Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

blue screen wallpaper saying there's error

Started by Stevedino , May 13 2005 12:08 AM

Please log in to reply

#1
Stevedino

Posted 13 May 2005 - 12:08 AM

New Member

Member
7 posts

I got this porblem not sure what is it anyway this is the log file hope i can get some help from here and clear all the problems in my com

Logfile of HijackThis v1.99.1
Scan saved at 2:05:50 PM, on 5/13/02
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\DMI\WIN32\BIN\WIN32SL.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\DMI\WIN32\BIN\CLIIP32.EXE
C:\DMI\WIN32\BIN\DMIWDOG.EXE
C:\DMI\WIN32\BIN\HPCOMPC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\DMI\WIN32\BIN\HPALERT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOUSEWAREPRO\MWPROENG.EXE
C:\WINDOWS\SYSTEM\HPMMKBD.EXE
C:\DMI\WIN32\BIN\HPTRAYICON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\SYSTEM\IPCT32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\WINDOWS\SYSTEM\MFCNP32.EXE
C:\WINDOWS\SYSTEM\MFCNP32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\ccetf.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\ccetf.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\ccetf.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\ccetf.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\ccetf.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\ccetf.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\ccetf.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {40D52E4D-88EF-4038-EB92-B7CC25BCF511} - C:\WINDOWS\SYSTEM\APIVY.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MWProEng] C:\PROGRAM FILES\MOUSEWAREPRO\MWProEng.exe
O4 - HKLM\..\Run: [HpMmKbd] HpMmKbd.exe
O4 - HKLM\..\Run: [HP Tray Icon] C:\DMI\Win32\Bin\HPTrayIcon.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] c:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [IPCT32.EXE] C:\WINDOWS\SYSTEM\IPCT32.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [HPLAUNCH] C:\DMI\Win32\Bin\HPLaunch.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [APPRX.EXE] C:\WINDOWS\APPRX.EXE /s
O4 - HKLM\..\RunServices: [APPFM.EXE] C:\WINDOWS\APPFM.EXE /s
O4 - HKLM\..\RunServices: [MFCNP32.EXE] C:\WINDOWS\SYSTEM\MFCNP32.EXE /s
O4 - HKLM\..\RunServices: [ATLWW.EXE] C:\WINDOWS\ATLWW.EXE /s
O4 - HKLM\..\RunServices: [IPNL.EXE] C:\WINDOWS\IPNL.EXE /s
O4 - HKLM\..\RunServices: [NETGV.EXE] C:\WINDOWS\SYSTEM\NETGV.EXE /s
O4 - HKLM\..\RunServices: [NTCN.EXE] C:\WINDOWS\NTCN.EXE /s
O4 - HKLM\..\RunServices: [SYSOA.EXE] C:\WINDOWS\SYSOA.EXE /s
O4 - HKLM\..\RunServices: [MFCVE32.EXE] C:\WINDOWS\SYSTEM\MFCVE32.EXE /s
O4 - HKLM\..\RunServices: [SYSGV32.EXE] C:\WINDOWS\SYSGV32.EXE /s
O4 - HKLM\..\RunServices: [MFCZR.EXE] C:\WINDOWS\SYSTEM\MFCZR.EXE /s
O4 - HKLM\..\RunServices: [NETQT32.EXE] C:\WINDOWS\SYSTEM\NETQT32.EXE /s
O4 - HKLM\..\RunServices: [IPYZ32.EXE] C:\WINDOWS\IPYZ32.EXE /s
O4 - HKLM\..\RunServices: [ADDXZ32.EXE] C:\WINDOWS\ADDXZ32.EXE /s
O4 - HKLM\..\RunServices: [ADDUS.EXE] C:\WINDOWS\ADDUS.EXE /s
O4 - HKLM\..\RunServices: [NTNS32.EXE] C:\WINDOWS\NTNS32.EXE /s
O4 - HKLM\..\RunServices: [NTHN.EXE] C:\WINDOWS\SYSTEM\NTHN.EXE /s
O4 - HKLM\..\RunServices: [MSQZ32.EXE] C:\WINDOWS\MSQZ32.EXE /s
O4 - HKLM\..\RunServices: [APIZD32.EXE] C:\WINDOWS\SYSTEM\APIZD32.EXE /s
O4 - HKLM\..\RunServices: [CRGO.EXE] C:\WINDOWS\SYSTEM\CRGO.EXE /s
O4 - HKLM\..\RunServices: [SYSAL32.EXE] C:\WINDOWS\SYSTEM\SYSAL32.EXE /s
O4 - HKLM\..\RunServices: [ATLEP.EXE] C:\WINDOWS\SYSTEM\ATLEP.EXE /s
O4 - HKLM\..\RunServices: [APIZI.EXE] C:\WINDOWS\APIZI.EXE /s
O4 - HKLM\..\RunServices: [APPJQ32.EXE] C:\WINDOWS\APPJQ32.EXE /s
O4 - HKLM\..\RunServices: [CRWF32.EXE] C:\WINDOWS\SYSTEM\CRWF32.EXE /s
O4 - HKLM\..\RunServices: [MSSI.EXE] C:\WINDOWS\SYSTEM\MSSI.EXE /s
