Ceres Keeps Coming Back! Search Engine Keeps Changing!

Everything went fine, however after rebooting, the line

O4 - HKLM\..\Run: [ihlclvr] c:\windows\system32\sofhaqs.exe

had changed to a new file name. I fixed the new line, as well as the one ending in wupdt.exe. I then ran HJT again to get the new log. As you will find in the posted log, now we have the following line.

O4 - HKLM\..\Run: [txkykb] c:\windows\system32\tjufdg.exe

As you can see, it keeps changing once it's deleted, even if I keep the computer on, which I will right now.

 

Wow, I think pulling the power cord actually worked.....here's my newest HJT log. When I turned the computer back on, I ran HJT and nail.exe was back, but not that other returning file name. I ran ABIremover, and then got another new scan/log from HJT. Looks good so far from my eyes. I'm going to reboot the proper way now and run HJT one more time to see if anything changed. I'll post the log in a new post.

By the way, I have not yet downloaded Finditnt2000xp because I may no longer have a problem. Let me know, thanks!

 

Okay, I rebooted properly and my log still appears to be clean. See attached and let me know. Thanks!!!!!!!!!

 

It's been 4 days and I'm still malware free! I now have Microsoft AntiSpyware up and running and kept SpySweeper uninstalled. Thanks again!!

 

BTW, I'm being asked if I want to block Browser Helper Object kb290333.dll ({FB153DCE-822E-47ec-8D00-2706E7864B37}) c:\windows\kb290333.dll from being added to Internet Explorer.

Should I?

 

Browser Helper Object: BHO kb290333.dll {FB153DCE-822E-47ec-8D00-2706E7864B37}

Disabled date: 6/1/2005 4:56:03 PM

Details: Browser Helper Object deactivated

Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB153DCE-822E-47ec-8D00-2706E7864B37} decativated on 6/1/2005 4:56:03 PM