Can't access Microsoft and security websites

[thelight]

I have been given a machine to fix by a friend. It was initially popping up with Registry Helper poppups but on further inspection the main problem is that a lot of websites appear to be being blocked by some kind of trojan/virus. Specifically Microsoft sites and online virus scanning websites.

TSG Sysinfo Log:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 2, 32 bit
Processor: AMD Athlon(tm) 64 Processor 3700+, x86 Family 15 Model 39 Stepping 1
Processor Count: 1
RAM: 1022 Mb
Graphics Card: NVIDIA GeForce 6200SE TurboCache(TM), 256 Mb
Hard Drives: C: Total - 280015 MB, Free - 265241 MB; D: Total - 6129 MB, Free - 2546 MB;
Motherboard: MSI, AMETHYST-M
Antivirus: None

Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:54:32, on 03/11/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
K:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20111043,16748,0,4,0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{71076F71-A3EF-4F6D-B00F-400D63FC33AF}: NameServer = 194.168.8.100,194.168.4.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{71076F71-A3EF-4F6D-B00F-400D63FC33AF}: NameServer = 194.168.8.100,194.168.4.100
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

--
End of file - 5641 bytes

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by HP_Owner at 22:59:55 on 2011-11-03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1022.741 [GMT 0:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20111043,16748,0,4,0
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_05\bin\jusched.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
TCP: Interfaces\{71076F71-A3EF-4F6D-B00F-400D63FC33AF} : NameServer = 194.168.8.100,194.168.4.100
TCP: Interfaces\{7A545EDF-3EBE-41C5-B268-01AB4F12860F} : DhcpNameServer = 15.243.128.51 15.243.160.51
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
.
============= SERVICES / DRIVERS ===============
.
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
S2 rhytnvzuk;Support Boot;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
.
=============== Created Last 30 ================
.
2011-11-03 22:31:10 98816 ----a-w- c:\windows\sed.exe
2011-11-03 22:31:10 518144 ----a-w- c:\windows\SWREG.exe
2011-11-03 22:31:10 256000 ----a-w- c:\windows\PEV.exe
2011-11-03 22:31:10 208896 ----a-w- c:\windows\MBR.exe
2011-11-03 22:31:05 -------- d-----w- C:\ComboFix
2011-11-03 21:44:34 -------- d-----w- c:\windows\system32\LogFiles
2011-11-03 21:43:15 161728 ----a-w- c:\program files\j2res.dll
2011-10-18 19:07:10 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-10-18 16:04:02 86528 ----a-w- c:\windows\system32\E_FLBFCE.DLL
2011-10-18 16:04:02 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2011-10-18 16:04:02 78848 ----a-w- c:\windows\system32\E_FD4BFCE.DLL
2011-10-18 16:03:54 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-10-18 16:03:54 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2011-10-18 16:01:26 80024 ----a-w- c:\windows\system32\PICSDK.dll
2011-10-18 16:01:26 71840 ----a-w- c:\windows\system32\EPPicMgr.dll
2011-10-18 16:01:26 501912 ----a-w- c:\windows\system32\PICSDK2.dll
2011-10-18 16:01:26 120992 ----a-w- c:\windows\system32\EpPicPrt.dll
2011-10-18 16:01:26 108704 ----a-w- c:\windows\system32\PICEntry.dll
2011-10-18 16:00:58 342016 ----a-w- c:\windows\system32\eswiaud.dll
2011-10-17 12:52:52 917504 ----a-w- c:\windows\system32\FLASH.OCX
2011-10-17 12:27:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-17 11:56:39 70688 ----a-w- c:\windows\system32\drivers\alcaudsl.sys
2011-10-17 11:56:39 5606 ----a-w- c:\windows\system32\stci.dll
2011-10-17 11:56:39 5280 ----a-w- c:\windows\system32\drivers\alcawh.sys
2011-10-17 11:56:39 3968 ----a-w- c:\windows\system32\drivers\alcacr.sys
2011-10-17 11:56:38 53600 ----a-w- c:\windows\system32\drivers\alcan5wn.sys
2011-10-16 15:34:30 -------- d-sha-r- C:\cmdcons
2011-10-16 15:20:12 -------- d-----w- c:\documents and settings\hp_owner\application data\HPQ
2011-10-16 15:11:43 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-10-16 15:05:03 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
.
==================== Find3M ====================
.
.
============= FINISH: 23:00:31.25 ===============

thanks
Simon

 

[thelight]

Just an extra bit of info. If I insert a usb drive into the computer the virus copies an autorun.inf file onto it.

