1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can't access Microsoft and security websites

Discussion in 'Virus & Other Malware Removal' started by thelight, Nov 3, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. thelight

    thelight Thread Starter

    Joined:
    Aug 20, 2007
    Messages:
    14
    I have been given a machine to fix by a friend. It was initially popping up with Registry Helper poppups but on further inspection the main problem is that a lot of websites appear to be being blocked by some kind of trojan/virus. Specifically Microsoft sites and online virus scanning websites.

    TSG Sysinfo Log:

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Home Edition, Service Pack 2, 32 bit
    Processor: AMD Athlon(tm) 64 Processor 3700+, x86 Family 15 Model 39 Stepping 1
    Processor Count: 1
    RAM: 1022 Mb
    Graphics Card: NVIDIA GeForce 6200SE TurboCache(TM), 256 Mb
    Hard Drives: C: Total - 280015 MB, Free - 265241 MB; D: Total - 6129 MB, Free - 2546 MB;
    Motherboard: MSI, AMETHYST-M
    Antivirus: None

    Hijackthis Log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 22:54:32, on 03/11/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\TalkTalk\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\HP\KBD\KBD.EXE
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    K:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20111043,16748,0,4,0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{71076F71-A3EF-4F6D-B00F-400D63FC33AF}: NameServer = 194.168.8.100,194.168.4.100
    O17 - HKLM\System\CS1\Services\Tcpip\..\{71076F71-A3EF-4F6D-B00F-400D63FC33AF}: NameServer = 194.168.8.100,194.168.4.100
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
    O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

    --
    End of file - 5641 bytes

    DDS Log:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2900.2180
    Run by HP_Owner at 22:59:55 on 2011-11-03
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1022.741 [GMT 0:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\TalkTalk\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\HP\KBD\KBD.EXE
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\ctfmon.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://uk.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20111043,16748,0,4,0
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_05\bin\jusched.exe
    mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    mRun: [AlcxMonitor] ALCXMNTR.EXE
    mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
    mRun: [KBD] c:\hp\kbd\KBD.EXE
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
    mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
    TCP: Interfaces\{71076F71-A3EF-4F6D-B00F-400D63FC33AF} : NameServer = 194.168.8.100,194.168.4.100
    TCP: Interfaces\{7A545EDF-3EBE-41C5-B268-01AB4F12860F} : DhcpNameServer = 15.243.128.51 15.243.160.51
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
    R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
    S2 rhytnvzuk;Support Boot;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
    .
    =============== Created Last 30 ================
    .
    2011-11-03 22:31:10 98816 ----a-w- c:\windows\sed.exe
    2011-11-03 22:31:10 518144 ----a-w- c:\windows\SWREG.exe
    2011-11-03 22:31:10 256000 ----a-w- c:\windows\PEV.exe
    2011-11-03 22:31:10 208896 ----a-w- c:\windows\MBR.exe
    2011-11-03 22:31:05 -------- d-----w- C:\ComboFix
    2011-11-03 21:44:34 -------- d-----w- c:\windows\system32\LogFiles
    2011-11-03 21:43:15 161728 ----a-w- c:\program files\j2res.dll
    2011-10-18 19:07:10 -------- d-----w- c:\program files\Free Offers from Freeze.com
    2011-10-18 16:04:02 86528 ----a-w- c:\windows\system32\E_FLBFCE.DLL
    2011-10-18 16:04:02 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
    2011-10-18 16:04:02 78848 ----a-w- c:\windows\system32\E_FD4BFCE.DLL
    2011-10-18 16:03:54 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2011-10-18 16:03:54 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
    2011-10-18 16:01:26 80024 ----a-w- c:\windows\system32\PICSDK.dll
    2011-10-18 16:01:26 71840 ----a-w- c:\windows\system32\EPPicMgr.dll
    2011-10-18 16:01:26 501912 ----a-w- c:\windows\system32\PICSDK2.dll
    2011-10-18 16:01:26 120992 ----a-w- c:\windows\system32\EpPicPrt.dll
    2011-10-18 16:01:26 108704 ----a-w- c:\windows\system32\PICEntry.dll
    2011-10-18 16:00:58 342016 ----a-w- c:\windows\system32\eswiaud.dll
    2011-10-17 12:52:52 917504 ----a-w- c:\windows\system32\FLASH.OCX
    2011-10-17 12:27:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-17 11:56:39 70688 ----a-w- c:\windows\system32\drivers\alcaudsl.sys
    2011-10-17 11:56:39 5606 ----a-w- c:\windows\system32\stci.dll
    2011-10-17 11:56:39 5280 ----a-w- c:\windows\system32\drivers\alcawh.sys
    2011-10-17 11:56:39 3968 ----a-w- c:\windows\system32\drivers\alcacr.sys
    2011-10-17 11:56:38 53600 ----a-w- c:\windows\system32\drivers\alcan5wn.sys
    2011-10-16 15:34:30 -------- d-sha-r- C:\cmdcons
    2011-10-16 15:20:12 -------- d-----w- c:\documents and settings\hp_owner\application data\HPQ
    2011-10-16 15:11:43 221184 ----a-w- c:\windows\system32\wmpns.dll
    2011-10-16 15:05:03 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 23:00:31.25 ===============

    thanks
    Simon
     

    Attached Files:

  2. thelight

    thelight Thread Starter

    Joined:
    Aug 20, 2007
    Messages:
    14
    Just an extra bit of info. If I insert a usb drive into the computer the virus copies an autorun.inf file onto it.

    AVG on a seperate computer automatically quarantines this as Worm/Generic_c.ZS
     
  3. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,900
    First Name:
    Frank
    That computer appears to be a HP brand.

    What is its model name and model number?

    What is its product number on the sticker?

    ----------------------------------------------------------------

    That computer has obviously been neglected.

    Windows XP SP2 hasn't been upgraded to SP3 - which was released over 3 years ago.

    There doesn't appear to be a full-time antivirus program installed.

    There doesn't appear to be any programs installed for combating malware, spyware, rogues, hijackers, etc..

    Java 1.5.0.05 is extremely outdated. The current version is 1.6.0.29.

    ----------------------------------------------------------------

    In order to get a better idea of what's currently installed in that computer, do the following:

    Start HiJackThis, but don't run a scan.

    Click on the "Open The Misc Tools Section" button.

    Click on the "Open Uninstall Manager" button.

    Click on the "Save List" button.

    Save the "uninstall_list.txt" file somewhere.

    It'll then open in Notepad.

    Return here to your thread, then copy-and-paste the entire file here.

    ----------------------------------------------------------------

    I'm not trained or qualified on DDS logs, so a qualified gold/blue shield member is going to need to assist you with it.

    ----------------------------------------------------------------
     
  4. thelight

    thelight Thread Starter

    Joined:
    Aug 20, 2007
    Messages:
    14
    Yes, it is a HP Pavilion. The sticker on the case has rubbed off but the Hp Pavilion Support Information program gives:

    Model # t3345.uk
    Product # EP062AA-ABU

    I understand that the software on the computer is extremely out of date. It doesn't look like the software has ever been updated, with auto-update being disabled on most systems. There was previously a non functioning version of Norton AV on the system. I will sort all this out before the PC is returned but I can't do it before the virus/trojan problem is sorted.

    Hijacthis Uninstall Log:

    Adobe Flash Player 11 ActiveX
    Adobe Reader 7.0
    Agere Systems PCI-SV92PP Soft Modem
    Customer Experience Enhancement
    Easy Internet Sign-up
    Epson Easy Photo Print 2
    EPSON Scan
    Epson Stylus SX210_SX410_TX210_TX410 Manual
    EPSON SX410 Series Printer Uninstall
    EPSON Web-To-Page
    High Definition Audio Driver Package - KB888111
    HP Deskjet Printer Preload
    HP Document Viewer 5.3
    HP Image Zone 5.3
    HP Imaging Device Functions 5.3
    HP Multimedia Keyboard Software
    HP Photosmart 330,380,420,470,7800,8000,8200 Series
    HP Photosmart Cameras 5.0
    HP PSC & OfficeJet 5.3.A
    HP PSC & OfficeJet 5.3.B
    HP Software Update
    HP Solution Center & Imaging Support Tools 5.3
    Internet Services
    InterVideo WinDVD Player
    J2SE Runtime Environment 5.0 Update 5
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft Office XP Media Content
    Microsoft Office XP Small Business
    NVIDIA Drivers
    RealPlayer
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    SpeedTouch USB Software
    TalkTalk Assist & Go
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB883667
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888239
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB892050
    Windows XP Hotfix - KB893066

