My computers giving me all kinds of warnings about critical system errors. Logfile of HijackThis v1.99.1 Scan saved at 5:27:34 PM, on 10/29/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\VideoKeyCodec\isamonitor.exe C:\Program Files\VideoKeyCodec\isamini.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\VideoKeyCodec\pmsngr.exe C:\Program Files\VideoKeyCodec\pmmon.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\COMMON~1\AOL\111093~1\EE\AOLHOS~1.EXE C:\PROGRA~1\COMMON~1\AOL\111093~1\EE\AOLServiceHost.exe C:\Documents and Settings\James\My Documents\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\3mra2958.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\3mra2958.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - C:\Program Files\VideoKeyCodec\isaddon.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Program Files\VideoKeyCodec\iesplugin.dll O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1110938150\EE\AOLHostManager.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4367/mcfscan.cab O18 - Filter: text/html - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\WINDOWS\System32\wdmen.dll O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - C:\WINDOWS\System32\rrtcany.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
There is more than this that need to be fixed, but this will get rid of the fake errors. Download SmitfraudFix.zip to the desktop from here * Extract the files to the desktop. [bold]Note[/bold]: Print or copy these instructions to Notepad and save them. You will be in safe mode and can't access the internet. * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Open the SmitFruadFix folder. * Double-click smitfraudfix.cmd * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt. Post back with the contents of rapport.txt and a new HijackThis log.
Well that got rid of the fake errors. Anything else that might help would be welcome. Thanks for all the help so far. SmitFraudFix v2.117 Scan done at 0:24:29.80, Mon 10/30/2006 Run from C:\Documents and Settings\James\Desktop\Smitfraudfix\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{27321538-5739-4aa1-b84c-7d18e4383f1f}"="ferrateen" [HKEY_CLASSES_ROOT\CLSID\{27321538-5739-4aa1-b84c-7d18e4383f1f}\InProcServer32] @="C:\WINDOWS\System32\rrtcany.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{27321538-5739-4aa1-b84c-7d18e4383f1f}\InProcServer32] @="C:\WINDOWS\System32\rrtcany.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\rrtcany.dll Deleted C:\DOCUME~1\ALLUSE~1.WIN\Desktop\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1.WIN\Desktop\Security Troubleshooting.url Deleted C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Security Troubleshooting.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Logfile of HijackThis v1.99.1 Scan saved at 12:32:41 AM, on 10/30/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe C:\WINDOWS\System32\devldr32.exe C:\PROGRA~1\COMMON~1\AOL\111093~1\EE\AOLHOS~1.EXE C:\PROGRA~1\COMMON~1\AOL\111093~1\EE\AOLServiceHost.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\program files\mcafee.com\shared\mghtml.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Documents and Settings\James\My Documents\hijackthis\HijackThis.exe N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\3mra2958.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\3mra2958.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1110938150\EE\AOLHostManager.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4367/mcfscan.cab O18 - Filter: text/html - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\WINDOWS\System32\wdmen.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
You do not have Service Pack 1 or 2 for XP--a major security issue. Go and update to SP1a, but do [bold]not[/bold] download SP2 until we know you're clean. Run a scan only with HijackThis, check these: [bold]O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - [/bold] Click "Fix checked". Go to Jotti's malware scan. Copy/Paste this file into "File to upload and scan". [bold]C:\WINDOWS\System32\wdmen.dll[/bold] Click Submit. Copy/paste the results to Notepad and save them. Then, go here and run ActiveScan. When it finishes, save the results. Post back with the Jotti results, the ActiveScan log and a new HijackThis log.
I'm not sure which service pac I currently have. I think it may be 1 kind of been a while, i'd say about 4 or 5 five years since i installed it. I tried uploading and scanning C:\WINDOWS\System32\wdmen.dll. The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file Activescan Incident Status Location Adware:adware/nowfind Not disinfected c:\windows\system32\cidft.dll Adware:adware/kingporn Not disinfected c:\windows\system32\uninstidctr.exe Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys Potentially unwanted tool:application/altnet Not disinfected c:\program files\Altnet Potentially unwanted tool:application/need2find Not disinfected c:\program files\Need2Find Adware:adware/cydoor Not disinfected c:\windows\cdmxtras Adware:adware/clickalchemy Not disinfected Windows Registry Spyware:Cookie/VirusBurst Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies-1.txt[www.virusburst.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies-1.txt[.atwola.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies-1.txt[.realmedia.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies-1.txt[.apmebf.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies-1.txt[.belnk.com/] Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies-1.txt[.maxserving.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies-1.txt[landing.domainsponsor.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies-1.txt[.go.com/] Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies-1.txt[.tickle.com/] Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies-1.txt[rightmedia.net/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies-3.txt[.adultfriendfinder.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies-4.txt[.adultfriendfinder.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies-5.txt[.adultfriendfinder.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies-6.txt[.adultfriendfinder.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies-7.txt[.adultfriendfinder.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies.txt[.outster.com/] Spyware:Cookie/VirusBurst Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies.txt[www.virusburst.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies.txt[.atwola.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies.txt[.apmebf.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies.txt[.belnk.com/] Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies.txt[.maxserving.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies.txt[landing.domainsponsor.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies.txt[.go.com/] Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies.txt[.tickle.com/] Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\kzdlaphu.default\cookies.txt[rightmedia.net/] Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\James\Application Data\Phoenix\Profiles\default\ugdho76w.slt\cookies.txt[.tickle.com/] Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\James\Cookies\james@outster[2].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Downloads\Programs\Smitfraudfix\SmitfraudFix\SmitfraudFix\Process.exe Possible Virus. Not disinfected C:\Downloads\Programs\Smitfraudfix\SmitfraudFix\SmitfraudFix\swsc.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Downloads\Programs\Smitfraudfix\SmitfraudFix.zip[SmitfraudFix/Process.exe] Possible Virus. Not disinfected C:\Downloads\Programs\Smitfraudfix\SmitfraudFix.zip[SmitfraudFix/swsc.exe] Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Program Files\Kazaa\bdcore.dll Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Need2Find\bar\1.bin\N2PLUGIN.DLL Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-1078081533-854245398-1060284298-1002\Dc9\pmmon.exe Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\WINDOWS\system32\P2P Networking v126.cpl Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe Possible Virus. Not disinfected C:\WINDOWS\system32\swsc.exe Logfile of HijackThis v1.99.1 Scan saved at 2:32:29 AM, on 10/30/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe C:\WINDOWS\System32\devldr32.exe C:\PROGRA~1\COMMON~1\AOL\111093~1\EE\AOLHOS~1.EXE C:\PROGRA~1\COMMON~1\AOL\111093~1\EE\AOLServiceHost.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\program files\mcafee.com\shared\mghtml.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\James\My Documents\hijackthis\HijackThis.exe N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\3mra2958.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\3mra2958.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1110938150\EE\AOLHostManager.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4367/mcfscan.cab O18 - Filter: text/html - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\WINDOWS\System32\wdmen.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Go here first to download and install SP1a. http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx Then, download Ad-Aware if you do not have it. After installing when asked to update leave checked. Click Scan now. Check "Preform full system scan". Click Next. After scanning select all entries and click Quarantine. Click next and confirm. Restart your computer. Open HijackThis. Click "Open the misc tools section". Click "Open Uninstall Manager". Click "Save list" and save to the desktop. Post back with the uninstall list and a new HijackThis log.
