Attention Grinler

While grinler is not around - I will assist you with the starting part of this fix for the RES:// type about:blank infection.

=================

The first thing I need you to do is download the file from here:

Getservice.zip

Extract the file to the c:\ drive. Then navigate to the c:\getservices and double-click on the getservices.bat file. A notepad will open up. Please paste the contents of that notepad as a reply to this post.
=================

grinler or I will advise on the next part of the fix from that reply

I did what was requested in the ChrisRLG post.  I got a message saying that the text had to be limited to 20000 characters.

What now?

Split it up to two or more post please - yes it can be large.

SERVICE_NAME: stisvc
Provides image acquisition services for scanners and cameras.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k imgsvc
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Windows Image Acquisition (WIA)
 DEPENDENCIES   : RpcSs
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 10 WIN32_OWN_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 0  IGNORE
 BINARY_PATH_NAME  : C:\WINDOWS\System32\dllhost.exe /Processid:{686563CC-58F2-48DC-8039-40674467EB31}
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : MS Software Shadow Copy Provider
 DEPENDENCIES   : rpcss
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 10 WIN32_OWN_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\system32\smlogsvc.exe
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Performance Logs and Alerts
 DEPENDENCIES   :
 SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Telephony
 DEPENDENCIES   : PlugPlay
     : RpcSs
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost -k DComLaunch
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Terminal Services
 DEPENDENCIES   : RPCSS
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Provides user experience theme management.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  : UIGroup
 TAG    : 0
 DISPLAY_NAME   : Themes
 DEPENDENCIES   :
 SERVICE_START_NAME: LocalSystem
 FAIL_RESET_PERIOD : 86400 seconds
 FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
     : Restart DELAY: 60000 seconds
     : None DELAY: 0 seconds

SERVICE_NAME: TlntSvr
Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 10 WIN32_OWN_PROCESS
 START_TYPE   : 4  DISABLED
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\tlntsvr.exe
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Telnet
 DEPENDENCIES   : RPCSS
     : TCPIP
     : NTLMSSP
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TrkWks
Maintains links between NTFS files within a computer or across computers in a network domain.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Distributed Link Tracking Client
 DEPENDENCIES   : RpcSs
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: upnphost
Provides support to host Universal Plug and Play devices.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Universal Plug and Play Device Host
 DEPENDENCIES   : SSDPSRV
     : HTTP
 SERVICE_START_NAME: NT AUTHORITY\LocalService
 FAIL_RESET_PERIOD : -1 seconds
 FAILURE_ACTIONS   : Restart DELAY: 0 seconds

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
 TYPE    : 10 WIN32_OWN_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\ups.exe
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Uninterruptible Power Supply
 DEPENDENCIES   :
 SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: VSS
Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 10 WIN32_OWN_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\vssvc.exe
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Volume Shadow Copy
 DEPENDENCIES   : RPCSS
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: w32time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Windows Time
 DEPENDENCIES   :
 SERVICE_START_NAME: LocalSystem
 FAIL_RESET_PERIOD : 5 seconds
 FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
     : Restart DELAY: 60000 seconds

SERVICE_NAME: WANMiniportService
(null)
 TYPE    : 10 WIN32_OWN_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 0  IGNORE
 BINARY_PATH_NAME  : "C:\WINDOWS\wanmpsvc.exe"
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : WAN Miniport (ATW) Service
 DEPENDENCIES   :
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WebClient
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
 LOAD_ORDER_GROUP  : NetworkProvider
 TAG    : 0
 DISPLAY_NAME   : WebClient
 DEPENDENCIES   : MRxDAV
 SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 0  IGNORE
 BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Windows Management Instrumentation
 DEPENDENCIES   : RPCSS
     : Eventlog
 SERVICE_START_NAME: LocalSystem
 FAIL_RESET_PERIOD : 86400 seconds
 FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
     : Restart DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Portable Media Serial Number Service
 DEPENDENCIES   :
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Wmi
Provides systems management information to and from drivers.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Windows Management Instrumentation Driver Extensions
 DEPENDENCIES   :
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Provides performance library information from WMI HiPerf providers.
 TYPE    : 10 WIN32_OWN_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\wbem\wmiapsrv.exe
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : WMI Performance Adapter
 DEPENDENCIES   : RPCSS
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wscsvc
Monitors system security settings and configurations.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Security Center
 DEPENDENCIES   : RpcSs
     : winmgmt
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Automatic Updates
 DEPENDENCIES   :
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Provides automatic configuration for the 802.11 adapters
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  : TDI
 TAG    : 0
 DISPLAY_NAME   : Wireless Zero Configuration
 DEPENDENCIES   : RpcSs
     : Ndisuio
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: xmlprov
Manages XML configuration files on a domain basis for automatic network provisioning.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Network Provisioning Service
 DEPENDENCIES   : RpcSs
 SERVICE_START_NAME: LocalSystem

