954,184 Members — Technology Publication meets Social Media

1 2 >

Have something to say? Contribute New Article Reply to this Article

0

Problems with mouse and settings

Hello everybody, I have a big problem with my computer (not the one I am currently using). Here's some info:
I have Windows 98 Version 2, (I don't know what the patch is, but under the general tab I found 4.10.2222, which could be it). Sorry this isn't very informative, but I don't remember the last program I installed, it was quite a while ago, long before this problem occured. I'm not sure what I did to create the problem, it happened after I reset the computer using shut down menu. The problem does occur every time I use the computer.

Well, the problem is that when I start up the computer, the colors are set to 16, the resolution has changed so everything is larger, and the mouse cursor doesn't appear on the screen. Now, when I go to Start -->settings-->control panel-->display-->settings (using the keyboard) to change the color and resolution, I press OK or Apply to change the settings, but the computer freezes, and when I ctrl+alt+delete, it says that Wupdater is not responding. When I click end task for this, everything closes, but nothing is saved. Does anyone have any advice please? Thanks.

Newbie Poster

16 posts since May 2004

Reputation Points: 10

Solved Threads: 0

0

Wupdater is spyware releated !! do the following >Try safe mode to get into computer .
Reboot to SAFE mode to run hijackthis
How to start computer in safe mode

Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions.
http://www.lavahelp.com/howto/updref/index.html
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"
Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, and reboot.

Then:
Download 'Hijack This!'. http://www.computercops.biz/downloads-file-328.html
Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for hijackthis,most of what it lists will be harmless or even essential, don't fix anything yet.

I hate 20 Questions

Team Colleague

13,069 posts since Aug 2003

Reputation Points: 1,064

Solved Threads: 812

0

Thanks so much for the advice! I may have some problems with the process, because I don't have a mouse, but hopefully I will be able to get by with a keyboard.

Newbie Poster

16 posts since May 2004

Reputation Points: 10

Solved Threads: 0

0

Ok, I reinstalled Norton Antivirus, and I have a virus called backdoor.sdbot. I've tried to delete it but it says it cannot be deleted. I went into the registry and deleted the strings that had to do with it also, but no luck. Does anyone have suggestions?

Newbie Poster

16 posts since May 2004

Reputation Points: 10

Solved Threads: 0

0

Symantic suggestion .
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html

For me to look at ,
run hijackthis and post a hijack log

I hate 20 Questions

Team Colleague

13,069 posts since Aug 2003

Reputation Points: 1,064

Solved Threads: 812

0

Thanks for the link! I got rid of the virus (I think), and the mouse has returned, but unfortunately the colors and the resolution are still off. I still can't change the settings also. Would hijackthis help with this problem?

Newbie Poster

16 posts since May 2004

Reputation Points: 10

Solved Threads: 0

0

not likely ,right clcik on mycomputer ,choose properties,go to device manager ,is there any yello or red ! marks ,check + by display adapters what does it say for your video card ,does it say windows default or does it give the name of your video card !!

I hate 20 Questions

Team Colleague

13,069 posts since Aug 2003

Reputation Points: 1,064

Solved Threads: 812

0

When I click on the + next to display adapters, it says "Xpert 99/Xpert 2000," which I assume is the video card? Is this a good or a bad thing?

Newbie Poster

16 posts since May 2004

Reputation Points: 10

Solved Threads: 0

0

Good thing ,try right clicking on the desktop and hit properties .then along the top go to SETTINGS and change the screen resolution to 800x600 and color quality to high 16

I hate 20 Questions

Team Colleague

13,069 posts since Aug 2003

Reputation Points: 1,064

Solved Threads: 812

0

That was the first thing I tried when this problem occured, but when I restart the computer, the settings don't change. It's very strange. I'm thinking that maybe something is wrong with the registry or something?

Newbie Poster

16 posts since May 2004

Reputation Points: 10

Solved Threads: 0

0

well lets try this just for the hell of it !