O4 - HKLM\..\RunServices: [MSOP.EXE] C:\WINDOWS\MSOP.EXE /s
O4 - HKLM\..\RunServices: [APPTP.EXE] C:\WINDOWS\SYSTEM\APPTP.EXE /s
O4 - HKLM\..\RunServices: [CRFI.EXE] C:\WINDOWS\SYSTEM\CRFI.EXE /s
O4 - HKLM\..\RunServices: [ATLUE.EXE] C:\WINDOWS\ATLUE.EXE /s
O4 - HKLM\..\RunServices: [APPQT.EXE] C:\WINDOWS\SYSTEM\APPQT.EXE /s
O4 - HKLM\..\RunServices: [IPWJ32.EXE] C:\WINDOWS\SYSTEM\IPWJ32.EXE /s
O4 - HKLM\..\RunServices: [SYSWP.EXE] C:\WINDOWS\SYSWP.EXE /s
O4 - HKLM\..\RunServices: [WINBI32.EXE] C:\WINDOWS\WINBI32.EXE /s
O4 - HKLM\..\RunServices: [MFCRB.EXE] C:\WINDOWS\MFCRB.EXE /s
O4 - HKLM\..\RunServices: [NETPY32.EXE] C:\WINDOWS\NETPY32.EXE /s
O4 - HKLM\..\RunServices: [NETQJ.EXE] C:\WINDOWS\SYSTEM\NETQJ.EXE /s
O4 - HKLM\..\RunServices: [APIOA.EXE] C:\WINDOWS\APIOA.EXE /s
O4 - HKLM\..\RunServices: [APPGN32.EXE] C:\WINDOWS\APPGN32.EXE /s
O4 - HKLM\..\RunServices: [IPTD32.EXE] C:\WINDOWS\SYSTEM\IPTD32.EXE /s
O4 - HKLM\..\RunServices: [JAVAZG32.EXE] C:\WINDOWS\SYSTEM\JAVAZG32.EXE /s
O4 - HKLM\..\RunServices: [SYSYH.EXE] C:\WINDOWS\SYSTEM\SYSYH.EXE /s
O4 - HKLM\..\RunServices: [ADDCA.EXE] C:\WINDOWS\SYSTEM\ADDCA.EXE /s
O4 - HKLM\..\RunServices: [NETQW32.EXE] C:\WINDOWS\SYSTEM\NETQW32.EXE /s
O4 - HKLM\..\RunServices: [IESZ32.EXE] C:\WINDOWS\IESZ32.EXE /s
O4 - HKLM\..\RunServices: [D3MA32.EXE] C:\WINDOWS\SYSTEM\D3MA32.EXE /s
O4 - HKLM\..\RunServices: [NTTL.EXE] C:\WINDOWS\SYSTEM\NTTL.EXE /s
O4 - HKLM\..\RunServices: [ATLBV32.EXE] C:\WINDOWS\SYSTEM\ATLBV32.EXE /s
O4 - HKLM\..\RunServices: [NETBF32.EXE] C:\WINDOWS\SYSTEM\NETBF32.EXE /s
O4 - HKLM\..\RunServices: [D3SY32.EXE] C:\WINDOWS\SYSTEM\D3SY32.EXE /s
O4 - HKLM\..\RunServices: [NETVT.EXE] C:\WINDOWS\NETVT.EXE /s
O4 - HKLM\..\RunServices: [IPDR.EXE] C:\WINDOWS\SYSTEM\IPDR.EXE /s
O4 - HKLM\..\RunServices: [IEVZ32.EXE] C:\WINDOWS\SYSTEM\IEVZ32.EXE /s
O4 - HKLM\..\RunServices: [NTWI.EXE] C:\WINDOWS\NTWI.EXE /s
O4 - HKLM\..\RunServices: [WINIF32.EXE] C:\WINDOWS\SYSTEM\WINIF32.EXE /s
O4 - HKLM\..\RunServices: [IPBF.EXE] C:\WINDOWS\SYSTEM\IPBF.EXE /s
O4 - HKLM\..\RunServices: [NTUB.EXE] C:\WINDOWS\NTUB.EXE /s
O4 - HKLM\..\RunServices: [CRKF.EXE] C:\WINDOWS\CRKF.EXE /s
O4 - HKLM\..\RunServices: [NETZJ32.EXE] C:\WINDOWS\SYSTEM\NETZJ32.EXE /s
O4 - HKLM\..\RunServices: [WINOH32.EXE] C:\WINDOWS\WINOH32.EXE /s
O4 - HKLM\..\RunServices: [ADDXR.EXE] C:\WINDOWS\ADDXR.EXE /s
O4 - HKLM\..\RunServices: [NETKR32.EXE] C:\WINDOWS\SYSTEM\NETKR32.EXE /s
O4 - HKLM\..\RunServices: [NETLX32.EXE] C:\WINDOWS\NETLX32.EXE /s
O4 - HKLM\..\RunServices: [D3LW.EXE] C:\WINDOWS\D3LW.EXE /s
O4 - HKLM\..\RunServices: [NTLH32.EXE] C:\WINDOWS\SYSTEM\NTLH32.EXE /s
O4 - HKLM\..\RunServices: [NTVB.EXE] C:\WINDOWS\NTVB.EXE /s
O4 - HKLM\..\RunServices: [D3DQ32.EXE] C:\WINDOWS\D3DQ32.EXE /s
O4 - HKLM\..\RunServices: [APPEO.EXE] C:\WINDOWS\SYSTEM\APPEO.EXE /s
O4 - HKLM\..\RunServices: [MFCBS32.EXE] C:\WINDOWS\SYSTEM\MFCBS32.EXE /s
O4 - HKLM\..\RunServices: [SYSCN.EXE] C:\WINDOWS\SYSTEM\SYSCN.EXE /s
O4 - HKLM\..\RunServices: [MSJC32.EXE] C:\WINDOWS\MSJC32.EXE /s
O4 - HKLM\..\RunServices: [SYSXK32.EXE] C:\WINDOWS\SYSXK32.EXE /s
O4 - HKLM\..\RunServices: [MFCGX.EXE] C:\WINDOWS\MFCGX.EXE /s
O4 - HKLM\..\RunServices: [NTIP.EXE] C:\WINDOWS\SYSTEM\NTIP.EXE /s
O4 - HKLM\..\RunServices: [ATLXY.EXE] C:\WINDOWS\SYSTEM\ATLXY.EXE /s
O4 - HKLM\..\RunServices: [APIHL32.EXE] C:\WINDOWS\SYSTEM\APIHL32.EXE /s
O4 - HKCU\..\Run: [WindowsFY] C:\WP.EXE
O4 - HKCU\..\RunServices: [WindowsFY] C:\WP.EXE
O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {A590E7A0-C2D5-11D9-A667-0001024F3EBA} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A590E7A0-C2D5-11D9-A667-0001024F3EBA} - (no file) (HKCU)
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = sn
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 165.21.83.88