 

PsService v1.1 - local and remote services viewer/controller
Copyright (C) 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 4  DISABLED
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Alerter
 DEPENDENCIES   : LanmanWorkstation
 SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: ALG
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
 TYPE    : 10 WIN32_OWN_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\alg.exe
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Application Layer Gateway Service
 DEPENDENCIES   :
 SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AOL ACS
(null)
 TYPE    : 10 WIN32_OWN_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : AOL Connectivity Service
 DEPENDENCIES   :
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Application Management
 DEPENDENCIES   :
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AudioSrv
Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  : AudioGroup
 TAG    : 0
 DISPLAY_NAME   : Windows Audio
 DEPENDENCIES   : PlugPlay
     : RpcSs
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Background Intelligent Transfer Service
 DEPENDENCIES   : Rpcss
 SERVICE_START_NAME: LocalSystem
 FAIL_RESET_PERIOD : 0 seconds
 FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
     : Restart DELAY: 60000 seconds
     : Restart DELAY: 60000 seconds

SERVICE_NAME: Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Computer Browser
 DEPENDENCIES   : LanmanWorkstation
     : LanmanServer
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: CiSvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
 TYPE    : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS 
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\system32\cisvc.exe
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Indexing Service
 DEPENDENCIES   : RPCSS
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 10 WIN32_OWN_PROCESS
 START_TYPE   : 4  DISABLED
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\system32\clipsrv.exe
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : ClipBook
 DEPENDENCIES   : NetDDE
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: COMSysApp
Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 10 WIN32_OWN_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : COM+ System Application
 DEPENDENCIES   : rpcss
 SERVICE_START_NAME: LocalSystem
 FAIL_RESET_PERIOD : 30 seconds
 FAILURE_ACTIONS   : Restart DELAY: 1000 seconds
     : Restart DELAY: 5000 seconds
     : None DELAY: 1000 seconds

SERVICE_NAME: CryptSvc
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Cryptographic Services
 DEPENDENCIES   : RpcSs
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: DcomLaunch
Provides launch functionality for DCOM services.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost -k DcomLaunch
 LOAD_ORDER_GROUP  : Event Log
 TAG    : 0
 DISPLAY_NAME   : DCOM Server Process Launcher
 DEPENDENCIES   :
 SERVICE_START_NAME: LocalSystem
 FAIL_RESET_PERIOD : 0 seconds
 FAILURE_ACTIONS   : Reboot DELAY: 60000 seconds

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  : TDI
 TAG    : 0
 DISPLAY_NAME   : DHCP Client
 DEPENDENCIES   : Tcpip
     : Afd
     : NetBT
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\dmadmin.exe /com
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Logical Disk Manager Administrative Service
 DEPENDENCIES   : RpcSs
     : PlugPlay
     : DmServer
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Logical Disk Manager
 DEPENDENCIES   : RpcSs
     : PlugPlay
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k NetworkService
 LOAD_ORDER_GROUP  : TDI
 TAG    : 0
 DISPLAY_NAME   : DNS Client
 DEPENDENCIES   : Tcpip
 SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
Allows error reporting for services and applictions running in non-standard environments.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 0  IGNORE
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Error Reporting Service
 DEPENDENCIES   : RpcSs
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\system32\services.exe
 LOAD_ORDER_GROUP  : Event log
 TAG    : 0
 DISPLAY_NAME   : Event Log
 DEPENDENCIES   :
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  : Network
 TAG    : 0
 DISPLAY_NAME   : COM+ Event System
 DEPENDENCIES   : RPCSS
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Provides management for applications that require assistance in a multiple user environment.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Fast User Switching Compatibility
 DEPENDENCIES   : TermService
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Help and Support
 DEPENDENCIES   : RPCSS
 SERVICE_START_NAME: LocalSystem
 FAIL_RESET_PERIOD : 86400 seconds
 FAILURE_ACTIONS   : Restart DELAY: 100 seconds
     : Restart DELAY: 100 seconds
     : None DELAY: 100 seconds

