I need some help or just need someone to confirm i have a security problem or confirm I am just paranoid, I have been trying to figure this out for over a month and have spent multiple hours looking up files etc. I had a person upgrade my ram and when he did it seems thats not all he upgraded,(He is a programmer/Softwear Engineer)I am not that computer literate and just have one pc that I pay an isp for service for. Prior to the upgrade I was running windows xp upgraded from ME, after he put the ram in I had gone from xp home to xp PRO and this acpi system showed up, in addition to that all of this nt stuff was on there, before windows XP loads a bunch of drivers and .dlls load that are something about WIndows Executive? After the upgrade I thought maybe if I just went back to xp home it would get rid of all the "extras". I discoveed a new partion had been made so I tried to fdisk it and reformat but I don't think I was ever getting a true dos prompt to do the format due to some disc controllers?? Although it did wipe out all my data like music, pics etc,the drivers from the stuff I think is NT related continued to load prior to windows, so I then updated my bios because there was alot of new stuff in there, I went to the manufactures site and got the latest bios flash, it got rid of the stuff in bios, but when I reloaded my webcam which is a USB port the driver I got from the manufacture of the cameras website loaded this driver for the cam it installed a whole program that is a .ink file, so I was compressing a video and some programs started running that didnt seem right, the name of the programs were FXSVC.EXE, HVIDEOS.exe, RUNDLL.EXE, IMGSTUD.EXE, In the process of looking these files up I came accross this link, I think this is where my bios is changing and comprising my security http://attrasoft.com/products/attraid/help.htm I have tried to apply the microsoft updates but I think something is hijacking my browser and what I download doesn't apprear to really be a microsoft fix, There are also alot of shared paths for my chat programs and videos and pictures and media in general. This is very disturbing although my online life isn't that exciting its a violation of my privacy I believe, My Objective here is to secure my computer,When I tried things like Black ICe, it would disable itself frequently and a new network connection was established one day I watched it all happen, it started delivering some packets it showed two connections running at the same time, I plan on trying to downgrade to Windows ME ( I realize there are security holes in that as well, maybe worse then xp) but its what I have the softwear to do with my keys, I want to try to restore my bios again but all of this advanced settings is in place, my plan to do that is find a utility that totally wipes everything clean from my harddrive before I do that I want to make sure my bios is how it was the day I purchased my pc and I know this sounds really out there but I don't believe I have control over my CD Drive or Floppy Drive, these don't appear to be regualar drivers they are all their own systems. I want to know if anyone can recommend a good cleaning utility and also if they think my plan will work here. I would also just like to know what someones motive would be to do this and if there is a way I can trace it back to them. Sorry this is so long but I have been looking at this computer stuff for multiples hours and just want a solution. Below is some additonal information about the ACPI and some of my hardware. Does anyone know what this stuff is?? Non Plug and Play Drivers AFD NEtworking SUpport Environment ASPI32 BEEP DMBOOT DMLOAD FLIPS FUTUREX GENERICPACKET CLASSIFIER ISPEC DRIVER KSECDD MNMDD MOUNTMGR