Posts by caperjack

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://easy-search.biz

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://easy-search.biz

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.biz

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.biz

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://easy-search.biz

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://easy-search.biz

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://easy-search.biz

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://easy-search.biz

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://easy-search.biz

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

O4 - HKLM\..\Run: [WinSys] C:\WINNT\System32\WinSys.exe

O4 - HKCU\..\Run: [runwin32] C:\WINNT\runwin32.exe

O4 - HKCU\..\Run: [wininet32] C:\WINNT\wininet32.exe

this is resource hog and suggested fix ,as its not needed in startup.
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Now reboot into safe mode and delete the following files and folders if found .

C:\WINNT\System32\WinSys.exe ... delete file

C:\WINNT\runwin32.exe ...delete file

C:\WINNT\wininet32.exe ...delete file

to delete the above files and folder you will need to do the following
go to
Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode

…

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

I am having the same/similar problem...

Logfile of HijackThis v1.97.7
Scan saved at 11:08:00, on 02/06/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\tcpsvcs.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\system32\E_S00RP2.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Advanced Communications\Hosting Controller\exes\HCDiskQuota.exe
C:\WINNT\System32\llssrv.exe
C:\PROGRA~1\MAILEN~1\BIN\MEHTTPS.EXE
C:\PROGRA~1\MAILEN~1\BIN\MELSC.EXE
C:\PROGRA~1\MAILEN~1\BIN\MEMTA.EXE
C:\PROGRA~1\MAILEN~1\BIN\MEPOC.EXE
C:\PROGRA~1\MAILEN~1\BIN\MEPOPC.EXE
C:\PROGRA~1\MAILEN~1\BIN\MEPOPS.EXE
C:\PROGRA~1\MAILEN~1\BIN\MESMTPC.EXE
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgentNT.exe
C:\Program Files\Common Files\EPSON\EBAPI\EBRR.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\khooker.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\AUDIOS~1\Bits browse intra.exe
C:\WINNT\Plaxo\1.5.2.32\InstallStub.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.html?http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program …

Did you run the virus scan!!

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup Ad-Aware and Spy-Bot S&D
http://www.zerosrealm.com/scanning.php

After you get it all fixed and things are working good ,Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

also check how i got infected in the first place .

http://www.computercops.biz/postlite7736-.html

Also a trip to windows updates is needed for critical updates and SP1's
WINDOWS UPDATES

Yeah I missed one ,make sure all other windows are close and have hijack fix this one .

O4 - HKCU\..\Run: [Ltho] C:\Documents and Settings\Owner\Application Data\ootr.exe

reboot and delete this file ..C:\Documents and Settings\Owner\Application Data\ootr.exe ..delete file .

Next run this free online virus scan to see if we can get rid of the trojans on you system .check auto fix and run the scan .
http://housecall.trendmicro.com/housecall/start_corp.asp

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll

O4 - HKLM\..\Run: [fxteixrsfp] C:\WINDOWS\System32\cwjwqz.exe

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

O4 - HKCU\..\Run: [WNSC] C:\WINDOWS\System32\wnsintsu.exe

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab

Now reboot into safe mode and delete the following files and folders if found .

C:\WINDOWS\System32\cwjwqz.exe........delete file

C:\WINDOWS\alchem.exe........delete file

C:\WINDOWS\System32\wnsintsu.exe........delete file

C:\Program Files\Common Files\GMT\........delete folder

to delete the above files and folder you will need to do the following
go to
Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode

reboot computer and post a new log.

PS,Im from CB,NS and we don't drink here thanks Anyway.lol

Now all is back to normal but I get a "Your system case has been opened - Press F1 to continue" message at boot up.

you might just be able to hit the key to enter setup instead of hitting F1,and just enter bios and then exit it saving changes ,this might get ridof message .

could it be in this keyboard program you are using .
C:\Program Files\Tavultesoft\Keyman\keyman.exe

post a fresh log ,if the above one is from before you ran spybot and adaware programs.
I will also suggest the free online virus scan in my signature,

I suggest Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup Ad-Aware and Spy-Bot S&D
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

You Have A Variant of the CoolWebSearch Trojan.