SERVICE_NAME: HidServ
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 4  DISABLED
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Human Interface Device Access
 DEPENDENCIES   : RpcSs
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: HTTPFilter
This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service,  using the Secure Socket Layer (SSL).  If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : HTTP SSL
 DEPENDENCIES   : HTTP
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ImapiService
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 10 WIN32_OWN_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\imapi.exe
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : IMAPI CD-Burning COM Service
 DEPENDENCIES   :
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Server
 DEPENDENCIES   :
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  : NetworkProvider
 TAG    : 0
 DISPLAY_NAME   : Workstation
 DEPENDENCIES   :
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
 LOAD_ORDER_GROUP  : TDI
 TAG    : 0
 DISPLAY_NAME   : TCP/IP NetBIOS Helper
 DEPENDENCIES   : NetBT
     : Afd
 SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: McShield
(null)
 TYPE    : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS 
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : McAfee.com McShield
 DEPENDENCIES   : RPCSS
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mcupdmgr.exe
(null)
 TYPE    : 10 WIN32_OWN_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : McAfee SecurityCenter Update Manager
 DEPENDENCIES   : RPCSS
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MCVSRte
(null)
 TYPE    : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS 
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : McAfee.com VirusScan Online Realtime Engine
 DEPENDENCIES   : RPCSS
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 4  DISABLED
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Messenger
 DEPENDENCIES   : LanmanWorkstation
     : NetBIOS
     : PlugPlay
     : RpcSS
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS 
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\mnmsrvc.exe
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : NetMeeting Remote Desktop Sharing
 DEPENDENCIES   :
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 10 WIN32_OWN_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\msdtc.exe
 LOAD_ORDER_GROUP  : MS Transactions
 TAG    : 1
 DISPLAY_NAME   : Distributed Transaction Coordinator
 DEPENDENCIES   : RPCSS
     : SamSS
 SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: MSIServer
Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\msiexec.exe /V
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Windows Installer
 DEPENDENCIES   : RpcSs
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 4  DISABLED
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\system32\netdde.exe
 LOAD_ORDER_GROUP  : NetDDEGroup
 TAG    : 0
 DISPLAY_NAME   : Network DDE
 DEPENDENCIES   : NetDDEDSDM
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 4  DISABLED
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\system32\netdde.exe
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Network DDE DSDM
 DEPENDENCIES   :
     : EGrLocalSystem
     : Network DDE DSDM
     : etwork DDE
     : workService
     : Distributed Transaction Coordinator
     : ion
     : cation Dh
     :
     : ›
     :
     : ¸6
     : ¸6
     : ges Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
     : 
     : u
     : n
     : a
     : v
     : a
     : i
     : l
     : a
     : b
     : l
     : e
     : .
     : 
     : I
     : f
     : 
     : t
     : h
     : i
     : s
     : 
     : s
     : e
     : r
     : v
     : i
     : c
     : e
     : 
     : i
     : s
     : 
     : d
     : i
     : s
     : a
     : b
     : l
     : e
     : d
     : ,
     : 
     : a
     : n
     : y
     : 
     : s
     : e
     : r
     : v
     : i
     : c
     : e
     : s
     : 
     : t
     : h
     : a
     : t
     : 
     : e
     : x
     : p
     : l
     : i
     : c
     : i
     : t
     : l
     : y
     : 
     : d
     : e
     : p
     : e
     : n
     : d
     : 
     : o
     : n
     : 
     : i
     : t
     : 
     : w
     : i
     : l
     : l
     : 
     : f
     : a
     : i
     : l
     : 
     : t
     : o
     : 
     : s
     : t
     : a
     : r
     : t
     : .
     : 
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\lsass.exe
 LOAD_ORDER_GROUP  : RemoteValidation
 TAG    : 0
 DISPLAY_NAME   : Net Logon
 DEPENDENCIES   : LanmanWorkstation
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
 TYPE    : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS 
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Network Connections
 DEPENDENCIES   : RpcSs
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Collects and stores network configuration and location information, and notifies applications when this information changes.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Network Location Awareness (NLA)
 DEPENDENCIES   : Tcpip
     : Afd
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\lsass.exe
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : NT LM Security Support Provider
 DEPENDENCIES   :
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Removable Storage
 DEPENDENCIES   : RpcSs
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\system32\services.exe
 LOAD_ORDER_GROUP  : PlugPlay
 TAG    : 0
 DISPLAY_NAME   : Plug and Play
 DEPENDENCIES   :
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\lsass.exe
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : IPSEC Services
 DEPENDENCIES   : RPCSS
     : Tcpip
     : IPSec
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
 TYPE    : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS 
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\system32\lsass.exe
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Protected Storage
 DEPENDENCIES   : RpcSs
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Remote Access Auto Connection Manager
 DEPENDENCIES   : RasMan
     : Tapisrv
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Remote Access Connection Manager
 DEPENDENCIES   : Tapisrv
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
 TYPE    : 10 WIN32_OWN_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\system32\sessmgr.exe
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Remote Desktop Help Session Manager
 DEPENDENCIES   : RPCSS
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 4  DISABLED
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Routing and Remote Access
 DEPENDENCIES   : RpcSS
     : +NetBIOSGroup
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteRegistry
Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k LocalService
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Remote Registry
 DEPENDENCIES   : RPCSS
 SERVICE_START_NAME: NT AUTHORITY\LocalService
 FAIL_RESET_PERIOD : 0 seconds
 FAILURE_ACTIONS   : Restart DELAY: 1000 seconds