NDIS SYSTEM DRIVER NDIS USERMODE I/O PROTOCOL NDPROXY NETBIOS OVER TCPIP NULL PARTMGR PARVDM RDPCDO REMOTE ACCESS AUTO CONNECTION DRIVER REMOTE ACCESS IP ARP DRIVER REMOTE ACCESS NDIS TAPI DRIVER TCP/IP PROTOCOL DRIVER VGASAVE VOLSNAP ZLPORTIO ALLOW USER ACCESS TO I/O PORTS SYSTEM DEVICES ACPI FIXED FEATURE BUTTON ACPI POWER BUTTON DIRECT MEMORY ACCESS CONTROLLER GENERIC BUS INTEL LPC INTERFACE CONTROLLER INTEL PCI BRIDGE INTEL SMBUS COTROLLER INTEL SYSTEM AND GRAPHICS CONTROLL INTEL AIM EXTERNAL TV ENCODER DRIVE 4 ISAPNP READ DATA PORT LOGICAL DISK MANAGER MICROCODE UPDATE DEVICE MICROSOFT ACPI COMPLIANT SYSTEM] MOTHERBOARD RESOURCES NUMERIC DATA PROCESSOR PCI BUS PLUG AND PLAY SOFTWEAR DEVICE ENULMERATOR PRINTER PORT LOGICAL INTERFACE PROGRAMMABLE INTERRUPT CONTROLLER SYSTEM BOARD SYSTEM CMOS/REAL TIME CLOCK SYSTEM SPEAKER TERMINAL SERVER DEVICE REDIRECTOR TERMINAL SERVER KEYBOARD DRIVER TERMINAL SERVER MOUSE DRIVER VOLUME MANAGER THERE IS ALSO A FLOPPY DISC DRIVE AND A FLOPPY DISK CONTROLERth For the FLOPPY DISC CONTROLLER THE DRIVER IS A .SYS FILE, THE DRIVER FOR THE FLOPPY DISC DRIVE IS A FLPYDSK.SYS FILE AS WELL uNDER nETWORK ADAPTERS i HAVE ONE BUT WHEN i CLICK THE HIDDEN VIEW IT BRINGS UP SIX MORE, STUFF LIKE MINIPORTS AND SEEMS LIKE NETWORKING STUFF uNDER ide ata/atapi cONTROLLERS i HAVE BUS MASTER IDE CONTROLER AS WELL AS A RIMARY IDE CHANNEL AND A SECONDARY CHANNEL Can the security of my bios settings be comprimsed by usb devices? All of these things seems to be media related (I think) Please enlighten me. Thanks so much.

You sure have a lot going on there, but honestly, a quick view of all programs you list, all seem to be related to a computer, now, if you want them there, is another story. Another partition is harmless, as most experienced people would use more than 1 partition anyway. The NT stuff belongs to XP. Assuming, he did OTHER THINGS then you would wise to reformat, BUT it's not clear what he did, if anything, than upgrading your RAM. So, your hard drive manuf web site will have a complete reformat utility. A good firewall like Zone Alarm PRO and spyware detection like AD AWARE and SPYBOT and good AV like NORTON and good AntiTrojan like TROJAN REMOVER, all updated when available, would be a good start to securing a PC. But, if you just reformat now and start clean, then download all those afterwards.

free trojin scan http://www.trojanscan.com/trojanscan/scanner.htm panda scan http://www.pandasoftware.es/activescan/ housecall http://housecall.trendmicro.com/housecall/start_corp.asp d/l mcafee,s stinger http://vil.nai.com/vil/stinger/ test my sheilds grc https://nanoprobe.grc.com/x/ne.dll?bh0bkyd2

Windows is not just one, big program. It is made of many programs operating in cooperation (ideally). In addition, Windows throws in "extras" with flashy names and new icons. After install most people throw half of it away. It's like the stuff you get with a new computer - colorful junk. Here is a good test if something is Windows candy or not. Search for it on Google. If it is, you will readily find that out. Just get an anti-virus program. Norton is fine, though there are free ones. You can even have it update itself automatically. Make sure you have a firewall. Do not bother paying for it unless you feel you must. Free firewalls accomplish the same tasks (in your case) as their paid alternatives. FYI, you do not use DOS prompts in WinXP, so do not expect to get one. There is a command prompt in Windows, but it is not a swiss army knife. Also, you sound a bit paranoid about your BIOS. Really, your BIOS is not the evil Hal-like component of your PC. Once it gives control to Windows, it is a slave device. And switching to ME? Think about what you are saying.

