Wilders Security Forums  

Go Back   Wilders Security Forums > Security Products > other anti-malware software
Reload this Page CWS help wanted
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old September 9th, 2003, 12:50 PM
claire
 
Posts: n/a
Default CWS help wanted
CWS found:
Hostfile:C:\Windows\Hosts(309107 bytes)
Registry keys:cws.com(trusted zone)
:cwwwsearch.com(trusted zone)
:msn.com(trusted zone)
Win.ini file:C\Windows\win.ini(7973 bytesA)
Found line in win.ini=hpfsched.
May I let CWS delete everything without any problem?
The last entry seems linked to my HP printer
Any help would be appreciated.
PS if needed how can I have CWS do a partial deletion?
  #2  
Old September 9th, 2003, 02:21 PM
Pieter_Arntz's Avatar
Pieter_Arntz Pieter_Arntz is offline
Spyware Veteran
  
Join Date: Apr 2002
Location: Netherlands
Posts: 12,726
Default Re:CWS help wanted
Hi claire,

Feel free to post your HijackThis log.
I'd like to see what is going on.
CWShredder does not do partial deletions.
Could you post your HijackThis log
Download, Unzip and run HijackThis. Then click Scan > Save log, save the log as a .txt file and copy & paste its content into your next post.
Donīt fix anything yet. Most of what it finds is harmless.

Regards,

Pieter
__________________
Regards,

Pieter
Itīs nice to be important, but itīs more important to be nice.

It's human to make mistakes. It's even more so to blame the computer for it.
  #3  
Old September 9th, 2003, 02:32 PM
claire
 
Posts: n/a
Default Re:CWS help wanted
hi Pieter,
Thanks for your help
Logfile of HijackThis v1.96.4
Scan saved at 20:30:39, on 9/09/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\TRIDTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\REGPROT\REGPROT.EXE
C:\PROGRAM FILES\SOFT4EVER\LOOKNSTOP\LOOKNSTOP.EXE
C:\PROGRAM FILES\TROJANHUNTER 3.6\THGUARD.EXE
C:\PROGRAM FILES\ESET\NOD32KUI.EXE
C:\WINDOWS\SYSTEM\SWEEPER.EXE
C:\INTEL\PSNCU INTEL\CPUNUMBER.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\NAVISCOPE\NAVISCOPE.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\TEMP\EUZEY0K.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dhnet.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:81
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TridTray] c:\windows\SYSTEM\tridtray.exe
O4 - HKLM\..\Run: [WinFast_Gamma] rundll32.exe wfcpl.dll,DllLoadGammaRampSettings
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Multimedia Keyboard] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Onscreen Display] C:\Program Files\Netropa\Onscreen Display\OSD.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [RegProt] c:\regprot\regprot.exe /start
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 3.6\THGUARD.EXE"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [Internet Sweeper] C:\WINDOWS\SYSTEM\SWEEPER.EXE /Q
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [NOD32kernel] C:\Program Files\Eset\nod32krn.exe
O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Intel\PSNCU Intel\CPUNumber.exe" /nosplash
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: naviscope.lnk = C:\Program Files\Naviscope\naviscope.exe
O9 - Extra button: RealGuide (HKLM)
O10 - Broken Internet access because of LSP provider 'imon.dll' missing
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37862.9015162037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
  #4  
Old September 9th, 2003, 02:42 PM
Pieter_Arntz's Avatar
Pieter_Arntz Pieter_Arntz is offline
Spyware Veteran
  
Join Date: Apr 2002
Location: Netherlands
Posts: 12,726
Default Re:CWS help wanted
Hi claire,

Check the following item in HijackThis.
Close all windows except HijackThis and click Fix checked:
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) <= You may have to reinstall Spybot S&D to get that right again.
Then reboot.

Did you remove the entries from your trusted zone yourself or was this a total false alarm by CWShredder?

Regards,

Pieter
__________________
Regards,

Pieter
Itīs nice to be important, but itīs more important to be nice.

It's human to make mistakes. It's even more so to blame the computer for it.
  #5  
Old September 9th, 2003, 02:46 PM
claire
 
Posts: n/a
Default Re:CWS help wanted
Hi Pieter,
Thanks again for your help.I did not touch my trusted
zone(this one is empty) in anyway.
Is it safer for me to uninstall Spybot first,then clean withHJT and reinstall SPYBOT?Or can I simply clean at once with HJT?

Ps:Thanks again Pieter worked like a charm
Have a great week
  #6  
Old September 9th, 2003, 03:31 PM
Pieter_Arntz's Avatar
Pieter_Arntz Pieter_Arntz is offline
Spyware Veteran
  
Join Date: Apr 2002
Location: Netherlands
Posts: 12,726
Default Re:CWS help wanted
Hi claire,

Glad to be able to help you.

First use HijackThis then reinstall Spybot S&D, I would say.
Otherwise either the file would no longer be missing or you would get a double entry. (Dunno )

Be seeing you around.

Regards,

Pieter


__________________
Regards,

Pieter
Itīs nice to be important, but itīs more important to be nice.

It's human to make mistakes. It's even more so to blame the computer for it.
 

Wilders Security Forums > Security Products > other anti-malware software « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 03:51 AM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletinŪ Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright Đ2002 - 2013, Wilders Security Forums