AVG on a seperate computer automatically quarantines this as Worm/Generic_c.ZS

 

[flavallee]

That computer appears to be a HP brand.

What is its model name and model number?

What is its product number on the sticker?

----------------------------------------------------------------

That computer has obviously been neglected.

Windows XP SP2 hasn't been upgraded to SP3 - which was released over 3 years ago.

There doesn't appear to be a full-time antivirus program installed.

There doesn't appear to be any programs installed for combating malware, spyware, rogues, hijackers, etc..

Java 1.5.0.05 is extremely outdated. The current version is 1.6.0.29.

----------------------------------------------------------------

In order to get a better idea of what's currently installed in that computer, do the following:

Start HiJackThis, but don't run a scan.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

----------------------------------------------------------------

I'm not trained or qualified on DDS logs, so a qualified gold/blue shield member is going to need to assist you with it.

----------------------------------------------------------------

 

[thelight]

Yes, it is a HP Pavilion. The sticker on the case has rubbed off but the Hp Pavilion Support Information program gives:

Model # t3345.uk
Product # EP062AA-ABU

I understand that the software on the computer is extremely out of date. It doesn't look like the software has ever been updated, with auto-update being disabled on most systems. There was previously a non functioning version of Norton AV on the system. I will sort all this out before the PC is returned but I can't do it before the virus/trojan problem is sorted.

Hijacthis Uninstall Log:

Adobe Flash Player 11 ActiveX
Adobe Reader 7.0
Agere Systems PCI-SV92PP Soft Modem
Customer Experience Enhancement
Easy Internet Sign-up
Epson Easy Photo Print 2
EPSON Scan
Epson Stylus SX210_SX410_TX210_TX410 Manual
EPSON SX410 Series Printer Uninstall
EPSON Web-To-Page
High Definition Audio Driver Package - KB888111
HP Deskjet Printer Preload
HP Document Viewer 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
Internet Services
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Office XP Media Content
Microsoft Office XP Small Business
NVIDIA Drivers
RealPlayer
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SpeedTouch USB Software
TalkTalk Assist & Go
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066

thanks

 

[flavallee]

Here is the support site for the HP Pavilion t3345.uk desktop.

According to its product specifications section, it was introduced in January 2006 in the United Kingdom.

It came with Windows XP Home Edition SP2 pre-installed.

It also came with a 60-day trial version of Norton 2005.

It needs a number of programs and add-ons installed and updated, but all that can wait for now.

---------------------------------------------------

Do the following in the order that I've listed them.

It's going to take you awhile, so be patient and don't get in a hurry.

---------------------------------------------------

Click Start - Run, then type in

%temp%

and then click OK.

Click Start - Run, then type in

c:\windows\temp

and then click OK.

Once those 2 temp folders appear and you can view their contents, select and delete EVERYTHING that's inside them.

If a few files resist being deleted, that's normal behavior. Leave them alone and delete EVERYTHING else.

After you're done, restart the computer.

---------------------------------------------------

Download and save:

Avira AntiVir Personal 12.0.0.861

Malwarebytes Anti-Malware Free 1.51.2.1300

SUPERAntiSpyware Free 5.0.0.1134

After they've been downloaded and saved, close all open windows first, then install them.

Restart your computer after installing each one.

DON'T run any scans yet.

(Note: I was going to have you install Microsoft Security Essentials 2.1.116.0 instead of Avira, but it requires the SP3 upgrade. Avira gets a good rating anyway.)

---------------------------------------------------

Download and save:

Norton Removal Tool 2012.0.0.19

After it's been downloaded and saved, close all open windows first, then run it.

Allow it to remove everything that's associated with Symantec, Norton, and LiveUpdate.

After the removal process is complete, restart the computer.

---------------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Updates(tab) - Check for Updates".

When the definition files have updated, click "OK".

Click "Scanner(tab) - Perform quick scan - Scan".

If infections or problems are found during the scan, the number of them will be highlighted in red.

When the scan is finished, click "Show Results".

Make sure that EVERYTHING is selected, then click "Remove Selected".

If you're prompted to restart to finish the removal process, click "Yes".

Start Malwarebytes Anti-Malware again.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

---------------------------------------------------

Start SUPERAntiSpyware.

Click "Check for Updates".

When the definition files have updated, click "Close".

Select the "Quick Scan" option, then click "Scan your Computer".

If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

When the scan is finished and the scan summary window appears, click "Continue".

