Inactive Numerous list of problems

[Inactive] Numerous list of problems

Hello everyone,

Here we go:
1. My computer takes at least 20 - 30 minutes to load on reboot. I've actually stopped turning computer off or rebooting. If you try to open anything during these minutes the computer freezes.
2. I cannot download the new service pack 3 from Microsoft updates. It tells me that "access is denied ". I've been told from numerous people that this update is essential.
3. My windows defrag does not work any longer. I've had to use a third party defrag (Auslogics) to defrag recently.
4. Anytime I use a search engine (Yahoo, Google) it takes me to a totally different site that I did not hit the link to.
5. I have these annoying Vimax ads on EVERY page I see while browsing online.

I'm sure there's more that I can't think of at this moment. Any help would be greatly appreciative. Be gentle, I'm a newbie. Thank you.

DDS (Ver_09-01-19.01) - NTFSx86
Run by User at 7:14:47.04 on Wed 01/28/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.959.272 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.emachines.com/
mDefault_Page_URL = hxxp://www.emachines.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mSearch Bar = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: {0007522a-2297-43c1-8eb1-c90b0ff20da5} - Band Class
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {04670A5B-A146-48D9-E8AE-1E75ADB831E9} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe "
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe "
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe "
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe "
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [McPvTray] c:\program files\mcafee\anti-theft\McPvTray.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\PowerReg Scheduler V3.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: aol.com\free
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209882674015
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.114.76;85.255.112.81
TCP: {8A978BA8-48DE-4050-AE52-3809F33D4C8B} = 85.255.114.76;85.255.112.81
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli scecli scecli scecli

============= SERVICES / DRIVERS ===============

R0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [2008-5-28 61688]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-9-29 207656]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-9-29 605512]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-9-29 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-9-29 35240]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-9-29 34152]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-9-29 40488]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-25 206096]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-9-29 358736]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-9-29 144704]
R4 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2004-2-15 34916]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]

=============== Created Last 30 ================

2009-01-27 21:40 <DIR> --d----- c:\program files\Trend Micro
2009-01-07 15:51 <DIR> --d----- c:\program files\AskSearch
2009-01-07 15:51 <DIR> --d----- c:\program files\AskBarDis
2009-01-07 09:40 <DIR> --d----- c:\docume~1\user\applic~1\Auslogics
2009-01-07 09:40 <DIR> --d----- c:\program files\Auslogics
2009-01-07 08:50 <DIR> --d----- c:\program files\common files\Wise Installation Wizard

==================== Find3M ====================

2008-12-14 14:04 379,392 a------- c:\program files\subinacl.msi
2008-12-03 02:09 21,504 a------- c:\windows\jestertb.dll
2007-08-19 00:49 105,256,233 ac------ c:\program files\Norton_AntiVirus_2007.uif
2007-08-19 00:49 220 ac------ c:\program files\Readme.txt
2004-02-15 02:26 132 -c--h--- c:\program files\~QW~LINK.QDT

============= FINISH: 7:15:23.64 ===============


DDS (Ver_09-01-19.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/13/2004 8:42:47 PM
System Uptime: 1/27/2009 1:10:21 AM (30 hours ago)

Motherboard: First International Computer, Inc. | | AU31
Processor: AMD Athlon(tm) XP 3200+ | Socket A | 2205/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 41.086 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP401: 11/30/2008 2:16:39 AM - System Checkpoint
RP402: 11/30/2008 3:00:36 AM - Software Distribution Service 3.0
RP403: 12/1/2008 3:06:50 AM - System Checkpoint
RP404: 12/2/2008 4:06:48 AM - System Checkpoint
RP405: 12/3/2008 5:06:51 AM - System Checkpoint
RP406: 12/4/2008 5:08:50 AM - System Checkpoint
RP407: 12/5/2008 9:46:11 AM - System Checkpoint
RP408: 12/6/2008 10:08:50 AM - System Checkpoint
RP409: 12/7/2008 10:40:58 AM - System Checkpoint
RP410: 12/8/2008 11:08:50 AM - System Checkpoint
RP411: 12/9/2008 12:08:51 PM - System Checkpoint
RP412: 12/10/2008 3:01:33 AM - Software Distribution Service 3.0
RP413: 12/13/2008 11:16:11 AM - System Checkpoint
RP414: 12/14/2008 12:54:06 AM - Software Distribution Service 3.0
RP415: 12/30/2008 3:00:44 AM - Software Distribution Service 3.0
RP416: 12/31/2008 3:00:52 AM - Software Distribution Service 3.0
RP417: 1/1/2009 3:01:47 AM - Software Distribution Service 3.0
RP418: 1/1/2009 8:06:41 PM - Software Distribution Service 3.0
RP419: 1/1/2009 8:19:58 PM - Software Distribution Service 3.0
RP420: 1/2/2009 8:26:04 PM - System Checkpoint
RP421: 1/3/2009 3:00:40 AM - Software Distribution Service 3.0
RP422: 1/4/2009 3:00:43 AM - Software Distribution Service 3.0
RP423: 1/5/2009 3:00:42 AM - Software Distribution Service 3.0
RP424: 1/5/2009 9:49:14 PM - Software Distribution Service 3.0
RP425: 1/6/2009 3:00:42 AM - Software Distribution Service 3.0
RP426: 1/7/2009 3:00:45 AM - Software Distribution Service 3.0
RP427: 1/7/2009 9:51:44 PM - Software Distribution Service 3.0
RP428: 1/8/2009 3:00:40 AM - Software Distribution Service 3.0
RP429: 1/9/2009 3:00:37 AM - Software Distribution Service 3.0
RP430: 1/10/2009 3:00:36 AM - Software Distribution Service 3.0
RP431: 1/11/2009 3:00:42 AM - Software Distribution Service 3.0
RP432: 1/12/2009 3:00:37 AM - Software Distribution Service 3.0
RP433: 1/13/2009 3:00:37 AM - Software Distribution Service 3.0
RP434: 1/14/2009 3:00:38 AM - Software Distribution Service 3.0
RP435: 1/15/2009 3:01:33 AM - Software Distribution Service 3.0
RP436: 1/16/2009 3:01:33 AM - Software Distribution Service 3.0
RP437: 1/17/2009 3:01:34 AM - Software Distribution Service 3.0
RP438: 1/18/2009 3:01:37 AM - Software Distribution Service 3.0
RP439: 1/19/2009 3:01:23 AM - Software Distribution Service 3.0
RP440: 1/20/2009 3:01:21 AM - Software Distribution Service 3.0
RP441: 1/21/2009 3:01:22 AM - Software Distribution Service 3.0
RP442: 1/22/2009 3:01:57 AM - Software Distribution Service 3.0
RP443: 1/23/2009 3:01:53 AM - Software Distribution Service 3.0
RP444: 1/24/2009 3:01:18 AM - Software Distribution Service 3.0
RP445: 1/25/2009 3:01:10 AM - Software Distribution Service 3.0
RP446: 2/25/2009 7:37:54 PM - System Checkpoint
RP447: 2/26/2009 3:01:21 AM - Software Distribution Service 3.0
RP448: 2/27/2009 1:05:54 AM - Software Distribution Service 3.0
RP449: 2/27/2009 3:01:17 AM - Software Distribution Service 3.0
RP450: 1/27/2009 1:45:25 PM - System Checkpoint