Wasn't able to install SP1a. Says that I have an invalid product key. Ad-Aware SE Personal Adobe Flash Player 9 ActiveX Adobe Reader 6.0 America Online (Choose which version to remove) AOL Connectivity Services ATI Display Driver AVG Anti-Spyware 7.5 Broadxent V.92 PCI DI3631-1 Charter High-Speed™ Self-Installation Charter Pipeline® Self-Installation Diablo II Easy CD Creator 5 Platinum Gem Mine Half-Life Half-Life: Counter-Strike HijackThis 1.99.1 hp deskjet 940c series (Remove only) InetDctr Internet Explorer Q818529 J2SE Runtime Environment 5.0 Update 2 Java 2 Runtime Environment, SE v1.4.1_02 Java Runtime Environment 1.1 Kazaa 3.2.6 Kazaa Media Desktop 2.1.1 KODAK Picture CD Logitech iTouch Software Logitech MouseWare 9.71 Macromedia Shockwave Player McAfee SecurityCenter McAfee VirusScan Professional Mozilla Firefox (1.5) Need2Find Bar Netscape (7.1) Panda ActiveScan Pure Networks Port Magic QuickTime RealPlayer Basic Security Task Manager 1.7 Serious Sam: The Second Encounter Shanghai Dynasty Sierra Utilities Spybot - Search & Destroy 1.3 Unreal Tournament G.O.T.Y. Edition USB Driver Viewpoint Media Player Winamp (remove only) Windows XP Application Compatibility Update[Q319580] Windows XP Hotfix - KB821557 Windows XP Hotfix - KB823559 Windows XP Hotfix - KB823980 Windows XP Hotfix (SP1) [See Q309521 for more information] Windows XP Hotfix (SP1) [See Q311889 for more information] Windows XP Hotfix (SP1) [See Q311967 for more information] Windows XP Hotfix (SP1) [See Q313450 for more information] Windows XP Hotfix (SP1) [See Q314862 for more information] Windows XP Hotfix (SP1) [See Q315000 for more information] Windows XP Hotfix (SP1) [See Q315403 for more information] Windows XP Hotfix (SP1) [See Q317277 for more information] Windows XP Hotfix (SP1) [See Q318138 for more information] Windows XP Hotfix (SP1) [See Q323172 for more information] Windows XP Hotfix (SP1) [See Q324096 for more information] Windows XP Hotfix (SP1) [See Q324380 for more information] Windows XP Hotfix (SP1) [See Q326830 for more information] Windows XP Hotfix (SP1) [See Q329048 for more information] Windows XP Hotfix (SP1) [See Q329390 for more information] Windows XP Hotfix (SP1) [See Q329441 for more information] Windows XP Hotfix (SP1) Q328310 Windows XP Hotfix (SP1) Q329170 Windows XP Hotfix (SP1) Q331953 Windows XP Hotfix (SP1) Q810577 Windows XP Hotfix (SP1) Q811493 Windows XP Hotfix (SP1) Q815021 Windows XP Hotfix (SP1) Q817606 Windows XP Hotfix (SP2) [See Q329115 for more information] WxScope Plugin Logfile of HijackThis v1.99.1 Scan saved at 4:38:44 PM, on 10/30/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\wanmpsvc.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\AOL\111093~1\EE\AOLHOS~1.EXE C:\PROGRA~1\COMMON~1\AOL\111093~1\EE\AOLServiceHost.exe C:\WINDOWS\System32\devldr32.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\James\My Documents\hijackthis\HijackThis.exe N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\3mra2958.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\3mra2958.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1110938150\EE\AOLHostManager.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4367/mcfscan.cab O18 - Filter: text/html - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\WINDOWS\System32\wdmen.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Is your copy of Windows legit? If not, I'm sorry but I can't help you. Not having [bold]atleast[/bold] SP1a means cleaning the computer is a waste of time. SP1 and SP2 have some major security updates and without them you can be very easily re-infected. When you get SP1 come back and we will finish the cleaning. If it is legit, work it out with Microsoft and then come back and we'll finish cleaning.
