ASUS
Description:
The Error Reporting Service service terminated unexpectedly. It has done this 1

time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:27 AM
User: N/A
Computer: ASUS
Description:
The DHCP Client service terminated unexpectedly. It has done this 1 time(s).

For more

information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:27 AM
User: N/A
Computer: ASUS
Description:
The CryptSvc service terminated unexpectedly. It has done this 1 time(s).

For more

information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:27 AM
User: N/A
Computer: ASUS
Description:
The Computer Browser service terminated unexpectedly. It has done this 1 time(s).

For

more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 10/21/2011
Time: 9:43:27 AM
User: N/A
Computer: ASUS
Description:
The Background Intelligent Transfer Service service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:27 AM
User: N/A
Computer: ASUS
Description:
The Windows Audio service terminated unexpectedly. It has done this 1 time(s).

For more

information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/21/2011
Time: 9:43:27 AM
User: N/A
Computer: ASUS
Description:
The IPv6 Helper Service service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7022
Date: 10/21/2011
Time: 9:43:27 AM
User: N/A
Computer: ASUS
Description:
The Automatic Updates service hung on starting.

For more information, see Help and

Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 10/21/2011
Time: 9:43:27 AM
User: N/A
Computer: ASUS
Description:
The MCSTRM service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support

Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 3095
Date: 10/21/2011
Time: 9:40:15 AM
User: N/A
Computer: ASUS
Description:
This computer is configured as a member of a workgroup, not as a member of a domain. The

Netlogon service does not need to run in this configuration.

For more information, see

Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Most of those errors occurred at the same time. Did you have a crash or power outage or something like that?

Go to Start - Run - type in the following and click OK.

*services.msc*

Then scroll down to Net Logon and click the button to stop the service and then set the startup type to manual then click Apply and OK. Reboot the machine.

Run it again until tomorrow and then post any new errors that have occurred from this point forward please.


----------



## Cookiegal (Aug 27, 2003)

Lumpola said:


> This box is off network but can access internet.


I'm not sure what you meanby this. Can you elaborate please?


----------



## Lumpola (Oct 4, 2011)

> This box is off network but can access internet.
It's connected to the internet but not to my home network.

On boot this morning I got this error...
Generic Host Process for Win32 Services has encountered a problem and needs to close.
Here's the info about the error:
C:\DOCUME~1\Barry\LOCALS~1\Temp\WERa106.dir00\svchost.exe.mdmp
C:\DOCUME~1\Barry\LOCALS~1\Temp\WERa106.dir00\appcompat.txt

Application Errors...

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 10/25/2011
Time: 8:22:44 AM
User: N/A
Computer: ASUS
Description:
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 76 63 ure svc
0018: 68 6f 73 74 2e 65 78 65 host.exe
0020: 20 35 2e 31 2e 32 36 30 5.1.260
0028: 30 2e 35 35 31 32 20 69 0.5512 i
0030: 6e 20 75 6e 6b 6e 6f 77 n unknow
0038: 6e 20 30 2e 30 2e 30 2e n 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 30 30 30 30 set 0000
0050: 30 30 30 30 0000

System Errors...

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 10/25/2011
Time: 8:22:48 AM
User: N/A
Computer: ASUS
Description:
The MCSTRM service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7032
Date: 10/24/2011
Time: 7:37:48 AM
User: N/A
Computer: ASUS
Description:
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: 
An instance of the service is already running.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The Security Center service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The Telephony service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The System Restore Service service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The System Event Notification service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The Task Scheduler service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The Remote Access Auto Connection Manager service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The Network Connections service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The Workstation service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The Server service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:10 AM
User: N/A
Computer: ASUS
Description:
The DHCP Client service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:09 AM
User: N/A
Computer: ASUS
Description:
The CryptSvc service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:09 AM
User: N/A
Computer: ASUS
Description:
The Computer Browser service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 10/24/2011
Time: 7:37:09 AM
User: N/A
Computer: ASUS
Description:
The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:09 AM
User: N/A
Computer: ASUS
Description:
The Windows Audio service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 10/24/2011
Time: 7:37:09 AM
User: N/A
Computer: ASUS
Description:
The IPv6 Helper Service service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7022
Date: 10/24/2011
Time: 7:37:09 AM
User: N/A
Computer: ASUS
Description:
The Automatic Updates service hung on starting.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 10/24/2011
Time: 7:37:09 AM
User: N/A
Computer: ASUS
Description:
The MCSTRM service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Lumpola (Oct 4, 2011)

> Did you have a crash or power outage or something like that?

No. The computer is on a UPS.

> set the startup type to manual then click Apply and OK. Reboot the machine.

Done.


----------