Make sure that EVERYTHING in the list is selected, then click "Remove Threats".

Click "OK - Finish".

If you're prompted to restart to finish the removal process, do so.

Start SUPERAntiSpyware again.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

---------------------------------------------------

 

[thelight]

Avira AntiVir Personal 12.0.0.861 also requires SP3, should I just miss it and anything else that doesnt work with SP3 out?

 

[flavallee]

Avira AntiVir Personal 12.0.0.861 also requires SP3, should I just miss it and anything else that doesnt work with SP3 out?

I thought it would install with SP2.

That's one problem with not having SP3 installed - some programs and drivers won't install or update.

Skip it for now and complete all the other instructions.

--------------------------------------------------------

 

[thelight]

Malwarebytes Log:
==============

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8084

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

04/11/2011 19:59:42
mbam-log-2011-11-04 (19-59-42).txt

Scan type: Quick scan
Objects scanned: 192149
Time elapsed: 8 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\j2res.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\uwfaqwb.dll (Worm.Conficker) -> Delete on reboot.
c:\documents and settings\HP_Owner\favorites\antivirus scan.url (Rogue.Link) -> Quarantined and deleted successfully.

Superantispyware Log:
=================

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/04/2011 at 08:15 PM

Application Version : 5.0.1134

Core Rules Database Version : 7900
Trace Rules Database Version: 5712

Scan type : Quick Scan
Total Scan Time : 00:08:40

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 398
Memory threats detected : 0
Registry items scanned : 31002
Registry threats detected : 0
File items scanned : 13085
File threats detected : 71

Adware.Tracking Cookie
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /ad.yieldmanager ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /adbrite ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /ads.bleepingcomputer ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /adserver.adtechus ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /adserving ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /adtech ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /advertising ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /anrtx.tacoda ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /apmebf ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][3].txt [ /apmebf ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /ar.atwola ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /at.atwola ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /atdmt ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /avanquest.upclick ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /avgtechnologies.112.2o7 ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /avgtechnologies.112.2o7 ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /bs.serving-sys ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /doubleclick ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /eas.apm.emediate ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /fastclick ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /home.mywebsearch ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /in.getclicky ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /invitemedia ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /kontera ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /legolas-media ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /media6degrees ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /mediaplex ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /microsoftwindows.112.2o7 ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /mm.chitika ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /mywebsearch ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /onlineadtracker.co ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /overture ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /pro-market ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /questionmarket ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /revsci ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /serving-sys ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /snapfish.112.2o7 ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /snapfish.112.2o7 ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /specificclick ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /statcounter ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /statsadv.dadapro ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /statse.webtrendslive ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /tacoda.at.atwola ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /tracking.dsmmadvantage ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /tradedoubler ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /trinitymirror.112.2o7 ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /uk.at.atwola ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /upclick ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /www.burstnet ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /yieldmanager ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /imrworldwide.com ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /www.googleadservices.com ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /www.googleadservices.com ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /www.googleadservices.com ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /www.googleadservices.com ]
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /www.googleadservices.com ]
C:\DOCUMENTS AND SETTINGS\HP_OWNER.YOUR-447023AE6B\Cookies\Y4W6H00B.txt [ Cookie:[email protected]/adserving ]
C:\DOCUMENTS AND SETTINGS\HP_OWNER.YOUR-447023AE6B\Cookies\8DSFZOJ4.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\HP_OWNER.YOUR-447023AE6B\Cookies\9EQIIKML.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\HP_OWNER.YOUR-447023AE6B\Cookies\DXDSHXY2.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\HP_OWNER.YOUR-447023AE6B\Cookies\J2F9E861.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\HP_OWNER.YOUR-447023AE6B\Cookies\C5PQPQNJ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\HP_OWNER.YOUR-447023AE6B\Cookies\PPY5T21R.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\HP_OWNER.YOUR-447023AE6B\Cookies\SHQH1B2G.txt [ Cookie:[email protected]/ ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WE31IPSS.DEFAULT\COOKIES.SQLITE ]
.avgtechnologies.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WE31IPSS.DEFAULT\COOKIES.SQLITE ]
.microsoftwindows.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WE31IPSS.DEFAULT\COOKIES.SQLITE ]
.snapfish.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WE31IPSS.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WE31IPSS.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WE31IPSS.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WE31IPSS.DEFAULT\COOKIES.SQLITE ]

-

I can confirm that I can now visit Microsoft and other websites

thanks

 

[flavallee]

I can confirm that I can now visit Microsoft and other websites

thanks

Great!

