Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 04-10-2005, 06:58 PM   #1
Solid State Member
 
Join Date: Apr 2005
Posts: 8
Default CWS.Msconfig Found!!?? with files:

OK< I found a engine thgat did a spyware search (CWSShredder)and it found this. I am off to try to find out how to remove it. Maybe that is the problem.
Greg
NOTE, TWO POSTINGS AS FILE IS TOO BIG FOR ONE POSTING,SORRY
Here are the files it found:
**** Run Keys ****

RUN: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
RUN: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
RUN: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
RUN: [TCASUTIEXE] TCAUDIAG.exe -on
RUN: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
RUN: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo


**** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
BHO: [] C:\PROGRA~1\SPYBOT~1\SDHelper.dll


**** IE Toolbars ****



**** IE Extensions ****

IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe


**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost


**** IE Settings ****

Default Page: http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
Default Search: http://www.microsoft.com/isapi/redir...ie&ar=iesearch
Local Page: http://www.netscape.com
Search Page: http://www.google.com


**** IE Context Menu (Right click) ****



**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F4899729-6BC3-4A82-A5A4-1B76226633FB}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F4899729-6BC3-4A82-A5A4-1B76226633FB}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{04A3F1BE-49F2-4EF7-A484-303AE7F8A9ED}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{04A3F1BE-49F2-4EF7-A484-303AE7F8A9ED}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{01F2C77F-F1C8-4D62-BC82-2D7965344B25}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{01F2C77F-F1C8-4D62-BC82-2D7965344B25}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C51FC615-5819-4C36-8C94-A121BD3832CB}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C51FC615-5819-4C36-8C94-A121BD3832CB}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FA7610AA-40B5-493F-8C54-7F3081DAF5A5}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FA7610AA-40B5-493F-8C54-7F3081DAF5A5}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D83E772A-0F5C-404D-966F-CBF68A35FDDE}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D83E772A-0F5C-404D-966F-CBF68A35FDDE}] DATAGRAM 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{531ACAE2-529A-4F86-9283-5EAE0C5DB3C5}] SEQPACKET 6
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{531ACAE2-529A-4F86-9283-5EAE0C5DB3C5}] DATAGRAM 6


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

{0E5F0222-96B9-11D3-8997-00104BD12D94} [http://www.pcpitstop.com/pcpitstop/pcpitstop.cab] C:\WINDOWS\system32\pcpbios.exe C:\WINDOWS\system32\sysres.dll C:\WINDOWS\Downloaded Program Files\DiskFAU.dll C:\WINDOWS\Downloaded Program Files\PCPitstop.dll
{17492023-C23A-453E-A040-C7C580BBF700} [http://go.microsoft.com/fwlink/?link...7&clcid=0x409]
{2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} [http://www.windowsecurity.com/trojanscan/TDECntrl.CAB]
{6414512B-B978-451D-A0D8-FCFDF33E833C} [http://v5.windowsupdate.microsoft.co...1093126263237]
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} [http://a840.g.akamai.net/7/840/537/2...l/xscan53.cab] C:\WINDOWS\aucfg.ini C:\WINDOWS\loadhttp.dll C:\WINDOWS\patchw32.dll C:\WINDOWS\Downloaded Program Files\CONFLICT.3\xscan53.ocx
{80DD2229-B8E4-4C77-B72F-F22972D723EA} [http://www.alken.nl/scan/Msie/bitdefender.cab]
{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/products/plugin/...dows-i586.cab]
{8EB3FF4E-86A1-4717-884D-7BA2D38272CB} [http://support.f-secure.com/ols/fscax.cab]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} [http://www.pandasoftware.com/activescan/as5/asinst.cab]
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} [http://java.sun.com/products/plugin/...dows-i586.cab]
{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} [http://java.sun.com/products/plugin/...dows-i586.cab]
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} [http://java.sun.com/products/plugin/...dows-i586.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://fpdownload.macromedia.com/get...h/swflash.cab]
{EFAEF0E4-F044-4D57-9900-1C3FF18524C9} [http://fpdownload.macromedia.com/get...h/swflash.cab]


**** Windows Services ****

[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[Ati HotKey Poller] %SystemRoot%\system32\Ati2evxx.exe
[ATI Smart] C:\WINDOWS\system32\ati2sgag.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[ccPwdSvc] "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
[ccPxySvc] "C:\Program Files\Norton Internet Security\ccPxySvc.exe"
[cisvc] C:\WINDOWS\System32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[ImapiService] C:\WINDOWS\System32\imapi.exe
[iPodService] C:\Program Files\iPod\bin\iPodService.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\system32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[NISUM] "C:\Program Files\Norton Internet Security\NISUM.EXE"
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[SNDSrvc] "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{BE5C1AD8-CE70-40B6-BA1A-7353D1145045}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] C:\WINDOWS\System32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[UMWdf] C:\WINDOWS\system32\wdfmgr.exe
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs
__________________

leathersmt is offline   Reply With Quote
Old 04-10-2005, 06:58 PM   #2
Solid State Member
 
Join Date: Apr 2005
Posts: 8
Default Second Set Of File Report From Cwshredder

**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] http://www.netscape.com
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.microsoft.com/
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://www.google.com
IEOPT: [Check_Associations] No
IEOPT: [Window_Placement] ,
IEOPT: [FullScreen] no
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [Use FormSuggest] yes
IEOPT: [AddToFavoritesExpanded]
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] no
IEOPT: [NscSingleExpand]
IEOPT: [DisableScriptDebuggerIE] yes
IEOPT: [NoWebJITSetup]
IEOPT: [Page_Transitions]
IEOPT: [FavIntelliMenus] no
IEOPT: [Enable Browser Extensions] yes
IEOPT: [UseThemes]
IEOPT: [Force Offscreen Composition]
IEOPT: [AllowWindowReuse]
IEOPT: [Friendly http errors] yes
IEOPT: [ShowGoButton] yes
IEOPT: [SmoothScroll]
IEOPT: [Enable AutoImageResize] yes
IEOPT: [Enable_MyPics_Hoverbar] yes
IEOPT: [Play_Animations] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Display Inline Videos] yes
IEOPT: [Show image placeholders]
IEOPT: [Print_Background] no
IEOPT: [AutoSearch]
IEOPT: [LastCheckedHi] D9
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [FormSuggest Passwords] yes
IEOPT: [FormSuggest PW Ask] yes
IEOPT: [FavChevron] NO
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir...ie&ar=iesearch
IEOPT: [Search Page] http://www.google.com
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] http://www.netscape.com
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://www.microsoft.com/
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [Check_Associations] yes
IEOPT: [FullScreen] no
leathersmt is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 08:27 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0