Big Mess, Little Time Please Look at this HJT Log

shetech52shetech52 Oz New
edited June 2005 in Spyware & Virus Removal
This computer is quite a mess I beleive. I'll start cleaning it out, but if I could get someone to help with this HJT Log, I would be extremely greatful. I'm on a count down, 36 hours until surgery and I need to have this log results before then. I'm sorry, I know I'm asking a lot.
Thank You in advance for your help.
shetech52 :respect:

Logfile of HijackThis v1.99.1
Scan saved at 6:06:42 PM, on 5/30/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\CRWG.EXE
C:\WINDOWS\SYSTEM\JAVABU32.EXE
C:\WINDOWS\SYSTEM\MFCMI.EXE
C:\WINDOWS\ATLAP.EXE
C:\WINDOWS\SYSTEM\ADDXU.EXE
C:\WINDOWS\SYSTEM\ATLZO32.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\SYSTEM\JAVAFT.EXE
C:\WINDOWS\CRRU32.EXE
C:\WINDOWS\D3OB.EXE
C:\WINDOWS\APPUM.EXE
C:\WINDOWS\SYSTEM\ADDJG.EXE
C:\WINDOWS\MSQC.EXE
C:\WINDOWS\SYSTEM\MSRI32.EXE
C:\WINDOWS\SYSTEM\ADDWM32.EXE
C:\WINDOWS\SYSHD32.EXE
C:\WINDOWS\ATLGG.EXE
C:\WINDOWS\SYSCP.EXE
C:\WINDOWS\SYSTEM\APIOX32.EXE
C:\WINDOWS\SYSTEM\SDKOG.EXE
C:\WINDOWS\ADDEH.EXE
C:\WINDOWS\SYSTEM\ATLBO32.EXE
C:\WINDOWS\SYSTEM\MFCIC.EXE
C:\WINDOWS\MSJB32.EXE
C:\WINDOWS\NTVG.EXE
C:\WINDOWS\MSDU32.EXE
C:\WINDOWS\JAVAMC.EXE
C:\WINDOWS\APPSB.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\BNHWXMP.EXE
C:\PROGRAM FILES\COMMON FILES\SEARCHUPGRADER\SEARCHUPGRADER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\APPOD32.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\PROGRAM FILES\TIMEX\DATA LINK USB\DATALINKLAUNCHER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\CRWG.EXE
C:\WINDOWS\CALC.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\WINPV.EXE
C:\WINDOWS\WINPV.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\MY DOWNLOAD FILES\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.65.3.78/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {F43C0DD7-CB6F-C29C-D9AC-F25713B9E13A} - C:\WINDOWS\SYSTEM\WINCF32.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [zvwhqkudacdpb] C:\WINDOWS\SYSTEM\bnhwxmp.exe
O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [etbrun] C:\WINDOWS\SYSTEM\ELITEMAU32.EXE
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EbatesMoeMoneyMaker0.exe"
O4 - HKLM\..\Run: [APPOD32.EXE] C:\WINDOWS\SYSTEM\APPOD32.EXE
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NTLL.EXE] C:\WINDOWS\SYSTEM\NTLL.EXE /s
O4 - HKLM\..\RunServices: [CRWG.EXE] C:\WINDOWS\SYSTEM\CRWG.EXE /s
O4 - HKLM\..\RunServices: [JAVABU32.EXE] C:\WINDOWS\SYSTEM\JAVABU32.EXE /s
O4 - HKLM\..\RunServices: [MFCMI.EXE] C:\WINDOWS\SYSTEM\MFCMI.EXE /s
O4 - HKLM\..\RunServices: [ATLAP.EXE] C:\WINDOWS\ATLAP.EXE /s
O4 - HKLM\..\RunServices: [ADDXU.EXE] C:\WINDOWS\SYSTEM\ADDXU.EXE /s
O4 - HKLM\..\RunServices: [ATLZO32.EXE] C:\WINDOWS\SYSTEM\ATLZO32.EXE /s
O4 - HKLM\..\RunServices: [WINPV.EXE] C:\WINDOWS\WINPV.EXE /s
O4 - HKLM\..\RunServices: [JAVAFT.EXE] C:\WINDOWS\SYSTEM\JAVAFT.EXE /s
O4 - HKLM\..\RunServices: [CRRU32.EXE] C:\WINDOWS\CRRU32.EXE /s
O4 - HKLM\..\RunServices: [D3OB.EXE] C:\WINDOWS\D3OB.EXE /s