==== Installed Programs ======================

56Kbps Internal Modem
AC3Filter (remove only)
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AusLogics Disk Defrag
AusLogics Registry Defrag
AutoUpdate
BitTorrent
Bodog Poker Version 2.16.1.52
Bonjour
CompuServe
Coupon Printer for Windows
DAO 3.5
DesignPro 5.0 Limited Edition
Direct Show Ogg Vorbis Filter (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Subtitle Displayer 4.54
DivX Web Player
DNA
DVD-Cover Printmaster 1.2
DVD Profiler Version 3.5.1
Easy CD & DVD Creator 6
Easy Video Converter 3.8.4
Easy Video Joiner 5.01
Easy Video Splitter 1.28
eMachines Bay Reader V1.00
EPSON Printer Software
EPSON Scan
EPSON Stylus Photo RX595 Series Scanner Driver Update
ESPN Java Check
Family Feud
Family Feud (remove only)
ffdshow (remove only)
FlashTalk
GSpot Codec Information Appliance
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Photo and Imaging 1.0 - HP Photosmart Printer Series
InterActual Player
iPod Updater 2004-11-15
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
Jewel Quest (remove only)
Learn2 Player (Uninstall Only)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Shockwave Player
Magic ISO Maker v5.4 (build 0247)
McAfee Anti-Theft
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft IntelliPoint 5.3
Microsoft IntelliType Pro 5.3
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 7.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Keyboard Driver
NVIDIA Drivers
NVIDIA nForce Drivers
NVIDIA Windows 2000/XP Display Drivers
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
PowerDVD
Quicken Basic 2000
QuickTime
RealPlayer
RegistryFix v7.0
Safari
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Shockwave
SpongeBob SquarePants - The Movie
SpongeBob SquarePants Employee of the Month
Spybot - Search & Destroy
The Fairly OddParents - Shadow Showdown (remove only)
The Tournament Director
The Tournament Director 2
TomTom HOME 2.5.2.60
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
VideoLAN VLC media player 0.7.0
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VobSub v2.23 (Remove Only)
WebFldrs XP
Winamp (remove only)
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 3
WinRAR archiver
WinZip
XviD 1.1 final uninstall
YOU DON'T KNOW JACK V1.0

==== Event Viewer Messages From Past Week ========

1/24/2009 3:04:28 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0ed: Security Update for Windows XP (KB946648).
1/24/2009 3:02:34 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB959140).
1/24/2009 3:01:57 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 6.0 Service Pack 2 (KB954459).
1/23/2009 12:19:45 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Bodog Poker\MFC80.DLL. Reference error message: The operation completed successfully. .
1/23/2009 12:19:45 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
1/23/2009 12:19:45 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
1/24/2009 1:05:25 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
2/25/2009 6:49:10 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -2678399 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|72.213.207.62:123->207.46.232.182:123) is working properly.
2/25/2009 9:01:35 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/25/2009 10:14:12 PM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
2/25/2009 10:14:31 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/28/2009 1:45:06 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Services service, but this action failed with the following error: An instance of the service is already running.

==== End Of File ===========================

 

Welcome to WindowsBBS moviebuff2

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix


Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

 

Thanks for the reply Dave.

Before I post my log, I wanted to let you know that it never asked me about a recovery console.

Here goes

ComboFix 09-01-21.04 - User 2009-01-30 18:11:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.959.676 [GMT -6:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Need2Find
c:\program files\Need2Find\bar\History\search
C:\resycled
c:\windows\jestertb.dll
c:\windows\smdat32m.sys
c:\windows\system32\_004352_.tmp.dll
c:\windows\system32\_004353_.tmp.dll
c:\windows\system32\_004354_.tmp.dll
c:\windows\system32\_004355_.tmp.dll
c:\windows\system32\_004362_.tmp.dll
c:\windows\system32\_004363_.tmp.dll
c:\windows\system32\_004364_.tmp.dll
c:\windows\system32\_004365_.tmp.dll
c:\windows\system32\_004366_.tmp.dll
c:\windows\system32\_004367_.tmp.dll
c:\windows\system32\_004368_.tmp.dll
c:\windows\system32\_004369_.tmp.dll
c:\windows\system32\_004370_.tmp.dll
c:\windows\system32\_004371_.tmp.dll
c:\windows\system32\_004372_.tmp.dll
c:\windows\system32\_004373_.tmp.dll
c:\windows\system32\_004374_.tmp.dll
c:\windows\system32\_004375_.tmp.dll
c:\windows\system32\_004376_.tmp.dll
c:\windows\system32\_004377_.tmp.dll
c:\windows\system32\_004378_.tmp.dll
c:\windows\system32\_004379_.tmp.dll
c:\windows\system32\_004380_.tmp.dll
c:\windows\system32\_004381_.tmp.dll
c:\windows\system32\_004382_.tmp.dll
c:\windows\system32\_004383_.tmp.dll
c:\windows\system32\_004384_.tmp.dll
c:\windows\system32\_004385_.tmp.dll
c:\windows\system32\_004386_.tmp.dll
c:\windows\system32\_004387_.tmp.dll
c:\windows\system32\_004388_.tmp.dll
c:\windows\system32\_004389_.tmp.dll
c:\windows\system32\_004390_.tmp.dll
c:\windows\system32\_004391_.tmp.dll
c:\windows\system32\_004392_.tmp.dll
c:\windows\system32\_004393_.tmp.dll
c:\windows\system32\_004394_.tmp.dll
c:\windows\system32\_004395_.tmp.dll
c:\windows\system32\_004396_.tmp.dll
c:\windows\system32\_004397_.tmp.dll
c:\windows\system32\_004398_.tmp.dll
c:\windows\system32\_004399_.tmp.dll
c:\windows\system32\_004400_.tmp.dll
c:\windows\system32\_004401_.tmp.dll
c:\windows\system32\_004402_.tmp.dll
c:\windows\system32\_004403_.tmp.dll
c:\windows\system32\_004404_.tmp.dll
c:\windows\system32\_004405_.tmp.dll
c:\windows\system32\_004406_.tmp.dll
c:\windows\system32\_004407_.tmp.dll
c:\windows\system32\_004408_.tmp.dll
c:\windows\system32\_004409_.tmp.dll
c:\windows\system32\_004410_.tmp.dll
c:\windows\system32\_004411_.tmp.dll
c:\windows\system32\_004412_.tmp.dll
c:\windows\system32\_004413_.tmp.dll
c:\windows\system32\_004414_.tmp.dll
c:\windows\system32\_004415_.tmp.dll
c:\windows\system32\_004416_.tmp.dll
c:\windows\system32\_004417_.tmp.dll
c:\windows\system32\_004418_.tmp.dll
c:\windows\system32\_004419_.tmp.dll
c:\windows\system32\_004420_.tmp.dll
c:\windows\system32\_004421_.tmp.dll
c:\windows\system32\_004422_.tmp.dll
c:\windows\system32\_004423_.tmp.dll
c:\windows\system32\_004424_.tmp.dll
c:\windows\system32\_004425_.tmp.dll
c:\windows\system32\_004426_.tmp.dll
c:\windows\system32\_004427_.tmp.dll
c:\windows\system32\_004428_.tmp.dll
c:\windows\system32\_004430_.tmp.dll
c:\windows\system32\_004431_.tmp.dll
c:\windows\system32\_004432_.tmp.dll
c:\windows\system32\_004433_.tmp.dll
c:\windows\system32\_004434_.tmp.dll
c:\windows\system32\_004435_.tmp.dll
c:\windows\system32\_004436_.tmp.dll
c:\windows\system32\_004438_.tmp.dll
c:\windows\system32\_004439_.tmp.dll
c:\windows\system32\_004440_.tmp.dll
c:\windows\system32\_004441_.tmp.dll
c:\windows\system32\_004442_.tmp.dll
c:\windows\system32\_004443_.tmp.dll
c:\windows\system32\_004444_.tmp.dll
c:\windows\system32\_004445_.tmp.dll
c:\windows\system32\_004446_.tmp.dll
c:\windows\system32\_004447_.tmp.dll
c:\windows\system32\_004448_.tmp.dll
c:\windows\system32\_004449_.tmp.dll
c:\windows\system32\_004450_.tmp.dll
c:\windows\system32\_004451_.tmp.dll
c:\windows\system32\_004452_.tmp.dll
c:\windows\system32\_004453_.tmp.dll
c:\windows\system32\_004454_.tmp.dll
c:\windows\system32\_004455_.tmp.dll
c:\windows\system32\_004457_.tmp.dll
c:\windows\system32\_004458_.tmp.dll
c:\windows\system32\_004459_.tmp.dll
c:\windows\system32\_004460_.tmp.dll
c:\windows\system32\_004461_.tmp.dll
c:\windows\system32\_004464_.tmp.dll
c:\windows\system32\_004465_.tmp.dll
c:\windows\system32\_004466_.tmp.dll
c:\windows\system32\_004467_.tmp.dll
c:\windows\system32\_004468_.tmp.dll
c:\windows\system32\_004469_.tmp.dll
c:\windows\system32\_004470_.tmp.dll
c:\windows\system32\_004472_.tmp.dll
c:\windows\system32\_004473_.tmp.dll
c:\windows\system32\_004474_.tmp.dll
c:\windows\system32\_004475_.tmp.dll
c:\windows\system32\_004476_.tmp.dll
c:\windows\system32\_004477_.tmp.dll
c:\windows\system32\_004478_.tmp.dll
c:\windows\system32\_004479_.tmp.dll
c:\windows\system32\_004480_.tmp.dll
c:\windows\system32\_004481_.tmp.dll
c:\windows\system32\_004482_.tmp.dll
c:\windows\system32\_004483_.tmp.dll
c:\windows\system32\_004484_.tmp.dll
c:\windows\system32\_004485_.tmp.dll
c:\windows\system32\_004486_.tmp.dll
c:\windows\system32\_004487_.tmp.dll
c:\windows\system32\_004488_.tmp.dll
c:\windows\system32\_004489_.tmp.dll
c:\windows\system32\_004491_.tmp.dll
c:\windows\system32\_004492_.tmp.dll
c:\windows\system32\_004493_.tmp.dll
c:\windows\system32\_004494_.tmp.dll
c:\windows\system32\_004495_.tmp.dll
c:\windows\system32\_004498_.tmp.dll
c:\windows\system32\_004499_.tmp.dll
c:\windows\system32\_004500_.tmp.dll
c:\windows\system32\_004501_.tmp.dll
c:\windows\system32\_004502_.tmp.dll
c:\windows\system32\_004503_.tmp.dll
c:\windows\system32\_004504_.tmp.dll
c:\windows\system32\_004506_.tmp.dll
c:\windows\system32\_004507_.tmp.dll
c:\windows\system32\_004508_.tmp.dll
c:\windows\system32\_004509_.tmp.dll
c:\windows\system32\_004510_.tmp.dll
c:\windows\system32\_004511_.tmp.dll
c:\windows\system32\_004512_.tmp.dll
c:\windows\system32\_004513_.tmp.dll
c:\windows\system32\_004515_.tmp.dll
c:\windows\system32\_004516_.tmp.dll
c:\windows\system32\_004517_.tmp.dll
c:\windows\system32\_004520_.tmp.dll
c:\windows\system32\_004521_.tmp.dll
c:\windows\system32\_004525_.tmp.dll
c:\windows\system32\_004526_.tmp.dll
c:\windows\system32\_004528_.tmp.dll
c:\windows\system32\_004531_.tmp.dll
c:\windows\system32\_004533_.tmp.dll
c:\windows\system32\_004534_.tmp.dll
c:\windows\system32\_004535_.tmp.dll
c:\windows\system32\_004536_.tmp.dll
c:\windows\system32\_004539_.tmp.dll
c:\windows\system32\_004540_.tmp.dll
c:\windows\system32\_004541_.tmp.dll
c:\windows\system32\_004542_.tmp.dll
c:\windows\system32\_004543_.tmp.dll
c:\windows\system32\_004548_.tmp.dll
c:\windows\system32\_004550_.tmp.dll
c:\windows\system32\_004551_.tmp.dll
c:\windows\system32\_006542_.tmp.dll
c:\windows\system32\_006543_.tmp.dll
c:\windows\system32\_006544_.tmp.dll
c:\windows\system32\_006545_.tmp.dll
c:\windows\system32\_006552_.tmp.dll
c:\windows\system32\_006553_.tmp.dll
c:\windows\system32\_006554_.tmp.dll
c:\windows\system32\_006555_.tmp.dll
c:\windows\system32\_006557_.tmp.dll
c:\windows\system32\_006558_.tmp.dll
c:\windows\system32\_006561_.tmp.dll
c:\windows\system32\_006562_.tmp.dll
c:\windows\system32\_006564_.tmp.dll
c:\windows\system32\_006565_.tmp.dll
c:\windows\system32\_006566_.tmp.dll
c:\windows\system32\_006568_.tmp.dll
c:\windows\system32\_006569_.tmp.dll
c:\windows\system32\_006571_.tmp.dll
c:\windows\system32\_006572_.tmp.dll
c:\windows\system32\_006576_.tmp.dll
c:\windows\system32\_006577_.tmp.dll
c:\windows\system32\_006579_.tmp.dll
c:\windows\system32\_006582_.tmp.dll
c:\windows\system32\_006584_.tmp.dll
c:\windows\system32\_006585_.tmp.dll
c:\windows\system32\_006586_.tmp.dll
c:\windows\system32\_006587_.tmp.dll
c:\windows\system32\_006588_.tmp.dll
c:\windows\system32\_006591_.tmp.dll
c:\windows\system32\_006592_.tmp.dll
c:\windows\system32\_006593_.tmp.dll
c:\windows\system32\_006594_.tmp.dll
c:\windows\system32\_006595_.tmp.dll
c:\windows\system32\_006600_.tmp.dll
c:\windows\system32\_006602_.tmp.dll
c:\windows\system32\_006603_.tmp.dll
c:\windows\system32\drivers\msqpdxrfdtedwv.sys
c:\windows\system32\drivers\msqpdxserv.sys
c:\windows\system32\msqpdxnerohrgi.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_msqpdxserv.sys
-------\Legacy_msqpdxserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-31 )))))))))))))))))))))))))))))))
.

