Big Mess, Little Time Please Look at this HJT Log
shetech52
Oz New
This computer is quite a mess I beleive. I'll start cleaning it out, but if I could get someone to help with this HJT Log, I would be extremely greatful. I'm on a count down, 36 hours until surgery and I need to have this log results before then. I'm sorry, I know I'm asking a lot.
Thank You in advance for your help.
shetech52
Logfile of HijackThis v1.99.1
Scan saved at 6:06:42 PM, on 5/30/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\CRWG.EXE
C:\WINDOWS\SYSTEM\JAVABU32.EXE
C:\WINDOWS\SYSTEM\MFCMI.EXE
C:\WINDOWS\ATLAP.EXE
C:\WINDOWS\SYSTEM\ADDXU.EXE
C:\WINDOWS\SYSTEM\ATLZO32.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\SYSTEM\JAVAFT.EXE
C:\WINDOWS\CRRU32.EXE
C:\WINDOWS\D3OB.EXE
C:\WINDOWS\APPUM.EXE
C:\WINDOWS\SYSTEM\ADDJG.EXE
C:\WINDOWS\MSQC.EXE
C:\WINDOWS\SYSTEM\MSRI32.EXE
C:\WINDOWS\SYSTEM\ADDWM32.EXE
C:\WINDOWS\SYSHD32.EXE
C:\WINDOWS\ATLGG.EXE
C:\WINDOWS\SYSCP.EXE
C:\WINDOWS\SYSTEM\APIOX32.EXE
C:\WINDOWS\SYSTEM\SDKOG.EXE
C:\WINDOWS\ADDEH.EXE
C:\WINDOWS\SYSTEM\ATLBO32.EXE
C:\WINDOWS\SYSTEM\MFCIC.EXE
C:\WINDOWS\MSJB32.EXE
C:\WINDOWS\NTVG.EXE
C:\WINDOWS\MSDU32.EXE
C:\WINDOWS\JAVAMC.EXE
C:\WINDOWS\APPSB.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\BNHWXMP.EXE
C:\PROGRAM FILES\COMMON FILES\SEARCHUPGRADER\SEARCHUPGRADER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\APPOD32.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\PROGRAM FILES\TIMEX\DATA LINK USB\DATALINKLAUNCHER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\CRWG.EXE
C:\WINDOWS\CALC.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\WINPV.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\MY DOWNLOAD FILES\HJT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.65.3.78/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {F43C0DD7-CB6F-C29C-D9AC-F25713B9E13A} - C:\WINDOWS\SYSTEM\WINCF32.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [zvwhqkudacdpb] C:\WINDOWS\SYSTEM\bnhwxmp.exe
O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [etbrun] C:\WINDOWS\SYSTEM\ELITEMAU32.EXE
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EbatesMoeMoneyMaker0.exe"
O4 - HKLM\..\Run: [APPOD32.EXE] C:\WINDOWS\SYSTEM\APPOD32.EXE
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NTLL.EXE] C:\WINDOWS\SYSTEM\NTLL.EXE /s
O4 - HKLM\..\RunServices: [CRWG.EXE] C:\WINDOWS\SYSTEM\CRWG.EXE /s
O4 - HKLM\..\RunServices: [JAVABU32.EXE] C:\WINDOWS\SYSTEM\JAVABU32.EXE /s
O4 - HKLM\..\RunServices: [MFCMI.EXE] C:\WINDOWS\SYSTEM\MFCMI.EXE /s
O4 - HKLM\..\RunServices: [ATLAP.EXE] C:\WINDOWS\ATLAP.EXE /s
O4 - HKLM\..\RunServices: [ADDXU.EXE] C:\WINDOWS\SYSTEM\ADDXU.EXE /s
O4 - HKLM\..\RunServices: [ATLZO32.EXE] C:\WINDOWS\SYSTEM\ATLZO32.EXE /s
O4 - HKLM\..\RunServices: [WINPV.EXE] C:\WINDOWS\WINPV.EXE /s
O4 - HKLM\..\RunServices: [JAVAFT.EXE] C:\WINDOWS\SYSTEM\JAVAFT.EXE /s
O4 - HKLM\..\RunServices: [CRRU32.EXE] C:\WINDOWS\CRRU32.EXE /s
O4 - HKLM\..\RunServices: [D3OB.EXE] C:\WINDOWS\D3OB.EXE /s
O4 - HKLM\..\RunServices: [APPUM.EXE] C:\WINDOWS\APPUM.EXE /s
