So, I got a computer through sources that were apparently less than stellar at keeping a clean drive. It had that ^%*#$ Malware Defender 2009 on it when I got it. I've been working to clean it manually, since I don't have a restore disk. I thought I had got everything, but something's still blocking Spybot and Malware Bytes Anti-Malware. Any clues from the logfile of what I need to kill?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:22:47 PM, on 12/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [settdebugx.exe] C:\DOCUME~1\User\LOCALS~1\Temp\settdebugx.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 3101 bytes
Help with a new computer (Hijack This log)
Moderator: Thanas
-
The Dark
- Emperor's Hand
- Posts: 7378
- Joined: 2002-10-31 10:28pm
- Location: Promoting ornithological awareness
Help with a new computer (Hijack This log)
BattleTech for SilCoreStanley Hauerwas wrote:[W]hy is it that no one is angry at the inequality of income in this country? I mean, the inequality of income is unbelievable. Unbelievable. Why isn’t that ever an issue of politics? Because you don’t live in a democracy. You live in a plutocracy. Money rules.
-
Ace Pace
- Hardware Lover
- Posts: 8456
- Joined: 2002-07-07 03:04am
- Location: Wasting time instead of money
- Contact:
Re: Help with a new computer (Hijack This log)
No. Can you please run Rootkit revealer?
Brotherhood of the Bear | HAB | Mess | SDnet archivist |
Re: Help with a new computer (Hijack This log)
Easier for you to use something like Sisoft Sandra to take stock of what devices you have on the computer, check the model, download the drivers from the net and put them on a USB stick, then do a wholesale nuke from orbit and reinstall Windows. Install drivers from the stick, slap proper antivirus software on it and you're good to go.
If you have rootkits or other similar shit, it's less hassle to do it that way than try to clean out a hopelessly infected machine. Takes less time and gives you less headaches. You can use any install media for Windows as long as the version matches the license key on the machine.
If you have rootkits or other similar shit, it's less hassle to do it that way than try to clean out a hopelessly infected machine. Takes less time and gives you less headaches. You can use any install media for Windows as long as the version matches the license key on the machine.
Warwolf Urban Combat Specialist
Why is it so goddamned hard to get little assholes like you to admit it when you fuck up? Is it pride? What gives you the right to have any pride?
–Darth Wong to vivftp
GOP message? Why don't they just come out of the closet: FASCISTS R' US –Patrick Degan
The GOP has a problem with anyone coming out of the closet. –18-till-I-die
Why is it so goddamned hard to get little assholes like you to admit it when you fuck up? Is it pride? What gives you the right to have any pride?
–Darth Wong to vivftp
GOP message? Why don't they just come out of the closet: FASCISTS R' US –Patrick Degan
The GOP has a problem with anyone coming out of the closet. –18-till-I-die
-
The Dark
- Emperor's Hand
- Posts: 7378
- Joined: 2002-10-31 10:28pm
- Location: Promoting ornithological awareness
Re: Help with a new computer (Hijack This log)
HKU\.DEFAULT\Software\h8srt 12/30/2009 10:58 AM 0 bytes Hidden from Windows API.Ace Pace wrote:No. Can you please run Rootkit revealer?
HKU\S-1-5-18\Software\h8srt 12/30/2009 10:58 AM 0 bytes Hidden from Windows API.
HKLM\SECURITY\Policy\Secrets\SAC* 10/28/2009 4:28 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 10/28/2009 4:28 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\H8SRT 12/30/2009 11:48 AM 0 bytes Hidden from Windows API.
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 12/30/2009 5:03 PM 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys 12/30/2009 1:18 PM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys 12/30/2009 1:18 PM 0 bytes Hidden from Windows API.
C: 0 bytes Error mounting volume
BattleTech for SilCoreStanley Hauerwas wrote:[W]hy is it that no one is angry at the inequality of income in this country? I mean, the inequality of income is unbelievable. Unbelievable. Why isn’t that ever an issue of politics? Because you don’t live in a democracy. You live in a plutocracy. Money rules.
-
Ace Pace
- Hardware Lover
- Posts: 8456
- Joined: 2002-07-07 03:04am
- Location: Wasting time instead of money
- Contact:
Re: Help with a new computer (Hijack This log)
The last is really odd... Though not necessarily indicative of anything.
Though if there is a rootkit, not much we can do about it, better to nuke from orbit.
Though if there is a rootkit, not much we can do about it, better to nuke from orbit.
Brotherhood of the Bear | HAB | Mess | SDnet archivist |