Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Bought Used Laptop, Need to make sure it's safe [Solved]


  • This topic is locked This topic is locked
12 replies to this topic

#1 bluejayhope

bluejayhope

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 02 October 2014 - 01:13 PM

I just bought a computer and it had a ton of stuff on it. The guy used it to download a lot of songs, movies, programs and what-not. I've deleted most of the programs that I know aren't needed and I'm still having trouble. I think it's definitely infected with something but I'm not sure what. I want to just do a clean sweep of it and start fresh. I can't do a full system restart because I haven't got the Windows disc for it to reinstall the OS. Can anyone help me clean off all the garbage that the computer doesn't need? Everything and Anything can go, I'm happy to start fresh, I just don't know where to begin, though I know I need to make sure the computer is clean and doesn't have any malware, spyware or virus'. Please let me know what you need in order to help, this computer had an out of date AVG on it and an anti-maleware program I don't recognize.

 

Here is the HJT log, I couldn't attach it as a file..

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 04:48:49, on 02/10/2014
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
 
 
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dmwu.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\mjcm\dnkt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe
C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe
C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Java\jre7\bin\java.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis (1).exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.real.com/...ne&action=close
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_22\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ActivManager] C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [DeleteMarkAny] C:\WINDOWS\system32\MASetupCleaner.exe C:\Program Files\MarkAny\ContentSafer
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: ActivSDK Flash Extension.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ActivControl - Promethean - C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBUpdaterService - Unknown owner - C:\WINDOWS\system32\dmwu.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
 
--
End of file - 7138 bytes
 
 
 
 
Thank you for your time and help!!

    Advertisements

Register to Remove


#2 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,357 posts

Posted 03 October 2014 - 09:39 AM

Hi bluejayhope,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

All of that being said in way of preliminaries... in good conscience, I must tell you that unless you have the disks (including service pack 3 for XP), then the answer must be... No. That system is not safe.

That system has been running P2P programs... many of which are probably infected and may be pirated. It is behind in updates... maybe a couple hundred?

If you had the disks, you could do a fresh install... but wouldn't be able to get the updates. This would leave the system unpatched and at risk. The only safe way to use it would be to never let it be connected to the internet.

You have a couple choices as I see it.

  • You could purchase a new Windows Operating system... such as Windows 7 (you might want to run the Windows 7 upgrade adviser first to make sure it will run on your system.
  • You could consider putting a Linux operating system on it (they're free).  In my opinion, Linux becomes a more viable alternative system every day (android phones run on Linux).  One of my colleagues here wrote up an explanation on how to install Ubuntu:  http://forums.whatth...owtopic=127931.

My suggestion is that you try Linux.  Ubuntu is only one "flavor" of Linux.  There are several to choose from but they operate very similarly.  Puppy Linux is very simplistic and will run on very old equipment.  You really have nothing to lose as you can try them with a live CD... nothing is actually installed on your hard drive.  Once you think it is something that will work for you, you can "permanently" install it on your system instead of running off of the CD (or thumb drive).  If you find that you don't like it... then you can always purchase Windows 7.

 

If you give the Linux a go, and have questions, then I suggest you post them in the Open Source forum.  We have a couple Techs here that are really good with Linux (including at least one whom uses it exclusively).


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#3 bluejayhope

bluejayhope

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 04 October 2014 - 05:56 AM

Thanks TomK, I will try going with the Linux OS. Thanks for the suggestions and advice!



#4 bluejayhope

bluejayhope

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 04 October 2014 - 07:21 AM

I've tried to get Linux, however I ran into a problem. I have a Hardware Error 22272 when trying to burn the CD. Would you happen to know how to fix this error or direct me to the proper place to ask about it?

 

Thanks!



#5 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,357 posts

Posted 06 October 2014 - 10:02 AM

To the best of my knowledge, that error means that something went wrong with the interfacing of the software (image burning program) and the equipment (cd/dvd reader/writer).  Which program were you using?

 

I have always used ImgBurn, but apparently it know comes with some PUPs.  If you used Free Iso Burner, I'd try using ImgBurn.  The good news here is that the malware may get installed on your system... but it will be the windows system, not the Linux system you are going to be using.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#6 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,357 posts

Posted 07 October 2014 - 11:37 PM

Did it work?
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#7 bluejayhope

bluejayhope

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 08 October 2014 - 03:28 AM

No, it still won't recognize the drive



#8 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,357 posts

Posted 08 October 2014 - 07:38 AM

Do you have access to another computer that you can use to make the disk?
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#9 bluejayhope

bluejayhope

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 08 October 2014 - 10:53 AM

Unfortunately not at this time, just this laptop



#10 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,357 posts

Posted 08 October 2014 - 11:32 AM

Do you have a friend that could make the disk for you?


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#11 bluejayhope

bluejayhope

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 10 October 2014 - 06:48 AM

Yes I think I've found someone who could do this for me



#12 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,357 posts

Posted 10 October 2014 - 07:41 AM

Great. :thumbup:

 

If you should have any more trouble... or trouble setting things up.  I suggest you post your questions in the Open Source forum.  We have some members of the Tech Team who are much more knowledgeable about Linux than I am.  However, I'm still interested in how you get along so I'd appreciate it if you updated me on your progress.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#13 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,357 posts

Posted 31 October 2014 - 10:32 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users