O4 - HKLM\..\RunServices: [ADDJG.EXE] C:\WINDOWS\SYSTEM\ADDJG.EXE /s
O4 - HKLM\..\RunServices: [MSQC.EXE] C:\WINDOWS\MSQC.EXE /s
O4 - HKLM\..\RunServices: [MSRI32.EXE] C:\WINDOWS\SYSTEM\MSRI32.EXE /s
O4 - HKLM\..\RunServices: [ADDWM32.EXE] C:\WINDOWS\SYSTEM\ADDWM32.EXE /s
O4 - HKLM\..\RunServices: [SYSHD32.EXE] C:\WINDOWS\SYSHD32.EXE /s
O4 - HKLM\..\RunServices: [ATLGG.EXE] C:\WINDOWS\ATLGG.EXE /s
O4 - HKLM\..\RunServices: [SYSCP.EXE] C:\WINDOWS\SYSCP.EXE /s
O4 - HKLM\..\RunServices: [APIOX32.EXE] C:\WINDOWS\SYSTEM\APIOX32.EXE /s
O4 - HKLM\..\RunServices: [SDKOG.EXE] C:\WINDOWS\SYSTEM\SDKOG.EXE /s
O4 - HKLM\..\RunServices: [ADDEH.EXE] C:\WINDOWS\ADDEH.EXE /s
O4 - HKLM\..\RunServices: [ATLBO32.EXE] C:\WINDOWS\SYSTEM\ATLBO32.EXE /s
O4 - HKLM\..\RunServices: [MFCIC.EXE] C:\WINDOWS\SYSTEM\MFCIC.EXE /s
O4 - HKLM\..\RunServices: [MSJB32.EXE] C:\WINDOWS\MSJB32.EXE /s
O4 - HKLM\..\RunServices: [NTVG.EXE] C:\WINDOWS\NTVG.EXE /s
O4 - HKLM\..\RunServices: [MSDU32.EXE] C:\WINDOWS\MSDU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAMC.EXE] C:\WINDOWS\JAVAMC.EXE /s
O4 - HKLM\..\RunServices: [APPSB.EXE] C:\WINDOWS\APPSB.EXE /s
O4 - HKCU\..\Run: [NetZero_uoltray] C:\PROGRAM FILES\NETZERO\EXEC.EXE regrun
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Timex Data Link USB Launcher.lnk = C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Ebates - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/227
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {92E35340-C4B0-11D9-A29B-A0405AC10000} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {92E35340-C4B0-11D9-A29B-A0405AC10000} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra button: Dell Home - {4D4C6CC0-584C-11D4-A29B-00754FC10000} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
O9 - Extra button: (no name) - {18D7138B-B899-4059-941A-01A239BC6A35} - C:\WINDOWS\AvxOScan\scan\scan.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Avx Online Scan - {18D7138B-B899-4059-941A-01A239BC6A35} - C:\WINDOWS\AvxOScan\scan\scan.htm (file missing) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {92E35340-C4B0-11D9-A29B-A0405AC10000} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {92E35340-C4B0-11D9-A29B-A0405AC10000} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://vivo.real.com/dldv2/vvweb.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.avx.com/scan/Msie/avxscan.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {00000012-890E-4AAC-AFD9-EFF6954A34DD} -
O16 - DPF: {00000000-8c7d-4ea8-b113-9163c935d38e} -
O16 - DPF: {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} (FHFMMObj Class) -
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://xbs.mtree.com/mt/dialers/on/US/NSupd9x.cab
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/Browser_Plugin.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} (PdpPi Class) - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3sstb.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/86gh80sd.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://195.225.177.27/statpath3/msits.exe
Thank You in advance for your help.
