I've got a stumper here. Cleaned a box. MS Spyware showed IBIS and Dyfuca signatures. OK no problem. When the scan got to checking for BHO in the registry I get a low virtual memory error. The program hangs. I've tried a manual removal of the BHO key's and no luck. A error deleting value message comes up. Ran MS in safe mode and it finally zapped the IBIS and Dyfuca problem but only after I removed viewpoint manager. Ran regeditin safemode as well and no luck on BHO key's.
AARRGGGHHH!!!!! Said Charlie Brown

Thanks for any help. Been a while since I've posted.
Russell

Never heard of that, Post a log, lets take a look........Jim

I can't. I sent the box home yesterday. The BHO problem was not screwing with internet. Told client to keep me posted if anything popped up. Hah-Hah! I don't think I was first man in the hole though. A family member might have fooled with it.
My logs were clean. Checked with a couple of tools to make sure. Redundancy can and does help remove oversite. I'm glad you asked for them but.......
I guess my question is what could cause the registry to not be able to delete a key? I did delete other key's and values during the same session. And what would cause the virtual memory hangup while running MS spyware tool? Yeah I changed all associated values with virtual memory or I could say I increased it to max!!! The machine would slow down then hang. Taskmanager showed 100% use of processor and memory, even in safemode with nothing running.
Oh well one for the books. Mysteries!
Russell

Oh I'm sorry I forgot. BHO's were no file associated in HJT. And set HJT to run a scan only. Oops my bad.
Russell

Ive had logs the last few weeks where the log appears clean but they are still expieriencing problems. I think its some type of Virus. Have you tried AdAware with the VX2 Cleaner addon?

http://www.lavasoftusa.com/

click the addon link.

Ive been doing a little research on this problem and from what I've been reading its a VX2 infection. I'm not sure if yours is the same problem but it could be...........Jim

I'll keep my eye's open. I hate to ask the client to return if everything is going OK. I'll wait a few days and ask. Let the box go back into pattern usage.
Nothing like primary to revisit sites that caused the problem!!
Gunshy only lasts for a short time.
If I see another box similar I'll let you know. Most junk peel's right off by using the trifecta. AD, S/D, MS followed by HJT then a good ole virus scan. Trendmicro or Panda online scanners do it for me.
You guy's are still cutting edge.
Russell

Yea let me know if you hear of a fix for this. Its frustrating when the log is clean but still having problems. If I cant see it online, I cant help these people..........Jim :eww