Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CWShredder is not working correctly 2

Status
Not open for further replies.
jwyatt63

jwyatt63

Technical User
Mar 15, 2004
11
US
I'm the guy whose computer just suddenly shuts off any time I use NAV in a detailed scan mode (not a smartscan). Same thing when I use Panda's online scan, or any other online scan, reg healer scan, or Spybot S&D. I was directed to the sight for Hijack This, and CWShredder by some of you techies on this site, and I really appreciate that. Here is the current status:
First I noticed my browser did not want to go to Merijin's website. I did a Google search and found the old site. I have CWShredder 1.53.1. When I click on "update", the status window says

Current version: CWShredder v1.53.1
Connecting...
Fetching CWShredder update information from merijn.org...

and it sits there... like it can't get the update.

This is my HT log:

Logfile of HijackThis v1.97.7
Scan saved at 1:28:32 PM, on 3/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HHVcdV5Sys\VC5SecS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ACD Systems\mPower Tools\1.0\mPowerTools.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\LoadSettings.exe
C:\Program Files\Common Files\ACD Systems\IDBSvr.exe
C:\Program Files\HHVcdV5Sys\VC5Play.exe
D:\Program Files\D-Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Virtual CD v5\System\VC5Tray.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Microsoft Office\Templates\1033\Webs\storefront50.tem\sfcksale.exe
C:\Program Files\Pyrenean\eDexter\eDexter.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\ACD Systems\ImageFox\ImageFox.exe
C:\Documents and Settings\John\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8268
O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 kazaagold.com
O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 easymusicdownload.com
O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 monstershare.com
O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 kazaa-plus.net
O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 ikazaa.net
O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 music-download-world.com
O1 - Hosts: 216.239.53.99 song-download-world.com
O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 O1 - Hosts: 216.239.53.99 mp3-network.com
O1 - Hosts: 216.239.53.99 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\ycomp5_1_4_0.dll
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\ycomp5_1_4_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [ACD mPower Tools] C:\Program Files\ACD Systems\mPower Tools\1.0\mPowerTools.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LoadUserSettings] C:\WINDOWS\System32\LoadSettings.exe
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [VC5Player] C:\Program Files\HHVcdV5Sys\VC5Play.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DivX Updater] C:\WINDOWS\System32\DivX.Exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: checksale.lnk = C:\Program Files\Microsoft Office\Templates\1033\Webs\storefront50.tem\sfcksale.exe
O4 - Startup: eDexter.lnk = C:\Program Files\Pyrenean\eDexter\eDexter.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Startup: ImageFox.lnk = C:\Program Files\ACD Systems\ImageFox\ImageFox.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Open Selected URL - C:\Windows\openselectedurl.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - O16 - DPF: {4FCFF034-6F56-4D65-8C31-70D98C475428} (ddm_download.ddm_control) - O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - c:\program files\yahoo!\installs\ymmapi.dll
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) -
I don't see anything here. Do you? Maybe something I am unfamiliar with (this would not be hard to do)

I am running XP Professional, and I have regularly used Ad-Aware and Spybot S&D. This problem is rleatively recent.

Thanks again, if you can help at all. I stupidly set Spybot to scan on startup, so it is not available to be right now. I can't even uninstall it, as the startup scan gets so far, and the computer just dies.

John
 
Sort by date Sort by votes
Merijn's site is frequently under attack and very often, noone can get through. That's likely why your CWS is not updating. You can get a current version here, however:

I'm going to look over your log, but in the meantime, you need to purge your HOSTS file. It's eaten up. Just do a FIND for the file, then delete the entries found within.
Be sure to disable system restore before starting clean-up efforts:

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
Couple more points...
1) My comp does seem to have slowed down to a degree, though mainly since I started trying to figure this thing out.
2) The Merijin site just stays a blank white screen. The address bar is not redirected.

I just have the gut feeling this is coolsearch bug, but maybe it's a new variant???
 
Upvote 0 Downvote
You should also get rid of these entries:

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe


"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
Not sure, but wonder about these too,

O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
The two o6 lines
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - O16 - DPF: {4FCFF034-6F56-4D65-8C31-70D98C475428} (ddm_download.ddm_control) - O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) -
 
Upvote 0 Downvote
jwyatt63,

Have you tried to download from the alternate site I posted?
They indicate a current install of CWShredder available. As I said, Merijn's site has been hit and miss for a few months now.

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
also LoadSettings.exe doesnt get any google hits
so would this one be a problem?
O4 - HKLM\..\Run: [LoadUserSettings] C:\WINDOWS\System32\LoadSettings.exe
 
Upvote 0 Downvote
Don't know how to reply to you carrr, except here.
A funny thing happened when I dl'ed the file. I put it on my desktop, where I have the other version of CWShredder. When I opened it, a window popped up that said something like
"CWShredder has encountered an instance of Cool trying to change a registry entry. Do you want to...I don't know..." It continued,
CWShredder will have a series of random characters in the title bar. This will not affect CWShredder in any way. Do you want to run CWShredder? Yes - No"
And CW Shredder did have random characters in the title bar.
Now it says it is the other version, and it says "CWShredder - Coolwebsearch trojan remover" in the title bar.
I don't think there is any question now what the culprit is.
 
Upvote 0 Downvote
did you try to run the smartkiller utility in the link I gave you in your other thread?
 
