TechSpot

Please analyze my logs, possibly infected

By mretzloff
Jun 10, 2008
  1. Here are my logs:

    View attachment 33228
    View attachment 33229


    My computer keeps changing the clock to an hour back. Also at the top of Mozilla Forefox, I get this little plug-in puzzle piece at the top.

    If anymore logs are needed, let me know.
     
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    click on the clock and go to change date and time settings. make sure you are in the correct time zone. I also recommend you install a firewall such as Zone Alarm or Comodo, both are free for home use


    Update your Java Runtime Environment
    • Click the following link
      Java Runtime Environment 6 Update 6
    • The 5th option down is the one you want (click Download)
    • Check the box to agree to terms of service
    • Check the box for your operating system and click 'Download selected'at the bottom
    • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
    • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_06 folder

    -------------------------------------------------------------

    Fix with Hijackthis
    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

    AskSBar

    Please note any other programs that you don't recognize in that list in your next response.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

    C:\Program Files\AskSBar

    After that, Reboot, and post a new HijackThis log here in a reply
     
  3. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    We need to backup your registry:

    Please go to Start > Run
    Paste in the following line:
    • regedit /e c:\registrybackup.reg
    Click OK.

    It won't appear to be doing anything, that's normal.
    Your mouse pointer may turn to an hour glass for a minute.
    Please continue when it no longer has the hour glass.


    Making a .reg file
    Open notepad and copy and paste the text in the quotebox below in it:

    Name the file as Fix.reg

    Change the "Save As" type to "All Files" and save it on the desktop.

    It should look like this: [​IMG]

    Double-click on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
     
  4. mretzloff

    mretzloff TS Rookie Topic Starter Posts: 116

    Thank you for the reply. I'm sorry it took me so long to respond.

    I did as you said in your first reply but when I booted into safe mode, my Internet would NOT work, so I just rebooted and did it that way.

    Here is my "updated" HijackThis Logfile: View attachment 33365


    The plugin puzzle piece is still appearing in the top of Mozilla Firefox. I'm thinking it has something to do with the item that appears at 013 in the attached HijackThis logfile. I'm just guessing because the 013 item has "plug in" in its name.

    I'll do that registry thing as soon as I'm done typing this reply. Again, thanks for the help :)

    EDIT: Do I have to keep the registry file on my desktop? Can I delete it or move it to another folder?
     
  5. raybay

    raybay TS Evangelist Posts: 7,241   +9

    The Plug In puzzle piece means you need to install or reinstall Adobe Flash and Adobe Shockwave.

    Get the registry file off the desktop
    You have AVG and Avast antivirus. Get rid of one of the two.
    AVG Antispyware is no longer protecting you. Get rid of it and buy Spyware Doctor or Spy Sweeper.
    Upgrade Adobe 5.0 to Adobe 8.1.2
    Keep Adaware, but upgrade to Adaware 2.008.
     
  6. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Those are all good except I don't see AVG anti-virus only Antispyware. But you are right it should be removed - I would recommend MBAM or Superantispyware as a free replacement.

    Once the registry file has been merged you can delete it.
     
  7. mretzloff

    mretzloff TS Rookie Topic Starter Posts: 116

    I don't think I have AVG Antivirus....Maybe you can check again, raybay.

    Are free anti-malicious software (anti-virus, anti-spyware, etc.) programs acceptable? Do these free anti-malicious software programs protect me? If so, where's the incentive to purchase anti-malicious software programs?

    What's wrong with AVG Antispyware? Is it outdated?

    I installed SUPERAntiSpyware and uninstalled AVG Antispyware. I installed Adobe Flash Player but could not find Adobe Shockwave for Firefox. The puzzle piece is still showing. What should I do?

    In case you need it, here's an updated HijackThis log: View attachment 33468
     
  8. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    In firefox
    Go to tools - add-ons - extensions -> find updates -> install the missing updates

    And yes you don't get updates for AVG 7.5 anymore - it is now AVG 8.0 - they bundled everything together now. I feel that you are better off with Avast! and Superantispyware

    ------------------------------

    Looking through log now.

    Update your Java Runtime Environment
    • Click the following link
      Java Runtime Environment 6 Update 6
    • The 5th option down is the one you want (click Download)
    • Check the box to agree to terms of service
    • Check the box for your operating system and click 'Download selected'at the bottom
    • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
    • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_06 folder


    Did you install MarketBrowser yourself?
     
  9. mretzloff

    mretzloff TS Rookie Topic Starter Posts: 116

    I have no Firefox add-ons, except for Talkback, which sends reports to Mozilla whenever Firefox crashes. Firefox said there was no available update for Talkback.

    The puzzle piece is still showing.

    I installed the Java update and deleted the older update. How do I get to "C:\programfiles\Java"?

    Thanks for the help.

    EDIT: I did not install Market Browser. I went ahead and uninstalled it.
     
  10. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    in firefox go to tools -> addons -> updates tab and see if there is anything listed.

    Also can you attach a fresh hijackthis log, since completing previous instructions
     
  11. mretzloff

    mretzloff TS Rookie Topic Starter Posts: 116

    Here's the updated HijackThis logfile: View attachment 33625

    The puzzle piece in Mozilla Firefox is gone now, after I right-clicked and had Firefox not show the Ask toolbar. Apparently the puzzle piece was showing me that a piece of Ask was missing. After reading my HijackThis logfile, please let me know if any parts of the Ask toolbar are remaining.

    Thanks for the help and time, it's much appreciated.
     
  12. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Your log is clean, but for a 2nd opinion lets do an online scan and delete temp files. If all looks ok after we can clean up and secure your system

    Download and Run ATF Cleaner
    Download ATF Cleaner by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it.

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox or Opera:
    Click Firefox or Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.

    ----------------------------------------------------------------

    Run Kaspersky Online AV Scanner

    Order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...