Jump to content


Photo

It Said to come here


  • Please log in to reply
8 replies to this topic

#1 I Paintball

I Paintball

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 30 May 2004 - 12:28 PM

Well, me being a newbie at understanding computers (I can use them alright) I was using CWShredder, and it said somthing like if this is random delete it, the software cant tell. It also said if you were confused to come here, so I did. The filename was:
C:/WINDOWS\WCUNINST.EXE

Not quite sure what to do.

Also, when I right click, an option appears:
>>>Hardcore Movies<<<
Any way to fix that?

Thank you for your time.

#2 baskar1234

baskar1234

    Member

  • Trusted Advisor
  • Pip
  • 99 posts

Posted 30 May 2004 - 01:21 PM

Hello,..

For us to have a look,,,... please download HIJACKTHIS from the link below...

hijackthis

Then, unzip it.... run hijackthis....hit SCAN....then hit SAVE LOG.... copy and paste the log in your post....

DO NOT FIX OR REMOVE ANYTHING ANYTHING WITH HIJACKTHIS FOR MOST AOF THE ENTRIES ARE USUALLY HARMESS/ESSENTIAL......

#3 I Paintball

I Paintball

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 30 May 2004 - 05:38 PM

I guess this is what you wanted?



Logfile of HijackThis v1.97.7
Scan saved at 6:36:27 PM, on 5/30/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\WEBSVR\SYSTEM\INETSW95.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPDCLNT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MSINPUT\POINT32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
E:\WIN AMP\WINAMP3\WINAMPA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
D:\HIJACK THIS\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {02BB5D60-70A4-11D7-8577-006008BD91B3} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -on
O4 - HKLM\..\Run: [POINTER] C:\MSINPUT\point32.exe
O4 - HKLM\..\Run: [TIPS] C:\MSINPUT\tips\mouse\tips.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE
O4 - HKLM\..\Run: [Microsoft WebServer] C:\Program Files\WebSvr\System\svctrl /init
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Alogserv] c:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "E:\Win Amp\Winamp3\winampa.exe"
O4 - HKLM\..\RunServices: [Microsoft WebServer] C:\Program Files\WebSvr\System\inetsw95.exe -w3svc
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [McAfee Firewall] "C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE" /SERVICE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: >>> HARDCORE MOVIES <<< - java script:{document.location='http://neosexvideo.com/webmasters/df004/access.htm';}
O9 - Extra button: AIM (HKLM)
O13 - WWW. Prefix: http://
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7865.4268402778
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab
O16 - DPF: {0C3F7D74-ADA5-4976-8908-A8189590DAFA} (3DGreetings.com Player 2.0) - http://expressit.bro...tings/vroom.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab

#4 I Paintball

I Paintball

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 30 May 2004 - 09:21 PM

Page three already.... Anyone out there can help me?

#5 baskar1234

baskar1234

    Member

  • Trusted Advisor
  • Pip
  • 99 posts

Posted 30 May 2004 - 11:32 PM

hello ,..

close all browser windows,.. run hijackthis and put a check on the following entries,.. hit FIX CHECKED button,..


O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE -> NOT A BAD ENTRY BUT A RESOURCE HOG

O8 - Extra context menu item: >>> HARDCORE MOVIES <<< - java script:{document.location='http://neosexvideo.com/webmasters/df004/access.htm';} -> Cause for the extra item in the right click menu,.

O16 - DPF: {0C3F7D74-ADA5-4976-8908-A8189590DAFA} (3DGreetings.com Player 2.0) - http://expressit.bro...tings/vroom.CAB

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab


O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab


Also,.. you don't seem to have much to clean in your log ,..Do you have any problems in specific,.. Do you get popups?. Let us know if you have any,.. also what is the file cwshredder cannot delete,. .

Try running cwshredder in safe mode,... that might help,..

reboot ,..rescan with hijackthis and post fresh log,,.

Edited by baskar1234, 31 May 2004 - 04:17 AM.


#6 I Paintball

I Paintball

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 31 May 2004 - 05:07 PM

Thank you for your help. This is my current log:


Logfile of HijackThis v1.97.7
Scan saved at 11:21:32 AM, on 5/31/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\WEBSVR\SYSTEM\INETSW95.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPDCLNT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MSINPUT\POINT32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
E:\WIN AMP\WINAMP3\WINAMPA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\HIJACK THIS\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {02BB5D60-70A4-11D7-8577-006008BD91B3} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -on
O4 - HKLM\..\Run: [POINTER] C:\MSINPUT\point32.exe
O4 - HKLM\..\Run: [TIPS] C:\MSINPUT\tips\mouse\tips.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE
O4 - HKLM\..\Run: [Microsoft WebServer] C:\Program Files\WebSvr\System\svctrl /init
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Alogserv] c:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "E:\Win Amp\Winamp3\winampa.exe"
O4 - HKLM\..\RunServices: [Microsoft WebServer] C:\Program Files\WebSvr\System\inetsw95.exe -w3svc
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [McAfee Firewall] "C:\PROGRAM FILES\MCAFEE\MCAFEE FIREWALL\CPD.EXE" /SERVICE
O9 - Extra button: AIM (HKLM)
O13 - WWW. Prefix: http://
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7865.4268402778
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab



I had no problems really, the reason I came here was because I ran CWShredder, and a window popped up. I'll paraphrase: " The following file looks like CWS.COntrol.4 If the filename below has random characters, it should be deleted. CWShredder cannot determine this for you, and it could be harmless. If you are unsure, click 'no' and ask somone for help.
C:/WINDOWS\WCUNINST.EXE"

I wasn't sure, and I wanted to double check before I deleted somthing important. That was my real reason for coming here, but I think I got a few other problem fixed in the process.

#7 I Paintball

I Paintball

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 31 May 2004 - 09:47 PM

Bump...

#8 I Paintball

I Paintball

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 01 June 2004 - 04:05 PM

Bump....


Anyone?

#9 baskar1234

baskar1234

    Member

  • Trusted Advisor
  • Pip
  • 99 posts

Posted 01 June 2004 - 11:24 PM

Your log looks clean,..

Sorry i missed your post ,..

That file you mentioned doesn't seem to be bad,.. But if you want to be sure,, right click on the file and look at the properties of the file,.. its a good thing that you didn't delete the file,. must have been some uninstaller,.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button