Same problem: HSA tried it all

Hi,
i have the same problem like everybody else here, so i read through all the posts, learned all about HijackThis and have just completed full_When all else fails - try Generic Solution to HSA (Only the Best) hijack_ procedure. one problem: i couldn't find my xxxxx.dll files anywhere in the path displayed (windows or system32). anyway, after first reboot everything looked fine, and then Home Search came back.and all R1 and R0 are back (no 04s tho)too. HSA and SW are still in my add/remove programs, and can't remove them.

what should i try next?
tnx
t_

 

Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Before I found tutorial, I already run HT for the first time.I had several R1 & R0s, and even more 04 when i ran HT for the first time.I identified them and fix them with HT. Couldn't find any of them in their path. I also indetified 02 BHO, but couldn't find it.Then I started agian with tutorial, second HT had one bad 02 HBO again, several R1 & RO which i deleted in notepad, via 'run notepad' but couldn't find it to turn it into read only. All 04 were "good ones" except for one C:\WINDOWS\system32\winxg.exe that keeps coming back and again can't find it.
Question: step 13 b, c, d, says search registry, and then 13 e, f, search computer: how do i search registry?
ok, i did't run ccCleaner and about:Buster at the end, only Adaware full scan and HT again before connecting back.
I am going to redo the whole thing one more time. Can i send you logs?
tnx
tea

 

Hi,
before i start again, jsut want to thank you very much for your help, this is really driving me crazy. so i ran the whole tutorial once again with all pre-steps done.
so steps 1,2,3,4 all ok.
step 5 first problem: deleted and saved blank *.dll in notepad, but can't find it and change it into read only.
step 6: Network Security Service is not running
step 7: found 1 BHO (yellow in log attachment)
step 8: found 1 04 (yellow in log attachment)
step 9: ran HT (log saved), fixed 7&8
step 10: now in safe mode, can't find and delete dll and exe from 7&8
step 11: found exe from step 8 in Windows/Prefech and deleted
step 12: ran HT (log saved), fixed all R0 & R1
step 13: A:done, BCD: didn't know how, EF:nothing found, G:done, H:not found, IJK:done, LM: nothing found
step 14: done
step 15:nothing found today, but yesterday when did tutorial 1st time, have removed HSA,SE and SW foledres
step: 16: done
step 17: done (log saved)
step 18: first reboot everything was ok, with good home page etc, but then after second rebood, HSA is back.

Also, i noticed that winxg.exe runs in my processes in the task bar, and every time after i end the proces it comes back.
I have logs for step 9,12 and 17 saved if you'd need to have a look.
I am attaching a current log which is again full of crap! I highlited in yellow the stuff that i consider my 'bad' things as i go through tutorial.
tnx again
tea

 

I also had the same problem. I deleted everything in the notepad file and saved it. When I did a search for the file, nothing was found. Although I knew it was there. I went back to folder options to make sure I had checked show hidden file and uncheck the box mentioned. Right below was a box that said "Hide Protected Operating System Files (Recommended)". I unchecked that. Then I could find the file to mark it read only. I hope this helps.

 

I had the same problem as the poster. I couldn't find the file after I deleted the contents to mark it as read only. The generic instructions said this which is what I did.

2) Make sure you have enabled viewing of Hidden Files and Folders with
Windows Explorer. While doing this, also verify that you do NOT have a check on the option to Hide extensions for known file types.

I enabled viewing of hidden files and folders.
I also removed the check from Hide Extension for known file types as the instructions state.

Underneath both of those was a third one. "Hide Protected Operatin System Files (Recommended).

I had to uncheck that as well in order to find the folder to mark it as read only. Otherwise my folder search came up with no files found. I think this is what is happening with the poster. There is actually three things you need to check in folder options. It worked for me. I was able to get rid of it then. Thanks for your great instructions. They saved me and my sanity.

 

I read the instructions you had. I thought they were great, but at first I missed that step and went back to fix it. I didn't realize at the beginning it was a link with instructions for each operating system. I know the information was there. I was trying to say that I believe the original poster did not uncheck that one extra box which is why he could not find the file to mark it read only. I thought that is where he is probably going wrong. He also didn't click the link you provided. He just read what the link said. I was only sharing my own experience in hopes that the original poster would read it and solve his problem. I have never seen such complete instructions like you had. You saved the day. Sorry to post any misunderstanding. In fact, you guys have sold me on this being the best site for advice. I want to send a donation. You guys are great and very thorough.

 

Like a charm. Like I said the instructions saved the day. I had tried an easier solution posted here and it didn't work. However, that post said if you had the newest version of it, go to this thread. Which lead me to your thread. I must admit when I first read your instructions I struggled. I read them several times before I completely understood what I needed to do. I did have trouble at first determining some of the files that were related on the HiJack this report. When HiJack this analyzed it, I was able to determine the correct files. I printed your instructions as well as their report. It took some time, but the mission was a success. What I really wanted to know was what I should I have on my computer to prevent this from happening again. I have a mirage of software and am trying to shuffle which is the best protection. I take it that ad-aware from lavasoft is different then ad-aware 6.0. I want to have the right tools and one that is enabled to detect these things while I am on the web or especially when my teenagers are there. They are the ones that clicked on this 'HSA' in the first place. What do you recommend?

Ad-aware by lavasoft.
Spybot Search and Destroy

Should I ad Spyware Blaster to the list as well.

I have Norton Antivirus as well.

I trust your advice. Your advice is beyond reproach. Thanks so much for helping me. My computer works like a champ now.

 

Re: Same problem: HSA tried it all--> happy end

Ok, so i left computer alone for couple of days, went through b'day party, and now older and wiser read again the whole thing. and yes, i didn't unchecked "hide protected operating system files", which was the reason i couldn't find anything. plus, HT would only show 'flavor of the day' dlls and exes, and actually my windows/system32 folder were loaded with exe files that were sitting there since i first got HSA. after i have cleaned them all (now that i am super expert in recognizing them), ran the tutorial one more time, and here i am, all clean and happy writing you this thank you note.
so thank you very much for your help and time,
tea

 

he he right...never again.....but hey, i am going to keep this url in my bookmarks !!!
tnx
tea