#2
Avohir

Posted 19 May 2005 - 10:16 PM

Visiting Staff

Visiting Consultant
1,002 posts

Welcome to G2G, sorry for the late reply :tazz:

Please run the Housecall online virus scan located at:
http://housecall.tre.../start_corp.asp
Follow the prompts to scan your hard drive for viruses. Select the "Autoclean" option so that Housecall will remove any viruses from your system.
When the scan is finished, please restart your computer.

Then please run the Panda scan here:
http://www.pandasoft...n_principal.htm
Choose to "Disinfect automatically," and follow the prompts. Delete any viruses found, and restart your computer.

Finally, please run the WindowSecurity trojan scan here:
http://www.windowsec...com/trojanscan/
Remove any trojans found

finally, reboot and post a fresh HijackThis log

#3
Stevedino

Posted 19 May 2005 - 11:59 PM

New Member

Topic Starter
Member
7 posts

OK ermm for some reason i am unable to load the site u ask me to go i also got some problems that i didn say earlier is that when i first on my com, and try to open a floder or open any programme it will always say not enough memory to do it. So I have to Ctrl alt delete then close alot of programme running i dun noe where all these programmes are.

now this is the log i have but not yet do the stuff u ask me to do hope u can help me somehow if not maybe i just send my com for service.

Logfile of HijackThis v1.99.1
Scan saved at 1:46:23 PM, on 5/20/02
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\DMI\WIN32\BIN\HPLAUNCH.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\DMI\WIN32\BIN\WIN32SL.EXE
C:\WINDOWS\APPRX.EXE
C:\WINDOWS\APPFM.EXE
C:\WINDOWS\SYSTEM\MFCNP32.EXE
C:\WINDOWS\ATLWW.EXE
C:\WINDOWS\IPNL.EXE
C:\WINDOWS\SYSTEM\NETGV.EXE
C:\WINDOWS\NTCN.EXE
C:\WINDOWS\SYSOA.EXE
C:\WINDOWS\SYSTEM\MFCVE32.EXE
C:\WINDOWS\SYSGV32.EXE
C:\WINDOWS\SYSTEM\MFCZR.EXE
C:\WINDOWS\SYSTEM\NETQT32.EXE
C:\WINDOWS\IPYZ32.EXE
C:\WINDOWS\ADDXZ32.EXE
C:\WINDOWS\ADDUS.EXE
C:\WINDOWS\NTNS32.EXE
C:\WINDOWS\SYSTEM\NTHN.EXE
C:\WINDOWS\MSQZ32.EXE
C:\WINDOWS\SYSTEM\APIZD32.EXE
C:\WINDOWS\SYSTEM\CRGO.EXE
C:\WINDOWS\SYSTEM\SYSAL32.EXE
C:\WINDOWS\SYSTEM\ATLEP.EXE
C:\WINDOWS\APIZI.EXE
C:\WINDOWS\APPJQ32.EXE
C:\WINDOWS\SYSTEM\CRWF32.EXE
C:\WINDOWS\SYSTEM\MSSI.EXE
C:\WINDOWS\MSOP.EXE
C:\WINDOWS\SYSTEM\APPTP.EXE
C:\WINDOWS\SYSTEM\CRFI.EXE
C:\WINDOWS\ATLUE.EXE
C:\WINDOWS\SYSTEM\APPQT.EXE
C:\WINDOWS\SYSTEM\IPWJ32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSWP.EXE
C:\WINDOWS\WINBI32.EXE
C:\WINDOWS\MFCRB.EXE
C:\WINDOWS\NETPY32.EXE
C:\WINDOWS\SYSTEM\NETQJ.EXE
C:\WINDOWS\APIOA.EXE
C:\WINDOWS\APPGN32.EXE
C:\WINDOWS\SYSTEM\IPTD32.EXE
C:\WINDOWS\SYSTEM\JAVAZG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SYSYH.EXE
C:\WINDOWS\SYSTEM\ADDCA.EXE
C:\WINDOWS\SYSTEM\NETQW32.EXE
C:\WINDOWS\IESZ32.EXE
C:\WINDOWS\SYSTEM\D3MA32.EXE
C:\WINDOWS\SYSTEM\NTTL.EXE
C:\WINDOWS\SYSTEM\ATLBV32.EXE
C:\WINDOWS\SYSTEM\NETBF32.EXE
C:\WINDOWS\SYSTEM\D3SY32.EXE
C:\WINDOWS\NETVT.EXE
C:\WINDOWS\SYSTEM\IPDR.EXE
C:\WINDOWS\SYSTEM\IEVZ32.EXE
C:\WINDOWS\NTWI.EXE
C:\WINDOWS\SYSTEM\WINIF32.EXE
C:\WINDOWS\SYSTEM\IPBF.EXE
C:\WINDOWS\NTUB.EXE
C:\WINDOWS\CRKF.EXE
C:\WINDOWS\SYSTEM\NETZJ32.EXE
C:\WINDOWS\WINOH32.EXE
C:\WINDOWS\ADDXR.EXE
C:\WINDOWS\SYSTEM\NETKR32.EXE
C:\WINDOWS\NETLX32.EXE
C:\WINDOWS\D3LW.EXE
C:\WINDOWS\SYSTEM\NTLH32.EXE
C:\WINDOWS\NTVB.EXE
C:\WINDOWS\D3DQ32.EXE
C:\WINDOWS\SYSTEM\APPEO.EXE
C:\WINDOWS\SYSTEM\MFCBS32.EXE
C:\WINDOWS\SYSTEM\SYSCN.EXE
C:\WINDOWS\MSJC32.EXE
C:\WINDOWS\SYSXK32.EXE
C:\WINDOWS\MFCGX.EXE
C:\WINDOWS\SYSTEM\NTIP.EXE
C:\WINDOWS\SYSTEM\ATLXY.EXE
C:\WINDOWS\SYSTEM\APIHL32.EXE
C:\WINDOWS\SYSTEM\MFCZZ32.EXE
C:\WINDOWS\SDKKV32.EXE
C:\WINDOWS\SYSTEM\NETKV.EXE
C:\WINDOWS\MSUT.EXE
C:\WINDOWS\ADDXM.EXE
C:\WINDOWS\ADDIR32.EXE
C:\WINDOWS\SYSTEM\APPEK32.EXE
C:\WINDOWS\MFCYB32.EXE
C:\WINDOWS\SYSHK32.EXE
C:\WINDOWS\ATLNS32.EXE
C:\WINDOWS\SYSTEM\APIQO.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOUSEWAREPRO\MWPROENG.EXE
C:\WINDOWS\SYSTEM\HPMMKBD.EXE
C:\DMI\WIN32\BIN\HPTRAYICON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\SYSTEM\IPCT32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\WINDOWS\SYSTEM\SDKWE32.EXE
C:\WINDOWS\APPRX.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\APPFM.EXE