shetech52
Logfile of HijackThis v1.99.1
Scan saved at 6:06:42 PM, on 5/30/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\CRWG.EXE
C:\WINDOWS\SYSTEM\JAVABU32.EXE
C:\WINDOWS\SYSTEM\MFCMI.EXE
C:\WINDOWS\ATLAP.EXE
C:\WINDOWS\SYSTEM\ADDXU.EXE
C:\WINDOWS\SYSTEM\ATLZO32.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\SYSTEM\JAVAFT.EXE
C:\WINDOWS\CRRU32.EXE
C:\WINDOWS\D3OB.EXE
C:\WINDOWS\APPUM.EXE
C:\WINDOWS\SYSTEM\ADDJG.EXE
C:\WINDOWS\MSQC.EXE
C:\WINDOWS\SYSTEM\MSRI32.EXE
C:\WINDOWS\SYSTEM\ADDWM32.EXE
C:\WINDOWS\SYSHD32.EXE
C:\WINDOWS\ATLGG.EXE
C:\WINDOWS\SYSCP.EXE
C:\WINDOWS\SYSTEM\APIOX32.EXE
C:\WINDOWS\SYSTEM\SDKOG.EXE
C:\WINDOWS\ADDEH.EXE
C:\WINDOWS\SYSTEM\ATLBO32.EXE
C:\WINDOWS\SYSTEM\MFCIC.EXE
C:\WINDOWS\MSJB32.EXE
C:\WINDOWS\NTVG.EXE
C:\WINDOWS\MSDU32.EXE
C:\WINDOWS\JAVAMC.EXE
C:\WINDOWS\APPSB.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\BNHWXMP.EXE
C:\PROGRAM FILES\COMMON FILES\SEARCHUPGRADER\SEARCHUPGRADER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\APPOD32.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\PROGRAM FILES\TIMEX\DATA LINK USB\DATALINKLAUNCHER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\CRWG.EXE
C:\WINDOWS\CALC.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\WINPV.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\MY DOWNLOAD FILES\HJT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.65.3.78/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {F43C0DD7-CB6F-C29C-D9AC-F25713B9E13A} - C:\WINDOWS\SYSTEM\WINCF32.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [zvwhqkudacdpb] C:\WINDOWS\SYSTEM\bnhwxmp.exe
O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [etbrun] C:\WINDOWS\SYSTEM\ELITEMAU32.EXE
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EbatesMoeMoneyMaker0.exe"
O4 - HKLM\..\Run: [APPOD32.EXE] C:\WINDOWS\SYSTEM\APPOD32.EXE
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NTLL.EXE] C:\WINDOWS\SYSTEM\NTLL.EXE /s
O4 - HKLM\..\RunServices: [CRWG.EXE] C:\WINDOWS\SYSTEM\CRWG.EXE /s
O4 - HKLM\..\RunServices: [JAVABU32.EXE] C:\WINDOWS\SYSTEM\JAVABU32.EXE /s
O4 - HKLM\..\RunServices: [MFCMI.EXE] C:\WINDOWS\SYSTEM\MFCMI.EXE /s
O4 - HKLM\..\RunServices: [ATLAP.EXE] C:\WINDOWS\ATLAP.EXE /s
O4 - HKLM\..\RunServices: [ADDXU.EXE] C:\WINDOWS\SYSTEM\ADDXU.EXE /s
O4 - HKLM\..\RunServices: [ATLZO32.EXE] C:\WINDOWS\SYSTEM\ATLZO32.EXE /s
O4 - HKLM\..\RunServices: [WINPV.EXE] C:\WINDOWS\WINPV.EXE /s
O4 - HKLM\..\RunServices: [JAVAFT.EXE] C:\WINDOWS\SYSTEM\JAVAFT.EXE /s
O4 - HKLM\..\RunServices: [CRRU32.EXE] C:\WINDOWS\CRRU32.EXE /s
O4 - HKLM\..\RunServices: [D3OB.EXE] C:\WINDOWS\D3OB.EXE /s
O4 - HKLM\..\RunServices: [APPUM.EXE] C:\WINDOWS\APPUM.EXE /s
O4 - HKLM\..\RunServices: [ADDJG.EXE] C:\WINDOWS\SYSTEM\ADDJG.EXE /s
O4 - HKLM\..\RunServices: [MSQC.EXE] C:\WINDOWS\MSQC.EXE /s
O4 - HKLM\..\RunServices: [MSRI32.EXE] C:\WINDOWS\SYSTEM\MSRI32.EXE /s
O4 - HKLM\..\RunServices: [ADDWM32.EXE] C:\WINDOWS\SYSTEM\ADDWM32.EXE /s
O4 - HKLM\..\RunServices: [SYSHD32.EXE] C:\WINDOWS\SYSHD32.EXE /s
O4 - HKLM\..\RunServices: [ATLGG.EXE] C:\WINDOWS\ATLGG.EXE /s
O4 - HKLM\..\RunServices: [SYSCP.EXE] C:\WINDOWS\SYSCP.EXE /s
O4 - HKLM\..\RunServices: [APIOX32.EXE] C:\WINDOWS\SYSTEM\APIOX32.EXE /s
O4 - HKLM\..\RunServices: [SDKOG.EXE] C:\WINDOWS\SYSTEM\SDKOG.EXE /s
O4 - HKLM\..\RunServices: [ADDEH.EXE] C:\WINDOWS\ADDEH.EXE /s
O4 - HKLM\..\RunServices: [ATLBO32.EXE] C:\WINDOWS\SYSTEM\ATLBO32.EXE /s
O4 - HKLM\..\RunServices: [MFCIC.EXE] C:\WINDOWS\SYSTEM\MFCIC.EXE /s
O4 - HKLM\..\RunServices: [MSJB32.EXE] C:\WINDOWS\MSJB32.EXE /s
O4 - HKLM\..\RunServices: [NTVG.EXE] C:\WINDOWS\NTVG.EXE /s
O4 - HKLM\..\RunServices: [MSDU32.EXE] C:\WINDOWS\MSDU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAMC.EXE] C:\WINDOWS\JAVAMC.EXE /s
O4 - HKLM\..\RunServices: [APPSB.EXE] C:\WINDOWS\APPSB.EXE /s
O4 - HKCU\..\Run: [NetZero_uoltray] C:\PROGRAM FILES\NETZERO\EXEC.EXE regrun
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Timex Data Link USB Launcher.lnk = C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Ebates - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/227
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {92E35340-C4B0-11D9-A29B-A0405AC10000} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {92E35340-C4B0-11D9-A29B-A0405AC10000} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra button: Dell Home - {4D4C6CC0-584C-11D4-A29B-00754FC10000} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
O9 - Extra button: (no name) - {18D7138B-B899-4059-941A-01A239BC6A35} - C:\WINDOWS\AvxOScan\scan\scan.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Avx Online Scan - {18D7138B-B899-4059-941A-01A239BC6A35} - C:\WINDOWS\AvxOScan\scan\scan.htm (file missing) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {92E35340-C4B0-11D9-A29B-A0405AC10000} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {92E35340-C4B0-11D9-A29B-A0405AC10000} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://vivo.real.com/dldv2/vvweb.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.avx.com/scan/Msie/avxscan.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {00000012-890E-4AAC-AFD9-EFF6954A34DD} -
O16 - DPF: {00000000-8c7d-4ea8-b113-9163c935d38e} -
O16 - DPF: {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} (FHFMMObj Class) -
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://xbs.mtree.com/mt/dialers/on/US/NSupd9x.cab
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/Browser_Plugin.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} (PdpPi Class) - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3sstb.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/86gh80sd.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://195.225.177.27/statpath3/msits.exe
0
Comments
Sorry I forgot to mention that in my original post.
shetech52
Much of this fix has to be performed in Safe Mode where you won't be able to access the Internet.
Please print out these instructions.
Step 1
Download CWShredder but don't run it yet.
Step 2
Download AboutBuster
Unzip it to your desktop but don't run it yet.
