Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

CWShredder.exe - Application error


  • Please log in to reply

#1
raksasas

raksasas

    Member

  • Member
  • PipPip
  • 18 posts
I believe this would fall under this topic. Yes CWShredder is an coolwebsearch remover (spyware remover program). But This is related to windows. I run this and a few others after reloading a machine and puttin it on the domain. I do this to make sure the pc is free of spyware before I let the user take the pc over. One of the programs I ran was CWShredder. It found VX2.Look2Me. It's been a few days but I think that was the one. I have been trying to figure out why I am getting the following. Posted Image

It comes up just before you put in your login information.

Edited by raksasas, 03 June 2005 - 07:52 AM.

  • 0

Advertisements


#2
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
you reloaded a machine and it was already infected?

How did you reload it?

And cwsshredder does not load as startup, typically. You want to post a hijack log so I can see what you have running in the background?

Does that errr occur EVERY time you boot?
  • 0

#3
raksasas

raksasas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Yep every single time

If you really need a Hijack log here you go:
Logfile of HijackThis v1.99.1
Scan saved at 10:56:57 AM, on 6/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IrfanView\i_view32.exe
C:\Documents and Settings\joe.rose\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117210173865
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = texasnetworking.com
O17 - HKLM\Software\..\Telephony: DomainName = texasnetworking.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = texasnetworking.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = texasnetworking.com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\joe.rose\Desktop\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

#4
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\joe.rose\Desktop\CWShredder.exe

why the heck is this running as a service?

I have never seen cwsshredder do that before...what version are you using? Where did you get it?
  • 0

#5
raksasas

raksasas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
That's what i would like to know.
it is 2.15 - http://www.intermute...r_download.html

Gotten from the Download stand-alone version of CWShredder link

Thanks for point it out as a Service... I disable it. Service was called - CWShredder Service.
But the question is:
"why the heck is this running as a service?"

Edited by raksasas, 03 June 2005 - 10:24 AM.

  • 0

#6
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
I do not know...let me install it and see what i get....can you run it standalone?
  • 0

#7
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
gerry? What did you come up with?? I have a current log with this same "service" in it. The research I've done hasn't really turned up anything yet. I've seen tons of ppl questioning it, no real ANSWERS yet.

Pm me if you want, or reply here...sub'ing to this thread
  • 0

#8
raksasas

raksasas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I haven't really found an answer to this either. Basically I just disabled the service and the error's gone. But still no idea how it got there in the first place. My main thought is - Is that the right site to download the CWShredder? I have downloaded it on other machine since then and every time I check to see it if put in the Service and there was no service on it.

I think I will use this site for Tech help when I can't figure something out at work. Because ya’ll seem really friendly and fast to reply. And not shoot you down when you ask about something on a Windows ME machine. Not my fault that people still use ME on their pc's. The company I work for does IT work for Business that can't afford their own IT staff and we get people that bring their pc's in also. Basically I don't have the answer all the time if there is a problem.

Edited by raksasas, 10 June 2005 - 06:17 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP