Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91681 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

preowned laptop


  • Please log in to reply
5 replies to this topic

#1 kazw

kazw

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 14 October 2009 - 05:26 PM

please help......i want it like it was brand new i dont want any of the programs on here or this spyware except foxfire...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:42 PM, on 9/22/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\Program Files\SystemErrorFixer\SysRep.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...h...TB&M=ML3109
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TB&M=ML3109
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TB&M=ML3109
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TB&M=ML3109
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...TB&M=ML3109
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Gamevance Text - {7370F91F-6994-4595-9949-601FA2261C8D} - C:\Program Files\Gamevance\gvtl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SBI] C:\Users\bby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWK4Z69S\setup_sbd_en[1].exe
O4 - HKLM\..\Run: [SystemErrorFixer] C:\Program Files\SystemErrorFixer\SysRep.exe
O4 - HKLM\..\Run: [strpmon] "C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe" dm=http://systemerrorfixer.com ad=http://systemerrorfixer.com sd=http://inspaid.systemerrorfixer.com
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKCU\..\Run: [LSA Shellu] C:\Users\bby\lsass.exe
O4 - HKCU\..\Run: [e84c69b7] rundll32.exe "C:\Users\bby\AppData\Local\Temp\fxtkupfu.dll",b
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\bby\AppData\Local\Temp\jkKbXRjI.dll,c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {7D5DD829-6C90-42C5-B54C-2AFA82F988BA} (CLoader Object) - http://www.antivirus...irusremover.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8153 bytes

Edited by kazw, 14 October 2009 - 05:27 PM.

    Advertisements

Register to Remove


#2 8210GUY

8210GUY

    SuperMember

  • Visiting Tech
  • PipPipPipPipPip
  • 2,284 posts
  • Interests:Hoping to die.

Posted 15 October 2009 - 06:31 AM

I don't normally get involved with infection threads, I leave that to the pro's, but in this instance I suggest I can save the pro's valuable time, and give you a better end product, being pre owned means it will be tagged with the previous owners details etc, your best way forward in this instance IMHO is to go into the recovery mode, and reinstate the system to out of the box, and when asked select the destructive recovery, what this will do is reset the system to as though you only just got it from the store, and it will allow you to have your own names\tags for it. Check under Start - Programs for any entries to do with recovery (not to be confused with system restore), access them and tell it to begin the process, by selecting destructive recovery it wipes EVERYTHING including files\infections, once complete you can then enter whatever details you want to use for accounts etc. You didn't say what laptop you had, so we can't say what you will have, but makers keep changing the goalposts anyway so it's not always as straight forward as it should be, if you see no entry under the programs list, watch the screen as you boot, look for reference to an instruction to enter the recovery console, commonly used one's are F10, F11, F5 etc, and there are some you would never guess, so if you can't find this let us know what you have and we can try and tell you how to access this.

Braindead


#3 kazw

kazw

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 15 October 2009 - 12:20 PM

I dont have an os cd to restore my os if its deleted and i have a gateway laptop but the os is vista

#4 8210GUY

8210GUY

    SuperMember

  • Visiting Tech
  • PipPipPipPipPip
  • 2,284 posts
  • Interests:Hoping to die.

Posted 15 October 2009 - 04:19 PM

Right the 2 ways they say to check are the 2 I covered already, albeit one in brief, Here are they're instructions on how to tell if you have the system recovery installed, I would be amazed with this being a vista system if it did not, because nearly all systems now are shipped preloaded with everything on a partition (usually hidden) so should you ever end up where you are now, you can simply activate the system recovery and it will put everything back to as though you opened the box for the first time.

So check under your Start - Programs list for any kind of recovery options, possibly under a Gateway folder\applications, possibly NTI which is often used by some makers, if there is no entry there you can try rebooting, and tap F11 while it boots and see if it takes you to the recovery menu, it may be possible the previous owner deleted the entry in the Programs list, you can check this by clicking on Start - My Computer - C Drive (or whatever your OS drive is listed as) - Programs, then scroll though the entries looking again for anything recovery based.

In my experience it is usually quite obvious when you see it, assuming it's there, just remember to select destructive restore, it will eradicate the infections\settings and set them back to as though you just opened the box, see if that helps.

Braindead


#5 kazw

kazw

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 18 October 2009 - 04:49 PM

there is no destructive restore and the restore points are like from the 10th of last month and that does not help me there is no F11 option.

#6 8210GUY

8210GUY

    SuperMember

  • Visiting Tech
  • PipPipPipPipPip
  • 2,284 posts
  • Interests:Hoping to die.

Posted 18 October 2009 - 05:11 PM

No you wont find that setting in the normal system restore menu, you have to get into the restore options that are normally built into them when new, few systems come with disks these days, they rely on a partition, most often this is hidden, but not always, and they include a way(s) to access the menu that will allow you to restore the whole system to what they call out of the box, so it's just as though you opened it from new, this is the menu you need to access, then you will get the destructive restore option as you start the process. What is the exact model of your system ? Hopefully we can try and locate the options we need by searching etc, but Gateway stated they use F11 during boot, or an entry in the program's list to access these options we need, it's not unheard of for makers to change the methods used, even in the same model line, but I'd of hoped that one or the other of the stated methods would have worked for you, but just to confirm, you did try tapping F11 at approx 1 second intervals during the boot process didn't you ?

Braindead

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users