Did you receive the Windows disk or HP Recovery disk with the computer?
Is there a Recovery partition on the hard drive?
I'm sure that a forum malware expert will opine on your HJT log, but, consider this: If you have either of the above, consider a recovery which will put the computer hard drive files back to the original, new condition. Do you really want to mess with the previous owner's problems? If you do a recovery, all you'll need to deal with regarding software is the 'crapware' that HP installed - easily gotten rid of.
Best of luck.
Moved to the Computer viruses and spyware forum.
VirusHeat is a rouge program. It has malware in it. http://www.bleepingcomputer.com/startups/VirusHeat_4.4-22857.html
This PC is also severely infected with a variety of malware.
When will you be able to have Internet access?
Use a flash drive to transfer over these tools.
SDFix (http://download.bleepingcomputer.com/andymanchesta/SDFix.exe)
DrWeb CureIt (http://freedrweb.com/) < Be sure to update this on a PC with Internet access before transferring it.
Uninstall the version of HijackThis and install the new one.
TrendMicro HijackThis.exe (http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe) (HJT)
I will need the logs.
----------
When using this tool, you must use the Administrator's account or an account with Administrative rightsReboot your computer in Safe Mode (http://www.bleepingcomputer.com/tutorials/tutorial61.html) using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
- Double click SDFix.exe and it will extract the files to %systemdrive%
- (this is the drive that contains the Windows Directory, typically C:\SDFix).
- DO NOT use it just yet.
Open the SDFix folder and double click RunThis.bat to start the script..
- Type Y to begin the cleanup process.
- It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
- Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.
----------
Scan with DrWeb-CureIt as follows:
- Double-click on drweb-cureit.exe and then click Start.
- An Express Scan of your PC notice will appear.
- Under Start the Express Scan Now Click OK to start.
- This is a short scan that will scan the files currently running in memory.
- If or when something is found, click the Yes button when it asks you if you want to cure it.
- Once the short scan has finished, Click Options > Change settings
- Choose the Scan tab and UNcheck Heuristic analysis and click OK
- Back at the main window, select the Complete scan button.
- Then click the Green Arrow (http://i154.photobucket.com/albums/s258/evilfantasy69/drweb.jpg) Start Scanning button on the right and the scan will start.
- Click Yes to all if it asks if you want to cure/move any file(s).
- When the scan is done.
- In the Dr.Web CureIt menu on top left, click File and choose Save report list.
- Save the DrWeb.csv report to your Desktop.
- Exit Dr.Web Cureit.
[/COLOR]
- Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
.
- After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
- Copy and paste that log in the next reply
----------
Now run a new HijackThis scan and post the log.
It will update on the drive as long as there is Internet access I'm pretty sure (never tried it like that). If not just download/update it on the Desktop then cut and paste it to the flash drive.
If it doesn't restart by itself then restart manually.
Then look in C:\SDFix for the log if it does not pop up or save to the desktop on it's own.
Are you online with the PC now? How did you get MBAM to run?
[kill explorer]
C:\SDFix
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDFix
EmptyTemp
[start explorer]
There is also a question about versions of programs and running duplicates. For instance there seems to be two versions of Office ( 2003 and 2007 ) on this computer. The 03 version seems to be a suite whereas 07 seems to be only Word.
There is also a question about the actual OS. i see in the report that it says XP Professional but on the start-up screen ( momentary DOS like screen ) it says Windows Media.
The clicking is gone and the frequency for blanking out has been reduced but it still happens from time to time. Could a video card driver update fix this problem?
Can i follow the same procedures with this PC as i did with the other in the order that you laid it out and get the same or similar results?
When i tried posting the report i got a warning that "The message exceeds the maximum allowed length
( 20000 characters )
Will split it up. Is there a way to zip it or condense it for posting here in/on CH?
----------
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software..
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
----------
BTW...jump in whenever you want to add your 2 cents worth...I do.And you do it well, my friend. ;)
On that HP that we've been working on i looked for driver updates for the ATI Radeon xpress 200 series on the ATI page and can't seem to find one.
Been told that i should use a heat conductor to help carry the heat away from the processor. The room is cool and the computer hasn't been on that long at a time. What should i use to bind the fan to the processor and where do i find it?