Tech Support Forum - View Single Post - Multiple pop-ups on multiple user system

tetonbob · 01-19-2006, 12:29 PM

Out of curiousity, are you running Ewido in safe mode? If not, next user account, do so. Ewido should be able to remove the websearch toolbar. SpySweeper is getting it though.

It appears as though this HJT log was taken from safe mode due to the lack of running processes. I'm not too concerned, as this looks like we've cleaned it fairly well, but be sure all HJT logs are taken from normal mode, please.

Fix these with HJT:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing

I don't think Kaspersky will find anything.....as we've banged on this system pretty well, and it's scan is global in nature (all acounts). However, let's run it on this account. If this one is clean, we can move more rapidly on your last 2 accounts (I think that's what's left, right?)

Post a new HJT log for manny, and any Kaspersky results.

01-19-2006, 12:29 PM	#42 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,524 OS: 2000 Pro; XP Pro; XP Home	Out of curiousity, are you running Ewido in safe mode? If not, next user account, do so. Ewido should be able to remove the websearch toolbar. SpySweeper is getting it though. It appears as though this HJT log was taken from safe mode due to the lack of running processes. I'm not too concerned, as this looks like we've cleaned it fairly well, but be sure all HJT logs are taken from normal mode, please. Fix these with HJT: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R3 - Default URLSearchHook is missing I don't think Kaspersky will find anything.....as we've banged on this system pretty well, and it's scan is global in nature (all acounts). However, let's run it on this account. If this one is clean, we can move more rapidly on your last 2 accounts (I think that's what's left, right?) Post a new HJT log for manny, and any Kaspersky results. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009 Last edited by tetonbob; 01-19-2006 at 12:31 PM.