Then:
Download 'Hijack This!'. http://www.computercops.biz/downloads-file-328.html
Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for hijackthis,most of what it lists will be harmless or even essential, don't fix anything

I hate 20 Questions

Team Colleague

13,069 posts since Aug 2003

Reputation Points: 1,064

Solved Threads: 812

0

Ok, thanks, I will try that.

Newbie Poster

16 posts since May 2004

Reputation Points: 10

Solved Threads: 0

0

Ok, I hope all of this makes sense to you, because I have no idea what it means, hah....

Logfile of HijackThis v1.97.7
Scan saved at 6:57:39 PM, on 5/2/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS.000\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\LOADQM.EXE
C:\WINDOWS.000\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHAGENT.EXE
C:\WINDOWS.000\TASKMON.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\WINDOWS.000\SYSTEM\QTTASK.EXE
C:\WINDOWS.000\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\N-CASE\MSBB.EXE
C:\PROGRAM FILES\NETRATINGS\PREMETER\PRMT.EXE
C:\PROGRAM FILES\RAPIDBLASTER\RB32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
D:\DAP\DAP\DAP\DAP.EXE
C:\WINDOWS.000\SYSTEM\SAHAGENT.EXE
C:\PROGRAM FILES\CLIPGENIE\WEBINSTALL.EXE
C:\WINDOWS.000\RUNDLL32.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\BARGAINS.EXE
C:\WINDOWS.000\SYSTEM\RNAAPP.EXE
C:\WINDOWS.000\SYSTEM\TAPISRV.EXE
D:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search.windowsmediasolutions.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fuwbyg.t.muxa.cc/s.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fuwbyg.t.muxa.cc/s.php?aid=420 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fuwbyg.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.martfinder.com/spindex.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fuwbyg.t.muxa.cc/s.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.windowsmediasolutions.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://search.windowsmediasolutions.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fuwbyg.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fuwbyg.t.muxa.cc/s.php?aid=420 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fuwbyg.t.muxa.cc/s.php?aid=420 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fuwbyg.t.muxa.cc/s.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://fuwbyg.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.martfinder.com/spindex.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - (no file)
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
N2 - Netscape 6: user_pref("browser.startup.homepage", " http://www.google.com "); (C:\WINDOWS.000\Application Data\Mozilla\Profiles\default\shkaczj1.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS.000\Application Data\Mozilla\Profiles\default\shkaczj1.slt\prefs.js)
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\DAP\DAP\DAP\DAPBHO.DLL
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1311.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS.000\NETI.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\APUC.DLL
O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\PROGRAM FILES\NAVEXCEL\NAVHELPER\V2.0.4\NHELPER.DLL
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS.000\DOWNLOADED PROGRAM FILES\BRIDGE.DLL
O2 - BHO: (no name) - {914AFB33-550B-4BD0-B4EF-8DA185504836} - C:\WINDOWS.000\WINOBJECT.DLL
O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_22.dll
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS.000\BXXS5.DLL
O3 - Toolbar: NewTool - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS.000\SYSTB.DLL
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MovieNetworks] "C:\Program Files\MovieNetworks\MovieNetworks.exe" /H
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS.000\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS.000\wupdt.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS.000\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [msbb] C:\PROGRAM FILES\N-CASE\MSBB.EXE
O4 - HKLM\..\Run: [WAU] C:\WINDOWS\WAU.exe
O4 - HKLM\..\Run: [Premeter] C:\PROGRA~1\NETRAT~1\PREMETER\PRMT.EXE
O4 - HKLM\..\Run: [RapidBlaster] c:\program files\RapidBlaster\rb32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [DownloadAccelerator] D:\DAP\DAP\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS.000\SYSTEM\SahAgent.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS.000\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [WebInstall2] C:\PROGRAM FILES\CLIPGENIE\WEBINSTALL.EXE /R
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [systray] C:\WINDOWS.000\SYSTEM\A.EXE
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [Win Server] C:\WINDOWS.000\winserv.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Startup: officejet 6100.lnk = C:\Program Files\ie5dom.exe
O4 - Startup: AGSatellite.lnk = C:\WINDOWS~000\TEMP\pft72B5~TMP\Setup.exe
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Common Files\Real\Update_OB\realsched.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O8 - Extra context menu item: Download with GetRight - D:\get right\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\get right\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Download with &DAP - D:\DAP\DAP\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\DAP\DAP\DAP\dapextie2.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: SideStep (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AnyWho (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D Player) - file://C:\WINDOWS.000\TEMP\IEInstall\cult.cab
O16 - DPF: {4248083C-9656-11D2-8B7F-00105A17847A} - http://downloads.mplayer.com/MplayerAutoInstaller.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} (SideStep IE Inst) - http://download.sidestep.com/get/k00719/sb01c.cab
O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.25.43/04ffa35c9f4670c15100/netzip/RdxIE.cab
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://204.177.92.201/quickdl/action/NSupd9x.cab
O16 - DPF: {C7D7D67A-7B5D-4A5D-AAC9-3D1BAD8DF22A} (Load Class) - http://www.0190-dialer.com/VLoad.cab
O16 - DPF: {DC054EBF-3C6F-4D29-87AB-84344BD3DA2B} (Remote Loading Module) - http://deardrocher.com/rlm32.cab
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://dload.ipbill.com/del/241095.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {AB1E62EB-3DE3-428F-A417-64AB3C9B6CF0} (eConn Class) - http://econnect.libereco.net/econnect.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
O16 - DPF: {50A28604-52F2-11D6-8F0F-5254AB11D5C2} - http://directplugin.com/dialers/109544.exe
O16 - DPF: {A27CFCAE-9351-4D74-BFFC-21EB19693D8C} - http://www.xupiter.com/search2/install/XupiterToolbarLoader.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/25349c5d0c3b7712da02/netzip/RdxIE601.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {F0AA2376-F073-4E57-86E8-0238F99087C7} (AInst Class) - http://www.thesurveyonline.com/activeinstaller.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38016.8673148148
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getmirar.com/875455/files/installer.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} (EPlugin Control) - http://66.98.176.62/EPlugin_US.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/k9g5ar.cab
O16 - DPF: {8A8F3D75-6564-4599-A7DC-313B43A89E1D} - http://www.movies.net.cn/digital/AdInstaller.ocx
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/CDTInc/bridge.cab

