Aha!
2nd Safe Mode Scan showed clean! [so did 3rd, 4th..]
While I was in safe mode I also Blocked unkown ActiveX's.
blocked Spybot and Spysweeper - Startup
Programmes,blocked Google and Spybot BHO's, returned all
IE Settings to Default and Saved as default, tried
blocking &Google Toolbar, it didn't block but
another 'unknown' toolbar "Internet Explorer Toolbar
&..." suddenly appeared below it, shown as blocked.
Also, interestingly, I blocked only two ActiveX's but an
extra one appeared on the list as blocked.
Reboot to normal mode, no pop-ups and a good clean scan.
Am I happy!
Unblocked Google BHO, rebooted ,rescanned - no problems;
Unblocked Spybot Startup, rebooted, Alert! Adware Bundler
trying to install ActiveX. Scan again shows Flashget and
FunWeb..AxtiveX's restored.
Well, this is narrowing things down a bit!
Tried blocking Spybot BHO, normal mode, but MS
AS 'allowed' it 'becuase of my previous preferences'.
Returned to Safe Mode:
Everything still blocked exactly as I left it and good
clean scan.
Tried blocking Getright BHO in there but MS AS Alowed it
as well.
Spysweeper Startup still blocked because it hinders MS AS
restoring IE Settings.
BHO [53707962-6F74-2D53-2644-206D7942484F} still
blocked 'cause I don't know what it is, or does, yet.
FYI:
MS AS instructions read "To un-block this... navigate to
Security Agents> Application Agents> View Blocked Events.
The correct path is navigate to APPLICATION AGENT> View
Blocked Events.
Actually, from the page that shows those instructions,
it's click Tools> Real-time Protection> Application
Agent> View Blocked Events.
Notwithstanding my less than ideal capacity fo following
directions:
I often find Microsofts own instructions a little
misleading, or just plain wrong!
E.G...To start in safe mode "when Select OS screen
appears press F8 and select option, press Enter.."
The 'Select OS screen' does not appear when I run only
one OS on this machine. I have to keep pressing F8 as
soon as anything appears on the screen until startup
options appears.
Select OS screen does appear when starting in Safe Mode,
but that is useless, at that point, with only one OS to
select.
My Beef, but I hope some of this helps.
It's now 2:37am, I'll get back to youse another time.
TTFN.
-----Original Message-----
Nah--they aren't dead--not if you are getting prompts from Microsoft
Antispyware that they are trying to reinstall.
Check that you are on current definitions--current are 5683, as shown in
Help, about.
I recommend restarting in safe mode and re-scanning with Microsoft
Antispyware until a scan comes through clean.
Be sure to do full scans, rather than the Intelligent quickscan.
More than 30 MS AS scans, some in Safe Mode, numerous
Hijackthis scans/ fix selected, using BHODemon to remove
offending BHO's and using RegEdit to delete known problems
And still.. flashget and funwebproducts adware shows up
on every scan with MS AS, Hijackthis scans show the same
<5 items reappearing.
BHODemon showed a flashget item lurking in GoogleBHO, so
I disabled GoogleBHO, and SpybotBHO for good measure
[alhough Spybot already switched off]; then ran a couple
more MS AS scans.. Still no fix!
I am assured that these 'adware' items are actually dead
and doing no harm to my system.
What I can't understand is:
Why do they keep coming back?
Including a MS AS Alert at every startup saying
PopularScreensavers [FunWebProducts] Adware Bundler is
trying to install!
Also I am experiencing more and more problems with
programmes (Not Responding).. maybe I'm running too much
antispyware.. ?
Colin
.