Did you delete the buildup of temp files and run the Norton removal tool?

If you have, read the previous instructions in post #3 for submitting an uninstall_list.txt.log so you can submit a new updated one.

I'm going to read the previous one and get a head start.

Does your friend use Internet Explorer or Firefox or Chrome or some other browser?

--------------------------------------------------------

 

[thelight]

Yep, Both temp directories emptied and the Norton Removal Tool run.

Hijackthis log:

Adobe Flash Player 11 ActiveX
Adobe Reader 7.0
Agere Systems PCI-SV92PP Soft Modem
Customer Experience Enhancement
Easy Internet Sign-up
Epson Easy Photo Print 2
EPSON Scan
Epson Stylus SX210_SX410_TX210_TX410 Manual
EPSON SX410 Series Printer Uninstall
EPSON Web-To-Page
High Definition Audio Driver Package - KB888111
HP Deskjet Printer Preload
HP Document Viewer 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
Internet Services
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 5
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Office XP Media Content
Microsoft Office XP Small Business
NVIDIA Drivers
RealPlayer
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SpeedTouch USB Software
SUPERAntiSpyware
TalkTalk Assist & Go
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066

--

I can also confirm that an infected file is no longer copied to any removable media inserted into the computer.

-

From what I can see he just uses internet explorer.

thanks

 

[flavallee]

Go to Control Panel - Add Or Remove Programs.

Make sure that "Show Updates" is NOT checked.

Make sure that "Sort By - Name" is selected.

Doing this will reduce a lot of clutter in the list and will sort the names alphabetically.

After that's done, do the following in the order that I've listed them.

-------------------------------------------------

Download and save:

Adobe Reader 10.1.1

(This is a necessary add-on for opening and viewing on-line documents and manuals that are in PDF format)

Java Runtime Environment 1.6.0.29(6 Update 29)

(This is a necessary add-on for viewing content in websites)

Microsoft Silverlight 4.0.60831.0

(This is a necessary add-on for viewing content in websites)

-------------------------------------------------

Uninstall:

Adobe Reader 7.0

Customer Experience Enhancement

Easy Internet Sign-up

HP Software Update

Internet Services

InterVideo WinDVD (unless it's actually needed and being used)

J2SE Runtime Environment 5.0 Update 5

RealPlayer (unless it's actually needed and being used)

After you're done, restart the computer.

-------------------------------------------------

Install the 3 saved add-ons.

If they offer any extras, such as toolbars/homepages, decline to install them.

After you're done, restart the computer.

-------------------------------------------------

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then submit it here.

-------------------------------------------------

 

[flavallee]

That HP computer has an AMD processor.

When the SP3 upgrade was released over 3 years ago, it was discovered that HP computers with an AMD processor had a serious side effect after installing the SP3 upgrade and restarting - the computer went into a continuous restart loop.

An AMD patch was developed to be installed before installing the SP3 upgrade to prevent this serious side effect, but it didn't always work.

Because of this, I'm hesitant to encourage you to install the SP3 upgrade.

You can read about it here.

If you choose to take the plunge, the link is there to download and install the AMD patch.

--------------------------------------------------------

 

[thelight]

Here we go:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:24:19, on 04/11/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
K:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20111043,16748,0,4,0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{71076F71-A3EF-4F6D-B00F-400D63FC33AF}: NameServer = 194.168.8.100,194.168.4.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{71076F71-A3EF-4F6D-B00F-400D63FC33AF}: NameServer = 194.168.8.100,194.168.4.100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

--
End of file - 6462 bytes

thanks

 

[flavallee]

We're moving right along.

Let's get the startup load trimmed down next.

Go to Start - Run - MSCONFIG - OK - "Startup" tab.

Write down the names in the "Startup Item" that have a checkmark.

If the column isn't wide enough to see the entire name of any of them, widen it.

Submit those names here in a vertical list, and spell them exactly as you see them there.

--------------------------------------------------------

What external devices does your friend have connected to and use with that desktop?

---------------------------------------------------------

 

[thelight]

hpsysdrv
NvCpl
nwiz
ALCXMNTR
hphupd08
KBD
RECGUARD
HPwuSchd2
Dragdiag
dumprep 0 -k
AdobeARM
jusched
ctfmon
SUPERAntiSpyware
HP Digital Imaging Monitor
Microsoft Office

Sorry, apart from a USB key I have no idea what kind of printer he uses or anything like that.