[peterm]

Every time you start your computer it makes a backup of the registry
the command Dave gave you just forces a new one so you know it is good.
What are the symptons on the monitor ( to long ago to remember)

[Advertisements]

can you see any program called shields up
Once you have run the reg cleaner Dave gave you and are happy with it all(once EVERYTHING is clean)
I would look at using the free virus scanner from CA that Kat gave you.
I have been using the OZ version for over 10years it is very good.
Make sure you do not run 2 anti virus protectors at the same time

Edited by peterm, 14 September 2005 - 12:33 PM.

[peterm]

can you see any program called shields up
Once you have run the reg cleaner Dave gave you and are happy with it all(once EVERYTHING is clean)
I would look at using the free virus scanner from CA that Kat gave you.
I have been using the OZ version for over 10years it is very good.
Make sure you do not run 2 anti virus protectors at the same time

Edited by peterm, 14 September 2005 - 12:33 PM.

[totianni]

Every time you start your computer it makes a backup of the registry
the command Dave gave you just forces a new one so you know it is good.

Is it necessary to back it up everytime I start it. I saw the /autorun in MSCONFIG. Is it okay to disable it? I never had so much stuff running in MSCONFIG.

What are the symptons on the monitor ( to long ago to remember)

Monitor looks like I have rabbit ears and bad reception. Mostly I have horizontal lines, but have noticed vertical lines on occasion (after I installed the System Restore fix, the reboot stalled and locked up with vertical lines on black screen -- it looked like a pinstriped suit).

can you see any program called shields up

No, don't see any "Shields Up"

Once you have run the reg cleaner Dave gave you and are happy with it all(once EVERYTHING is clean)
I would look at using the free virus scanner from CA that Kat gave you.
I have been using the OZ version for over 10years it is very good.
Make sure you do not run 2 anti virus protectors at the same time

I have a subscription to McAfee through my isp. Do you think the CA Virus Scanner is better. I also have McAfee Firewall. I find that McAfee uses alot of resources and loads alot of things in startup. It is the only one I'm running right now. Does it matter if it is running when I use another virus scanner? What about the on-line versions, like TrendMicro, Panda, etc.?

[peterm]

The computer automatically makes a backup of the reg file - not you
It keeps a list of the last 5 boots
DO NOT use more then 1 virus scanner

[totianni]

The computer automatically makes a backup of the reg file - not you

I thought this line:

ScanRegistry C:\windows\scanregw.exe /autorun

was creating the backup of the registry. I didn't realize there were automatic backups.

While I'm asking about MSCONFIG, can you tell me what SSDPSRV is?

==================================================

I have installed the System Restore fix and set a Restore Point, Restored the Point and it WORKED! Unbelievable!

I have backed up the registry and am in the process of trying to run RegSeeker, but when I tried to install the FixAddRemove, I got an error message that it was not a registry file and could not be imported.

Have to run, but will try again in a few hours. Thanks.

Edited by totianni, 14 September 2005 - 02:30 PM.

[totianni]

Now open Add/Remove programs and see if it works. You don't have to actually allow an uninstallation, just see if it starts.

You mean Add/Remove Programs on the Control Panel, right?

[peterm]

You mean Add/Remove Programs on the Control Panel, right? 

yes

and the scanreg you ran was just to force a backup without restarting

[totianni]

Edited by totianni, 15 September 2005 - 12:07 PM.

[totianni]

I ran RegSeeker, but I can't seem to get a few entries to delete. I've run it about a dozen times and they keep coming up. It didn't seem to find all the entries from MicroWorld either.

I attached the new log file from MicroWorld and this is the list of errors it produced:

Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\SYSTEM\sporder.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HDPlugin1015.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WEBnewszine.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\dcainst.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\Preloader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MiniBugTransporter.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\McUpdatePortal.dll". Action Taken: No Action Taken.

Why doesn't it list all the errors from the huge log in this window?

Edited by totianni, 15 September 2005 - 12:14 PM.