Newbie Poster

16 posts since May 2004

Reputation Points: 10

Solved Threads: 0

0

You have that many viruses and trojans on you computer i don't know where to start ,did you run the online virus scan in my signature allready if not do so after you fix the rappid blaster one .download the rapid blaster fix ,
http://www.wilderssecurity.net/downloads/rbkiller.exe ,

I hate 20 Questions

Team Colleague

13,069 posts since Aug 2003

Reputation Points: 1,064

Solved Threads: 812

0

then this .

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

I hate 20 Questions

Team Colleague

13,069 posts since Aug 2003

Reputation Points: 1,064

Solved Threads: 812

0

also go to Control panel add and remove programs and uninstall, NEW DOT NET

I hate 20 Questions

Team Colleague

13,069 posts since Aug 2003

Reputation Points: 1,064

Solved Threads: 812

0

I suggest Spybot

Download SPYBOT

How to setup ad-Aware and spyBot
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

reboot computer and post a new hijackthis log

I hate 20 Questions

Team Colleague

13,069 posts since Aug 2003

Reputation Points: 1,064

Solved Threads: 812

0

Thanks for all the information, I used the shredder program in safe mode already, and now im downloading spybot. Hopefully I will have the log up soon...

Newbie Poster

16 posts since May 2004

Reputation Points: 10

Solved Threads: 0

0

Ok, I used Spybot, and it got rid of a lot, but this list doesn't seem any shorter...is it supposed to be?

