CWS help

I have followed all the steps and found very few problems. Was still running slow so I ran the free scan from Spysweeper. It found cws_tiny0, coolsavings, shopathome select
and several other files. Is there a way to fix this myself or must I buy a subscription from them? I have had no luck at finding these files myself but I am not very adept at searching. Please advise. I can attach a hijack this log if needed. It is possible that I didn't recognize something that should have been removed. Thanks, Icemaiden
Also, why did only Spysweeper find these problems?

 

Spy Sweeper will only fix problems if you purchase it, a bad choice from Webroot IMO.

If you have followed the READ ME attach a current HJT log.

 

Hi, While I was waiting for a reply tried harder to find the files. Found several that went clear back to March and deleted those. Then in the registry I found one of the subsets of the CWS_tiny0 and deleted it. The other one didn't seem to be there. Then I went to prefetch and emtied it, disable system restore and rebooted. I haven't run a new scan with SpySweeper to see if it is going to reappear. Here is my HJ log. thank you for answering so quickly.

 

It doesnt appear you have completed the READ ME. I see no signs of the online scans being ran.

Please go back and run the online scans in the READ ME, attach those logs with a fresh HJT log.

 

I have run the scans. I have attached their reports and also hijack this logs from safe mode and regular mode. Thank you for your patience. Someday I will learn to read. Bitdefender did not find anything.
Icemaiden

 

Please see the below thread on how to install and run Ewido Security Suite.

Running Ewido Security Suite ...

 

I have run the Ewido scan and attached the report but it says it didn't find anything. I have attached a new HJThis log. Where should I go from here?Ice Maiden

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Ewido

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

After you complete the above, reboot and procede with the below...

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

I ran ccleaner, ad-aware (found nothing) spybot(found nothing) and I ran WinPFind. Here are the scans. Thanks

 

Logs look good, attach a fresh HJT log to confirm your clean.

Are you having any further problems?

 

I'm sorry but I am confused. What about the items that Spy Sweeper found initially? (my 1st request?) i.e. cws_tiny0, coolsavings, shopathome select? I thought I removed one of the subsets of cws_tiny0 but I couldn't find the 2nd one to remove it. I have attached a new HJT log. Should I run Spwsweeper again and see if it still finds them?

 

Update-I ran SpySweeper again and cws_tiny0 was gone now. The Sweeper found subtraces from CoolSavings and Target Saver.? I have located these entries in the registry with regedit. Should I go ahead and remove them? How much of a threat are they? and is there anything to protect against them in the future other than the standard protections that you have already listed? One more question. You have never mentioned the 3 entries that Panda Scan found or how to remove them. Please see report scan attached in previous thread. Thanks for all of your help. icemaiden

 

Do you have the trial version of SS or a retail copy? If you have a retail copy have SS fix them, if you have the trial attach the log or let me know exactly what it's detecting.

 

I have the trial ware. I couldn't find a way to copy the log but it is detecting Coolsavings and Target Saver. I think they are all registry entries. Example: HKCR\clsid\11bd904...
I can copy it by hand and attach it to you if I need to.
Thanks, Icemaiden

 

Yes, If you can get the exact detection we can do a manual removal.