Another about:blank hijacker (eecd/dll)

Running Windows XP Home Edition and IE 6.0.

Got a bug and/or bugs infecting my system.

Used SpHifix to restore Spywareblaster.

Ran updated scans with Adaware, Spybot, Aluria's Spyware Eliminator, Norton Anti-Virus 2004, Panda On-line virus scan, Trojan Hunter and Browser Hijack Blaster.

Below is my Hijack This log:

Sorry, was unable to successfully show it. Would appreciate someone telling me how to properly copy and paste it. Thanks in advance.

 

Hey Jerbear,

I have moved your thread to this Forum where the experts will analyze your HighJackThis log. If you follow Step 2 of the below link....you'll see how best to post your HighJack This log.

This link---> https://www.wilderssecurity.com/showthread.php?t=15913

 

I know how to copy and paste a link, etc.. but don't know how to copy and paste this text document. Everything I try does not work.

I right click on the text document and then click copy and then come here and do ctrl v but it does not show anything.

 

When you started the scan you pressed the Scan button. When the scan was finished that button should have changed to Save log ? When you then press the Save log button it asks where ? After you choose the location and save the highjackthis.log file it should then open in Notepad ? If it does open in Notepad....you should then be able to right click an area of that log file and Select All....then right click the Select All items and select copy. Then copy\paste that info into a post.

If the above instructions were not succesful....you can upload the log file as an attachment into a post and we'll paste the log info into this thread.

 

My Notepad is not working. It says: Program not found and then says: Type in the executable file to be used instead. Which I don't know what file to type in. I guess Notepad is corrupted also, because it always worked in the past.

I would upload the file and send as an attachment like you mentioned, but don't know how to do that. You are dealing with a 71 yr. old computer iliterate.

BTW, the eecd.dll file is shown in the list and everything else appears to be OK, but I will not delete or change anything until I can manage to get my log file on this forum.

Please bear with me. Thank you.

 

Patience of Job

When the scan was finished were you able to save the file to a temporary location ?

If so....when you respond to a post in the Reply to Thread area....there is a section below that named Additional Options. In that area is a Manage Attachments button that when you click on will bring up another box where you can browse to the location to where you saved the HJT log file and upload it as an attachment.

 

Here it goes.

 

Thanks Jerbear,

Those experts that voluntarily of their time assist with these logs will be along as soon as possible to review your log.

_____________________________________________________________

Jerbears HJT log

Logfile of HijackThis v1.97.7
Scan saved at 5:07:06 PM, on 6/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Jerome Cobus\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\JEROME~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\JEROME~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://My Yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\JEROME~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\JEROME~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\JEROME~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://My Yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\JEROME~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {F3C24510-A037-4D0C-B10D-B525FF54980E} - C:\WINDOWS\System32\eecd.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [POINTER] c:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone (HKLM)
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone (HKLM)
O9 - Extra button: Offline (HKLM)
O9 - Extra button: Support (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O14 - IERESET.INF: START_PAGE_URL=http://My Yahoo.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://My Yahoo.com
O15 - Trusted Zone: http://.*.windowsupdate.com
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.3.20/videoblackjack/videoblackjack-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Dice Derby by pogo.com - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet/videopoker2/doubledeuce-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://solitaire45.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo.com - http://solitaire45.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.4.18/superbingo/superbingo-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo.com - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pogo.com/applet-5.8.3.20/drawpoker/drawpoker-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo.com - http://hspoker01.pogo.com/applet/drawpoker/drawpoker-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke03.pogo.com/applet/videopoker2/jokerswild-ob-assets.cab
O16 - DPF: Jungle Gin by pogo.com - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8.3.20/mahjong/mahjong-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet/freecell/freecell-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.8.5.21/waterwheel/waterwheel-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8.3.20/flinger/flinger-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks02.pogo.com/applet/piratesgold/piratesgold-ob-assets.cab
O16 - DPF: Pop Fu by pogo.com - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://temp91.pogo.com/applet/slots/scifi-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
O16 - DPF: Squelchies by pogo.com - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://temp35.pogo.com/applet/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.8.3.20/holdem/holdem-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://simball01.pogo.com/applet/simball/simball-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.8.2.19/jumbee/jumbee-ob-assets.cab
O16 - DPF: Tumble Bees by pogo.com - http://jumbee.pogo.com/applet/jumbee/jumbee-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker01.pogo.com/applet/videopoker2/videopoker-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.8.3.26/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: Word Whomp by pogo.com - http://whomp.pogo.com/applet/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.8.3.20/whackdown/whackdown-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo.com - http://whackdown.pogo.com/applet/whackdown/whackdown-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-5.8.1.28/worldclass/worldclass-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/boot_strap/iegils.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1083756551671
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/cnn/resources/cult3d/cult.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {53406295-12AB-4F49-824A-C5EAD19365DE} - http://www.compaq.com/athome/support/PCHInstallTrust01.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/272d1be81590972a1817/netzip/RdxIE6.cab
O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} - http://www.pcpitstop.com/pcpitstop/diskhealth.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2003012801/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0) -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37874.5618287037
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security1.norton.com/us/sa/common/common/bin/cabsa.cab
O16 - DPF: {C78AC153-1FB9-4198-986D-3613E49B152E} - http://download.microsoft.com/download/win2000platform/Utility/MPSA415/NT45XP/EN-US/mssecuredll.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D47B9AB4-83C1-4534-ABDC-ACBFFE8F2B86} - http://www.callwave.com/include/cab/CWDL_DownLoad.cab
O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} - http://www29.compaq.com/falco/SysQuery.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12AF6D7A-522A-4B31-8DE5-629E75264FDE}: NameServer = 207.250.248.10 207.250.248.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{12AF6D7A-522A-4B31-8DE5-629E75264FDE}: NameServer = 207.250.248.10 207.250.248.9

