My HijackThis Log please review

[jman87]

I have alrdy ran antimarlware, superantispyware and avira virus scan before using hijackthis

I notice my internet wireless connection being slower then usual so I downloaded all the programs above and detected quite a bit of trojans, virus's, and malware.

I just want to make sure my PC is clean and heres my hijackthis log

 

[jman87]

can anyone please help me out?

 

[Boulayman]

Funnily enough, I posted a similar thread within minutes of yours, hopefully we'll both get some feedback

 

[rf6647]

Be careful of what you ask for! .... TS is all-volunteer. The heavy-hitters @ the Security & Web forum work through these posts - eventually. Extraneous posts such as this one adds to the "reply" count. This may slow the reponses from the experts.

HJT analysis links @ Castlecops do not have all the answers. Here is my take...

[URL="http://www.castlecops.com/modules.php?name=StartupList&query=strtas"]http://www.castlecops.com/modules.php?name=StartupList&query=strtas[/URL]
l071.exe may be a remnant from malware removal
Check for files/folders

O4 - HKLM\..\RunServices: [strtas] l071.exe

[URL="http://www.benedelman.org/spyware/ask-toolbars/"]http://www.benedelman.org/spyware/ask-toolbars/[/URL]
"IAC/ASK Toolbars" :  Issues with business practices.

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

Suspicious - No info available
You can get bye without these?

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\aqnln.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,lmupyqg.exe,

O18 - Filter hijack: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll

Checkmark any or all of these.

 

[jman87]

Thx for reviewing

here is my new log

 

[SpiritWind]

Hi :

I see some Norton antivirus "Items" in your log; not a good idea. Apparently you
did NOT use the "Norton Removal Tool", available at several Sites .
I see what appears to be part of AVG 8 ( "Worm Radar - IE SiteBlocker " ) which
most likely should be uninstalled and "replaced" by getting "Finjan" .
And IF you are going to use AIM, I recommend you periodically visit
http://jayloden.com/aimfix.htm and run the FREE program there .
You have a very outdated Adobe Reader, a serious security risk. I recommend you
uninstall it and get the FREE "Foxit Reader" .
You have some "Ask Toolbar" and its "companions" which some "Expert" should
advise you on HOW to completely remove it from your computer ( unless you want
to do a Google "Search" !? ) .

 

[rf6647]

o18 entry - excerpt from bleepingcomputer
[URL="http://www.bleepingcomputer.com/tutorials/tutorial42.html#O18Diag"]http://www.bleepingcomputer.com/tutorials/tutorial42.html#O18Diag[/URL]

It is important to note that fixing these entries does not seem to delete 
either the Registry entry or the file associated with it. You should 
have the user reboot into safe mode and manually delete the 
offending file.

Consult the tutorial for 'regedits'.  
Or just leave the residue (HJT will still report it)

O18 - Filter hijack: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll

Use control panel > add/remove programs
If ASK displeases you.  The prompts/diaglogs from ASK are meant to confuse.

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

I guess I should have read more of the tutorial. I did not realize that manual effort beyond checkmarking was required for the o18 entry.

Using 'add/remove' for ASK [o2 bho] may be a case of faulty recall on my part. The software is legitimate. There are users and organizations who complain about business practices and the effects on user rights.

 

[jman87]

"I see what appears to be part of AVG 8 ( "Worm Radar - IE SiteBlocker " ) which
most likely should be uninstalled"

how do i uninstall this?

 

[jman87]

Third Log

I have completed all of the tasks above except for the worm radar uninstallation which i do not know how to remove(dont see it in add rmove programs)

Heres my thrid log

 

[SpiritWind]

Hi :

Since "Worm Radar,etc" is not in your "Add or Remove Programs", you mostly
likely have remnant(s) which are Best "removed" by doing a Windows "Search" of
your computer, using the search "terms" "Worm Radar" and later "IE SiteBlocker"
and "Delete" all Entries found .
While you are at it, do a Windows "Search" of "weatherbug" as well and Delete
that .