Logfile of HijackThis v1.97.7
Scan saved at 11:38:23 PM, on 5/2/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS.000\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\LOADQM.EXE
C:\WINDOWS.000\SYSTEM\STIMON.EXE
C:\WINDOWS.000\TASKMON.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\WINDOWS.000\SYSTEM\QTTASK.EXE
C:\WINDOWS.000\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
D:\DAP\DAP\DAP\DAP.EXE
C:\PROGRAM FILES\CLIPGENIE\WEBINSTALL.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
D:\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search.windowsmediasolutions.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.windowsmediasolutions.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://search.windowsmediasolutions.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
N2 - Netscape 6: user_pref("browser.startup.homepage", " http://www.google.com "); (C:\WINDOWS.000\Application Data\Mozilla\Profiles\default\shkaczj1.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS.000\Application Data\Mozilla\Profiles\default\shkaczj1.slt\prefs.js)
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS.000\NETI.DLL
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS.000\BXXS5.DLL
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MovieNetworks] "C:\Program Files\MovieNetworks\MovieNetworks.exe" /H
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS.000\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS.000\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [WAU] C:\WINDOWS\WAU.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [DownloadAccelerator] D:\DAP\DAP\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS.000\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [WebInstall2] C:\PROGRAM FILES\CLIPGENIE\WEBINSTALL.EXE /R
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Startup: officejet 6100.lnk = C:\Program Files\ie5dom.exe
O4 - Startup: AGSatellite.lnk = C:\WINDOWS~000\TEMP\pft72B5~TMP\Setup.exe
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Common Files\Real\Update_OB\realsched.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O8 - Extra context menu item: Download with GetRight - D:\get right\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\get right\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Download with &DAP - D:\DAP\DAP\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\DAP\DAP\DAP\dapextie2.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: SideStep (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AnyWho (HKLM)
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D Player) - file://C:\WINDOWS.000\TEMP\IEInstall\cult.cab
O16 - DPF: {4248083C-9656-11D2-8B7F-00105A17847A} - http://downloads.mplayer.com/MplayerAutoInstaller.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} (SideStep IE Inst) - http://download.sidestep.com/get/k00719/sb01c.cab
O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.25.43/04ffa35c9f4670c15100/netzip/RdxIE.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/25349c5d0c3b7712da02/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38016.8673148148
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getmirar.com/875455/files/installer.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} (EPlugin Control) - http://66.98.176.62/EPlugin_US.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/k9g5ar.cab
O16 - DPF: {8A8F3D75-6564-4599-A7DC-313B43A89E1D} - http://www.movies.net.cn/digital/AdInstaller.ocx

Newbie Poster

16 posts since May 2004

Reputation Points: 10

Solved Threads: 0

0

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:

\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS.000

\NETI.DLL

O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS.000

\BXXS5.DLL
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no

file)

If you put these in your host file ,leave unfixed if you didn't fix them '
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com

O4 - HKLM\..\Run: [WAU] C:\WINDOWS\WAU.exe

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS.000\BXXS5.DLL,DllRun

O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} (SideStep IE Inst) - http://

download.sidestep.com/get/k00719/sb01c.cab

O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://dist02 .

chargitdial.com/chargitplug.dll

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207 .

188.25.43/04ffa35c9f4670...etzip/RdxIE.cab

O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug

.com/mini...uginstaller.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207 .

188.7.150/25349c5d0c3b77...ip/RdxIE601.cab

O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getmirar .

com/875455/files/installer.cab

O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} (EPlugin Control) - http://

66.98.176.62/EPlugin_US.cab

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers .

net/NetpalO...DMO1/k9g5ar.cab

Now reboot into safe mode and delete the following files and folders .

C:\WINDOWS\WAU.exe>>>>> delete file only

C:\WINDOWS.000\BXXS5.DLL>>>>>>>>>> delete file only

to delete the above files and folder you will need to do the following
go to Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files

How to start computer in safe mode

reboot computer and post a new log

I hate 20 Questions

Team Colleague

13,069 posts since Aug 2003

Reputation Points: 1,064

Solved Threads: 812

This question has already been solved

You

1 2 >

© 2012 DaniWeb® LLC

Home | About Us | Contact Us | Terms of Service | Advertising Opportunities