Un-deletable spyware

Hello, ive run through the spyware removal threat to the letter, and I still get the same spyware everytime I scan, I dont know what else to do. All the scanners I ran were up to date as well.

Logfile of HijackThis v1.99.0
Scan saved at 1:15:53 AM, on 1/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Hi Diener,

Please print out these instructions so that you can operate with All Browser Windows CLOSED.
Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.


Now scan with HijackThis and Check the Boxes for the following:

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - (no file)
O2 - BHO: (no name) - {99244E6D-85F8-DF07-D93D-FC4DF1A17392} - C:\WINDOWS\system32\xjhs.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following if it should remain:

C:\WINDOWS\system32\xjhs.dll

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows and Scan with HijackThis and attach that log.
Let me know of any problems you may have encountered with the above instructions and how your computer is running now. I will try to check back when time permits.

Best luck
PP

 

I did as you instructed and no change, my computer still detects the same spyware and adware.

Logfile of HijackThis v1.99.0
Scan saved at 4:45:48 AM, on 1/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

What malware is being detected? Are you having any symptoms?
Your HJT log shows no real problems. You could fix these with HJT if you so desire:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O2 - BHO: (no name) - {99244E6D-85F8-DF07-D93D-FC4DF1A17392} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

I would not be surprised if your Anti-spyware tools were triggering on an orphaned registry entry.

Please attach further logs using the "Manage Attachments" tool when you post.

PP

 

here is a log of the malware that wont leave. As hell as the HJT log after I fixed those 3 things.

 

Hi Diener,

As I suspected, Ad-Aware is triggering on a couple orphaned registry entries. The corresponding files have long been removed.

Ad-Aware:
HKEY_LOCAL_MACHINE:software\microsoft\windows\currentversion\explorer\browser helper objects\{00000ef1-0786-4633-87c6-1aa7a44296da}\
HKEY_LOCAL_MACHINE:software\microsoft\windows\currentversion\explorer\browser helper objects\{6a6e50dc-bfa8-4b40-ab1b-159e03e829fd}\

HijackThis:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - (no file)
O2 - BHO: (no name) - {99244E6D-85F8-DF07-D93D-FC4DF1A17392} - (no file)

I suggest you temporarily deactivate SpyBot's Tea Timer so that it doesn't interfere with the fix and then boot into Safe Mode and fix the above entries with HijackThis.

Also, I do wonder if you are somehow picking up new adware/BHOs and they are being cleaned by your scans and leaving these remnants since they did not show before.

Best
PP

 

So I dont really have any spyware, adware? Spybots tea timer is just kinda.... leaving the ghosts of past adware behind?.... wonderful..

 

I did not say that! All I said was that Tea Timer might interfere with the fix I was asking you to perform. The remnants were likely left by one of the spyware cleaning programs.

Your machine should be OK.

PP