Maybe I am paranoid but I updated my bios again and put a password on and since I did that yesterday, the settings have changed, pci stuff has been changed, it seems my CDrom and floppy don't just load the softwear, I looked at the bios files on my computer but when I put it in my floppy new files had been added? How is this possible? I just want to truely start over and install softwear in the state its intended. The problem is I don't seem to be able to control anything on my own system. Anti virus and other utilties all seem to be modified so I went into system config and under my boot.ini this is what is there (bootloader), Timeout =30,dafault=multi(0)disk(0)rdisk(0)partition(2)\windows, (operating systems), multi(0)disk(0)rdisk(0)partition(2)\Windows="Microsoft Windows XP Professional"/fastdetect, Then I have the options of /SafeBoot, /Noguiboot, /Bootlog./BaseVideo, Sos, Under the general tab in sys config, it is checked to use modified boot.ini, The Servcies that are configured in there are Alerter, Application layered Gateway Service, Application Management, WIndows Audio, Background Intelligent Transfer, Computer Browser, Indexing Service, ClipBook, Com+System Application, Cryptographic Service, DHCP Client, Logical Disk Manager Administrative Service, Logical Disk Manager, DNS Client, Error Reporting Service, Event Log, Com + Event system, Fast User Switching Compatibility, Help and Support, IMAPI CD BUrning COM Service, Server, Workstation, TCP/IP NetBios Helper, Messanger, NetMeeting Remote Desktop Shareing, Distributed Transaction Coordinator, Windows Installer, Network DDE, Network DDE DSDM, Net Logon, Network Connections, Network Location Awareness, NT Security Support Provider, Removable Storage, Plug and Play, IPSEC Services, Protected Storage, Remote Access Auto COnnection Manager, Remote Access Connection Manager, Remote destop Help Session Manager, Remote Registry, Remote Procedure Call Locator, Remote Procedure Call, QOS RSVP, Security Accounts Manager, Smart Card Helper, Smart Card, Task Scheduler, Secondary Logon, System Event Notification, Internet Connection Firewall, Shell Hardware Detection, Print SPooler, System Restore Service, SSDP Discovery Service, WIndows Image Acquisition, MS Shadow Copy Provider, Performance Logs and Alerts, Telephony, Terminal Services, THemes, Telnet, Distributed Link Tracking Client, Upload Manager, Universal Plug and Play Device Host, Uninterrupible Power Supply, Vol. Shadow Copy, WIndows Time, WQebClient, Windows Management Instumentation, Portable Media Serial Number, Windows Management Instrumentation Driver, SMI Performance Adapter, Auto Updates, Wireless Zero Configuration. Which of these services can I disable? I have the option to disable all. Also I tried to go into safe mod, because I am no longer an administrator on my system lol and the password for administrator has been changed, There is also in MSCONF under the startup Tab it is called RECOVE~1, Under Command it says E:\Windows\Temp|recove~1.exe amd the Location is HTLM\SoftWare\Microsoft\WIndows|CurrentVersion\Run. Anyone have any ideas on how I can gain some control here? Oh last thing, the windows updates that I have been getting from microsoft I don't think are being applied,Under My windows files there are two folders that are in blue text, everything else is in black, they are called NTUninstallQ328310$ and $XPsp1hfm$, Under the update folder following is the text file that I found for setup information. [Version] Signature = "$Windows NT$" LanguageType = %LangTypeValue% NtBuildToUpdate = 2600 NtMajorVersionToUpdate = 5 NtMinorVersionToUpdate = 1 MaxNtBuildToUpdate = 2600 MaxNtMajorVersionToUpdate = 5 MaxNtMinorVersionToUpdate = 1 MinNtServicePackVersion = 256 MaxNtServicePackVersion = 256 ThisServicePackVersion = 256 