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
 TYPE    : 10 WIN32_OWN_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\locator.exe
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Remote Procedure Call (RPC) Locator
 DEPENDENCIES   : LanmanWorkstation
 SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost -k rpcss
 LOAD_ORDER_GROUP  : COM Infrastructure
 TAG    : 0
 DISPLAY_NAME   : Remote Procedure Call (RPC)
 DEPENDENCIES   :
 SERVICE_START_NAME: NT Authority\NetworkService
 FAIL_RESET_PERIOD : 0 seconds
 FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
     : Run command DELAY: 0 seconds
     : Reboot DELAY: 60000 seconds

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
 TYPE    : 10 WIN32_OWN_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\rsvp.exe
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : QoS RSVP
 DEPENDENCIES   : TcpIp
     : Afd
     : RpcSs
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\system32\lsass.exe
 LOAD_ORDER_GROUP  : LocalValidation
 TAG    : 0
 DISPLAY_NAME   : Security Accounts Manager
 DEPENDENCIES   : RPCSS
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardSvr
Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 0  IGNORE
 BINARY_PATH_NAME  : C:\WINDOWS\System32\SCardSvr.exe
 LOAD_ORDER_GROUP  : SmartCardGroup
 TAG    : 0
 DISPLAY_NAME   : Smart Card
 DEPENDENCIES   : PlugPlay
 SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Schedule
Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS 
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  : SchedulerGroup
 TAG    : 0
 DISPLAY_NAME   : Task Scheduler
 DEPENDENCIES   : RpcSs
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
 TYPE    : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS 
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 0  IGNORE
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Secondary Logon
 DEPENDENCIES   :
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events.  Notifies COM+ Event System subscribers of these events.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  : Network
 TAG    : 0
 DISPLAY_NAME   : System Event Notification
 DEPENDENCIES   : EventSystem
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : Windows Firewall/Internet Connection Sharing (ICS)
 DEPENDENCIES   : Netman
     : WinMgmt
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
Provides notifications for AutoPlay hardware events.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 0  IGNORE
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  : ShellSvcGroup
 TAG    : 0
 DISPLAY_NAME   : Shell Hardware Detection
 DEPENDENCIES   : RpcSs
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Loads files to memory for later printing.
 TYPE    : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS 
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\system32\spoolsv.exe
 LOAD_ORDER_GROUP  : SpoolerGroup
 TAG    : 0
 DISPLAY_NAME   : Print Spooler
 DEPENDENCIES   : RPCSS
 SERVICE_START_NAME: LocalSystem
 FAIL_RESET_PERIOD : 86400 seconds
 FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
     : Restart DELAY: 60000 seconds
     : None DELAY: 0 seconds

SERVICE_NAME: srservice
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 2  AUTO_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : System Restore Service
 DEPENDENCIES   : RpcSs
 SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Enables discovery of UPnP devices on your home network.
 TYPE    : 20 WIN32_SHARE_PROCESS
 START_TYPE   : 3  DEMAND_START
 ERROR_CONTROL   : 1  NORMAL
 BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
 LOAD_ORDER_GROUP  :
 TAG    : 0
 DISPLAY_NAME   : SSDP Discovery Service
 DEPENDENCIES   : HTTP
 SERVICE_START_NAME: NT AUTHORITY\LocalService

Sorry I never got the message that you had replied until ChrisRLG let me know. Please post a new log.

Hi

Please wait for grinler to post.

But the image.dll although giving you those error messages is not a real problem, and can be easily solved.

But those R0/R1 lines are a problem and your getservices log is abnormal for that infection. )Or at least those that I have seen). It might help grinler to have a second getservices log.

Grinler is an expert with that infection - so I will leave for him to assist you.

Because I already posted the HiJackthis log to Bleeping Computer, I am going to assume you want HiJackThis posted to this forum.  Chris also had me run GetServices which is posted in 4 parts above.

THE PROBLEM

Anytime I reboot my computer, I get a window (twice): Rundll with the error message:

Error loading C:\WINDOWS\Image.dll

The specified module could not be found.

THE OFFERED SOLUTION

You either are infected by spyware or you have used a spyware removal tool that only removed part of a nasty piece of spyware.  Download, install, update, and run Ad-Aware and Spybot and let these programs remove all of the garbage that they find.

http://www.lavasoftusa.com Ad-Aware

http://www.safer-networking.org/index.php?page=download Spybot

If these programs don't solve the problem, go to the following site and follow the directions to download and run the analysis tool called HijackThis.

http://tomcoyote.com/hjt/

Generate a log file, then open it and copy and paste the text of the log file in a message in one of the following forums:

http://subratam.org/
http://www.zerosrealm.com/forums/
http://www.bleepingcomputer.com/

where a certified HijackThis expert can offer advice on how to fix the problem:

Steve

THE LOG

Logfile of HijackThis v1.98.2
Scan saved at 2:06:20 PM, on 9/17/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Joe\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS\winxa\winxa.dll
O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\winxa\mssearch.dll (file missing)
O2 - BHO: SearchHookObject Class - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\winxa\msiesh.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://www106.coolsavings.com/download/cscmv5X.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned35.cab
O16 - DPF: {BB9BE2FF-06DB-47FA-BC0B-C7BB25348AC2} (CasinoLoader Control) - http://www.casinolasvegas.com/activex/casinoloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?322

 

We will just finish the fix here and I will close the topic on http://www.bleepingcomputer.com.

Download CWShredder from the below link and unzip it into a directory. Start CWShredder and click on the FIx button to have it remove all CWS infections it finds.

Download CWShredder from:

CWShredder Download Site

After you download the program, unzip it into a directory. Make sure all browser windows are closed and double click on the cwshredder.exe to start the program. When the program is loaded click on the "Check for Update" button, and if it finds an new version it will download it. You should then double click on cwshredder.exe again and click on the "FIX" button (not the "Scan only" button) and let it scan your computer.

A tutorial that goes over this process step by step can be found here:

CWShredder - How to remove CoolWebSearch with CWShredder

I did as requested and reboot - no rundll error message.

If I am done with this, thanks to Grinler and Chris.  I hope I don't have to bug you again.

Your welcome - sure Grinler will say the same.

One last log so I can give it the once over please

Logfile of HijackThis v1.98.2
Scan saved at 1:26:00 PM, on 9/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Joe\Desktop\reboot problem\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://www106.coolsavings.com/download/cscmv5X.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned35.cab
O16 - DPF: {BB9BE2FF-06DB-47FA-BC0B-C7BB25348AC2} (CasinoLoader Control) - http://www.casinolasvegas.com/activex/casinoloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?322
O17 - HKLM\System\CCS\Services\Tcpip\..\{C405339E-8609-4055-9505-904B86FFB1F0}: NameServer = 205.188.146.146