RE: cannot run any online scans; regedit or task manager

From: Filipe D'oliveira (FilipeDoliveira_at_discussions.microsoft.com)
Date: 06/18/04

Next message: zero: "Re: Favs - can you have too many ?"
Previous message: Mary: "Can't reinstall IE6...."
In reply to: jo: "cannot run any online scans; regedit or task manager"
Messages sorted by: [ date ] [ thread ]

Date: Fri, 18 Jun 2004 14:15:01 -0700

Hi there my unwise friend.

bodywipedata.exe stop this and get rid of. what is it anyway???

ebatesmoemoney.exe is spyware/adware stop process and get rid of

WToolsA.exe, you are very unlucky stop process and shoot it to f**k

WSup.exe, again stop process and get rid of. make a search in google and u will c...

http://www.wheresjames.com/index.php?page=sa&pg=3

the above link should help in searching for more of the culprits for your disasters.

otherwise just search google for all processes if in doubt.

Use a firewall/ antivirus all times.

dont allow any thing to access the net if you dont know what it is.

Next best thing is dont download everything... Zilla software has cause the ebatesmoemoney.exe and navexcel.exe to appear in my machine in the past, caused grief. get rid of it...

Good luck my friend... Be wiser in future... if you backed up then format and wipe drive with a US standard DoD 5220.22-M algorithim B4 formating and installing windows... Acronis drive cleanser is great...

Spend a few pennies.

Be well.

