Tech Support Forum - View Single Post - Multiple pop-ups on multiple user system

tetonbob · 01-14-2006, 10:42 PM

Well, I was afraid of that...the SpySweeper scan is worthless if it won't let you clean anything. It doesn't even give file names or registry locations any more. *sigh* That one's out of my arsenal...it's a great tool if you don't mind paying, though.

Make sure hidden files are still visible.

Delete these files/folders:

C:\WINDOWS\SYSTEM32\msclock32.dll
C:\WINDOWS\pcconfig.dat
C:\PROGRAM FILES\dialers
C:\Documents and Settings\Mommy\Application Data\Starware
C:\Documents and Settings\Mommy\cookies\mommy@2o7[1].txt
C:\Documents and Settings\Mommy\cookies\mommy@ads.pointroll[1].txt
C:\Documents and Settings\Mommy\cookies\mommy@ask[1].txt
C:\Documents and Settings\Mommy\cookies\mommy@centrport[1].txt
C:\Documents and Settings\Mommy\cookies\mommy@com[2].txt
C:\Documents and Settings\Mommy\cookies\mommy@questionmarket[1].txt
C:\Documents and Settings\Mommy\cookies\mommy@tribalfusion[1].txt
C:\Documents and Settings\Mommy\Cookies\mommy@2o7[1].txt
C:\Documents and Settings\Mommy\Cookies\mommy@ads.pointroll[1].txt
C:\Documents and Settings\Mommy\Cookies\mommy@ask[1].txt
C:\Documents and Settings\Mommy\Cookies\mommy@centrport[1].txt
C:\Documents and Settings\Mommy\Cookies\mommy@com[2].txt
C:\Documents and Settings\Mommy\Cookies\mommy@questionmarket[1].txt
C:\Documents and Settings\Mommy\Cookies\mommy@tribalfusion[1].txt
C:\WINDOWS\SYSTEM32\grwinsthlp.exe

If they resist deletion, boot to safe mode and delete from there.

Download and install CCleaner..http://www.ccleaner.com/ccdownload.asp

1. Open the program and the "Cleaner" button should be active.
2. Click on "Run Cleaner"
3. Once thats done it will clean out the TEMP folder.
4. Now click on "Issues" and then "Scan for Issues"
5. Once it's done checkmark ALL it finds and click "Fix Selected Issues"
6. It will ask you if you want to back up the registry entrys it's removing so please do so. If it removes anything important..just locate the .reg file you saved...double click on it to add the entrys back.

From normal mode, run this online scan, and have it scan your full system:

http://housecall65.trendmicro.com/

There should be an autoclean function on this one. This should not be the same one I had you use earlier.

We're essentially chasing remnants. Your HJT log is clean. How many other user accounts are there on this system?

01-14-2006, 10:42 PM	#22 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,532 OS: 2000 Pro; XP Pro; XP Home	Well, I was afraid of that...the SpySweeper scan is worthless if it won't let you clean anything. It doesn't even give file names or registry locations any more. sigh That one's out of my arsenal...it's a great tool if you don't mind paying, though. Make sure hidden files are still visible. Delete these files/folders: C:\WINDOWS\SYSTEM32\msclock32.dll C:\WINDOWS\pcconfig.dat C:\PROGRAM FILES\dialers C:\Documents and Settings\Mommy\Application Data\Starware C:\Documents and Settings\Mommy\cookies\mommy@2o7[1].txt C:\Documents and Settings\Mommy\cookies\mommy@ads.pointroll[1].txt C:\Documents and Settings\Mommy\cookies\mommy@ask[1].txt C:\Documents and Settings\Mommy\cookies\mommy@centrport[1].txt C:\Documents and Settings\Mommy\cookies\mommy@com[2].txt C:\Documents and Settings\Mommy\cookies\mommy@questionmarket[1].txt C:\Documents and Settings\Mommy\cookies\mommy@tribalfusion[1].txt C:\Documents and Settings\Mommy\Cookies\mommy@2o7[1].txt C:\Documents and Settings\Mommy\Cookies\mommy@ads.pointroll[1].txt C:\Documents and Settings\Mommy\Cookies\mommy@ask[1].txt C:\Documents and Settings\Mommy\Cookies\mommy@centrport[1].txt C:\Documents and Settings\Mommy\Cookies\mommy@com[2].txt C:\Documents and Settings\Mommy\Cookies\mommy@questionmarket[1].txt C:\Documents and Settings\Mommy\Cookies\mommy@tribalfusion[1].txt C:\WINDOWS\SYSTEM32\grwinsthlp.exe If they resist deletion, boot to safe mode and delete from there. Download and install CCleaner..http://www.ccleaner.com/ccdownload.asp 1. Open the program and the "Cleaner" button should be active. 2. Click on "Run Cleaner" 3. Once thats done it will clean out the TEMP folder. 4. Now click on "Issues" and then "Scan for Issues" 5. Once it's done checkmark ALL it finds and click "Fix Selected Issues" 6. It will ask you if you want to back up the registry entrys it's removing so please do so. If it removes anything important..just locate the .reg file you saved...double click on it to add the entrys back. From normal mode, run this online scan, and have it scan your full system: http://housecall65.trendmicro.com/ There should be an autoclean function on this one. This should not be the same one I had you use earlier. We're essentially chasing remnants. Your HJT log is clean. How many other user accounts are there on this system? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009