C:\WINDOWS\SYSTEM\MSEU.EXE
C:\WINDOWS\SYSTEM\MFCNP32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\vzwru.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\vzwru.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\vzwru.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\vzwru.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\vzwru.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\vzwru.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\vzwru.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {BEE7460D-AA2D-6849-49E1-CA6EE1FDEF1A} - C:\WINDOWS\SYSTEM\IPEV32.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MWProEng] C:\PROGRAM FILES\MOUSEWAREPRO\MWProEng.exe
O4 - HKLM\..\Run: [HpMmKbd] HpMmKbd.exe
O4 - HKLM\..\Run: [HP Tray Icon] C:\DMI\Win32\Bin\HPTrayIcon.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] c:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [IPCT32.EXE] C:\WINDOWS\SYSTEM\IPCT32.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [IPWH.EXE] C:\WINDOWS\SYSTEM\IPWH.EXE
O4 - HKLM\..\Run: [IETW32.EXE] C:\WINDOWS\SYSTEM\IETW32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [HPLAUNCH] C:\DMI\Win32\Bin\HPLaunch.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [APPRX.EXE] C:\WINDOWS\APPRX.EXE /s
O4 - HKLM\..\RunServices: [APPFM.EXE] C:\WINDOWS\APPFM.EXE /s
O4 - HKLM\..\RunServices: [MFCNP32.EXE] C:\WINDOWS\SYSTEM\MFCNP32.EXE /s
O4 - HKLM\..\RunServices: [ATLWW.EXE] C:\WINDOWS\ATLWW.EXE /s
O4 - HKLM\..\RunServices: [IPNL.EXE] C:\WINDOWS\IPNL.EXE /s
O4 - HKLM\..\RunServices: [NETGV.EXE] C:\WINDOWS\SYSTEM\NETGV.EXE /s
O4 - HKLM\..\RunServices: [NTCN.EXE] C:\WINDOWS\NTCN.EXE /s
O4 - HKLM\..\RunServices: [SYSOA.EXE] C:\WINDOWS\SYSOA.EXE /s
O4 - HKLM\..\RunServices: [MFCVE32.EXE] C:\WINDOWS\SYSTEM\MFCVE32.EXE /s
O4 - HKLM\..\RunServices: [SYSGV32.EXE] C:\WINDOWS\SYSGV32.EXE /s
O4 - HKLM\..\RunServices: [MFCZR.EXE] C:\WINDOWS\SYSTEM\MFCZR.EXE /s
O4 - HKLM\..\RunServices: [NETQT32.EXE] C:\WINDOWS\SYSTEM\NETQT32.EXE /s
O4 - HKLM\..\RunServices: [IPYZ32.EXE] C:\WINDOWS\IPYZ32.EXE /s
O4 - HKLM\..\RunServices: [ADDXZ32.EXE] C:\WINDOWS\ADDXZ32.EXE /s
O4 - HKLM\..\RunServices: [ADDUS.EXE] C:\WINDOWS\ADDUS.EXE /s
O4 - HKLM\..\RunServices: [NTNS32.EXE] C:\WINDOWS\NTNS32.EXE /s
O4 - HKLM\..\RunServices: [NTHN.EXE] C:\WINDOWS\SYSTEM\NTHN.EXE /s
O4 - HKLM\..\RunServices: [MSQZ32.EXE] C:\WINDOWS\MSQZ32.EXE /s
O4 - HKLM\..\RunServices: [APIZD32.EXE] C:\WINDOWS\SYSTEM\APIZD32.EXE /s
O4 - HKLM\..\RunServices: [CRGO.EXE] C:\WINDOWS\SYSTEM\CRGO.EXE /s
O4 - HKLM\..\RunServices: [SYSAL32.EXE] C:\WINDOWS\SYSTEM\SYSAL32.EXE /s
O4 - HKLM\..\RunServices: [ATLEP.EXE] C:\WINDOWS\SYSTEM\ATLEP.EXE /s
O4 - HKLM\..\RunServices: [APIZI.EXE] C:\WINDOWS\APIZI.EXE /s
O4 - HKLM\..\RunServices: [APPJQ32.EXE] C:\WINDOWS\APPJQ32.EXE /s