2009-01-30 17:57 . 2009-01-30 17:57 <DIR> d-------- C:\32788R22FWJFW
2009-01-27 21:40 . 2009-01-27 21:40 <DIR> d-------- c:\program files\Trend Micro
2009-01-07 15:51 . 2009-01-07 15:51 <DIR> d-------- c:\program files\AskSearch
2009-01-07 15:51 . 2009-01-07 15:51 <DIR> d-------- c:\program files\AskBarDis
2009-01-07 09:40 . 2009-01-07 15:51 <DIR> d-------- c:\program files\Auslogics
2009-01-07 09:40 . 2009-01-07 09:40 <DIR> d-------- c:\documents and settings\User\Application Data\Auslogics
2009-01-07 08:50 . 2009-01-07 08:50 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-22 00:15 . 2008-12-22 00:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\TomTom
2008-12-22 00:14 . 2008-12-22 00:14 <DIR> d-------- c:\documents and settings\User\Application Data\TomTom
2008-12-22 00:13 . 2008-12-22 00:13 <DIR> d-------- c:\program files\TomTom HOME 2
2008-12-22 00:12 . 2008-12-22 00:12 <DIR> d-------- c:\program files\TomTom DesktopSuite
2008-12-14 14:45 . 2003-04-23 19:31 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2008-12-14 14:45 . 2009-01-07 16:02 <DIR> d-------- c:\documents and settings\Administrator
2008-12-14 01:13 . 2008-04-13 11:39 2,897,920 --------- c:\windows\system32\xpsp2res.dll
2008-12-14 01:13 . 2008-04-13 12:36 44,928 --------- c:\windows\system32\drivers\agpcpq.sys
2008-12-14 01:13 . 2008-04-13 12:36 43,008 --------- c:\windows\system32\drivers\amdagp.sys
2008-12-14 01:13 . 2008-04-13 12:36 42,752 --------- c:\windows\system32\drivers\alim1541.sys
2008-12-14 01:13 . 2008-04-13 12:36 42,368 --------- c:\windows\system32\drivers\agp440.sys
2008-12-14 01:13 . 2008-04-13 12:36 42,240 --------- c:\windows\system32\drivers\viaagp.sys
2008-12-14 01:13 . 2008-04-13 12:36 40,960 --------- c:\windows\system32\drivers\sisagp.sys
2008-12-14 01:12 . 2007-06-13 04:23 1,033,216 --a------ c:\windows\SET14A0.tmp
2008-12-13 09:55 . 2008-12-13 10:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee Anti-Theft
2008-12-13 09:36 . 2008-12-13 09:36 <DIR> d-------- c:\documents and settings\User\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 00:31 --------- d-----w c:\program files\DNA
2009-01-31 00:31 --------- d-----w c:\documents and settings\User\Application Data\DNA
2009-01-23 06:19 --------- d-----w c:\program files\DVD Profiler
2009-01-23 06:19 --------- d-----w c:\documents and settings\User\Application Data\DVD Profiler
2009-01-07 22:31 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-07 15:15 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-30 06:48 --------- d-----w c:\program files\McAfee
2008-12-16 07:03 --------- d-----w c:\documents and settings\User\Application Data\BitTorrent
2008-12-14 20:04 379,392 ----a-w c:\program files\subinacl.msi
2008-12-13 15:37 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-10 21:45 --------- d-----w c:\program files\Bodog Poker
2008-12-07 08:18 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2007-08-19 06:49 220 -c--a-w c:\program files\Readme.txt
2007-08-19 06:49 105,256,233 -c--a-w c:\program files\Norton_AntiVirus_2007.uif
2004-02-15 08:26 132 -c-h--w c:\program files\~QW~LINK.QDT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{C94E154B-1459-4A47-966B-4B843BEFC7DB} "= "c:\program files\AskSearch\bin\DefaultSearch.dll" [2008-07-14 45056]

[HKEY_CLASSES_ROOT\clsid\{c94e154b-1459-4a47-966b-4b843befc7db}]
[HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC73A159-0736-4EF3-972D-6EA9B2278495}]
[HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-14 15:18 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-14 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA "= "c:\program files\DNA\btdna.exe" [2008-12-19 342848]
"TomTomHOME.exe "= "c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"type32 "= "c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI "= "c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-03 185896]
"McPvTray "= "c:\program files\McAfee\Anti-Theft\McPvTray.exe" [2008-05-28 655360]
"nwiz "= "nwiz.exe" [2003-05-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

c:\documents and settings\User\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-06-18 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420 "= i263_32.drv
"vidc.xvid "= xvid.dll
"VIDC.I263 "= i263_32.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
Trusted 1011

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^FlashTalk.lnk]
backup=c:\windows\pss\FlashTalk.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSavingsfromEbates
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a--c--- 2008-07-22 19:42 116040 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX595 Series]
--a--c--- 2007-03-30 05:00 182272 c:\windows\system32\spool\drivers\w32x86\3\E_FATICLA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2002-05-24 06:46 188416 c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
--a--c--- 2002-06-20 13:06 339968 c:\windows\system32\hphmon04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
--a--c--- 2002-05-24 06:47 49152 c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a--c--- 2003-06-18 13:00 200704 c:\program files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-05-03 00:40 214560 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
--a--c--- 2003-06-23 22:12 319488 c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a--c--- 2004-07-26 18:04 868352 c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a--c--- 2003-05-01 19:44 65536 c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a--c--- 2002-04-17 10:42 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2006-11-09 14:07 49263 c:\program files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-03 00:39 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a--c--- 2003-06-03 12:01 496640 c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice "=2 (0x2)
"WMPNetworkSvc "=3 (0x3)
"usnjsvc "=3 (0x3)
"iPod Service "=3 (0x3)
"Bonjour Service "=2 (0x2)
"Apple Mobile Device "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\iWin.com\\Jewel Quest\\JewelQuest.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\Bodog Poker\\BPGame.exe "=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\DVD Profiler\\dvdpro.exe "=
"c:\\StubInstaller.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

R0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [2008-05-28 61688]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-25 206096]
R4 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2004-02-15 34916]

--- Other Services/Drivers In Memory ---

*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Viewpoint Manager Service
*Deregistered* - W32Time
*Deregistered* - WANMiniportService
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WMDM PMSP Service
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4e7c700-cb46-11dd-9390-00038a000015}]
\Shell\AutoRun\command - J:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2009-01-30 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 11:24]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0007522A-2297-43C1-8EB1-C90B0FF20DA5} - (no file)
WebBrowser-{04670A5B-A146-48D9-E8AE-1E75ADB831E9} - (no file)
WebBrowser-{5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
MSConfigStartUp-showicon2k - c:\program files\\eM\Bay Reader\Shwicon2k.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.emachines.com/
mSearch Bar = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{A18AC347-2CA3-4e5d-AB86-33BFC7EEB931}
Trusted Zone: aol.com\free
Trusted Zone: internet
Trusted Zone: mcafee.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-30 18:31:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-01-30 18:50:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-31 00:49:14

Pre-Run: 43,835,478,016 bytes free
Post-Run: 43,761,192,960 bytes free

472 --- E O F --- 2009-01-30 09:02:13

 

Looks as though ComboFix cleaned up pretty good. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

 

Here you go:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, February 1, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, February 01, 2009 06:24:46
Records in database: 1734630
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 119535
Threat name: 4
Infected objects: 18
Suspicious objects: 0
Duration of the scan: 06:56:06


File name / Threat name / Threats count
C:\Applications\bittorrent-3.3.exe Infected: Trojan-Downloader.Win32.Swizzor.l 1
C:\Documents and Settings\User\Local Settings\Application Data\Identities\{D444D532-D7C5-4EBB-82A7-BB3E62A7958F}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan-Dropper.VBS.Zerolin 15
C:\Downloaded Stuff\Registry Fix 7 PRO + Working Keygen\RegistryFix 7.0\registryfix.exe Infected: Trojan.Win32.Agent.yif 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\msqpdxnerohrgi.dll.vir Infected: Packed.Win32.****.d 1

The selected area was scanned.