O4 - HKLM\..\RunServices: [APPUM.EXE] C:\WINDOWS\APPUM.EXE /s
O4 - HKLM\..\RunServices: [ADDJG.EXE] C:\WINDOWS\SYSTEM\ADDJG.EXE /s
O4 - HKLM\..\RunServices: [MSQC.EXE] C:\WINDOWS\MSQC.EXE /s
O4 - HKLM\..\RunServices: [MSRI32.EXE] C:\WINDOWS\SYSTEM\MSRI32.EXE /s
O4 - HKLM\..\RunServices: [ADDWM32.EXE] C:\WINDOWS\SYSTEM\ADDWM32.EXE /s
O4 - HKLM\..\RunServices: [SYSHD32.EXE] C:\WINDOWS\SYSHD32.EXE /s
O4 - HKLM\..\RunServices: [ATLGG.EXE] C:\WINDOWS\ATLGG.EXE /s
O4 - HKLM\..\RunServices: [SYSCP.EXE] C:\WINDOWS\SYSCP.EXE /s
O4 - HKLM\..\RunServices: [APIOX32.EXE] C:\WINDOWS\SYSTEM\APIOX32.EXE /s
O4 - HKLM\..\RunServices: [SDKOG.EXE] C:\WINDOWS\SYSTEM\SDKOG.EXE /s
O4 - HKLM\..\RunServices: [ADDEH.EXE] C:\WINDOWS\ADDEH.EXE /s
O4 - HKLM\..\RunServices: [ATLBO32.EXE] C:\WINDOWS\SYSTEM\ATLBO32.EXE /s
O4 - HKLM\..\RunServices: [MFCIC.EXE] C:\WINDOWS\SYSTEM\MFCIC.EXE /s
O4 - HKLM\..\RunServices: [MSJB32.EXE] C:\WINDOWS\MSJB32.EXE /s
O4 - HKLM\..\RunServices: [NTVG.EXE] C:\WINDOWS\NTVG.EXE /s
O4 - HKLM\..\RunServices: [MSDU32.EXE] C:\WINDOWS\MSDU32.EXE /s
O4 - HKLM\..\RunServices: [JAVAMC.EXE] C:\WINDOWS\JAVAMC.EXE /s
O4 - HKLM\..\RunServices: [APPSB.EXE] C:\WINDOWS\APPSB.EXE /s
O4 - HKCU\..\Run: [NetZero_uoltray] C:\PROGRAM FILES\NETZERO\EXEC.EXE regrun
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Timex Data Link USB Launcher.lnk = C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Ebates - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/227
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {92E35340-C4B0-11D9-A29B-A0405AC10000} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {92E35340-C4B0-11D9-A29B-A0405AC10000} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra button: Dell Home - {4D4C6CC0-584C-11D4-A29B-00754FC10000} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
O9 - Extra button: (no name) - {18D7138B-B899-4059-941A-01A239BC6A35} - C:\WINDOWS\AvxOScan\scan\scan.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Avx Online Scan - {18D7138B-B899-4059-941A-01A239BC6A35} - C:\WINDOWS\AvxOScan\scan\scan.htm (file missing) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {92E35340-C4B0-11D9-A29B-A0405AC10000} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {92E35340-C4B0-11D9-A29B-A0405AC10000} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://vivo.real.com/dldv2/vvweb.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.avx.com/scan/Msie/avxscan.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {00000012-890E-4AAC-AFD9-EFF6954A34DD} -
O16 - DPF: {00000000-8c7d-4ea8-b113-9163c935d38e} -
O16 - DPF: {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} (FHFMMObj Class) -
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://xbs.mtree.com/mt/dialers/on/US/NSupd9x.cab
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/Browser_Plugin.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} (PdpPi Class) - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3sstb.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/86gh80sd.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://195.225.177.27/statpath3/msits.exe