O4 - HKLM\..\RunServices: [CRWF32.EXE] C:\WINDOWS\SYSTEM\CRWF32.EXE /s
O4 - HKLM\..\RunServices: [MSSI.EXE] C:\WINDOWS\SYSTEM\MSSI.EXE /s
O4 - HKLM\..\RunServices: [MSOP.EXE] C:\WINDOWS\MSOP.EXE /s
O4 - HKLM\..\RunServices: [APPTP.EXE] C:\WINDOWS\SYSTEM\APPTP.EXE /s
O4 - HKLM\..\RunServices: [CRFI.EXE] C:\WINDOWS\SYSTEM\CRFI.EXE /s
O4 - HKLM\..\RunServices: [ATLUE.EXE] C:\WINDOWS\ATLUE.EXE /s
O4 - HKLM\..\RunServices: [APPQT.EXE] C:\WINDOWS\SYSTEM\APPQT.EXE /s
O4 - HKLM\..\RunServices: [IPWJ32.EXE] C:\WINDOWS\SYSTEM\IPWJ32.EXE /s
O4 - HKLM\..\RunServices: [SYSWP.EXE] C:\WINDOWS\SYSWP.EXE /s
O4 - HKLM\..\RunServices: [WINBI32.EXE] C:\WINDOWS\WINBI32.EXE /s
O4 - HKLM\..\RunServices: [MFCRB.EXE] C:\WINDOWS\MFCRB.EXE /s
O4 - HKLM\..\RunServices: [NETPY32.EXE] C:\WINDOWS\NETPY32.EXE /s
O4 - HKLM\..\RunServices: [NETQJ.EXE] C:\WINDOWS\SYSTEM\NETQJ.EXE /s
O4 - HKLM\..\RunServices: [APIOA.EXE] C:\WINDOWS\APIOA.EXE /s
O4 - HKLM\..\RunServices: [APPGN32.EXE] C:\WINDOWS\APPGN32.EXE /s
O4 - HKLM\..\RunServices: [IPTD32.EXE] C:\WINDOWS\SYSTEM\IPTD32.EXE /s
O4 - HKLM\..\RunServices: [JAVAZG32.EXE] C:\WINDOWS\SYSTEM\JAVAZG32.EXE /s
O4 - HKLM\..\RunServices: [SYSYH.EXE] C:\WINDOWS\SYSTEM\SYSYH.EXE /s
O4 - HKLM\..\RunServices: [ADDCA.EXE] C:\WINDOWS\SYSTEM\ADDCA.EXE /s
O4 - HKLM\..\RunServices: [NETQW32.EXE] C:\WINDOWS\SYSTEM\NETQW32.EXE /s
O4 - HKLM\..\RunServices: [IESZ32.EXE] C:\WINDOWS\IESZ32.EXE /s
O4 - HKLM\..\RunServices: [D3MA32.EXE] C:\WINDOWS\SYSTEM\D3MA32.EXE /s
O4 - HKLM\..\RunServices: [NTTL.EXE] C:\WINDOWS\SYSTEM\NTTL.EXE /s
O4 - HKLM\..\RunServices: [ATLBV32.EXE] C:\WINDOWS\SYSTEM\ATLBV32.EXE /s
O4 - HKLM\..\RunServices: [NETBF32.EXE] C:\WINDOWS\SYSTEM\NETBF32.EXE /s
O4 - HKLM\..\RunServices: [D3SY32.EXE] C:\WINDOWS\SYSTEM\D3SY32.EXE /s
O4 - HKLM\..\RunServices: [NETVT.EXE] C:\WINDOWS\NETVT.EXE /s
O4 - HKLM\..\RunServices: [IPDR.EXE] C:\WINDOWS\SYSTEM\IPDR.EXE /s
O4 - HKLM\..\RunServices: [IEVZ32.EXE] C:\WINDOWS\SYSTEM\IEVZ32.EXE /s
O4 - HKLM\..\RunServices: [NTWI.EXE] C:\WINDOWS\NTWI.EXE /s
O4 - HKLM\..\RunServices: [WINIF32.EXE] C:\WINDOWS\SYSTEM\WINIF32.EXE /s
O4 - HKLM\..\RunServices: [IPBF.EXE] C:\WINDOWS\SYSTEM\IPBF.EXE /s
O4 - HKLM\..\RunServices: [NTUB.EXE] C:\WINDOWS\NTUB.EXE /s
O4 - HKLM\..\RunServices: [CRKF.EXE] C:\WINDOWS\CRKF.EXE /s
O4 - HKLM\..\RunServices: [NETZJ32.EXE] C:\WINDOWS\SYSTEM\NETZJ32.EXE /s
O4 - HKLM\..\RunServices: [WINOH32.EXE] C:\WINDOWS\WINOH32.EXE /s
O4 - HKLM\..\RunServices: [ADDXR.EXE] C:\WINDOWS\ADDXR.EXE /s
O4 - HKLM\..\RunServices: [NETKR32.EXE] C:\WINDOWS\SYSTEM\NETKR32.EXE /s
O4 - HKLM\..\RunServices: [NETLX32.EXE] C:\WINDOWS\NETLX32.EXE /s
O4 - HKLM\..\RunServices: [D3LW.EXE] C:\WINDOWS\D3LW.EXE /s
O4 - HKLM\..\RunServices: [NTLH32.EXE] C:\WINDOWS\SYSTEM\NTLH32.EXE /s
O4 - HKLM\..\RunServices: [NTVB.EXE] C:\WINDOWS\NTVB.EXE /s