 

As you can see, downloading via P2P and keygens is dangerous business. Additionally, we don't not approve of cracks, keygens or other illegally obtained software. Please delete the following infected items.

C:\Applications\bittorrent-3.3.exe
C:\Downloaded Stuff\Registry Fix 7 PRO + Working Keygen

I'm not passing judgment on file-sharing as a concept. However, I will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.


You also need to empty the Deleted Items folder in Outlook Express.

Let me know how the system is behaving, and if everything seems normal we can cleanup our tools.

 

I've deleted said programs.
Should I turn on my McAfee antivirus program yet?
My computer is running better while I am online.
Thanks,
Jeff

 

The realtime protections only needed to be disabled whilst running the tools. Provided things are still OK, cleanup as follows.

Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

Delete dds.scr from the desktop.
You can delete any other logs that were created/saved too.
Empty the recycle bin when done.


Uninstall the following Java components via Add/Remove Programs.

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06

Then install the latest JRE 6 Update 12 from here.

 

When I ran ComboFix /u, it didn't delete the ComboFix file nor the text. So I deleted it manually.
Afterwards I went to uninstall the Java programs. I was able to delete both of the Standard Editions, but the other five will not uninstall. It says (Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if it is not correctly installed)

 

Please download JavaRa and save the file to your desktop.

• Right click and Extract All
• Once extracted, open and run JavaRa.exe
• When complete, click Remove Older Versions in the JavaRa interface and allow it to proceed
• When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go
• Exit the tool when complete.
  
  If it fails to remove everything, reboot and run it again. Once done you can install the latest version.

 

It worked. Thanks alot for your help. Anything else I need to do? (By the way, I tried to download the service pack 3 and it still won't let me)

 

Exactly what happens when you try to download it, and where are you downloading it from?

 

My computer automatically tries to update but it fails. Says access is denied.
I visited Microsofts website and tried to download it directly from there, but it did the same thing.
It goes through the process of everything but at the end is when the message comes up and then it undoes everything.

I hope that made sense

 

Now I understand. The problem is not in downloading SP3, but with installing it. The following should remedy that.

This procedure is documented on the Microsoft.com website for resetting registry and system file permissions, as well as default security descriptors. While it might not fix the problem, it should do no harm either.

Download and install SubInACL from Microsoft.

Close out all other programs and open windows.

Highlight and copy the contents of the code box below.

Code:

cd /d  "%ProgramFiles%\Windows Resource Kits\Tools "
subinacl /subkeyreg HKEY_LOCAL_MACHINE\Software /owner=administrators /grant=administrators=f /grant=system=f /grant=RESTRICTED=r
subinacl /subkeyreg HKEY_LOCAL_MACHINE\System /owner=administrators /grant=administrators=f /grant=system=f /grant=RESTRICTED=r
subinacl /subkeyreg HKEY_CURRENT_USER /owner=administrators /grant=administrators=f /grant=system=f /grant=RESTRICTED=r
subinacl /subkeyreg HKEY_CLASSES_ROOT /owner=administrators /grant=administrators=f /grant=system=f /grant=RESTRICTED=r
subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f
exit
cls

Click Start>Run and type cmd then hit enter to open a command window.
Right click in the command window and select paste.
It will take a while for the commands to process, so please be patient.
The command window should close on it's own when finished.
Reboot for the changes to take effect.


Now, disable any realtime protection, including Spybot's TeaTimer, then try installing SP3 again.

 

Ok....so I downloaded Subinacl program. Only problem is that my Windows Installer will not let me install the program. It says same message as above. I found a place at Microsoft's website that deals with the issue, http://support.microsoft.com/kb/315346, and ran both methods to no avail.

 

Please copy and paste the contents of the code box below into a command window and post the resulting text file.

Code:

reg query HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot>safe.txt
reg query  "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ">>safe.txt
reg query HKCU\Environment>>safe.txt
start notepad safe.txt
exit
cls

Next, download driver_service_info and run it.
Press S then Enter for a Services report.
Press B then Enter for both Active and Inactive Services.
When prompted, press Y then Enter to gather ServiceGroup and LoadOrderGroup info.
Copy the contents of the log that opens and paste it in a reply here.


The log may be too large to fit in one post, requiring you to split it into 2.

 

Here is the result from your first command:

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
AlternateShell REG_SZ cmd.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PROCESSOR_ARCHITECTURE REG_SZ x86
PROCESSOR_LEVEL REG_SZ 6
PROCESSOR_IDENTIFIER REG_SZ x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_REVISION REG_SZ 0a00
NUMBER_OF_PROCESSORS REG_SZ 1
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
FP_NO_HOST_CHECK REG_SZ NO
CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
QTJAVA REG_SZ C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Environment
TEMP REG_EXPAND_SZ %USERPROFILE%\Local Settings\Temp
TMP REG_EXPAND_SZ %USERPROFILE%\Local Settings

 

Here is part one of the service report:

~~~ Service Information report ~~~

Microsoft Windows XP Home Edition
Service Pack 2
5.1.2600

2/17/2009 10:46:34 PM


~~~Running Processes~~~

System Idle Process
PID: 0
Path:
Parent PID: 0

System
PID: 4
Path:
Parent PID: 0

smss.exe
PID: 404
Path: C:\WINDOWS\System32\smss.exe
Parent PID: 4

csrss.exe
PID: 452
Path:
Parent PID: 404

winlogon.exe
PID: 476
Path: C:\WINDOWS\system32\winlogon.exe
Parent PID: 404

services.exe
PID: 520
Path: C:\WINDOWS\system32\services.exe
Parent PID: 476

lsass.exe
PID: 532
Path: C:\WINDOWS\system32\lsass.exe
Parent PID: 476

svchost.exe
PID: 680
Path: C:\WINDOWS\system32\svchost.exe
Parent PID: 520

svchost.exe
PID: 736
Path:
Parent PID: 520

svchost.exe
PID: 800
Path: C:\WINDOWS\System32\svchost.exe
Parent PID: 520

svchost.exe
PID: 852
Path:
Parent PID: 520

svchost.exe
PID: 988
Path:
Parent PID: 520

explorer.exe
PID: 1236
Path: C:\WINDOWS\Explorer.EXE
Parent PID: 1212

spoolsv.exe
PID: 1288
Path: C:\WINDOWS\system32\spoolsv.exe
Parent PID: 520

type32.exe
PID: 1520
Path: C:\Program Files\Microsoft IntelliType Pro\type32.exe
Parent PID: 1236

point32.exe
PID: 1528
Path: C:\Program Files\Microsoft IntelliPoint\point32.exe
Parent PID: 1236

mcagent.exe
PID: 1536
Path: C:\Program Files\McAfee.com\Agent\mcagent.exe
Parent PID: 1236

McPvTray.exe
PID: 1592
Path: C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
Parent PID: 1236