CatalogFile = %SP_SHORT_TITLE%.cat [JVMStage.DirId] DirId = 65628 CustomFunction=SpCustom.dll,GetJVMStage InstallFromSection = JVMInstall InstallStage = BeforeArchive CopyFlags = SP_COPY_FORCE_NEWER [ProductCatalogsToInstall] %SP_SHORT_TITLE%.cat, update\%SP_SHORT_TITLE%.cat [ProductInstall.ReplaceFilesIfExist] CopyFiles=Cache.files CopyFiles=AppPatch.Files [ProductInstall.DontDelayUntilReboot] CopyFiles=MustReplace.System32.files [ProductInstall.GlobalRegistryChanges.Install] AddReg=Product.Add.Reg [ProductInstall.GlobalRegistryChanges.ReInstall] AddReg=Product.Add.Reg [Save.Reg.For.Uninstall] HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE% HKLM,SOFTWARE\Microsoft\Updates\Windows XP\SP%SERVICE_PACK_NUMBER%\%SP_SHORT_TITLE% [Product.Add.Reg] HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE%,"Installed",0x10001,1 HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE%,"Comments",0,%COMMENT% HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE%,"Backup Dir",0,"" HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE%,"Fix Description",0,%COMMENT% HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE%,"Installed By",0,"" HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE%,"Installed On",0,"" HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE%,"Service Pack",0x10001,%SERVICE_PACK_NUMBER% HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE%,"Valid",0x10001,1 HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE%\File 1\,"Flags",0,"" HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE%\File 1\,"New File",0,"" HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE%\File 1\,"New Link Date",0,"" HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\%SP_SHORT_TITLE%\File 1\,"Old Link Date",0,"" [DestinationDirs] MustReplace.System32.files=11 ; %windir%\system32 (don't delay until reboot) Cache.files=65619 ; %windir%\system32\DllCache (replace if exist) JVMStage = 65628 ; set by JVMStage.DirId AppPatch.Files=10,AppPatch [MustReplace.System32.files] user32.dll win32k.sys winsrv.dll [Cache.files] sysmain.sdb user32.dll win32k.sys winsrv.dll [AppPatch.Files] sysmain.sdb [ArchiveCatalogFilesOnly] %SP_SHORT_TITLE%.cat [SourceDisksNames] 1=%ServicePackSourceFiles% [SourceDisksFiles] sysmain.sdb=1 user32.dll=1 win32k.sys=1 winsrv.dll=1 [UninstallSections] GlobalRegistryChanges, GlobalRegistryChanges.UnInstall Add.Reg, Add.Reg.Uninstall Del.Reg, Del.Reg.Uninstall [Strings] SP_TITLE="Windows XP Hotfix (SP2) Q328310" BUILDTIMESTAMP=20021122.122733 LANGTYPEVALUE=0x09 SP_SHORT_TITLE="Q328310" SERVICE_PACK_NUMBER=2 COMMENT="Windows XP Hotfix (SP2) Q328310" SERVICEPACKSOURCEFILES="Windows XP Hotfix Source Files" [Configuration] InstallationType = Hotfix InstallLogFileName = %SP_SHORT_TITLE%.log UnInstallLogFileName = %SP_SHORT_TITLE%Uninst.log UnInstallDirName = $NtUninstall%SP_SHORT_TITLE%$ EventLogKeyName = NtServicePack EventLogDllName = spmsg.dll Any Help is sure Appreciated!!

Go to this link and see what you can DISABLE or set to AUTOMATIC or set to MANUAL in SERVICES. http://blackviper.com/WinXP/servicecfg.htm You certainly CANNOT disable them all. Like PLUG AND PLAY or RPC, if you disabled, then your PC would not boot, so don't do that. You mentioned your WIN updates may be not updating, but I can see some in your posted logs. Paranoia, is not anything to apologize for, where safe computing is concerned. You mentioned wanting to start over, well that's a format and reinstall of Windows. Anyone I've known (not many) who has ever had a trojan, would always want to reformat, as they felt they would always worry if they are clean, and with that attitude, that was the best course of action for them, however, you have to decide for yourself.

Just reinstall Windows with a disk format. And do not bother your BIOS unless it bothers you.