 

Hi Jerbear,

Download and install APM from: http://www.diamondcs.com.au/index.php?page=apm

Before you start, please move hijackthis to a separate folder. The program will make backups in the folder in the folder it's in.
These will now end up on your desktop.

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\JEROME~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\JEROME~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\JEROME~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\JEROME~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\JEROME~1\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\JEROME~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {F3C24510-A037-4D0C-B10D-B525FF54980E} - C:\WINDOWS\System32\eecd.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/272d1be81590972a1817/netzip/RdxIE6.cab

Then start APM.
In the upper window select explorer.exe
In the lower window find and rightclick the BHO from the HijackThis log
Select Unload DLL and click OK on the prompts that follow.

Reboot and scan with AdAware to remove the txt and html protocol association.

Regards,

Pieter

 

I really appreciate your response and assistance. I hope that I can correctly do what you indicate. In any event, I will post back and let the forum know of my results.

Again, thank you. You guys are great.

 

Downloaded and installed APM. Checked all the items in HijackThis log that you indicated.

Opened APM and selected explorer. exe, but the BHO from the Hijack log was not there.

Then I realized that the backups from Hijack were not on my desktop. The reason being, I guess, is that I do not understand what you mean by "move Hijackthis to a separate folder."

So, I am in limbo until I hear from you. Bear with me. Thanks.

 

Does this help?
http://home.planet.nl/~kleyn080/hijackthisexplanation.html

Post a new log when you are done.

Regards,

Pieter

 

It is a shame that I came this far but now am lost. I almost always used a download manager and saved everything I downloaded to my Desktop. When I use the IE file download I don't know how to open Windows Explorer.

If the first part of the instructions were not in German, perhaps I could manage better. But I think that I have a lot of things screwed-up on my computer. I am going to have to go to help and find out what Windows Explorer is and how to make it appear.

I will keep trying and keep you posted. Hope you don't lose interest.

 

OK, I got it downloaded as a separate file listed C: Drive.

Since I haven't done much surfing since running the log before, would it be OK to use the current log rather than posting a new log?

 

Guess that I will have to give up. After doing above no backups appeared on my desktop before or after opening Hijackthis.

Should I just fix the pertinent files that Hijack shows and skip the APM process (because I cannot make it show the BHO from Hijack) or what.

Need your advice before I procede. I know you are busy and may have other priorities, but I will wait several days if necessary for your response.

 

Hi Jerbear,

Post a new HijackThis log and I'll give you new instructions.

Regards,

Pieter

 

I ran Hijackthis at least 3 times and it deleted some of the entries but not all of them. The backups do appear in the Hijack folder but not on my desktop like you stated. When I use APM and click on explorer .exe the Hijack BHO does not appear (although I do not know exactly what to look for).

I am posting a new Hijack log attachment.

 

This is the one to look for:

C:\WINDOWS\System32\eecd.dll

Keep us posted,

Pieter

 

That file did not appear in the modules window of APM. I did a search for eecd.dll and it came up and I deleted it. (Previously it would not delete)

Ran another Hijack scan and all the previous entries were gone. A new one named 02-BHO (no name) - - - - - - - - - - - - - - - - -eecd.dll (file missing) was there. (I left the numbers out of above entry)

I assume that I can safely "fix" or delete this.

I had taken several steps this morning to get my home page and search back and so far it has been OK. I have WinPatrol and Browser Hijack Blaster and so far they have been negative for infection of eecd.dll. Hope that I am finally clean.

Just let me know if I can delete the above BHO in Hijack Blaster.

Again, thanks for your outstanding help and guidance.

 

Hi Jerbear,

(file missing) entries can always be deleted. They are indicating orphaned entries in the registry as you already suspected.
Pointing at a file that has been deleted.

Regards,

Pieter

 

Thanks, you are the greatest!