Upvote 0 Downvote
Ah.
I think you're on it.

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
Hi diogenes10, I did, but it did not find anything.
 
Upvote 0 Downvote
Well, this is turning into a head scratcher.
From things Id read, I really thought that would fix your problem.
What I might try next would be to delete the copies of cwshredder on the system now, download a fresh copy of it, and then try booting up to safe mode and running it and see if that would make any difference.

I understand that hijack this has an option to list startup processes-maybe running that list and posting it would give someone an additional idea.

There may be some files that need to be deleted, but Im not sure how to figure them out.
One possibility might be the myway folder in program files relating to the entry carrr asked you to remove above.
Since I couldnt get any google hits, im still concerned about that load settings issue above. If it was my system-grasping at straws, I would consider trying renaming it and seeing if I got any improvement.


 
Upvote 0 Downvote
No, I did get that entry diogenes10. I think it had to do with Spybot, because when I tried to start it again, it did not go into a startup scan, so that was good. But when I tried to do a system scan, it shut down again (the system just suddenly shuts off, no warning). I am about to try the link above for the older version of CWShredder again, saving to a new location. I'll let you know how it turns out.
Say, can anybody direct me to a class action lawsuit against Cool :)
 
Upvote 0 Downvote
1) Still unclear from your posts, have you tried to run any of this stuff in safe mode?

2) googled on 0seenus. If this entry is still in hijack this report, think it needs to go.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
3) virus scan, this is not something ive tried so I dont know how it works, but ive seen reference to fprot having a dos based virus scan thats free. If it will work with xp, to get a virus scan you could try downloading program and definition files and running that from dos prompt.

4) startup process list. hijack this, lower right is a config button, in next screen a misc task button, next screen has a process list. While scanning other hijack this threads, I saw this asked for once when the advisor could not solve some particularly sticky problem. You probably should look at both this list and a new hijack this log just to see if you see anything, if you want to post them maybe someone else would have an idea.

5)Under the heading of really grasping for straws:
Here is a list from merijn of variants:

One does not show in hijack this.

Variant 18: CWS.Xplugin - 'Helping' you search the web
Approx date first sighted: November 11, 2003
Log reference: Not visible in HijackThis log!
Symptoms: Some links in Google results redirecting to umaxsearch.com or coolwebsearch.com every now and then
Cleverness: 10/10
Manual removal difficulty: Involves some Registry editing
Identifying lines in HijackThis log:

Not visible in HijackThis log!


This variant is the first one that is not visible in a HijackThis log. It works invisible, changing links from Google search results to other pages. It took a while to find out how this variant works, since it doesn't use any of the standard locations.
A file xplugin.dll is installed, which creates a new protocol filter for text/html. In normal english, this means it reads most of the web pages downloaded to your browser. It also randomly alters some links in Google search results to pages on umaxsearch.com and coolwebsearch.com. It claims to be made by something called TMKSoft.
It is unknown if deleting the file has no side-effects, but using CWShredder or running regsvr32 /u c:\windows\system32\xplugin.dll (may vary depending on Windows version) fixes

You could try a search for that file on your system just to see if it might be the culprit.
 
Upvote 0 Downvote
Thank you diogenes10. It's taking a little longer than I like, I have a rambunctious 4 year old ready for lunch. I am searching for xplugin.dll now.
 
Upvote 0 Downvote
Hope you are watching this thread, I really appreciate all the help. And now:

The Plot Thickens

I DL'ed F-Prot DOS as suggested, but when run from command prompt it skips C drive entirely. So I used my copy of Hiren's Boot Disk to access a DOS prompt on system boot. I found my new copy of F-Prot and scanned. And guess what my system did? That's right, it shut down. I'm certain this is a CWS variant, but obviously it runs in DOS, or is it possible it has gotten to CMOS? I am close to giving up and reformatting the entire system. Sure hate to have to go find all the disks I'll need to reinstall all my stuff, as well as lose my home movies, and photos, etc... It would take a week to get all that on disks. But I'm tired of playing with this, and I'm way behind on my data entry. Why hasn't anybody started a class action against those lousy CWS SOBs?
Thanks for all the help guys, I can't tell you how much I appreciate you taking the time to try to help me. I'll try once to contact the authors of this before I take any drastic action.
 
Upvote 0 Downvote
You've gotten over my head. I dont know enough to offer further help-Im sorry.

As far as your system is concerned if you need to reformat, you could first look at getting xp compatible version of Symantec/Norton ghost and burning a cd image of your system as it stands now. That would give you the ability to restore it and extract files at a later date when you have more time-or you could also look at adding a second, relatively inexpensive harddrive and back up data to that first.
 
Upvote 0 Downvote
check out carrr's thread about one more for the toolbox.
Maybe the bazooka software would find something for you.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
239
2ffat
2ffat
iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
292
Oorde
Oorde
Shimmy613
  • Locked
  • Question
Avira Free: "Your computer is not secure! A Service is not working correctly"
Replies
14
Views
496
ChrisHirst
ChrisHirst
Henry Pence
  • Locked
  • Question
Is Norton Antivirus Necessary?
Replies
2
Views
216
Henry Pence
Henry Pence
2ffat
  • Locked
  • News
Police: Do as we say and not as we do! 1
Replies
4
Views
130
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top