Comments

  • shetech52shetech52 Oz New
    edited June 2005
    By the way, I know that at the very least AdAware & Spybot should be run first, but this machine is so choked that neither one can be downloaded and run.
    Sorry I forgot to mention that in my original post.
    shetech52
  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited June 2005
    You have numerous infections, including an HSA infection. Part of the fix will require that you download and run Adaware, as well as two other programs. Follow these instructions as well as you can, but if there is anything that you can not do just skip that step and proceed with the rest of the fix.


    Much of this fix has to be performed in Safe Mode where you won't be able to access the Internet.
    Please print out these instructions.


    Step 1
    Download CWShredder but don't run it yet.


    Step 2
    Download AboutBuster
    Unzip it to your desktop but don't run it yet.


    Step 3
    Download Ad-aware SE 1.05
    Install the program and launch it. First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files. Exit Adaware for now.


    Step 5
    Make sure that you can VIEW ALL HIDDEN FILES.


    Step 6
    Reboot your computer into SAFE MODE


    Step 7
    Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.65.3.78/search.asp
    R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lrsps.dll/sp.html#28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R3 - Default URLSearchHook is missing
    O2 - BHO: Class - {F43C0DD7-CB6F-C29C-D9AC-F25713B9E13A} - C:\WINDOWS\SYSTEM\WINCF32.DLL
    O4 - HKLM\..\Run: [zvwhqkudacdpb] C:\WINDOWS\SYSTEM\bnhwxmp.exe
    O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe
    O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
    O4 - HKLM\..\Run: [etbrun] C:\WINDOWS\SYSTEM\ELITEMAU32.EXE
    O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EbatesMoeMoneyMaker0.ex e"
    O4 - HKLM\..\Run: [APPOD32.EXE] C:\WINDOWS\SYSTEM\APPOD32.EXE
    O4 - HKLM\..\RunServices: [NTLL.EXE] C:\WINDOWS\SYSTEM\NTLL.EXE /s
    O4 - HKLM\..\RunServices: [CRWG.EXE] C:\WINDOWS\SYSTEM\CRWG.EXE /s
    O4 - HKLM\..\RunServices: [JAVABU32.EXE] C:\WINDOWS\SYSTEM\JAVABU32.EXE /s
    O4 - HKLM\..\RunServices: [MFCMI.EXE] C:\WINDOWS\SYSTEM\MFCMI.EXE /s
    O4 - HKLM\..\RunServices: [ATLAP.EXE] C:\WINDOWS\ATLAP.EXE /s
    O4 - HKLM\..\RunServices: [ADDXU.EXE] C:\WINDOWS\SYSTEM\ADDXU.EXE /s
    O4 - HKLM\..\RunServices: [ATLZO32.EXE] C:\WINDOWS\SYSTEM\ATLZO32.EXE /s
    O4 - HKLM\..\RunServices: [WINPV.EXE] C:\WINDOWS\WINPV.EXE /s
    O4 - HKLM\..\RunServices: [JAVAFT.EXE] C:\WINDOWS\SYSTEM\JAVAFT.EXE /s
    O4 - HKLM\..\RunServices: [CRRU32.EXE] C:\WINDOWS\CRRU32.EXE /s
    O4 - HKLM\..\RunServices: [D3OB.EXE] C:\WINDOWS\D3OB.EXE /s
    O4 - HKLM\..\RunServices: [APPUM.EXE] C:\WINDOWS\APPUM.EXE /s
    O4 - HKLM\..\RunServices: [ADDJG.EXE] C:\WINDOWS\SYSTEM\ADDJG.EXE /s
    O4 - HKLM\..\RunServices: [MSQC.EXE] C:\WINDOWS\MSQC.EXE /s
    O4 - HKLM\..\RunServices: [MSRI32.EXE] C:\WINDOWS\SYSTEM\MSRI32.EXE /s
    O4 - HKLM\..\RunServices: [ADDWM32.EXE] C:\WINDOWS\SYSTEM\ADDWM32.EXE /s
    O4 - HKLM\..\RunServices: [SYSHD32.EXE] C:\WINDOWS\SYSHD32.EXE /s
    O4 - HKLM\..\RunServices: [ATLGG.EXE] C:\WINDOWS\ATLGG.EXE /s
    O4 - HKLM\..\RunServices: [SYSCP.EXE] C:\WINDOWS\SYSCP.EXE /s
    O4 - HKLM\..\RunServices: [APIOX32.EXE] C:\WINDOWS\SYSTEM\APIOX32.EXE /s
    O4 - HKLM\..\RunServices: [SDKOG.EXE] C:\WINDOWS\SYSTEM\SDKOG.EXE /s
    O4 - HKLM\..\RunServices: [ADDEH.EXE] C:\WINDOWS\ADDEH.EXE /s
    O4 - HKLM\..\RunServices: [ATLBO32.EXE] C:\WINDOWS\SYSTEM\ATLBO32.EXE /s
    O4 - HKLM\..\RunServices: [MFCIC.EXE] C:\WINDOWS\SYSTEM\MFCIC.EXE /s
    O4 - HKLM\..\RunServices: [MSJB32.EXE] C:\WINDOWS\MSJB32.EXE /s
    O4 - HKLM\..\RunServices: [NTVG.EXE] C:\WINDOWS\NTVG.EXE /s
    O4 - HKLM\..\RunServices: [MSDU32.EXE] C:\WINDOWS\MSDU32.EXE /s
    O4 - HKLM\..\RunServices: [JAVAMC.EXE] C:\WINDOWS\JAVAMC.EXE /s
    O4 - HKLM\..\RunServices: [APPSB.EXE] C:\WINDOWS\APPSB.EXE /s
    O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
    O8 - Extra context menu item: Ebates - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.ht m
    O9 - Extra button: (no name) - {18D7138B-B899-4059-941A-01A239BC6A35} - C:\WINDOWS\AvxOScan\scan\scan.htm (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Avx Online Scan - {18D7138B-B899-4059-941A-01A239BC6A35} - C:\WINDOWS\AvxOScan\scan\scan.htm (file missing) (HKCU)
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {92E35340-C4B0-11D9-A29B-A0405AC10000} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {92E35340-C4B0-11D9-A29B-A0405AC10000} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
    O16 - DPF: {00000012-890E-4AAC-AFD9-EFF6954A34DD} -
    O16 - DPF: {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} (FHFMMObj Class) -
    O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://xbs.mtree.com/mt/dialers/on/US/NSupd9x.cab
    O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/Browser_Plugin.cab
    O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} (PdpPi Class) - http://webpdp.gator.com/v3/download...094_hd3sstb.cab
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.ne...ab/86gh80sd.cab
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://195.225.177.27/statpath3/msits.exe