Step 3
Download Ad-aware SE 1.05
Install the program and launch it. First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files. Exit Adaware for now.
Step 5
Make sure that you can VIEW ALL HIDDEN FILES.
Step 6
Reboot your computer into SAFE MODE
Step 7
Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.65.3.78/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {F43C0DD7-CB6F-C29C-D9AC-F25713B9E13A} - C:\WINDOWS\SYSTEM\WINCF32.DLL
O4 - HKLM\..\Run: [zvwhqkudacdpb] C:\WINDOWS\SYSTEM\bnhwxmp.exe
O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [etbrun] C:\WINDOWS\SYSTEM\ELITEMAU32.EXE
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EbatesMoeMoneyMaker0.ex e"
O4 - HKLM\..\Run: [APPOD32.EXE] C:\WINDOWS\SYSTEM\APPOD32.EXE
O4 - HKLM\..\RunServices: [NTLL.EXE] C:\WINDOWS\SYSTEM\NTLL.EXE /s
O4 - HKLM\..\RunServices: [CRWG.EXE] C:\WINDOWS\SYSTEM\CRWG.EXE /s
O4 - HKLM\..\RunServices: [JAVABU32.EXE] C:\WINDOWS\SYSTEM\JAVABU32.EXE /s
O4 - HKLM\..\RunServices: [MFCMI.EXE] C:\WINDOWS\SYSTEM\MFCMI.EXE /s
O4 - HKLM\..\RunServices: [ATLAP.EXE] C:\WINDOWS\ATLAP.EXE /s
O4 - HKLM\..\RunServices: [ADDXU.EXE] C:\WINDOWS\SYSTEM\ADDXU.EXE /s
O4 - HKLM\..\RunServices: [ATLZO32.EXE] C:\WINDOWS\SYSTEM\ATLZO32.EXE /s
O4 - HKLM\..\RunServices: [WINPV.EXE] C:\WINDOWS\WINPV.EXE /s
O4 - HKLM\..\RunServices: [JAVAFT.EXE] C:\WINDOWS\SYSTEM\JAVAFT.EXE /s
O4 - HKLM\..\RunServices: [CRRU32.EXE] C:\WINDOWS\CRRU32.EXE /s
O4 - HKLM\..\RunServices: [D3OB.EXE] C:\WINDOWS\D3OB.EXE /s
O4 - HKLM\..\RunServices: [APPUM.EXE] C:\WINDOWS\APPUM.EXE /s
O4 - HKLM\..\RunServices: [ADDJG.EXE] C:\WINDOWS\SYSTEM\ADDJG.EXE /s
O4 - HKLM\..\RunServices: [MSQC.EXE] C:\WINDOWS\MSQC.EXE /s
O4 - HKLM\..\RunServices: [MSRI32.EXE] C:\WINDOWS\SYSTEM\MSRI32.EXE /s
O4 - HKLM\..\RunServices: [ADDWM32.EXE] C:\WINDOWS\SYSTEM\ADDWM32.EXE /s
O4 - HKLM\..\RunServices: [SYSHD32.EXE] C:\WINDOWS\SYSHD32.EXE /s
O4 - HKLM\..\RunServices: [ATLGG.EXE] C:\WINDOWS\ATLGG.EXE /s
O4 - HKLM\..\RunServices: [SYSCP.EXE] C:\WINDOWS\SYSCP.EXE /s
O4 - HKLM\..\RunServices: [APIOX32.EXE] C:\WINDOWS\SYSTEM\APIOX32.EXE /s
O4 - HKLM\..\RunServices: [SDKOG.EXE] C:\WINDOWS\SYSTEM\SDKOG.EXE /s
O4 - HKLM\..\RunServices: [ADDEH.EXE] C:\WINDOWS\ADDEH.EXE /s
O4 - HKLM\..\RunServices: [ATLBO32.EXE] C:\WINDOWS\SYSTEM\ATLBO32.EXE /s
O4 - HKLM\..\RunServices: [MFCIC.EXE] C:\WINDOWS\SYSTEM\MFCIC.EXE /s
O4 - HKLM\..\RunServices: [MSJB32.EXE] C:\WINDOWS\MSJB32.EXE /s
O4 - HKLM\..\RunServices: [NTVG.EXE] C:\WINDOWS\NTVG.EXE /s
O4 - HKLM\..\RunServices: [MSDU32.EXE] C:\WINDOWS\MSDU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAMC.EXE] C:\WINDOWS\JAVAMC.EXE /s
O4 - HKLM\..\RunServices: [APPSB.EXE] C:\WINDOWS\APPSB.EXE /s
