Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 198
  • Last Modified:

Need to clean Used PC

Ok i just got a used PC and wanted to get it fully cleaned before i use it. Need an expert to help guide me through.
Here i pasted the hijack this file here..... http://www.rafb.net/paste/results/BHLgHr83.html

Thanks
0
chanster85
Asked:
chanster85
4 Solutions
 
logic0004Commented:
To use this tool its very important to know what to disable and what to enable. As once u disable the tool won't let the services to start. So, here is the link for the tutorial for the tool:

http://www.bleepingcomputer.com/tutorials/tutorial42.html

According to me, u r free to disable the following line numbers from the log file:

Line no. 30 to 41
Line no. 47 to 69
and finally  76,77,78

enjoy...
0
 
callrsCommented:
For used computer, I usually run AVG Antivirus and Adaware.
Then I download autoruns (http://www.sysinternals.com/Utilities/Autoruns.html) to see what's running.
I then disable (through autoruns or by setting the option in each programs) what I don't want running, so the boot up is faster & computer runs smoother...
autoruns also comes in handy when there's no easy way to disable a program that auto-launches on bootup

0
 
callrsCommented:
Clean the inside too... Open it up, touch bare metal part of the case with your hands to discharge from your hands, unplug it, remove the CPU fan and video card fan (they unscrew easily) and clean them out with cloth and/or qtips. Roughly remove any heavy dust buildup with a slightly-moist cloth. You can then take computer outside & then using a bellows, just blow out all the dust. Vacuum is another way, but some say that it generates static electricity that can damage chips.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
blue_zeeCommented:

The best and sure way to cleanup is format and reinstall.

Your saved HJT log is here:

http://www.hijackthis.de/logfiles/f9560da64164a0383f69c57e8dc8c536.html

Cleanup the Nasty entries and double-check the Unknown ones.

Zee
0
 
blue_zeeCommented:

I would include these O23 entries:

O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)

Restart in Safe Mode and delete the file:

C:\Program Files\Internet Explorer\sejulyib.exe

Restart in Normal Mode and run CCleaner with ALL browser windows closed:

www.ccleaner.com

Download and install the program.

Start it and under the "Cleaner" section select/tick all options listed and then click the "Run Cleaner" button.

Restart the PC when finished and test.

Zee

0
 
callrsCommented:
Oops. By "to discharge from your hands" i meant "to discharge static from your hands". Static electricity, even tiny amounts, is deadly to computer chips. Touching bare metal should leave you static-free & safe to touch internal computer parts.
0
 
rpggamergirlCommented:
That analyzer can't be relied on, its next to useless actually. I have seen a csrss.exe in the Windows directory where that analyzer flag as "safe" Windows file.

That is a nasty hijackthis log, You're better off rolling back to an earlier date using System Restore(bear in mind that some programs will need to be reinstalled or updates that's been installed after the chosen date)
Or just format the drive, this file is nasty -->C:\WINDOWS\stsheets.dat  and it also does other things messing up with windows files. You can Killbox or disable it but it has other files(more aggressive) that you need to find by using other tools.

Fix these entries in hijackthis:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)
R3 - Default URLSearchHook is missing
O1 - Hosts: 3510794929 auto.search.msn.com
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\sejulyib.exe    
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://69.50.166.213/users/alex/web/axe/x.chm::/update.exe  
O19 - User stylesheet: C:\WINDOWS\stsheets.dat
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)

Run CWShredder whether it finds any or not, update it first. I still opt for System Restore or formatting as the best alternative than trying to look for other hidden files. Blacklight/Rootkit revealer may not find them.
http://www.intermute.com/spysubtract/cwshredder_download.html
0
 
chanster85Author Commented:
Thanks for the help guys

Wow, i didn't think this PC was so messed up
i guess i'll just go the long route and reformat the whole thing.

0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now