12 replies to this topic

[bluejayhope]

I just bought a computer and it had a ton of stuff on it. The guy used it to download a lot of songs, movies, programs and what-not. I've deleted most of the programs that I know aren't needed and I'm still having trouble. I think it's definitely infected with something but I'm not sure what. I want to just do a clean sweep of it and start fresh. I can't do a full system restart because I haven't got the Windows disc for it to reinstall the OS. Can anyone help me clean off all the garbage that the computer doesn't need? Everything and Anything can go, I'm happy to start fresh, I just don't know where to begin, though I know I need to make sure the computer is clean and doesn't have any malware, spyware or virus'. Please let me know what you need in order to help, this computer had an out of date AVG on it and an anti-maleware program I don't recognize.

 

Here is the HJT log, I couldn't attach it as a file..

 

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 04:48:49, on 02/10/2014

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

 

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\dmwu.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\mjcm\dnkt.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe

C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe

C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Java\jre7\bin\java.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\msiexec.exe

C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis (1).exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.real.com/...ne&action=close

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_22\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ActivManager] C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe

O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe"  /MINIMIZED

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\RunOnce: [DeleteMarkAny] C:\WINDOWS\system32\MASetupCleaner.exe C:\Program Files\MarkAny\ContentSafer

O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: ActivSDK Flash Extension.lnk = ?

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ActivControl - Promethean - C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IBUpdaterService - Unknown owner - C:\WINDOWS\system32\dmwu.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

 

--

End of file - 7138 bytes

 

 

 

 

Thank you for your time and help!!

[Tomk]

Hi bluejayhope,



My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

All of that being said in way of preliminaries... in good conscience, I must tell you that unless you have the disks (including service pack 3 for XP), then the answer must be... No. That system is not safe.

That system has been running P2P programs... many of which are probably infected and may be pirated. It is behind in updates... maybe a couple hundred?

If you had the disks, you could do a fresh install... but wouldn't be able to get the updates. This would leave the system unpatched and at risk. The only safe way to use it would be to never let it be connected to the internet.

You have a couple choices as I see it.

• You could purchase a new Windows Operating system... such as Windows 7 (you might want to run the Windows 7 upgrade adviser first to make sure it will run on your system.
• You could consider putting a Linux operating system on it (they're free).  In my opinion, Linux becomes a more viable alternative system every day (android phones run on Linux).  One of my colleagues here wrote up an explanation on how to install Ubuntu:  http://forums.whatth...owtopic=127931.

My suggestion is that you try Linux.  Ubuntu is only one "flavor" of Linux.  There are several to choose from but they operate very similarly.  Puppy Linux is very simplistic and will run on very old equipment.  You really have nothing to lose as you can try them with a live CD... nothing is actually installed on your hard drive.  Once you think it is something that will work for you, you can "permanently" install it on your system instead of running off of the CD (or thumb drive).  If you find that you don't like it... then you can always purchase Windows 7.

 

If you give the Linux a go, and have questions, then I suggest you post them in the Open Source forum.  We have a couple Techs here that are really good with Linux (including at least one whom uses it exclusively).

[bluejayhope]

Thanks TomK, I will try going with the Linux OS. Thanks for the suggestions and advice!

[bluejayhope]

I've tried to get Linux, however I ran into a problem. I have a Hardware Error 22272 when trying to burn the CD. Would you happen to know how to fix this error or direct me to the proper place to ask about it?

 

Thanks!

[Tomk]

To the best of my knowledge, that error means that something went wrong with the interfacing of the software (image burning program) and the equipment (cd/dvd reader/writer).  Which program were you using?

 

I have always used ImgBurn, but apparently it know comes with some PUPs.  If you used Free Iso Burner, I'd try using ImgBurn.  The good news here is that the malware may get installed on your system... but it will be the windows system, not the Linux system you are going to be using.

[Tomk]

Did it work?

[bluejayhope]

No, it still won't recognize the drive

[Tomk]

Do you have access to another computer that you can use to make the disk?

[bluejayhope]

Unfortunately not at this time, just this laptop

[Tomk]

Do you have a friend that could make the disk for you?

[bluejayhope]

Yes I think I've found someone who could do this for me

[Tomk]

Great.

 

If you should have any more trouble... or trouble setting things up.  I suggest you post your questions in the Open Source forum.  We have some members of the Tech Team who are much more knowledgeable about Linux than I am.  However, I'm still interested in how you get along so I'd appreciate it if you updated me on your progress.

[Tomk]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.