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Ebates - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.ht m
O9 - Extra button: (no name) - {18D7138B-B899-4059-941A-01A239BC6A35} - C:\WINDOWS\AvxOScan\scan\scan.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Avx Online Scan - {18D7138B-B899-4059-941A-01A239BC6A35} - C:\WINDOWS\AvxOScan\scan\scan.htm (file missing) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {92E35340-C4B0-11D9-A29B-A0405AC10000} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {92E35340-C4B0-11D9-A29B-A0405AC10000} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O16 - DPF: {00000012-890E-4AAC-AFD9-EFF6954A34DD} -
O16 - DPF: {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} (FHFMMObj Class) -
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://xbs.mtree.com/mt/dialers/on/US/NSupd9x.cab
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/Browser_Plugin.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} (PdpPi Class) - http://webpdp.gator.com/v3/download...094_hd3sstb.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.ne...ab/86gh80sd.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://195.225.177.27/statpath3/msits.exe
Step 8
Now run CWShredder, making sure to click "Fix".
Step 9
Then delete these files or directories (Do not be concerned if they do not exist)
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER
C:\Program Files\Common files\SearchUpgrader
C:\WINDOWS\ADDEH.EXE
C:\WINDOWS\APPSB.EXE
C:\WINDOWS\APPUM.EXE
C:\WINDOWS\ATLAP.EXE
C:\WINDOWS\ATLGG.EXE
C:\WINDOWS\CONSCORR.exe
C:\WINDOWS\CRRU32.EXE
C:\WINDOWS\D3OB.EXE
C:\WINDOWS\JAVAMC.EXE
C:\WINDOWS\MSDU32.EXE
C:\WINDOWS\MSJB32.EXE
C:\WINDOWS\MSQC.EXE
C:\WINDOWS\NTVG.EXE
C:\WINDOWS\SATMAT.exe
C:\WINDOWS\SYSCP.EXE
C:\WINDOWS\SYSHD32.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\wupdt.exe
C:\WINDOWS\SYSTEM\ADDJG.EXE
C:\WINDOWS\SYSTEM\ADDWM32.EXE
C:\WINDOWS\SYSTEM\ADDXU.EXE
C:\WINDOWS\SYSTEM\APIOX32.EXE
C:\WINDOWS\SYSTEM\APPOD32.EXE
C:\WINDOWS\SYSTEM\ATLBO32.EXE
C:\WINDOWS\SYSTEM\ATLZO32.EXE
C:\WINDOWS\SYSTEM\bnhwxmp.exe
C:\WINDOWS\SYSTEM\CRWG.EXE
C:\WINDOWS\SYSTEM\ELITEMAU32.EXE
C:\WINDOWS\SYSTEM\JAVABU32.EXE
C:\WINDOWS\SYSTEM\JAVAFT.EXE
C:\WINDOWS\system\lrsps.dll
C:\WINDOWS\SYSTEM\MFCIC.EXE
C:\WINDOWS\SYSTEM\MFCMI.EXE
C:\WINDOWS\SYSTEM\MSRI32.EXE
C:\WINDOWS\SYSTEM\NTLL.EXE
C:\WINDOWS\SYSTEM\SDKOG.EXE
C:\WINDOWS\SYSTEM\WINCF32.DLL
C:\WINDOWS\SYSTEM\WLDR.DLL
Step 10
Double click AboutBuster.exe that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report(copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.
Step 11
Run a full scan with Adaware.
Reboot your computer to go back to normal mode and post a new hijackthis log and the log from About Buster.