Please analyze my logs, possibly infected

Status
Not open for further replies.
click on the clock and go to change date and time settings. make sure you are in the correct time zone. I also recommend you install a firewall such as Zone Alarm or Comodo, both are free for home use


Update your Java Runtime Environment
  • Click the following link
    Java Runtime Environment 6 Update 6
  • The 5th option down is the one you want (click Download)
  • Check the box to agree to terms of service
  • Check the box for your operating system and click 'Download selected'at the bottom
  • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
  • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_06 folder

-------------------------------------------------------------

Fix with Hijackthis
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

AskSBar

Please note any other programs that you don't recognize in that list in your next response.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\AskSBar

After that, Reboot, and post a new HijackThis log here in a reply
 
We need to backup your registry:

Please go to Start > Run
Paste in the following line:
  • regedit /e c:\registrybackup.reg
Click OK.

It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.


Making a .reg file
Open notepad and copy and paste the text in the quotebox below in it:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

Name the file as Fix.reg

Change the "Save As" type to "All Files" and save it on the desktop.

It should look like this:
reggif.jpg


Double-click on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
 
Thank you for the reply. I'm sorry it took me so long to respond.

I did as you said in your first reply but when I booted into safe mode, my Internet would NOT work, so I just rebooted and did it that way.

Here is my "updated" HijackThis Logfile: View attachment 33365


The plugin puzzle piece is still appearing in the top of Mozilla Firefox. I'm thinking it has something to do with the item that appears at 013 in the attached HijackThis logfile. I'm just guessing because the 013 item has "plug in" in its name.

I'll do that registry thing as soon as I'm done typing this reply. Again, thanks for the help :)

EDIT: Do I have to keep the registry file on my desktop? Can I delete it or move it to another folder?
 
The Plug In puzzle piece means you need to install or reinstall Adobe Flash and Adobe Shockwave.

Get the registry file off the desktop
You have AVG and Avast antivirus. Get rid of one of the two.
AVG Antispyware is no longer protecting you. Get rid of it and buy Spyware Doctor or Spy Sweeper.
Upgrade Adobe 5.0 to Adobe 8.1.2
Keep Adaware, but upgrade to Adaware 2.008.
 
Those are all good except I don't see AVG anti-virus only Antispyware. But you are right it should be removed - I would recommend MBAM or Superantispyware as a free replacement.

Once the registry file has been merged you can delete it.
 
I don't think I have AVG Antivirus....Maybe you can check again, raybay.

Are free anti-malicious software (anti-virus, anti-spyware, etc.) programs acceptable? Do these free anti-malicious software programs protect me? If so, where's the incentive to purchase anti-malicious software programs?

What's wrong with AVG Antispyware? Is it outdated?

I installed SUPERAntiSpyware and uninstalled AVG Antispyware. I installed Adobe Flash Player but could not find Adobe Shockwave for Firefox. The puzzle piece is still showing. What should I do?

In case you need it, here's an updated HijackThis log: View attachment 33468
 
In firefox
Go to tools - add-ons - extensions -> find updates -> install the missing updates

And yes you don't get updates for AVG 7.5 anymore - it is now AVG 8.0 - they bundled everything together now. I feel that you are better off with Avast! and Superantispyware

------------------------------

Looking through log now.

Update your Java Runtime Environment
  • Click the following link
    Java Runtime Environment 6 Update 6
  • The 5th option down is the one you want (click Download)
  • Check the box to agree to terms of service
  • Check the box for your operating system and click 'Download selected'at the bottom
  • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
  • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_06 folder


Did you install MarketBrowser yourself?
 
I have no Firefox add-ons, except for Talkback, which sends reports to Mozilla whenever Firefox crashes. Firefox said there was no available update for Talkback.

The puzzle piece is still showing.

I installed the Java update and deleted the older update. How do I get to "C:\programfiles\Java"?

Thanks for the help.

EDIT: I did not install Market Browser. I went ahead and uninstalled it.
 
in firefox go to tools -> addons -> updates tab and see if there is anything listed.

Also can you attach a fresh hijackthis log, since completing previous instructions
 
Here's the updated HijackThis logfile: View attachment 33625

The puzzle piece in Mozilla Firefox is gone now, after I right-clicked and had Firefox not show the Ask toolbar. Apparently the puzzle piece was showing me that a piece of Ask was missing. After reading my HijackThis logfile, please let me know if any parts of the Ask toolbar are remaining.

Thanks for the help and time, it's much appreciated.
 
Your log is clean, but for a 2nd opinion lets do an online scan and delete temp files. If all looks ok after we can clean up and secure your system

Download and Run ATF Cleaner
Download ATF Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox or Opera:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

----------------------------------------------------------------

Run Kaspersky Online AV Scanner

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer"
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Attach the report into your next reply
 
Status
Not open for further replies.
Back