2 replies to this topic

[frustratingfiles]

I'm having problems on my daughter's laptop and on my PC (different problems). I run AVG, Spybot, Ad-Aware, and CWShredder. Unfortunately, even though these are identifying malignant items they don't seem to be removing all of them - even though they say they do. Then, just today, Microsoft released their Beta 1 version of Antispyware. I downloaded it and ran it. It found quite a few items and eliminated them, but a number were still there when I re-ran it immediately. They were even there after the fourth run. Then Spybot found more, then Ad-Aware found one extra. What I'm wondering is, since these programs tell me exactly which registry key has the infection, yet doesn't get rid of it, can I go in and SAFELY delete those keys myself? Messing with the registry scares me, but I'm at my wit's end. Thanks for any advice

[Nick]

Need more info about what exact registry entries are getting flagged and by which program. Also what version of Windows are you using. Probably best to follow the instructions here as you may have something that is adding the bad files back.

Also note that the Microsoft Antispyware is a beta program and still has some bugs to work out, so I wouldn't rely too heavily on it right now.

[frustratingfiles]

Okay, here's the HJT log. As it says, I'm using XP home, and I use AVG, Spybot, CWShredder, and Ad-Aware. I am also running the Microsoft Beta 1 Anti-Spyware. It is helping, but can cure my sick computer. The about:blank browser hijacker is a real problem. Help would be greatly appreciated.

Logfile of HijackThis v1.98.1
Scan saved at 4:12:37 PM, on 1/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Sony\giga pocket\GPVSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\sdkyj32.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\WScript.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Programs\Online Service\MS Antispyware\gcasServ.exe
D:\Programs\PhatNoise Music Manager\PNAgent.exe
C:\WINDOWS\ieif32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\m?iexec.exe
C:\Program Files\sony\giga pocket\usbsircs.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
D:\Programs\Online Service\MS Antispyware\gcasDtServ.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
D:\Programs\Online Service\MS Antispyware\GIANTAntiSpywareMain.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programs\Online Service\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\oaizb.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\oaizb.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\oaizb.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\oaizb.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\oaizb.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\oaizb.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {A0F0E2D2-FBEE-BE6A-FC88-3650DC964D83} - C:\WINDOWS\system32\sdkuk32.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Programs\Online Service\MS Antispyware\gcasServ.exe"
O4 - HKLM\..\Run: [PNAgent] "D:\Programs\PhatNoise Music Manager\PNAgent.exe"
O4 - HKLM\..\Run: [ieif32.exe] C:\WINDOWS\ieif32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Kkj] C:\WINDOWS\system32\m?iexec.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.static.topconverting.com