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

Considering it's a used system with someone else's version/license of XP, and according to rellie1977 he wanted to format the drive anyway, it's HIGHLY ADVISABLE that the drive get reformatted. Plus, there's no worries of whether or not the system is infected with viruses, malware, etc. if a clean O/S is installed on a fresh partition.

Exactly!:)

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.winet.html

not a complete log the top is missing !

Might I suggest Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup Ad-Aware and Spy-Bot S&D
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

Have Hijack This fix the following by placing a check in the

appropriate boxes and selecting fix checked. Make sure all

browser and all Windows Explorer windows are closed before

fixing.

R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

O4 - HKLM\..\Run: [updmgr]C:\Program Files\Common files\updmgr\updmgr.exe

This is not malware but recommended fix ,resource hog.
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

Now reboot into safe mode and delete the following files and

folders if found .

C:\Program Files\Common files\updmgr ... delete folder

to delete the above files and folder you will need to do the

following
go to
Show

hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files
How to start

computer in safe mode

reboot computer and post a new log

Hey Caperjack, that it actually where my *How you got infected* link in my Sig points to. :)

I know I see it there ,Just because you have it in you signature doesn't mean anyone is going to read it,I was just making sure that they READ IT! I have spybot and all those other programs in my sign and still have to tell people to download the and use them .!:)

Might I suggest Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup Ad-Aware and Spy-Bot S&D
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

Tabascoman4 please do the following ,and after you do start you own thread,with a little info about being here ! and post your hijackthis log .

Might I suggest Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup Ad-Aware and Spy-Bot S&D
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

Download 'Hijack This!'.HERE

Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for hijackthis,most of what it lists will be harmless or even essential, don't fix anything yet.

reboot computer and post a new hijackthis log

Check this out .And get the programs suggested
http://www.computercops.biz/postlite7736-.html

Might I suggest Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup Ad-Aware and Spy-Bot S&D
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Then do this .
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=99

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html

O4 - HKLM\..\Run: [mduhszef] C:\WINDOWS\System32\wlzylwqd.exe

O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

you may find wintools in add and remove programs and unistall it there
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

This one is optional ,resource hogg ,not needed in startup.
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS

Now reboot into safe mode and delete the following files and folders if found .

to delete the above files and folder you will need to do the …

log is clean .

this program is responsiable for you browse hijack problems ,i suggest removing it ,
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us5.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us5.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us5.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us5.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us5.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us5.hpwis.com/

O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe

This one isn't spyware but is a suggested fix as its a rescorce hogg and not needed in startup.
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

Now reboot into safe mode and delete the following files and folders if found .

C:\WINDOWS\sysupd.exe >>>> Delete file

to delete the above files and folder you will need to do the following
go to
Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode

reboot computer and post a new log

Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions.
http://www.lavahelp.com/howto/updref/index.html
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"
Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, and reboot.

Then:
Download 'Hijack This!'.HERE

Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for hijackthis,most of what it lists will be harmless or even essential, don't fix …

assumming you are using winxp,go this site download shoot the messenge and run it .'
http://www.grc.com/stm/shootthemessenger.htm

Make backups of your important personal files from your PC, then destroy your DOS partitions. Reformat your hard drive. Then reinstall your OS and software.

BUT before you even connect online, buy the lastest anti-Virus software from somewhere like McAfee, and also install a firewall - Zonealarm is free (but make sure you are very strict as to what you allow to access the net).

That should go a long way to eliminating the threat.

I've found that downloaded software simply cannot remove very embedded scumware, which is why I recommend start from scratch with a full reformat. Otherwise you may never be rid. And, hey, be more careful in future. :)

6 months ago I had a computer full of spyware /trojans ,i did a search and found and used all the programs to remove the unwanted spyware ,I now use these tools to help otheres remove spyware ,I didn't format my computer ,I have't formated my computer is almost a year .I run windows updates regulary and install a couple of programs to block spyware sites ,so formating is not necessasry,but is sometimes the fastes way!!

no good. it all keeps getting reinstalled. And i'm doing this offline too.

post a hjthis log

Oh crap! Not again!