[noahdfear]

1. My Antivirus/Firewall recommendations are the same as Kat and peterm........eTrust. It's much easier on the system resources and gives good protection. I've been using it since I tossed out Norton in 2001, and have nothing but good to say about it. You should only have one AV/Firewall installed and running at any time. They will often conflict with each other. Running periodic online virus scans in addition to your onboard scanner is a good habit, and recommended.

2. LeakTest.exe is generally associated with a firewall testing application. If you have not used it, can you tell us the location of the file on your system, and possibly locate, zip and send me a copy?

3. Click Start>run and paste the following command (including quotes), then hit enter.

regedit.exe /e c:\Module.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage"

It will create C:\Module.txt..........please post the contents of that log.

4. Run a 'clean registry' scan in RegSeeker, select all twice, then right click the results and select export. Open the RegSeeker folder, then the backup folder. Locate the registry 'clean' backup file for the current date/time, right click and select edit to open it in notepad. Copy and post the contents here.

5. The presence of Altnet usually suggets that Kazaa is installed. Do you or did you have Kazaa? Please download the attached Altnet.zip file to your desktop, extract it to it's own folder, then open and run the Altnet.bat file. It will create Altnet.txt within the same folder. Please post it's contents.

6. Are you comfortable with editing the registry?

7. Please save an MWAV scan log and either attach it to an email to me or to a post here.

8. Please check for the presence of any of the following files in both C:\Windows and C:\Windows\system32 and let us know if any are present.

• delprot.ini
• delprot.log
• desktop.exe
• isrvs (folder)

9. Please post a new HijackThis log.

[totianni]

1. I went to Kat's eTrust link and they are offering a deal on the Internet Security Suite for 2 years. It had a note about extended something in order to be able to download it for the entire subscription period. Shouldn't you be able to do that anyway, once you've purchased it? Also wanted to ask if it can be downloaded to a cd and if you can tell me what to run to write to my cd drive. I had Plextor, but it never worked right and I can't even get it to load anymore. I also had Nero, but never could get it to work either. Tried desperately when everything went crazy. Is there a reliable freeware program available?

Edited by totianni, 15 September 2005 - 09:07 PM.

[totianni]

2. LeakTest - I'm really not sure if it has been run. It is located on my desktop at C:\WINDOWS\Desktop\LeakTest.exe and I will try to zip it and send it to you. Sorry, couldn't zip the file. Got the following "report" when I tried:

Action: Add (and replace) files Include subfolders: no Save full path: no
Include system and hidden files: yes
Adding LeakTest.exe
Warning: could not open for reading: C:\WINDOWS\Desktop\LeakTest.exe
copying Zip file

[totianni]

3. REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM/quartz.dll]
".Owner"="{DC38CC31-4E3B-11d1-9071-0060081840BC}"
"{DC38CC31-4E3B-11d1-9071-0060081840BC}"="{DC38CC31-4E3B-11d1-9071-0060081840BC}"
"{4112DF42-0DCB-11d1-8177-00AA00576BAD}"="{4112DF42-0DCB-11d1-8177-00AA00576BAD}"
"{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"="{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
"ATIDVDPlayer"="ATIDVDPlayer"
"CreateShare2"="CreateShare2"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM/danim.dll]
".Owner"="{DC38CC31-4E3B-11d1-9071-0060081840BC}"
"{DC38CC31-4E3B-11d1-9071-0060081840BC}"="{DC38CC31-4E3B-11d1-9071-0060081840BC}"
"ATIDVDPlayer"="ATIDVDPlayer"
"CreateShare2"="CreateShare2"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM/ddrawex.dll]
".Owner"="{DC38CC31-4E3B-11d1-9071-0060081840BC}"
"{DC38CC31-4E3B-11d1-9071-0060081840BC}"="{DC38CC31-4E3B-11d1-9071-0060081840BC}"
"22d6f312-b0f6-11d0-94ab-0080c74c7e95"="22d6f312-b0f6-11d0-94ab-0080c74c7e95"
"ATIDVDPlayer"="ATIDVDPlayer"
"CreateShare2"="CreateShare2"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/wupdmgr.exe]
".Owner"="Unknown Owner"
"{CEBC955E-58AF-11D2-A30A-00A0C903492B}"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM/wuv3is.dll]
".Owner"="Unknown Owner"
"{CEBC955E-58AF-11D2-A30A-00A0C903492B}"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM/sporder.dll]
".Owner"="Unknown Owner"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM/iuengine.dll]
".Owner"="{9F1C11AA-197B-4942-BA54-47A8489BB47F}"
"{9F1C11AA-197B-4942-BA54-47A8489BB47F}"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM/iuctl.dll]
".Owner"="{9F1C11AA-197B-4942-BA54-47A8489BB47F}"
"{9F1C11AA-197B-4942-BA54-47A8489BB47F}"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/DOWNLOADED PROGRAM FILES/ymmapi.dll]
".Owner"="Unknown Owner"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/PROGRAM FILES/YAHOO!/COMPANION/ycomp5_1_3_0.dll]
".Owner"="Unknown Owner"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1015.dll]
".Owner"="{DBAE7000-01EC-4162-8FEB-8A27AC937CA0}"
"{DBAE7000-01EC-4162-8FEB-8A27AC937CA0}"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/DOWNLOADED PROGRAM FILES/GrooveAX.dll]
".Owner"="Unknown Owner"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM/MSSTKPRP.DLL]
".Owner"="Unknown Owner"
"{9B1489B1-58D3-11BD-B52D-0000E839A1CB}"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM/MSINET.OCX]
".Owner"="{9B1489B1-58D3-11BD-B52D-0000E839A1CB}"
"{9B1489B1-58D3-11BD-B52D-0000E839A1CB}"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WEBnewszine.ocx]
".Owner"="{9B1489B1-58D3-11BD-B52D-0000E839A1CB}"
"{9B1489B1-58D3-11BD-B52D-0000E839A1CB}"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/miniclipGameLoader.dll]
".Owner"="{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}"
"{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dcainst.dll]
".Owner"="{93EFDAB8-8800-4896-B428-76F943140E1B}"
"{93EFDAB8-8800-4896-B428-76F943140E1B}"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Preloader.dll]
".Owner"="{084F552D-19EB-4668-9788-984CBC781A8F}"
"{084F552D-19EB-4668-9788-984CBC781A8F}"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MiniBugTransporter.dll]
".Owner"="{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}"
"{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/McUpdatePortal.dll]
".Owner"="{5F0C30E4-1E72-4DCC-85E5-57810F1CA97B}"
"{5F0C30E4-1E72-4DCC-85E5-57810F1CA97B}"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM/msvcrt.dll]
".Owner"="Unknown Owner"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM/mfc42.dll]
".Owner"="Unknown Owner"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM/olepro32.dll]
".Owner"="Unknown Owner"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/patchw32.dll]
".Owner"="Unknown Owner"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/runtsckl.exe]
".Owner"="Unknown Owner"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/tmupdate.ini]
".Owner"="Unknown Owner"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/aucfg.ini]
".Owner"="Unknown Owner"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/loadhttp.dll]
".Owner"="Unknown Owner"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM/msvcp60.dll]
".Owner"="Unknown Owner"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/TSC.ini]
".Owner"="Unknown Owner"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/RMAgentOutput.dll]
".Owner"="Unknown Owner"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/dllTSCLIBMT.dll]
".Owner"="Unknown Owner"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM/atl.dll]
".Owner"="Unknown Owner"

[totianni]

4. RegSeeker (There are a few new entries here now)

REGEDIT4

[HKEY_CLASSES_ROOT\.pdf]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.EXE\OpenWithList]
"c"="WINZIP32.EXE"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ufo\OpenWithList]
"c"="PSP.EXE"

[HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications]

[HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\AOM]

[HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\AOM\Settings]

[HKEY_LOCAL_MACHINE\Software\McAfee.com\Agent\Update\ResultLog]
"Log#030"="9/15/2005 7:08:58 PM - CHandler::CreateHandlersWithPriority: Adding senddata handler of c:\\program files\\mcafee.com\\agent\\mcscentr.adf to the list"

[HKEY_LOCAL_MACHINE\Software\McAfee.com\Agent\Update\ResultLog]
"Log#033"="9/15/2005 7:08:59 PM - Priority: ASYNCHRONOUS; HandlerName: SendData (c:\\program files\\mcafee.com\\agent\\app\\vso.adf); ResultCode: 8 (DATA_SENT)"

