1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

CwShredder scan?

Discussion in 'Virus & Other Malware Removal' started by dnbbaybee, Apr 13, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. dnbbaybee

    dnbbaybee Thread Starter

    Joined:
    Jan 19, 2004
    Messages:
    42
    Wow. I didn't even know this scan function existed in CWShredder.

    However, this looks strange to me. XXX toolbar? TeensGuru?

    Someone help please.

    Thanks in advance

    CWShredder v1.47.4 scan only report

    Windows XP (5.01.2600 )
    Windows dir: C:\WINDOWS
    Windows system dir: C:\WINDOWS\system32
    AppData folder: C:\Documents and Settings\Owner\Application Data
    Username: Owner

    Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts (734 bytes, A)
    Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
    UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe,
    CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwebsearch.com [*] dword:4
    CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwwwsearch.com [*] dword:4
    CWS.Googlems.2 (if value is 2) Registry value: Domains: *.xxxtoolbar.com [*] dword:4
    CWS.Googlems.4 (if value is 2) Registry value: Domains: *.teensguru.com [*] dword:4
    CWS.Vrape/CWS.Addclass Registry value: DefaultPrefix [] http://
    CWS.Vrape/CWS.Addclass Registry value: WWW Prefix [www] http://
    Registry value: Mosaic Prefix [mosaic] http://
    Registry value: Home Prefix [home] http://
    Found Win.ini file: C:\WINDOWS\win.ini (903 bytes, A)
    Found System.ini file: C:\WINDOWS\system.ini (227 bytes, A)

    - END OF REPORT -

    Oh yes, when I try to check for updates, I consistently get the error message
    Connecting...
    Fetching CWShredder update information...
    Unable to retrieve CWShredder update information.

    Whats up with that?!?!
     
  2. ironmaixden

    ironmaixden

    Joined:
    Mar 24, 2004
    Messages:
    46
  3. sleekluxury

    sleekluxury

    Joined:
    Oct 5, 2003
    Messages:
    3,752
  4. dnbbaybee

    dnbbaybee Thread Starter

    Joined:
    Jan 19, 2004
    Messages:
    42
    I already run SpyBot----just about every other day.

    I have 4 security programs, a firewall, and Norton AntiVirus.

    Does this scan look suspicious? I just downloaded the suggested link and its saying that nothing is found on my PC. Im confused. It seemed to me that the first poster was suggesting that I had some sort of problem?

    Help again! Thanks in advance!
     
  5. Grinler

    Grinler Malware Specialist

    Joined:
    Mar 10, 2004
    Messages:
    103
    Let us see a HijackThis log. You should also use ad-aware in conjunction with Spybot.
     
  6. dnbbaybee

    dnbbaybee Thread Starter

    Joined:
    Jan 19, 2004
    Messages:
    42
    Also Use AdAware 6.0---every other day. I run virus scans and HiJackThis scans once a week, too.

    This is why I am not understanding whats going on here.

    I have plenty of security. Heres the log. Any help would be greatly appreciated.

    Logfile of HijackThis v1.97.7
    Scan saved at 11:33:44 PM, on 4/13/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\America Online 8.0\waol.exe
    C:\Program Files\America Online 8.0\shellmon.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6199712A-8BF2-4465-81B7-07D04DFD1205}: NameServer = 205.188.146.146
     
  7. Grinler

    Grinler Malware Specialist

    Joined:
    Mar 10, 2004
    Messages:
    103
    Sorry for not picking up on this sooner. Dont use scan..its misleading.

    The reason you are seeing those entries in the scan is because you probably used Spywareblaster or IE-Spyad at one time and had those domains added to your Restricted Sites zone.

    Look at your registry key:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

    You will have these domains listed there:

    coolwebsearch.com
    coolwwwsearch.com
    xxxtoolbar.com
    teensguru.com

    Dont worry about it.
     
  8. dnbbaybee

    dnbbaybee Thread Starter

    Joined:
    Jan 19, 2004
    Messages:
    42
    Whew.

    I about freaked out.

    Thanks alot Grinler!!!
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - CwShredder scan
  1. dogluver
    Replies:
    29
    Views:
    2,748
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/220063

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice