Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91733 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Safe To Remove?


  • Please log in to reply
2 replies to this topic

#1 frustratingfiles

frustratingfiles

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 07 January 2005 - 05:36 PM

I'm having problems on my daughter's laptop and on my PC (different problems). I run AVG, Spybot, Ad-Aware, and CWShredder. Unfortunately, even though these are identifying malignant items they don't seem to be removing all of them - even though they say they do. Then, just today, Microsoft released their Beta 1 version of Antispyware. I downloaded it and ran it. It found quite a few items and eliminated them, but a number were still there when I re-ran it immediately. They were even there after the fourth run. Then Spybot found more, then Ad-Aware found one extra. What I'm wondering is, since these programs tell me exactly which registry key has the infection, yet doesn't get rid of it, can I go in and SAFELY delete those keys myself? Messing with the registry scares me, but I'm at my wit's end. Thanks for any advice

    Advertisements

Register to Remove


#2 Nick

Nick

    Retired Staff

  • Authentic Member
  • PipPipPip
  • 332 posts

Posted 09 January 2005 - 01:37 AM

Need more info about what exact registry entries are getting flagged and by which program. Also what version of Windows are you using. Probably best to follow the instructions here as you may have something that is adding the bad files back.

Also note that the Microsoft Antispyware is a beta program and still has some bugs to work out, so I wouldn't rely too heavily on it right now.
Posted Image

#3 frustratingfiles

frustratingfiles

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 12 January 2005 - 03:18 PM

Okay, here's the HJT log. As it says, I'm using XP home, and I use AVG, Spybot, CWShredder, and Ad-Aware. I am also running the Microsoft Beta 1 Anti-Spyware. It is helping, but can cure my sick computer. The about:blank browser hijacker is a real problem. Help would be greatly appreciated.

Logfile of HijackThis v1.98.1
Scan saved at 4:12:37 PM, on 1/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Sony\giga pocket\GPVSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\sdkyj32.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\WScript.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Programs\Online Service\MS Antispyware\gcasServ.exe
D:\Programs\PhatNoise Music Manager\PNAgent.exe
C:\WINDOWS\ieif32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\m?iexec.exe
C:\Program Files\sony\giga pocket\usbsircs.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
D:\Programs\Online Service\MS Antispyware\gcasDtServ.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
D:\Programs\Online Service\MS Antispyware\GIANTAntiSpywareMain.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programs\Online Service\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\oaizb.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\oaizb.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\oaizb.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\oaizb.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\oaizb.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\oaizb.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {A0F0E2D2-FBEE-BE6A-FC88-3650DC964D83} - C:\WINDOWS\system32\sdkuk32.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Programs\Online Service\MS Antispyware\gcasServ.exe"
O4 - HKLM\..\Run: [PNAgent] "D:\Programs\PhatNoise Music Manager\PNAgent.exe"
O4 - HKLM\..\Run: [ieif32.exe] C:\WINDOWS\ieif32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Kkj] C:\WINDOWS\system32\m?iexec.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.static.topconverting.com

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users