[Dragon]

make a backup of your registry first so you can repair it if necessary.

Then go ahead and let me know how it works

[Advertisements]

I deleted them.
Booted into Safe Mode.
HJT sees them anyway and cannot clean them out.

Stubbirn huh?

[Portnoy]

I deleted them.
Booted into Safe Mode.
HJT sees them anyway and cannot clean them out.

Stubbirn huh?

[Dragon]

well without the registry keys, and actual files to cause problems, I am willing to call this log clean. They are just cluttering up your log but causing no problems for you.

if we find a definitive answer on what is causing these BHO to stay I will notify you ASAP. in the mean time

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use) Click Here.

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
https://netfiles.uiu...rce.htm#IESPYAD

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

And also see
So how did I get infected in the first place?

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox .
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats.

Edited by Efwis, 26 February 2005 - 08:08 PM.

[Portnoy]

OK!

Thanks for all your help. That was truly a Marathon.
I get paid next week .
I think this service is good for a $20.

Sheesh, after this day, maybe I should become a helper.

Portnoy

[Dragon]

if you are seriously interested in helping us fight this war, then please email an admin and explain to them that you are wanting to join GeekU, that is our training class, we will teach you how to recognize all sorts of Malware and how to clean other users systems with our tools of the trade

Edited by Efwis, 26 February 2005 - 08:11 PM.

[Dragon]

hi again Portnoy,
it looks like we may have a fix for you

Download: Registrar Lite (freeware)
http;//www.respendence.com/reglite

* Run HijackThis and produce a log.
* Start Registrar Lite
* Locate the each of the "(no file)" entries from the HijackThis log.
* Copy and paste the CLSID into the top address bar in Registrar Lite.
* Click the Go button (upper right)
* Once located, right-click and select: Properties
* Click Permissions, Click the Advanced button


Place a checkmark next to the following:

"Inherit from parent the permission entries that apply to child objects..."

Click OK, Click Ok, Delete the key

Repeat for each of the returning entries ...

Let us know how you do