Thanks for telling me what to do so far. I downloaded the hijack this and here is my "generate startup list". Hope you can help me furthermore. Here it is:
StartupList report, 2/15/2006, 2:11:02 PM
StartupList version: 1.52.2
Started from : E:\Desktop Dumps\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Netscape Online\ICC\NetscapeCC.exe
C:\Program Files\Netscape Online Accelerator\slipaccel.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
E:\Desktop Dumps\HijackThis.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SystemTray = SysTray.Exe
MCUpdateExe = C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
MCAgentExe = C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Netscape Online Accelerator\PBHelper.dll - {4115122B-85FF-4DD3-9515-F075BEDE5EB5}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Tune-up Application Start.job
--------------------------------------------------
Enumerating Download Program Files:
[Hewlett-Packard Online Support Services]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\HPISDataManager.dll
CODEBASE =
https://h20278.www2....DataManager.CAB[VerifyGMN Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\hpobjinstaller_gmn.dll
CODEBASE =
http://h20270.www2.h...staller_gmn.cab[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\system32\mcinsctl.dll
CODEBASE =
http://download.mcaf...01/mcinsctl.cab[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE =
http://messenger.msn...pDownloader.cab[DwnldGroupMgr Class]
InProcServer32 = C:\WINDOWS\system32\McGDMgr.dll
CODEBASE =
http://download.mcaf...,23/mcgdmgr.cab--------------------------------------------------
Enumerating Winsock LSP files:
Protocol #1: C:\PROGRA~1\NETSCA~2\sliplsp.dll
Protocol #2: C:\PROGRA~1\NETSCA~2\sliplsp.dll
Protocol #3: C:\PROGRA~1\NETSCA~2\sliplsp.dll
Protocol #9: C:\PROGRA~1\NETSCA~2\sliplsp.dll
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
End of report, 4,965 bytes
Report generated in 1.261 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only