C:\Documents and Settings\kevin.c.mcmenamin\Desktop\HijackThis.exe
put
HijackThis in e.g
C:\Program Files\HJT and
NOT on the Desktop!.
You are the only one who can decide what to do with those entries between the dotted lines.
I would TickMark every single one of them!
Definitely fix the O18, O20 and O23.
Boot in Safe Mode, see how here.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Next, open Windows Task Manager by pressing
CTRL+ALT+DELETE.
Click the
Processes tab, select the process (if there) and click
End Process for:
acnupdatersvc.exe
Next, click Start/Run and type
services.msc and click OK. Look for the service:
acnupdatersvc.exe
Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.
Next, click on Start/Run and type in (followed by press Enter):
regsvr32 /u C:\WINDOWS\SYSTEM32\WiNcLogon.dll
Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
https://portal.accenture.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = itgproxy.redmond.corp.microsoft.com:80
O14 - IERESET.INF: START_PAGE_URL=https://portal.accenture.com
O15 - Trusted Zone: *.accenture.com
O15 - Trusted Zone: *.accenture.com (HKLM)
Fix ALL your O16 - DPF: entries
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = redmond.corp.microsoft.com
O17 - HKLM\Software\..\Telephony: DomainName = redmond.corp.microsoft.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = redmond.corp.microsoft.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = gsm1900.org,accenture.com,dir.svc.accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = gsm1900.org,accenture.com,dir.svc.accenture.com
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WiNcLogon - C:\WINDOWS\SYSTEM32\
WiNcLogon.dll
O23 - Service: ACNUSvc - - c:\program files\
acnu\acnupdatersvc.exe
...................................................................................................
Now click on the
Fix Checked button in HJT. Exit HJT.
When done, from between the above dotted lines, delete the highlighted
bold files.
When a \
directory-name\ is
bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Rightclick IE on the desktop, select Properties, click on
Delete Cookies, and
Delete Files.
Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
XP only: Delete ALL files from C:\WINDOWS\Prefetch.
Boot normal. When all OK, switch System Restore back on.
LSPFIX
To fix, see
Broken Internet access with xxx.dll
and substitute xfire_lsp_8742.dll with "your" missing file name.
Do NOT delete ANY other files!
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
Uninstalling that M$-firewall should also solve it!
Finally, go and install XP/SP2 and then go over to the Gates-Company and kick some serious A S S!