Hi ,Format how ya doing!lol :)

try start/settings/control panel /display and change the settings and see if they stay set to what you set them to

Also I forgot ,twice now to mention these I think you should also fix them i don't think they are what you want to use to search if they are leave them onfixes .
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search.windowsmediasolutions.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.windowsmediasolutions.com/

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://search.windowsmediasolutions.com/

all looks good you can fix these 2 .close all browser windowes and fix

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:

\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS.000

\NETI.DLL

O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS.000

\BXXS5.DLL
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no

file)

If you put these in your host file ,leave unfixed if you didn't fix them '
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com

O4 - HKLM\..\Run: [WAU] C:\WINDOWS\WAU.exe

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS.000\BXXS5.DLL,DllRun

O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} (SideStep IE Inst) - http://

download.sidestep.com/get/k00719/sb01c.cab

O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://dist02.

chargitdial.com/chargitplug.dll

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.

188.25.43/04ffa35c9f4670...etzip/RdxIE.cab

O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug

.com/mini...uginstaller.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.

188.7.150/25349c5d0c3b77...ip/RdxIE601.cab

O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getmirar.

com/875455/files/installer.cab

O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} (EPlugin Control) - http://

did you install video drivers when you install your card in her computer ,and did you check device manager to see if here video card drivers are installed correctly !

I suggest Spybot

Download SPYBOT

How to setup ad-Aware and spyBot
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

reboot computer and post a new hijackthis log

also go to Control panel add and remove programs and uninstall, NEW DOT NET

then this .

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

You have that many viruses and trojans on you computer i don't know where to start ,did you run the online virus scan in my signature allready if not do so after you fix the rappid blaster one .download the rapid blaster fix ,
http://www.wilderssecurity.net/downloads/rbkiller.exe,

well lets try this just for the hell of it !

Then:
Download 'Hijack This!'. http://www.computercops.biz/downloads-file-328.html
Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for hijackthis,most of what it lists will be harmless or even essential, don't fix anything

Good thing ,try right clicking on the desktop and hit properties .then along the top go to SETTINGS and change the screen resolution to 800x600 and color quality to high 16

not likely ,right clcik on mycomputer ,choose properties,go to device manager ,is there any yello or red ! marks ,check + by display adapters what does it say for your video card ,does it say windows default or does it give the name of your video card !!

Symantic suggestion .
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html

For me to look at ,
run hijackthis and post a hijack log

Wupdater is spyware releated !! do the following >Try safe mode to get into computer .
Reboot to SAFE mode to run hijackthis
How to start computer in safe mode

Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions.
http://www.lavahelp.com/howto/updref/index.html
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"
Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, and reboot.

Then:
Download 'Hijack This!'. http://www.computercops.biz/downloads-file-328.html
Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is …

just a tip ,instead of posting the link to all the post in that thread ,click on the # of the post in the thread and use that so the person gets to the one releated to them ,instead of having to read and figure out what one is the right one .like this .

http://www.wilderssecurity.com/showpost.php?p=162440&postcount=4

Thew need to be some way to locking the old threads once the problem is solved . to stop the piggiebacking

http://www.webtree.ca/windowsxp/repair_xp.htm#How%20to%20Repair%20Windows%20XP%20by%20Installing%20Over%20top%20of%20Existing%20Setup:

No guarentees, as it could be a couple things, but please do these:

Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions.
http://www.lavahelp.com/howto/updref/index.html
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"
Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, and reboot.

Then:
Download 'Hijack This!'. http://www.computercops.biz/downloads-file-328.html
Unzip (extract) it to a folder of its own. Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for …

does it boot in safe mode

How to start computer in safe mode

I have never had a stop error ,but have this link in my favorites just in case ,
http://aumha.org/win5/kbestop.php