TechSpot

My HijackThis Log please review

By jman87
Sep 12, 2008
  1. i have alrdy ran antimarlware, superantispyware and avira virus scan before using hijackthis

    i notice my internet wireless connection being slower then usual so i downloaded all the programs above and detected quite a bit of trojans, virus's, and malware.

    I just want to make sure my PC is clean and heres my hijackthis log
     

    Attached Files:

  2. jman87

    jman87 TS Rookie Topic Starter

    can anyone please help me out?
     
  3. Boulayman

    Boulayman TS Rookie

    Funnily enough, I posted a similar thread within minutes of yours, hopefully we'll both get some feedback :)
     
  4. rf6647

    rf6647 TS Maniac Posts: 829

    Be careful of what you ask for! .... TS is all-volunteer. The heavy-hitters @ the Security & Web forum work through these posts - eventually. Extraneous posts such as this one adds to the "reply" count. This may slow the reponses from the experts.

    HJT analysis links @ Castlecops do not have all the answers. Here is my take...

    Code:
    [URL="http://www.castlecops.com/modules.php?name=StartupList&query=strtas"]http://www.castlecops.com/modules.php?name=StartupList&query=strtas[/URL]
    l071.exe may be a remnant from malware removal
    Check for files/folders
    O4 - HKLM\..\RunServices: [strtas] l071.exe

    Code:
    [URL="http://www.benedelman.org/spyware/ask-toolbars/"]http://www.benedelman.org/spyware/ask-toolbars/[/URL]
    "IAC/ASK Toolbars" :  Issues with business practices.
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

    Code:
    Suspicious - No info available
    You can get bye without these?
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\aqnln.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,lmupyqg.exe,

    O18 - Filter hijack: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll

    Code:
    Checkmark any or all of these.
     
  5. jman87

    jman87 TS Rookie Topic Starter

    Thx for reviewing

    here is my new log
     
  6. SpiritWind

    SpiritWind TS Rookie Posts: 164

    Hi :

    I see some Norton antivirus "Items" in your log; not a good idea. Apparently you
    did NOT use the "Norton Removal Tool", available at several Sites .
    I see what appears to be part of AVG 8 ( "Worm Radar - IE SiteBlocker " ) which
    most likely should be uninstalled and "replaced" by getting "Finjan" .
    And IF you are going to use AIM, I recommend you periodically visit
    http://jayloden.com/aimfix.htm and run the FREE program there .
    You have a very outdated Adobe Reader, a serious security risk. I recommend you
    uninstall it and get the FREE "Foxit Reader" .
    You have some "Ask Toolbar" and its "companions" which some "Expert" should
    advise you on HOW to completely remove it from your computer ( unless you want
    to do a Google "Search" !? ) .
     
  7. rf6647

    rf6647 TS Maniac Posts: 829

    Code:
    o18 entry - excerpt from bleepingcomputer
    [URL="http://www.bleepingcomputer.com/tutorials/tutorial42.html#O18Diag"]http://www.bleepingcomputer.com/tutorials/tutorial42.html#O18Diag[/URL]
    
    It is important to note that fixing these entries does not seem to delete 
    either the Registry entry or the file associated with it. You should 
    have the user reboot into safe mode and manually delete the 
    offending file.
    
    Consult the tutorial for 'regedits'.  
    Or just leave the residue (HJT will still report it)
    
    O18 - Filter hijack: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll

    Code:
    Use control panel > add/remove programs
    If ASK displeases you.  The prompts/diaglogs from ASK are meant to confuse.
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

    I guess I should have read more of the tutorial. I did not realize that manual effort beyond checkmarking was required for the o18 entry.

    Using 'add/remove' for ASK [o2 bho] may be a case of faulty recall on my part. The software is legitimate. There are users and organizations who complain about business practices and the effects on user rights.
     
  8. jman87

    jman87 TS Rookie Topic Starter

    "I see what appears to be part of AVG 8 ( "Worm Radar - IE SiteBlocker " ) which
    most likely should be uninstalled"

    how do i uninstall this?
     
  9. jman87

    jman87 TS Rookie Topic Starter

    Third Log

    I have completed all of the tasks above except for the worm radar uninstallation which i do not know how to remove(dont see it in add rmove programs)

    Heres my thrid log
     
  10. SpiritWind

    SpiritWind TS Rookie Posts: 164

    Hi :

    Since "Worm Radar,etc" is not in your "Add or Remove Programs", you mostly
    likely have remnant(s) which are Best "removed" by doing a Windows "Search" of
    your computer, using the search "terms" "Worm Radar" and later "IE SiteBlocker"
    and "Delete" all Entries found .
    While you are at it, do a Windows "Search" of "weatherbug" as well and Delete
    that .
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...