    Step 8
    Now run CWShredder, making sure to click "Fix".


    Step 9
    Then delete these files or directories (Do not be concerned if they do not exist)

    C:\PROGRAM FILES\EBATES_MOEMONEYMAKER
    C:\Program Files\Common files\SearchUpgrader
    C:\WINDOWS\ADDEH.EXE
    C:\WINDOWS\APPSB.EXE
    C:\WINDOWS\APPUM.EXE
    C:\WINDOWS\ATLAP.EXE
    C:\WINDOWS\ATLGG.EXE
    C:\WINDOWS\CONSCORR.exe
    C:\WINDOWS\CRRU32.EXE
    C:\WINDOWS\D3OB.EXE
    C:\WINDOWS\JAVAMC.EXE
    C:\WINDOWS\MSDU32.EXE
    C:\WINDOWS\MSJB32.EXE
    C:\WINDOWS\MSQC.EXE
    C:\WINDOWS\NTVG.EXE
    C:\WINDOWS\SATMAT.exe
    C:\WINDOWS\SYSCP.EXE
    C:\WINDOWS\SYSHD32.EXE
    C:\WINDOWS\WINPV.EXE
    C:\WINDOWS\wupdt.exe
    C:\WINDOWS\SYSTEM\ADDJG.EXE
    C:\WINDOWS\SYSTEM\ADDWM32.EXE
    C:\WINDOWS\SYSTEM\ADDXU.EXE
    C:\WINDOWS\SYSTEM\APIOX32.EXE
    C:\WINDOWS\SYSTEM\APPOD32.EXE
    C:\WINDOWS\SYSTEM\ATLBO32.EXE
    C:\WINDOWS\SYSTEM\ATLZO32.EXE
    C:\WINDOWS\SYSTEM\bnhwxmp.exe
    C:\WINDOWS\SYSTEM\CRWG.EXE
    C:\WINDOWS\SYSTEM\ELITEMAU32.EXE
    C:\WINDOWS\SYSTEM\JAVABU32.EXE
    C:\WINDOWS\SYSTEM\JAVAFT.EXE
    C:\WINDOWS\system\lrsps.dll
    C:\WINDOWS\SYSTEM\MFCIC.EXE
    C:\WINDOWS\SYSTEM\MFCMI.EXE
    C:\WINDOWS\SYSTEM\MSRI32.EXE
    C:\WINDOWS\SYSTEM\NTLL.EXE
    C:\WINDOWS\SYSTEM\SDKOG.EXE
    C:\WINDOWS\SYSTEM\WINCF32.DLL
    C:\WINDOWS\SYSTEM\WLDR.DLL



    Step 10
    Double click AboutBuster.exe that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report(copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.


    Step 11
    Run a full scan with Adaware.


    Reboot your computer to go back to normal mode and post a new hijackthis log and the log from About Buster.
Sign In or Register to comment.