Recommended Tests

Is your  windows firewall enabled?

BTW:  That message on IPsec came back with this (Win2000, but probably applicable)
Event Message:

IPSec policy agent changed: parameter PolicySource: parameter parameter
Source    Event Log    Event ID    Event Type
Security    Security    615    Success Audit
Explanation:

This event record indicates that a local group account has been created.
Wait,  my stupid.  Your audit policy changed, not a local group creation. DisRegard. 
************
I have to go offline now but will be back tomorrow about the same time.  Will do some more research tomorrow (Back to work in 6 hours  .)    Could be a registry entry calling for a driver involved with that program you mentioned(Maybe)   Before you reinstall it, try cleaning out dead references in your registry.  If you have NortonSystemworks, run the WinDoctor and clean out the dead registry entries (could use one of the other regcleaners, maybe someone has a suggestion on this?)

69 RAT & cak46 :I'm still watching you work on this I just don't have anything to add

No problemo!   Get a bit punchy around 10:00 or so because I do this 8 or so hours a day at work too....
 
You are right!  It should not require a format and re-install, only time to find the solution.....  I have only had to reformat 2 systems in about 15 years of working with systems both professionally and privately.  Also, I agree that MS should at least give you the driver name so that you have something to go on  .  Microsoft just keeps barrelling along to the next op sys (Longhorn) rollout  which inevitably will be heavily bug-ridden, leaving a wake of buggy, mal-programmed, half-completed, massively patched operating systems for the world to endure. 
(Sorry, a bit of a tirade but MS has a long history of doing this )

I'll try to let it go and "enhance my calm".....

Here are a number of questions and things to do.   Have a few more, but should probably start here. 

A.)  Were the following entries in the Application log or the System log?
****************
Details
Product: Windows Operating System
ID: 26
Source: Application Popup
Version: 5.2
Symbolic Name: STATUS_LOG_HARD_ERROR
Message: Application popup: %1 : %2
   
Explanation
The program could not load a driver because the program user doesn't have sufficient privileges to access the driver or because the drive is missing or corrupt.

   
User Action
To correct this problem:

Ensure that the program user has sufficient privileges to access the directory in which the driver is installed.
Reinstall the program to restore the driver to the correct location.
If these solutions do not work, contact Product Support Services.

   
   
Version: 5.0
Symbolic Name: status_log_hard_error
Message: Unable to Load Device Driver : device driver could not be loaded.
   
Explanation
The program could not load a driver because the program user doesn't have sufficient privileges to access the driver or because the drive is missing or corrupt.

   
User Action
To correct this problem:

Reinstall the program to restore the driver to the correct location.
If these solutions do not work, contact Product Support Services.
*************
If they were both in one log, look at the other log to see if there is a corrosponding entry.  That entry might give us more info on the driver.  I can't remember, does it do the "object not found" error in safe mode as well?

Hijackthis:
1.)  Download and run Hijackthis and post the results (copy results and paste into a post)
This will sometimes show if there is a missing file or at least the registry calls.   We might see something there.  Here is the link:  http://www.majorgeeks.com/download3155.html

2.)  After doing #1 above, click on the misc tools button and check off "List also minor sections" and "List empty sections" then click on generate startup list.  The results will open in notepad.  Save it to your desktop and attach it to your next post.

3.)  Next, click on open hosts manager and take a peek.  Are there any entries there?  If there are, are there any that start with an IP address other than 127.0.0.1?
 
If you need additional help with these let me know.... Quite a bit to do  , but these will give me a better picture of what is running on your system, what programs, etc. execute at startup, if there are any redirectors in your hosts file, etc.  If this is too much crap to do, please let me know and we can try to pare it down a bit.  Good luck and will be watching for your posts.

OK. Here goes cak46. This is the main scan. I'll post the startup with the minor and empty settings in the next post. Oh by the by, the  127.0.0.1 is the only "local host" listed. I thought this was the dreaded "loop around IP?"

Logfile of HijackThis v1.99.1
Scan saved at 6:33:48 PM, on 6/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\HIJACK\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Dave's Search Results
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/OAS/ActiveX/winrep.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

Here's one for ya. I get this everytime I log off for the night. Now, the userenv is not listed in my services, so I can't config it the way they're saying to.  Now if you have some extra time, would you,,,,,,,,,,,,,,,,,,,,,,,,,,,,, Just kidding 

 Details
Product: Windows Operating System
ID: 1517
Source: Userenv
Version: 5.2
Symbolic Name: EVENT_HIVE_SAVED
Message: Windows saved user %1 registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
   
Explanation
Windows unloads each user's profile and user's section of the registry when the user logs off. This message indicates that Windows could not unload the user's profile because a program was referencing the user's section of the registry. This locked the profile. The registry cannot unload profiles that are locked and in use. When the program that is locking the profile is no longer referencing the registry, the profile will be unloaded.
 
   
User Action
No user action is required.
 
 

--------------------------------------------------------------------------------
 
 Related Knowledge Base articles
 You can find additional information on this topic in the following Microsoft Knowledge Base articles:
 • Warning error 1517 in Event Viewer after first restart
 Explains the presence of an event log warning that appears when you first restart the computer after you install Windows XP.
 • Troubleshooting profile unload issues
 When you log off a computer that is running Microsoft Windows Server 2003, Windows XP, Windows 2000, or Windows NT 4.0, you may experience one or more of the following symptoms: A user profile does not unload.A roaming profile does not...
 
 

Hi cak46: Yes I reinstalled Diskeeper Lite last night. I went to install my full version #9 Pro and it wouldn't work cause it's not for XP Pro So, I had a free copy of lite lying around, soooooooooooooooo, I put it in. Works fine alright for now.

Edit:I went to do a manual reg key remove(with the shmgrate.exe) and the keys don't exist  Wouldn't that mean that this "cootie" wouldn't run??

No, but a drink a few beers now and then

HeHe, little humor there. Note the edit above last post. I will check services now