[HKEY_LOCAL_MACHINE\Software\McAfee.com\Agent\Update\ResultLog]
"Log#034"="9/15/2005 7:09:00 PM - Priority: ASYNCHRONOUS; HandlerName: SendData (c:\\program files\\mcafee.com\\agent\\mcscentr.adf); ResultCode: 8 (DATA_SENT)"

[HKEY_LOCAL_MACHINE\Software\McAfee.com\Agent\Update\ResultLog]
"Log#094"="9/15/2005 2:15:52 PM - CHandler::CreateHandlersWithPriority: Adding senddata handler of c:\\program files\\mcafee.com\\agent\\mcscentr.adf to the list"

[HKEY_LOCAL_MACHINE\Software\McAfee.com\Agent\Update\ResultLog]
"Log#097"="9/15/2005 2:15:53 PM - Priority: ASYNCHRONOUS; HandlerName: SendData (c:\\program files\\mcafee.com\\agent\\app\\vso.adf); ResultCode: 8 (DATA_SENT)"

[HKEY_LOCAL_MACHINE\Software\McAfee.com\Agent\Update\ResultLog]
"Log#098"="9/15/2005 2:15:54 PM - Priority: ASYNCHRONOUS; HandlerName: SendData (c:\\program files\\mcafee.com\\agent\\mcscentr.adf); ResultCode: 8 (DATA_SENT)"

[HKEY_LOCAL_MACHINE\Software\McAfee.com\Agent\Update\ResultLog]
"Log#095"="9/15/2005 2:15:52 PM - CHandler::CreateHandlersWithPriority: NOT Adding update handler of c:\\program files\\mcafee.com\\agent\\mcscentr.adf to the list because the desired priority does not match"

[HKEY_LOCAL_MACHINE\Software\McAfee.com\Agent\Update\ResultLog]
"Log#031"="9/15/2005 7:08:58 PM - CHandler::CreateHandlersWithPriority: NOT Adding update handler of c:\\program files\\mcafee.com\\agent\\mcscentr.adf to the list because the desired priority does not match"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Administrative Tools"="C:\\WINDOWS\\Start Menu\\Programs\\Administrative Tools"

[HKEY_USERS\.DEFAULT\Software\Local AppWizard-Generated Applications]

[HKEY_USERS\.DEFAULT\Software\Local AppWizard-Generated Applications\AOM]

[HKEY_USERS\.DEFAULT\Software\Local AppWizard-Generated Applications\AOM\Settings]

[totianni]

5. My husband bought me this system from someone. They did a quick clean, but I remember seeing kazaa. I'm pretty sure I had uninstalled it through Add/Remove.

Downloaded the attached Altnet.zip file to my desktop, extracted it to it's own folder, then opened and ran the Altnet.bat file.

Here's the Altnet.txt: This program needs Windows NT 4.0 to run!

6. No problem editing the registry. I have a few backups, but would need a little assistance restoring an old one, if . . .

7. MWAV log is on it's way. I had trouble trying to attach it this afternoon. I'll try here one more time. If I still can't, I'll email it to you. I tried again. I got an Alert: The document contains no data. The document is several pages long. I will email it to you. I just need an email address. Please PM me.

8. In C:\Windows\System, I have a desktop icon and desktop config settings and also have the desktop config settings in \system32. Did a search of my drive and found none of the files anywhere.

9. Logfile of HijackThis v1.99.1
Scan saved at 10:02:57 PM, on 9/15/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHLD9X.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\OASCLNT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCUPDMGR.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPWARESE2.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCUPDUI.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS VER1.99.1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MCTskShd] C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [mcupdmgr.exe] C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCUPDMGR.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [McShld9x] C:\Program Files\McAfee.com\VSO\mcshld9x.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab

This certainly was an assignment. I hope I got it all!

Thank you for getting it all down at once. Even though it was alot to address, it's easier to just be able to keep plugging and posting instead of having to wait for the next step.

That being said, guess I'm now waiting for the next step . . . .

Edited by totianni, 15 September 2005 - 09:26 PM.