O4 - HKLM\..\RunServices: [D3DQ32.EXE] C:\WINDOWS\D3DQ32.EXE /s
O4 - HKLM\..\RunServices: [APPEO.EXE] C:\WINDOWS\SYSTEM\APPEO.EXE /s
O4 - HKLM\..\RunServices: [MFCBS32.EXE] C:\WINDOWS\SYSTEM\MFCBS32.EXE /s
O4 - HKLM\..\RunServices: [SYSCN.EXE] C:\WINDOWS\SYSTEM\SYSCN.EXE /s
O4 - HKLM\..\RunServices: [MSJC32.EXE] C:\WINDOWS\MSJC32.EXE /s
O4 - HKLM\..\RunServices: [SYSXK32.EXE] C:\WINDOWS\SYSXK32.EXE /s
O4 - HKLM\..\RunServices: [MFCGX.EXE] C:\WINDOWS\MFCGX.EXE /s
O4 - HKLM\..\RunServices: [NTIP.EXE] C:\WINDOWS\SYSTEM\NTIP.EXE /s
O4 - HKLM\..\RunServices: [ATLXY.EXE] C:\WINDOWS\SYSTEM\ATLXY.EXE /s
O4 - HKLM\..\RunServices: [APIHL32.EXE] C:\WINDOWS\SYSTEM\APIHL32.EXE /s
O4 - HKLM\..\RunServices: [MFCZZ32.EXE] C:\WINDOWS\SYSTEM\MFCZZ32.EXE /s
O4 - HKLM\..\RunServices: [SDKKV32.EXE] C:\WINDOWS\SDKKV32.EXE /s
O4 - HKLM\..\RunServices: [NETKV.EXE] C:\WINDOWS\SYSTEM\NETKV.EXE /s
O4 - HKLM\..\RunServices: [MSUT.EXE] C:\WINDOWS\MSUT.EXE /s
O4 - HKLM\..\RunServices: [ADDXM.EXE] C:\WINDOWS\ADDXM.EXE /s
O4 - HKLM\..\RunServices: [ADDIR32.EXE] C:\WINDOWS\ADDIR32.EXE /s
O4 - HKLM\..\RunServices: [APPEK32.EXE] C:\WINDOWS\SYSTEM\APPEK32.EXE /s
O4 - HKLM\..\RunServices: [MFCYB32.EXE] C:\WINDOWS\MFCYB32.EXE /s
O4 - HKLM\..\RunServices: [SYSHK32.EXE] C:\WINDOWS\SYSHK32.EXE /s
O4 - HKLM\..\RunServices: [ATLNS32.EXE] C:\WINDOWS\ATLNS32.EXE /s
O4 - HKLM\..\RunServices: [APIQO.EXE] C:\WINDOWS\SYSTEM\APIQO.EXE /s
O4 - HKLM\..\RunServices: [WINWK32.EXE] C:\WINDOWS\WINWK32.EXE /s
O4 - HKLM\..\RunServices: [ATLUU.EXE] C:\WINDOWS\ATLUU.EXE /s
O4 - HKLM\..\RunServices: [MSFK.EXE] C:\WINDOWS\MSFK.EXE /s
O4 - HKLM\..\RunServices: [MFCFK32.EXE] C:\WINDOWS\MFCFK32.EXE /s
O4 - HKLM\..\RunServices: [SYSFW32.EXE] C:\WINDOWS\SYSFW32.EXE /s
O4 - HKLM\..\RunServices: [MFCPB.EXE] C:\WINDOWS\MFCPB.EXE /s
O4 - HKLM\..\RunServices: [IPAU32.EXE] C:\WINDOWS\IPAU32.EXE /s
O4 - HKLM\..\RunServices: [CRCP32.EXE] C:\WINDOWS\CRCP32.EXE /s
O4 - HKLM\..\RunServices: [NETFX.EXE] C:\WINDOWS\SYSTEM\NETFX.EXE /s
O4 - HKLM\..\RunServices: [IPGF.EXE] C:\WINDOWS\IPGF.EXE /s
O4 - HKLM\..\RunServices: [IPZY32.EXE] C:\WINDOWS\IPZY32.EXE /s
O4 - HKLM\..\RunServices: [MFCWQ.EXE] C:\WINDOWS\MFCWQ.EXE /s
O4 - HKLM\..\RunServices: [MFCLA.EXE] C:\WINDOWS\SYSTEM\MFCLA.EXE /s
O4 - HKLM\..\RunServices: [IECA32.EXE] C:\WINDOWS\IECA32.EXE /s
O4 - HKLM\..\RunServices: [IPBI32.EXE] C:\WINDOWS\IPBI32.EXE /s
O4 - HKLM\..\RunServices: [MFCCW32.EXE] C:\WINDOWS\SYSTEM\MFCCW32.EXE /s
O4 - HKLM\..\RunServices: [SDKWE32.EXE] C:\WINDOWS\SYSTEM\SDKWE32.EXE /s
O4 - HKLM\..\RunServices: [SDKZQ.EXE] C:\WINDOWS\SYSTEM\SDKZQ.EXE /s
O4 - HKLM\..\RunServices: [MSEU.EXE] C:\WINDOWS\SYSTEM\MSEU.EXE /s
O4 - HKCU\..\Run: [WindowsFY] C:\WP.EXE
O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = sn
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 165.21.83.88