McAfeeDataBackup.exe
PID: 1604
Path: C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
Parent PID: 1236

btdna.exe
PID: 1616
Path: C:\Program Files\DNA\btdna.exe
Parent PID: 1236

HOMERunner.exe
PID: 1632
Path: C:\Program Files\TomTom HOME 2\HOMERunner.exe
Parent PID: 1236

McSACore.exe
PID: 1880
Path: C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
Parent PID: 520

mcmscsvc.exe
PID: 1916
Path: C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
Parent PID: 520

McNASvc.exe
PID: 1980
Path: c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
Parent PID: 520

McProxy.exe
PID: 244
Path: c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
Parent PID: 520

Mcshield.exe
PID: 360
Path: C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
Parent PID: 520

MpfSrv.exe
PID: 440
Path: C:\Program Files\McAfee\MPF\MPFSrv.exe
Parent PID: 520

msksrver.exe
PID: 1408
Path: C:\Program Files\McAfee\MSK\MskSrver.exe
Parent PID: 520

nvsvc32.exe
PID: 644
Path: C:\WINDOWS\System32\nvsvc32.exe
Parent PID: 520

svchost.exe
PID: 1488
Path: C:\WINDOWS\System32\svchost.exe
Parent PID: 520

ViewpointService.exe
PID: 1716
Path: C:\Program Files\Viewpoint\Common\ViewpointService.exe
Parent PID: 520

wanmpsvc.exe
PID: 1784
Path: C:\WINDOWS\wanmpsvc.exe
Parent PID: 520

MsPMSPSv.exe
PID: 2060
Path: C:\WINDOWS\System32\MsPMSPSv.exe
Parent PID: 520

ViewMgr.exe
PID: 2392
Path: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Parent PID: 1716

mcsysmon.exe
PID: 3544
Path: C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
Parent PID: 520

alg.exe
PID: 3852
Path:
Parent PID: 520

rundll32.exe
PID: 2576
Path: C:\WINDOWS\system32\rundll32.exe
Parent PID: 960

realsched.exe
PID: 2776
Path: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Parent PID: 6008

wuauclt.exe
PID: 4568
Path: C:\WINDOWS\system32\wuauclt.exe
Parent PID: 800

iexplore.exe
PID: 4496
Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Parent PID: 3920

notepad.exe
PID: 5764
Path: C:\WINDOWS\system32\notepad.exe
Parent PID: 3520

driver_service_info[1].exe
PID: 5464
Path: C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\UHCNUT2D\driver_service_info[1].exe
Parent PID: 4496

cmd.exe
PID: 5304
Path: C:\WINDOWS\system32\cmd.exe
Parent PID: 5464

wmiprvse.exe
PID: 4696
Path:
Parent PID: 680

cscript.exe
PID: 4652
Path: C:\WINDOWS\system32\cscript.exe
Parent PID: 5304

findstr.exe
PID: 4880
Path: C:\WINDOWS\system32\findstr.exe
Parent PID: 5304


~~~Running Services by PID~~~

PID: 988
Alerter
TCP/IP NetBIOS Helper
SSDP Discovery Service
Universal Plug and Play Device Host
WebClient
PID: 3852
Application Layer Gateway Service
PID: 800
Windows Audio
Background Intelligent Transfer Service
Computer Browser
Cryptographic Services
DHCP Client
Error Reporting Service
COM+ Event System
Fast User Switching Compatibility
Help and Support
HID Input Service
Server
Workstation
Network Connections
Network Location Awareness (NLA)
Remote Access Connection Manager
Task Scheduler
Secondary Logon
System Event Notification
Windows Firewall/Internet Connection Sharing (ICS)
Shell Hardware Detection
System Restore Service
Telephony
Themes
Distributed Link Tracking Client
Windows Time
Windows Management Instrumentation
Security Center
Automatic Updates
Wireless Zero Configuration
PID: 680
DCOM Server Process Launcher
Terminal Services
PID: 852
DNS Client
PID: 520
Event Log
Plug and Play
PID: 1880
McAfee SiteAdvisor Service
PID: 1916
McAfee Services
PID: 1980
McAfee Network Agent
PID: 244
McAfee Proxy Service
PID: 360
McAfee Real-time Scanner
PID: 3544
McAfee SystemGuards
PID: 440
McAfee Personal Firewall Service
PID: 1408
McAfee Anti-Spam Service
PID: 644
NVIDIA Driver Helper Service
PID: 532
IPSEC Services
Protected Storage
Security Accounts Manager
PID: 736
Remote Procedure Call (RPC)
PID: 1288
Print Spooler
PID: 1488
Windows Image Acquisition (WIA)
PID: 1716
Viewpoint Manager Service
PID: 1784
WAN Miniport (ATW) Service
PID: 2060
WMDM PMSP Service


~~~Running Services Configuration~~~

PID: 988
Service: Alerter
Displayed: Alerter
Image: C:\WINDOWS\System32\svchost.exe -k LocalService
Start Mode: Auto

PID: 3852
Service: ALG
Displayed: Application Layer Gateway Service
Image: C:\WINDOWS\System32\alg.exe
Start Mode: Manual

PID: 800
Service: AudioSrv
Displayed: Windows Audio
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 800
Service: BITS
Displayed: Background Intelligent Transfer Service
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 800
Service: Browser
Displayed: Computer Browser
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 800
Service: CryptSvc
Displayed: Cryptographic Services
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 680
Service: DcomLaunch
Displayed: DCOM Server Process Launcher
Image: C:\WINDOWS\system32\svchost -k DcomLaunch
Start Mode: Auto

PID: 800
Service: Dhcp
Displayed: DHCP Client
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 852
Service: Dnscache
Displayed: DNS Client
Image: C:\WINDOWS\System32\svchost.exe -k NetworkService
Start Mode: Auto

PID: 800
Service: ERSvc
Displayed: Error Reporting Service
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 520
Service: Eventlog
Displayed: Event Log
Image: C:\WINDOWS\system32\services.exe
Start Mode: Auto

PID: 800
Service: EventSystem
Displayed: COM+ Event System
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

PID: 800
Service: FastUserSwitchingCompatibility
Displayed: Fast User Switching Compatibility
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

PID: 800
Service: helpsvc
Displayed: Help and Support
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 800
Service: HidServ
Displayed: HID Input Service
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 800
Service: lanmanserver
Displayed: Server
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 800
Service: lanmanworkstation
Displayed: Workstation
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 988
Service: LmHosts
Displayed: TCP/IP NetBIOS Helper
Image: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto

PID: 1880
Service: McAfee SiteAdvisor Service
Displayed: McAfee SiteAdvisor Service
Image: "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe "
Start Mode: Auto

PID: 1916
Service: mcmscsvc
Displayed: McAfee Services
Image: C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
Start Mode: Auto

PID: 1980
Service: McNASvc
Displayed: McAfee Network Agent
Image: "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe "
Start Mode: Auto

PID: 244
Service: McProxy
Displayed: McAfee Proxy Service
Image: c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
Start Mode: Auto

PID: 360
Service: McShield
Displayed: McAfee Real-time Scanner
Image: C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
Start Mode: Auto

PID: 3544
Service: McSysmon
Displayed: McAfee SystemGuards
Image: C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
Start Mode: Manual

PID: 440
Service: MpfService
Displayed: McAfee Personal Firewall Service
Image: "C:\Program Files\McAfee\MPF\MPFSrv.exe "
Start Mode: Auto

PID: 1408
Service: MSK80Service
Displayed: McAfee Anti-Spam Service
Image: "C:\Program Files\McAfee\MSK\MskSrver.exe "
Start Mode: Auto

PID: 800
Service: Netman
Displayed: Network Connections
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

PID: 800
Service: Nla
Displayed: Network Location Awareness (NLA)
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

PID: 644
Service: NVSvc
Displayed: NVIDIA Driver Helper Service
Image: C:\WINDOWS\System32\nvsvc32.exe
Start Mode: Auto

PID: 520
Service: PlugPlay
Displayed: Plug and Play
Image: C:\WINDOWS\system32\services.exe
Start Mode: Auto

PID: 532
Service: PolicyAgent
Displayed: IPSEC Services
Image: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto

PID: 532
Service: ProtectedStorage
Displayed: Protected Storage
Image: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto

PID: 800
Service: RasMan
Displayed: Remote Access Connection Manager
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

PID: 736
Service: RpcSs
Displayed: Remote Procedure Call (RPC)
Image: C:\WINDOWS\system32\svchost -k rpcss
Start Mode: Auto

PID: 532
Service: SamSs
Displayed: Security Accounts Manager
Image: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto

PID: 800
Service: Schedule
Displayed: Task Scheduler
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 800
Service: seclogon
Displayed: Secondary Logon
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 800
Service: SENS
Displayed: System Event Notification
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 800
Service: SharedAccess
Displayed: Windows Firewall/Internet Connection Sharing (ICS)
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 800
Service: ShellHWDetection
Displayed: Shell Hardware Detection
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 1288
Service: Spooler
Displayed: Print Spooler
Image: C:\WINDOWS\system32\spoolsv.exe
Start Mode: Auto

PID: 800
Service: srservice
Displayed: System Restore Service
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 988
Service: SSDPSRV
Displayed: SSDP Discovery Service
Image: C:\WINDOWS\System32\svchost.exe -k LocalService
Start Mode: Manual

PID: 1488
Service: stisvc
Displayed: Windows Image Acquisition (WIA)
Image: C:\WINDOWS\System32\svchost.exe -k imgsvc
Start Mode: Auto

PID: 800
Service: TapiSrv
Displayed: Telephony
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

PID: 680
Service: TermService
Displayed: Terminal Services
Image: C:\WINDOWS\System32\svchost -k DComLaunch
Start Mode: Manual

PID: 800
Service: Themes
Displayed: Themes
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 800
Service: TrkWks
Displayed: Distributed Link Tracking Client
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 988
Service: upnphost
Displayed: Universal Plug and Play Device Host
Image: C:\WINDOWS\System32\svchost.exe -k LocalService
Start Mode: Manual

PID: 1716
Service: Viewpoint Manager Service
Displayed: Viewpoint Manager Service
Image: "C:\Program Files\Viewpoint\Common\ViewpointService.exe "
Start Mode: Auto

PID: 800
Service: W32Time
Displayed: Windows Time
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 1784
Service: WANMiniportService
Displayed: WAN Miniport (ATW) Service
Image: "C:\WINDOWS\wanmpsvc.exe "
Start Mode: Auto

PID: 988
Service: WebClient
Displayed: WebClient
Image: C:\WINDOWS\System32\svchost.exe -k LocalService
Start Mode: Auto

PID: 800
Service: winmgmt
Displayed: Windows Management Instrumentation
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 2060
Service: WMDM PMSP Service
Displayed: WMDM PMSP Service
Image: C:\WINDOWS\System32\MsPMSPSv.exe
Start Mode: Auto

PID: 800
Service: wscsvc
Displayed: Security Center
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 800
Service: wuauserv
Displayed: Automatic Updates
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 800
Service: WZCSVC
Displayed: Wireless Zero Configuration
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

 

and part 2:

~~~Inactive Services Configuration~~~

Service: Apple Mobile Device
Displayed: Apple Mobile Device
Path: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "
Start Mode: Disabled

Service: AppMgmt
Displayed: Application Management
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual

Service: aspnet_state
Displayed: ASP.NET State Service
Path: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Start Mode: Manual

Service: Bonjour Service
Displayed: Bonjour Service
Path: "C:\Program Files\Bonjour\mDNSResponder.exe "
Start Mode: Disabled

Service: CiSvc
Displayed: Indexing Service
Path: C:\WINDOWS\system32\cisvc.exe
Start Mode: Manual

Service: ClipSrv
Displayed: ClipBook
Path: C:\WINDOWS\system32\clipsrv.exe
Start Mode: Disabled

Service: COMSysApp
Displayed: COM+ System Application
Path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Start Mode: Manual

Service: dmadmin
Displayed: Logical Disk Manager Administrative Service
Path: C:\WINDOWS\System32\dmadmin.exe /com
Start Mode: Manual

Service: dmserver
Displayed: Logical Disk Manager
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

Service: EapHost
Displayed: Extensible Authentication Protocol Service
Path: C:\WINDOWS\System32\svchost.exe -k eapsvcs
Start Mode: Manual

Service: hkmsvc
Displayed: Health Key and Certificate Management Service
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

Service: HTTPFilter
Displayed: HTTP SSL
Path: C:\WINDOWS\System32\svchost.exe -k HTTPFilter
Start Mode: Manual

Service: IDriverT
Displayed: InstallDriver Table Manager
Path: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "
Start Mode: Manual

Service: ImapiService
Displayed: IMAPI CD-Burning COM Service
Path: C:\WINDOWS\system32\imapi.exe
Start Mode: Manual

Service: iPod Service
Displayed: iPod Service
Path: "C:\Program Files\iPod\bin\iPodService.exe "
Start Mode: Manual

Service: MBackMonitor
Displayed: MBackMonitor
Path: "C:\Program Files\McAfee\MBK\MBackMonitor.exe "
Start Mode: Manual

Service: McODS
Displayed: McAfee Scanner
Path: C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
Start Mode: Manual

Service: Messenger
Displayed: Messenger
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled

Service: mnmsrvc
Displayed: NetMeeting Remote Desktop Sharing
Path: C:\WINDOWS\System32\mnmsrvc.exe
Start Mode: Manual

Service: MSDTC
Displayed: Distributed Transaction Coordinator
Path: C:\WINDOWS\System32\msdtc.exe
Start Mode: Manual

Service: MSIServer
Displayed: Windows Installer
Path: C:\WINDOWS\System32\msiexec.exe /V
Start Mode: Manual

Service: napagent
Displayed: Network Access Protection Agent
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

Service: NetDDE
Displayed: Network DDE
Path: C:\WINDOWS\system32\netdde.exe
Start Mode: Disabled

Service: NetDDEdsdm
Displayed: Network DDE DSDM
Path: C:\WINDOWS\system32\netdde.exe
Start Mode: Disabled

Service: Netlogon
Displayed: Net Logon
Path: C:\WINDOWS\system32\lsass.exe
Start Mode: Manual

Service: NtLmSsp
Displayed: NT LM Security Support Provider
Path: C:\WINDOWS\System32\lsass.exe
Start Mode: Manual

Service: NtmsSvc
Displayed: Removable Storage
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual

Service: ose
Displayed: Office Source Engine
Path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "
Start Mode: Manual

Service: Pml Driver HPH11
Displayed: Pml Driver HPH11
Path: C:\WINDOWS\System32\HPHipm11.exe
Start Mode: Manual

Service: RasAuto
Displayed: Remote Access Auto Connection Manager
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

Service: RDSessMgr
Displayed: Remote Desktop Help Session Manager
Path: C:\WINDOWS\system32\sessmgr.exe
Start Mode: Manual

Service: RemoteAccess
Displayed: Routing and Remote Access
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Disabled

Service: RpcLocator
Displayed: Remote Procedure Call (RPC) Locator
Path: C:\WINDOWS\System32\locator.exe
Start Mode: Manual

Service: RSVP
Displayed: QoS RSVP
Path: C:\WINDOWS\System32\rsvp.exe
Start Mode: Manual

Service: SCardSvr
Displayed: Smart Card
Path: C:\WINDOWS\System32\SCardSvr.exe
Start Mode: Manual

Service: SwPrv
Displayed: MS Software Shadow Copy Provider
Path: C:\WINDOWS\System32\dllhost.exe /Processid:{BB446412-D70A-4A55-9013-460035910764}
Start Mode: Manual

Service: SysmonLog
Displayed: Performance Logs and Alerts
Path: C:\WINDOWS\system32\smlogsvc.exe
Start Mode: Manual

Service: uploadmgr
Displayed: Upload Manager
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

Service: UPS
Displayed: Uninterruptible Power Supply
Path: C:\WINDOWS\System32\ups.exe
Start Mode: Manual

Service: usnjsvc
Displayed: Messenger Sharing Folders USN Journal Reader service
Path: "C:\Program Files\MSN Messenger\usnsvc.exe "
Start Mode: Disabled

Service: VSS
Displayed: Volume Shadow Copy
Path: C:\WINDOWS\System32\vssvc.exe
Start Mode: Manual

Service: WmdmPmSN
Displayed: Portable Media Serial Number Service
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

Service: WmiApSrv
Displayed: WMI Performance Adapter
Path: C:\WINDOWS\System32\wbem\wmiapsrv.exe
Start Mode: Manual

Service: WMPNetworkSvc
Displayed: Windows Media Player Network Sharing Service
Path: "C:\Program Files\Windows Media Player\WMPNetwk.exe "
Start Mode: Disabled

Service: WudfSvc
Displayed: Windows Driver Foundation - User-mode Driver Framework
Path: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Start Mode: Manual

Service: xmlprov
Displayed: Network Provisioning Service
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual


~~~ svchost Export ~~~

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
LocalService REG_MULTI_SZ
Alerter
WebClient
LmHosts
RemoteRegistry
upnphost
SSDPSRV
NetworkService REG_MULTI_SZ
DnsCache
netsvcs REG_MULTI_SZ
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
wuauserv
BITS
ShellHWDetection
WmdmPmSN
xmlprov
wscsvc
napagent
hkmsvc
helpsvc
uploadmgr
rpcss REG_MULTI_SZ
RpcSs
imgsvc REG_MULTI_SZ
StiSvc
termsvcs REG_MULTI_SZ
TermService
HTTPFilter REG_MULTI_SZ
HTTPFilter
DcomLaunch REG_MULTI_SZ
DcomLaunch
TermService
WudfServiceGroup REG_MULTI_SZ
WUDFSvc
eapsvcs REG_MULTI_SZ
eaphost
dot3svc REG_MULTI_SZ
dot3svc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\DComLaunch
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\dot3svc
AuthenticationCapabilities REG_DWORD 0x3020
CoInitializeSecurityParam REG_DWORD 0x1
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\eapsvcs
AuthenticationCapabilities REG_DWORD 0x3020
CoInitializeSecurityParam REG_DWORD 0x1
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\HTTPFilter
CoInitializeSecurityParam REG_DWORD 0x1
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x2000
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x3020
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth
CoInitializeSecurityParam REG_DWORD 0x2
AuthenticationCapabilities REG_DWORD 0x40
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8


~~~ ServiceGroupOrder ~~~

System Reserved
Boot Bus Extender
System Bus Extender
SCSI miniport
Port
Primary Disk
SCSI Class
SCSI CDROM Class
FSFilter Infrastructure
FSFilter System
FSFilter Bottom
FSFilter Copy Protection
FSFilter Security Enhancer
FSFilter Open File
FSFilter Physical Quota Management
FSFilter Encryption
FSFilter Compression
FSFilter HSM
FSFilter Cluster File System
FSFilter System Recovery
FSFilter Quota Management
FSFilter Content Screener
FSFilter Continuous Backup
FSFilter Replication
FSFilter Anti-Virus
FSFilter Undelete
FSFilter Activity Monitor
FSFilter Top
Filter
Boot File System
Base
Pointer Port
Keyboard Port
Pointer Class
Keyboard Class
Video Init
Video
Video Save
File System
Event Log
Streams Drivers
NDIS Wrapper
COM Infrastructure
UIGroup
LocalValidation
PlugPlay
PNP_TDI
NDIS
TDI
NetBIOSGroup
ShellSvcGroup
SchedulerGroup
SpoolerGroup
AudioGroup
SmartCardGroup
NetworkProvider
RemoteValidation
NetDDEGroup
Parallel arbitrator
Extended Base
PCI Configuration
Network
Pnp Filter
MS Transactions

~~~ LoadOrderGroup Members ~~~

Service: AudioSrv
LoadOrderGroup: AudioGroup

Service: DcomLaunch
LoadOrderGroup: Event Log

Service: Dhcp
LoadOrderGroup: TDI

Service: Dnscache
LoadOrderGroup: TDI

Service: Eventlog
LoadOrderGroup: Event log

Service: EventSystem
LoadOrderGroup: Network

Service: lanmanworkstation
LoadOrderGroup: NetworkProvider

Service: LmHosts
LoadOrderGroup: TDI

Service: MSDTC
LoadOrderGroup: MS Transactions

Service: NetDDE
LoadOrderGroup: NetDDEGroup

Service: Netlogon
LoadOrderGroup: RemoteValidation

Service: PlugPlay
LoadOrderGroup: PlugPlay

Service: RpcSs
LoadOrderGroup: COM Infrastructure

Service: SamSs
LoadOrderGroup: LocalValidation

Service: SCardSvr
LoadOrderGroup: SmartCardGroup

Service: Schedule
LoadOrderGroup: SchedulerGroup

Service: SENS
LoadOrderGroup: Network

Service: ShellHWDetection
LoadOrderGroup: ShellSvcGroup

Service: Spooler
LoadOrderGroup: SpoolerGroup

Service: Themes
LoadOrderGroup: UIGroup

Service: WebClient
LoadOrderGroup: NetworkProvider

Service: WudfSvc
LoadOrderGroup: PlugPlay

Service: WZCSVC
LoadOrderGroup: TDI


~~~End of Report~~~

 

Highlight and copy the contents of the code box below.

Code:

<html> 
<head> 
<script language= "vbscript "> 
sub document_onclick() 
set installer = createobject( "windowsinstaller.installer ") 
msgbox installer.version 
end sub 
</script> 
</head> <body> <center>
Click anywhere for Windows Installer version... 
</color></center></body> 
</html> 

Open a blank notepad and paste the copied text.
Close the file, saving it as;

Filename: WIVer.htm
Save as type: All Files (*.*)

Double click WIVer.htm then click anywhere on the opening page.
A message box should open with a number on it.
Press Ctrl+C then click OK


Open a reply window here and press Ctrl+V then click Submit Reply.