Wapisvsu not responding

Discussion in 'adware, spyware & hijack cleaning' started by ritalaxman, May 15, 2004.

Thread Status:
Not open for further replies.
  1. ritalaxman

    ritalaxman Registered Member

    Joined:
    May 15, 2004
    Posts:
    84
    Location:
    I live in Bangalore, South India
    I am an user of Windows 98 2nd Edn. I was unable to shut down my computer and used to get the message wapisvsu not responding. Whenever, I try to shut down - I have to switch off the monitor - otherwise the computer rebootd. I have run Ad-aware and am posting the log below :

    Logfile of HijackThis v1.97.7
    Scan saved at 4:17:58 PM, on 5/15/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
    C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS.000\SYSTEM\MPREXE.EXE
    C:\WINDOWS.000\SYSTEM\MSTASK.EXE
    C:\WINDOWS.000\SYSTEM\mmtask.tsk
    C:\WINDOWS.000\SYSTEM\DDHELP.EXE
    C:\WINDOWS.000\EXPLORER.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\UNZIPPED\HIJACKTHIS1977\HIJACKTHIS.EXE

    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL (file missing)
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\3.BIN\MWSBAR.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\3.BIN\MWSSRCAS.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\3.BIN\MWSBAR.DLL
    O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: Ebates - file://c:\Program Files\topMoxie\TEMP\ebates_script.htm
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxmb017
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Ebates (HKCU)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F76DF680-EC17-4272-B1C7-CDB2641FA20B} (KB836528 Object) - http://microsoft.com/security/controls/DoomChk.CAB
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
    O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN.cab
    O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbscc1.mtree.com/mt/dialers/fc/UniDist.CAB
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN.cab
    O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1012_EN.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C} (Cltbuilder Class) - http://akamai.downloadv3.com/binaries/one2one/one2oneSvcEN.cab
    O16 - DPF: {9EF4E3E4-2F1E-472E-9FF2-2670EA5C42D9} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_EN.cab
    O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSEWC.cab
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
    O16 - DPF: {14325268-79E0-4D2A-89A4-FFFC6E22741E} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_3_EN.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = hathway
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 202.88.156.6,202.88.130.67

    Thank you,

    Rita
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
    Hi ritalaxman,


    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL (file missing)
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\3.BIN\MWSBAR.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\3.BIN\MWSSRCAS.DLL


    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\3.BIN\MWSBAR.DLL
    O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL (file missing)

    O8 - Extra context menu item: Ebates - file://c:\Program Files\topMoxie\TEMP\ebates_script.htm
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxmb017

    O9 - Extra button: Ebates (HKCU)

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
    O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN.cab
    O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbscc1.mtree.com/mt/dialers/fc/UniDist.CAB

    O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN.cab
    O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1012_EN.cab

    O16 - DPF: {B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C} (Cltbuilder Class) - http://akamai.downloadv3.com/binaries/one2one/one2oneSvcEN.cab
    O16 - DPF: {9EF4E3E4-2F1E-472E-9FF2-2670EA5C42D9} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_EN.cab
    O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSEWC.cab

    O16 - DPF: {14325268-79E0-4D2A-89A4-FFFC6E22741E} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_3_EN.cab

    Then reboot into safe mode and delete:
    C:\PROGRAM FILES\MYWEBSEARCH <= entire folder
    C:\PROGRAM FILES\MYSEARCH <= entire folder

    Regards,

    Pieter
     
  3. ritalaxman

    ritalaxman Registered Member

    Joined:
    May 15, 2004
    Posts:
    84
    Location:
    I live in Bangalore, South India
    Dear Sir,

    Thank you for responding. I am not very computer literate. I have a PC, but am stalled because I do not know/understand many things. I shall carryout what you have kindly let me know and get back to you.

    Thank you,

    Rita
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
    You're welcome. If you have any questions, let us know.

    Regards,

    Pieter
     
  5. ritalaxman

    ritalaxman Registered Member

    Joined:
    May 15, 2004
    Posts:
    84
    Location:
    I live in Bangalore, South India
    Dear Pieter,

    Kindly inform me how to reboot into safe mode.

    Thanks

    Rita
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
  7. ritalaxman

    ritalaxman Registered Member

    Joined:
    May 15, 2004
    Posts:
    84
    Location:
    I live in Bangalore, South India
    Got it. Thank you,

    Rita

    I would like to know how to block totally the xxx sites, as every now and then a cookie - instant access - is found on my computer. Everytime I delete it, it pops up again.

    I have registered, but have not received my e-mail link.


    Rita
     
    Last edited: Jun 20, 2004
  8. ritalaxman

    ritalaxman Registered Member

    Joined:
    May 15, 2004
    Posts:
    84
    Location:
    I live in Bangalore, South India
    Re: Sex sites

    I would like to know how to completely delete the sex sites. I find a task bar icon Instant Access appearing for a second and disappearing, whenever I boot my computer. This disappears before I could click on it and delete. I have downloaded S. Lock, but am unable to access my desktop when I unlock the code.

    Please help.

    Rita
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.