#4
Avohir

Posted 20 May 2005 - 07:37 AM

Visiting Staff

Visiting Consultant
1,002 posts

I'm not surprised, you have several infections in that log, and they can clog even a newer computer (which I'm assuming this is not, since its running 98)

Please save these instructions to a text file in Wordpad or print them out because we will be restarting in Safe Mode and you will have no Internet Connection

Download CWShredder.
Save CWShredder.exe to a convenient location.
Please Do Not Use It Yet.

Download AboutBuster.
Unzip AboutBuster.zip and it will install in it's own folder.
Double-click on AboutBuster.exe and then click 'OK' then 'Update'
Click "Check For Update" and then "Download Update".
Click "Exit"
Please Do Not Use It Yet.

Disconnect From The Internet

Boot into Safe Mode:
Restart your computer and tap F8 repeatedly while booting up and choose Safe Mode at the menu.

In Safe Mode Please Clean with CWShredder

Please Double-click on CWShredder.exe.
Click "Fix ->" and click "OK" at the prompt.
CWShredder will scan and clean your system of CWS files.
Click "Next->" and then "Exit".

In Safe Mode Please Use AboutBuster

Please Double-click on AboutBuster.exe.
Click "OK" then "Start" and then "OK" to allow AboutBuster to scan for all bad files.
Click "Yes" when About Buster asks if you will allow it to shutdown explorer.exe.
Allow AboutBuster to scan for all malicious files.
Repeat the scan if it asks to do another.
After the scan, click "Save Log". Post the log in your next post as it is necessary to make sure all has been cleaned
Then Click "Exit"

This infection often deletes necessary system files.
Reboot your computer back into normal mode so that we can see if any files need to be restored.

This infection deletes the windows file, shell.dll.

If you are using XP,2000, or NT please download shell.dll from here: shell-dll.zip. Once the file is downloaded uncompress the zip file and copy shell.dll to the following locations:
C:\Windows\system32
C:\Windows\system

If you are using Windows 98*admin please download shell.dll from here: shell98-dll.zip. Once the file is downloaded uncompress the zip file and copy shell.dll to the following locations
C:\Windows\system
Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original deleted Hosts file.
If you have Spybot S&D installed you will also need to replace one file. Go here: Merijn's Files (sdhelper) and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy). Then click Start > Run > regsvr32 "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" and press the OK button
If you are using Windows 95, 98, or ME it is possible that the malware deleted your control.exe. Please check for the existence of this file by going to to Merijn Files control.exe and examine where the file should be for your operating system. If the file is missing then download the appropriate file and place it in the proper place according to this information.
There are several other files that are not targeted as often as the above, but new copies of them can be downloaded from
Merijn Files

Online Antivirus Scan

Please go to The TrendMicro Housecall website.
Allow it to scan and fix anything that it finds.

Please Clean out temporary files:
Start> Run> then type cleanmgr and click enter
Please put a check mark beside Temporary Files, Temporary Internet Files, and Recycle Bin
Let cleanmgr scan your system and remove the files indicated

Reboot and Post a New HijackThis Log and your About Buster Log in this thread, using Add Reply to see what is left to clean.