CWS.Msconfd Help

I have gone through all the process and have identified the source (I think) of my unwanted desk top tool bar. CWShredder locks up to a blue screen when trying to remove. Please help.

Thanks,

 

Welcome to MajorGeeks.com, please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

 

OK, have gone through everything again. The only ones that found anything were Panda Scan (which I have the log for) and CWShredder. I also have the log for HJT. Let me know where you want me to go from here.

Thanks

 

Please attach the log from Panda and a HijackThis log.

 

Here they are. Thanks again for helping.

 

You have HijackThis installed incorrectly; install HijackThis to C:\HJT.

Are you using a proxy server and is tandk.com your domain?

 

TandK is my work server. I can log onto it using VPN or I can serve the web with out going through TandK. I installed HJT onto C drive and ran an new scan. Attached is the results.

Thanks,

 

Unzip HijackThis in to C:\HJT do not run it from the zip file.

Downloading, Installing, and Running HijackThis

Using Add or Remove Programs in the Control Panel; Uninstall UnSpyPC.

Scan with HijackThis, after it has been installed correctly, and fix the following:

Reboot to Safe Mode.

Open Windwows Explorer Navigate to and delete the following:

Reboot to Normal Mode.

Post a Fresh HijackThis log.

 

Went to my Control panel, Add and Remove programs and did not see a UnSpyPC anywhere. Should I still proceed with HiJack this and fix the line or am I missing something.

 

Yes continue with the HijackThis fix.

 

Could not find C:\Program Files\UnSpyPC
Could not find C:\WINNT\SYSTEM32\IDEMLOG.EXE

All others deleted. Here is the newest HJT log.

Thanks,

 

Please follow the directions for Running Spy Sweeper.

Run CCleaner before doing the below.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

Ran Spy Sweeper (log attached)

Ran CCleaner

Ran WinPFind (Log attached)

Thanks,

 

Spy Sweeper didn't quarantine anything. If you have something protecting the registry from being witten to, turn it off and run Spy Sweeper again.

 

Ran SpySweeper again (new log attached)
Ran CCleaner again
Ran WinPFind again (new log attached)

Thanks,

 

Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts

Disable Spy Sweeper and follow the directions for Running Hoster to reset the Hosts file to the default MS hosts.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun
1 install.exe
2 install.msi
3 setup.exe
4 setup.msi
1 install.exe
2 install.msi
3 setup.exe
4 setup.msi

Did you do this intentionally, if not copy the contents of the below quote box into notepad and save as FixReg.reg to your desktop.

Double-click FixReg.reg on your Desktop and answer Yes when asked if you want to merge with the registry.

Reboot.

How is your system running?

 

You ROCK! Will there be any problems if I unistall some of the Spyware programs I installed during this process?

JRC

 

Yes, you can uninstall some of the programs I had you install/use.

You should read How to Protect yourself from malware!.