Yard sale computer badly neglected

[ejames82]

Hello,

I did the best I could, without hijackthis knowledge at the level you folks have, to clean the computer. I scanned and removed with as many legitimate programs as I could use.
could I also ask politely if I could inquire about and remove some of the questionable/unknown items in the hijackthis log.

let me know if there's anything else I can provide for you.

thank you very much.

 

[strategic]

Yard sale computer badly neglected

If you purchased this computer used, and don't know the history, the best solution is to format it and re-install the O/S.

 

[momok]

I would second that opinion, especially if you intend to do any form of online transaction that handles sensitive information in future on that computer.

 

[ejames82]

i agree. that computer/hard drive/operating system will never be trusted for online banking, purchases, or even anywhere where i could be hurt in any way by using it over the internet. if i ever sell or give it to anyone they will be given the third degree as to it's condition and history. i am well aware of the risks and that's why i have spent the effort cleaning it up, installing the security programs, and updating the necessary software. there was no installation disk offered, but it turns out there is a recovery console/partition (that's usually the way it works, you don't get both). i would still like to get expert advice/feedback on the status of the computer. speaking of the recovery console/partition, could THAT even be trusted? could these infections that were found and dealt with have possibly compromised IT as well? it's all on the same hard drive.

i would also like to say that the programs i used did a magnificent job (i've been a techspot member for over three years, i know what the good ones are), and that the computer works great. one wouldn't even think it was infected in the first place.

once again, i assure you that no risks will be taken with this computer. i have one computer that is dedicated to special tasks like online banking and purchases. i am as paranoid (in a good way) as anybody out there.

i hope i can still get my computer looked at by a specialist here. i know they are all qualified. i think they will find not too much wrong (at least i hope).

thanks for the replies from both and it's good to see you are doing well momok, you have helped me before.

 

[captaincranky]

Usually the recovery disc triggers the installation of a fresh copy of Windows from the recovery partition. Sorry, but you still probably need a recovery disc. It contains the drivers, and (I think), the OS license access dialog. This is possibly via administrative password. I believe you might still need the COA license key to reactivate XP anyway.

 

[ejames82]

Hello Captain,

good to hear from you again as well.

"Usually the recovery disc triggers the installation of a fresh copy of Windows
from the recovery partition"
"usually" is not the same as definitely.

"you still probably need a recovery disc. It contains the drivers, and (I think), the OS license access dialog"
what is the "os license access dialog"? i may have encountered it, just am not aware of anything by that name.

"This is possibly via administrative password"
i am hoping there isn't an administrative password enabled

"I believe you might still need the COA license key to reactivate XP anyway. "
there shouldn't be a problem there. all microsoft updates went as smooth as silk, and the sticker is on the side.

i would still like expert advice on my provided logs. i know these things take time, and i am patiently waiting.

thanks for the reply.

 

[captaincranky]

All I see is security programs in HJT. Well those, IE, and ERUNT, which is a known registry tool. As to whether that's "necessary" is anybody' guess.

SuperAniSpyware found 8 tracking cookies, CCleaner would normally identify these, and allow you take them out after its run. (This assumes you run analysis first).

Other than that I don't see any thing standing out as harmful. The disclaimer is that I'm not, and don't consider myself an expert.

I don't necessity of line item quoting/rebutting me, in light of the fact that you admittedly, can't mount and/or don't trust the recovery partition.

Weren't there any "experts" at the yard sale to bully?

 

[momok]

I agree; theres nothing really bad in your logs. do fix this though:
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)

 

[ejames82]

Hello Captain,

i consider you to be an expert, and appreciate your advice, though you didn't like the way i responded.
if you said something like "the malware definitely won't damage your recovery console/partition" i would run the recovery console. the ultimate goal is to have a secure computer.
thanks, and take care.


Hello momok,

the fix will be made.
thanks, and you take care as well.

 

[Bobbye]

Well, I'm impressed! If all yard sale computers looked this good, we might be out of a job!

Is it running okay for you? A bit of overkill in the online scan business, but no biggy. That was a legit AOL Toolbar directing the search. Probably better gone.

As a caution though, like the other member advised, on general principal you probably shouldn't write your reports to the CIA on it.

 

[raybay]

I would run Advanced System Care on that machine... then use it for a few days as a test before a finaly decision.

 

[ejames82]

Hello Bobbye,

when i first started up the computer (after cleaning out a load of dust and debris) it had no resident AV, so i figured i'd go nuts and scan with everything i could use (there would be no conflict). if there is going to be extra software and registry entries on there, it would be for a good cause.
it works great. i am really lucky and grateful to all the companies that provide free programs and online scans, not to mention i have kerio 2.1.5 firewall (installed by me because they didn't have a firewall either).
the toolbar is gone. i prefer to have no toolbars.
when i'm done just "hobbying" with it, i'll probably just put a different hard drive in it with linux.

thanks for the reply.


Hello raybay,

i have never heard of that. i'll have to google it.

thanks for the reply.

 

[captaincranky]

if you said something like "the malware definitely won't damage your recovery console/partition" i would run the recovery console. the ultimate goal is to have a secure computer.

I would not say that, because it may not be true.

My understanding of the recovery process, (at least in Emachines), is this, If you are in possession of the discs, you can take a new, blank hard drive, and using the "destructive restore" option you can, format the HDD, and recreate the recovery partition. The "repair" option loads a fresh copy of Windows from the existing "D:/" partition. All manufacturer's strategies are not the same, so I am unable to make a blanket statement about this. In fact, in another thread involving an Emachines computer, the OP said the recovery discs did not even offer a "repair" option, it was destructive or nothing.

Since the discs also carry the driver set, which is correct and contemporary of the date of manufacture, everything will work as is should, without resorting to an internet scavenger hunt for software that may be unavailable, or not compatible with the OEM board.

In any event, I suppose the issue is time as opposed to money, or even time and money, in tracking down recovery media. I personally would feel uncomfortable in owning a machine that I did not also own its recovery discs.

IMHO, as the old saw goes, it's "six of one, or half a dozen of the other", but starting with a machine that there is nothing of personal value to lose, a blank slate as it were, I would have wiped the drive, hunted down the recovery discs and started over. Is it worth 30 bucks to be certain of what you have, I say yes, but I'll qualify that by saying it is if you have the thirty bucks.

 

[ejames82]

Hello Captain,

i will, no doubt, make recovery disks anyway. it's actually fun to do. running them is kind of scary though. i ran recovery disks once, and i remember a pop-up incorrectly saying "improper disk" when i was very careful labelling them. it was the correct disk. i kicked out the disk and reinserted it. eventually it recognized the disk as being correct. when you have 16 disks and you're only on your third, it makes you wonder if the recovery will be successful, or if you'll be out an operating system.

i would figure "destructive" to mean that you get a bunch of junk like AOL, norton or mcafee antivirus, yahoo, and a bunch of trial programs (like the way walmart sells it to you), where "repair" might fix what is wrong with your operating system and leave your apps and programs alone, not adding any. "repair" being a much more desirable way to go.

thanks for the in-depth explanation.