Purchased PC with infections

hello to all,

I'm a new member and was referred to this site; heard it was the best site for assistance. I bought an HP off a friend and it was highly infected with junk. i prefer not to reformat, but rather clear the PC of any infections from prior owner. Hope you can help.

HP 2.10GHZ with 1.50GB RAM
250GB HDD
Windows XP SP3
32 Bit

I've uninstalled AVG, removed old Java and updated to the newest, and removed some of the malware programs suggested in the "house cleaning" link. The SAS log is prior to removal because i had to use the portable version and could not find the log after removal of infections.

I've also ran all the scans instructed under the "Windows XP cleaning procedures."

Reports are attached.

 

MGtools log.

i apologize for not naming the log files recently submitted as instructed.

 

Hi and welcome to Major Geeks, WBydo01!

http://img823.imageshack.us/img823/2039/msnmsg.gif Please download Disable/Remove Windows Messenger to your desktop.

• Double-click MessengerDisable.exe to run it.
• Place checkmarks in "Uninstall Windows Messenger" and "Hide Messenger from Outlook Express"
• Click Apply
• Click Exit

http://img194.imageshack.us/img194/4930/combofix.gif Fixing items using ComboFix
Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop -- but do not run it.
If it is not on your desktop, the below will not work.
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]ClearJavaCache::[/COLOR]
[COLOR="DarkRed"]Driver::[/COLOR]
asbp2poa
[COLOR="DarkRed"]RegNull::[/COLOR]
[HKEY_USERS\S-1-5-21-515967899-492894223-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[COLOR="DarkRed"]Registry::[/COLOR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"iTunesHelper"=-

Save this file as CFScript.txt to your desktop. So now you should have both CFScript.txt and ComboFix.exe on your desktop.
Now use your mouse to drag CFScript.txt on top of ComboFix.exe and then release.
http://softvisia.com/users/Night_Raven/Security/cfsdnd2.gif
This will launch ComboFix.
Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Allow ComboFix to update itself if prompted.
When ComboFix finishes, a log will be produced at C:\ComboFix.txt
Attach this log to your next message. (How to attach)

http://img254.imageshack.us/img254/945/baticonxp.gif Now run C:\MGtools\GetLogs.bat by double-clicking it.
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

Let me know how the system is running after you have completed these steps.

 

thank you,

i've proceeded with the instructions on "Fixing Items usingCombofix" but the computer is now going through a restart and is stuck on blue screen saying "Windows is shutting down". It's been idle for at least 10 minutes. is this normal or should i restart manually?

 

Give it another 20 minutes before you force restart.

 

i had to force restart and after reboot i received the log file. i don't have a bottom toolbar on the computer where the current time, start menu link, etc would be located, so when i accidently minimized the log i couldnt find it when trying to submit said log.

i'm almost certain i found the log inside the C drive and i will submit it, but what do i do about the missing toolbar?

 

during the C:\MGtools\GetLogs.bat i received a "failed to initilize" error, but here are the logs.

 

Try rebooting first.

This is normal when you do not have .NET framework installed. It's not a problem, some of the logs will utilize it if present on the system.

 

trying to reboot a 2nd time but again it's getting stuck on the blue screen.

 

Your latest logs are clean.

If you still have trouble viewing the taskbar after the reboot. See the following: http://www.xp-tips.com/auto-hide-taskbar.html

Scroll down to where it says: If you want to revert to the default taskbar configuration and turn off the Auto-hide option:

Then follow those instructions.

___

If all goes well, here are the final cleanup steps:

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

Be safe

 

This is not related to malware. This is usually caused by data corruption or application/process that you are using that constantly runs. It could be hotsync.exe which I see running.

A software problem nonetheless. We have a Software forum for issues of this nature.

Surf safely!

 

thank you for all your help!

 

You're welcome.

 

@thisisu - i made a 2nd thread about a 2nd computer, but it's not showing up in "threads started by WBydo01". Any reason why? Should i try making the thread again?

 

Hi,

It went into moderation at first. You must have triggered one of the spam filters on the forum.

It is viewable now as I see TimW has responded to you.