-- 
Take today to make it  a great yesterday and take tomorrow to do what you've done today! (By: Me 1972/2004)
"jo" wrote:
> Laptop Windows XP home edition; IE 6.0 
> 
> I got hijacked yesterday. Besides the annoying internet problems, this parasite has overtaken all virus software and some hijack fixers. 
> My regedit is 'in use by another program' along with task manager. 
> Any on-line virus scan will not run. My Norton is frozen and all attempts to uninstall and re-install are locked up. 
> I ran cwshredder, spyware blaster, adaware etc and clean everything up but the problem still exists. 
> 
> Here is the hijack this log: 
> Logfile of HijackThis v1.97.7 
> Scan saved at 8:25:55 AM, on 6/18/2004 
> Platform: Windows XP SP1 (WinNT 5.01.2600) 
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) 
> 
> Running processes: 
> C:\WINDOWS\System32\smss.exe 
> C:\WINDOWS\system32\winlogon.exe 
> C:\WINDOWS\system32\services.exe 
> C:\WINDOWS\system32\lsass.exe 
> C:\WINDOWS\system32\svchost.exe 
> C:\WINDOWS\System32\svchost.exe 
> C:\WINDOWS\system32\rundll32.exe 
> C:\WINDOWS\system32\spoolsv.exe 
> C:\WINDOWS\Explorer.EXE 
> C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE 
> C:\WINDOWS\System32\carpserv.exe 
> C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 
> C:\Program Files\Synaptics\SynTP\SynTPLpr.exe 
> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
> C:\PROGRA~1\UTILIT~1\ONE-TO~1\OneTouch.EXE 
> C:\windows\system\hpsysdrv.exe 
> C:\Windows\system32\HpSrvUI.exe 
> C:\WINDOWS\system32\dla\tfswctrl.exe 
> C:\WINDOWS\System32\wjview.exe 
> C:\PROGRA~1\noun bore debug\bodywipedata.exe 
> C:\Program Files\Common files\WinTools\WToolsA.exe 
> C:\WINDOWS\System32\rdtwvfwh.exe 
> C:\WINDOWS\System32\RunDLL32.exe 
> C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE 
> C:\WINDOWS\system32\HPConfig.exe 
> C:\Program Files\Utilities\Notebook Utilities\HPWirelessMgr.exe 
> C:\WINDOWS\system32\drivers\KodakCCS.exe 
> C:\Program Files\Internet Explorer\iexplore.exe 
> C:\WINDOWS\System32\ScsiAccess.EXE 
> C:\WINDOWS\System32\svchost.exe 
> C:\Program Files\Common files\WinTools\WSup.exe 
> C:\Program Files\EbatesMoeMoneyMaker\EbatesMoeMoneyMaker.exe 
> C:\Program Files\Common files\WinTools\WToolsS.exe 
> C:\WINDOWS\system32\MSIEXEC.EXE 
> C:\WINDOWS\System32\msiexec.exe 
> C:\WINDOWS\System32\MsiExec.exe 
> C:\WINDOWS\System32\MsiExec.exe 
> C:\Program Files\Norton AntiVirus\Navapsvc.exe 
> C:\Program Files\Internet Explorer\iexplore.exe 
> C:\Program Files\Norton AntiVirus\navw32.exe 
> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe 
> 
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearching.com/passthrough/index.html?http://www.netaddress.com/ 
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/ 
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/info/e-center-p 
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa 
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711 
> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa 
> R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file) 
> O1 - Hosts: 69.20.16.183 ieautosearch 
> O1 - Hosts: 69.20.16.183 auto.search.msn.com 
> O1 - Hosts: 69.20.16.183 search.netscape.com 
> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx 
> O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL 
> O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll 
> O3 - Toolbar: license gpl - {B36C08AA-90B7-8A08-74D2-1716E19BC91E} - C:\PROGRA~1\FiveAnte\this meet.dll 
> O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file) 
> O4 - HKLM\..\Run: [CARPService] carpserv.exe 
> O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe 
> O4 - HKLM\..\Run: [TV Now] C:\Program Files\Utilities\Notebook Utilities\HpTvNow.exe /RK 
> O4 - HKLM\..\Run: [Display Settings] C:\Program Files\Utilities\Notebook Utilities\hptasks.exe /s 
> O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 
> O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe 
> O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
> O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\UTILIT~1\ONE-TO~1\OneTouch.EXE 
> O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe 
> O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe 
> O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d 
> O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r 
> O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe 
> O4 - HKLM\..\Run: [Plus Mapi] C:\PROGRA~1\noun bore debug\bodywipedata.exe 
> O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe 
> O4 - HKLM\..\Run: [_Hazafibb] C:\WINDOWS\System32\rdtwvfwh.exe 
> O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow 
> O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto 
> O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE 
> O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p 
> O16 - DPF: {0DD4833D-DFFA-11D3-94D7-0050DAC353B6} (DndCtrl Class) - http://www.ofoto.com/OfotoDND.cab 
> O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab 
> O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1075500776524 
> O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab 
> O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1437/ftp.coupons.com/v3123/cpbrkpie.cab 
> O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37715.8354050926 
> O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB 
> O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab 
> O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab 
> O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com/components/ocx/autopricer/autopricer.cab 
> O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab 
>  
> Back to top       
>  
>

Next message: zero: "Re: Favs - can you have too many ?"
Previous message: Mary: "Can't reinstall IE6...."
In reply to: jo: "cannot run any online scans; regedit or task manager"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Downloadng PDF files
... >> problem re getting rid of a CoolWebSite ... >> hijack. ... CWS Shredder did the ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: WToolsS.exe, WToolsA.exe
... >> Hijack This ... >> Free Online Virus Scan ... > the list of running services. ... We've been successful getting rid of WToolsin AumHa Forums, ...
(microsoft.public.windowsxp.general)
Re: Downloadng PDF files
... "Groggy2" wrote in message ... > problem re getting rid of a CoolWebSite ... > hijack. ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Downloadng PDF files
... problem re getting rid of a CoolWebSite ... hijack. ... CWS Shredder did the ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: ONLY msn explorer works
... Well since Kelly already told you that you likely have spyware/adware on ... your computer have you yet run adaware & spybot S&D to get rid of them? ... These just might also get rid of the program your trying to uninstall since ... > kelly) was because of deceptive software such as spyware ...
(microsoft.public.windowsxp.general)