Removal of Valid BHO's

Hey,
I have these two BHO's that after a search I found out were from "Get it Right" and IE Privacy Keeper" and when I run hijack this they show up like this:
O2 - BHO: (no name) - {1201333E-BAD9-481C-BCF5-6904498CF85B} - (no file)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)

I select fix it and they are removed till I reboot then their back.

How can I get rid of them for good?

I tried removing the program then reinstalling them and selecting the options that they won't setup their add on's BHO's but they are still there.

Can I delete them from the registry?

Thanks
Rockit

 

Hi

Youve probaly some protection thats putting them back perhaps ?

Post a whole log, so our forum members can get a look

 

Well after trying deleting them from the registry their still there but now there's four of them?

Any Help is Greatly Appreciated !
Rockit


Logfile of HijackThis v1.98.2
Scan saved at 9:35:26 AM, on 10/21/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\WINDOWS\Explorer.EXE
C:\Internet\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FSI\F-Prot\F-Sched.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Internet\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Internet\Misc\HijackThis.exe

O2 - BHO: (no name) - {1201333E-BAD9-481C-BCF5-6904498CF85B} - (no file)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O4 - HKLM\..\Run: [SpybotSD TeaTimer] C:\Internet\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [Spyware Gaurd] C:\Internet\SpywareGuard\sgmain.exe

 

For Getright, open Getright configuration and click on advanced in the left pane. In the right pane, uncheck the line that says "include Getright items in Internet Explorer right click context menus ". In the left pane, under general>starting, you'll see a couple of options that are related to starting Getright when either Windows or IE starts. More than likely at least one of them is enabled and whenever Getright starts, it puts the entries back. Hopefully, unchecking the line I mentioned will fix it. If you don't want Getright to run all the time you can uncheck the startup ones too. If you use the links toolbar and you want an easy way to start Getright, you can put a shortcut in it to getright.exe and use it to start the program whenever you need it.

I'm not familiar with IE Privacy Keeper so I can't help with that. You might take a look in the options of the program to see if there's anything in there that will allow you to remove them.

 

I tried that and also removed for testing purposes IE Privacy Keeper and Spyware Gaurd and heres what I got after rebooting.

Logfile of HijackThis v1.98.2
Scan saved at 11:25:10 AM, on 10/21/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\WINDOWS\Explorer.EXE
C:\Internet\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Internet\Misc\HijackThis.exe


O2 - BHO: (no name) - {1201333E-BAD9-481C-BCF5-6904498CF85B} - (no file)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O4 - HKLM\..\Run: [SpybotSD TeaTimer] C:\Internet\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE

And here's what I get after cleaning it (and it's what I want) but after rebooting all the **** comes back

Logfile of HijackThis v1.98.2
Scan saved at 11:26:08 AM, on 10/21/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\WINDOWS\Explorer.EXE
C:\Internet\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Internet\Misc\HijackThis.exe

O4 - HKLM\..\Run: [SpybotSD TeaTimer] C:\Internet\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE

 

Hi

Its tea timer.Turn it off not just from the tray

Open SpyBot,on the toolbar menu select mode and swicth to advanced mode,
>tools > resident uncheck tea timer, close spybot, if its still in the tray area
rightclick exit resident

Run hijackthis abd fix these items. open this folder
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes

delete RegKeyWhite.sbe and black
it might be easyer to use the batch file
Clear_resident_excludes.bat
http://forums.net-integration.net/index.php?act=Attach&type=post&id=97159

Turn tea timer back on