    thanks
     
  5. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,900
    First Name:
    Frank
    Here is the support site for the HP Pavilion t3345.uk desktop.

    According to its product specifications section, it was introduced in January 2006 in the United Kingdom.

    It came with Windows XP Home Edition SP2 pre-installed.

    It also came with a 60-day trial version of Norton 2005.

    It needs a number of programs and add-ons installed and updated, but all that can wait for now.

    ---------------------------------------------------

    Do the following in the order that I've listed them.

    It's going to take you awhile, so be patient and don't get in a hurry.

    ---------------------------------------------------

    Click Start - Run, then type in

    %temp%

    and then click OK.

    Click Start - Run, then type in

    c:\windows\temp

    and then click OK.

    Once those 2 temp folders appear and you can view their contents, select and delete EVERYTHING that's inside them.

    If a few files resist being deleted, that's normal behavior. Leave them alone and delete EVERYTHING else.

    After you're done, restart the computer.

    ---------------------------------------------------

    Download and save:

    Avira AntiVir Personal 12.0.0.861

    Malwarebytes Anti-Malware Free 1.51.2.1300

    SUPERAntiSpyware Free 5.0.0.1134

    After they've been downloaded and saved, close all open windows first, then install them.

    Restart your computer after installing each one.

    DON'T run any scans yet.

    (Note: I was going to have you install Microsoft Security Essentials 2.1.116.0 instead of Avira, but it requires the SP3 upgrade. Avira gets a good rating anyway.)

    ---------------------------------------------------

    Download and save:

    Norton Removal Tool 2012.0.0.19

    After it's been downloaded and saved, close all open windows first, then run it.

    Allow it to remove everything that's associated with Symantec, Norton, and LiveUpdate.

    After the removal process is complete, restart the computer.

    ---------------------------------------------------

    Start Malwarebytes Anti-Malware.

    Click "Updates(tab) - Check for Updates".

    When the definition files have updated, click "OK".

    Click "Scanner(tab) - Perform quick scan - Scan".

    If infections or problems are found during the scan, the number of them will be highlighted in red.

    When the scan is finished, click "Show Results".

    Make sure that EVERYTHING is selected, then click "Remove Selected".

    If you're prompted to restart to finish the removal process, click "Yes".

    Start Malwarebytes Anti-Malware again.

    Click "Logs"(tab).

    Highlight the scan log entry, then click "Open".

    When the scan log appears in Notepad, copy-and-paste it here.

    ---------------------------------------------------

    Start SUPERAntiSpyware.

    Click "Check for Updates".

    When the definition files have updated, click "Close".

    Select the "Quick Scan" option, then click "Scan your Computer".

    If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

    When the scan is finished and the scan summary window appears, click "Continue".

    Make sure that EVERYTHING in the list is selected, then click "Remove Threats".

    Click "OK - Finish".

    If you're prompted to restart to finish the removal process, do so.

    Start SUPERAntiSpyware again.

    Click "View Scan Logs".

    Highlight the scan log entry, then click "View Selected Log".

    When the scan log appears in Notepad, copy-and-paste it here.

    ---------------------------------------------------
     
  6. thelight

    thelight Thread Starter

    Joined:
    Aug 20, 2007
    Messages:
    14
    Avira AntiVir Personal 12.0.0.861 also requires SP3, should I just miss it and anything else that doesnt work with SP3 out?
     
  7. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,900
    First Name:
    Frank
    I thought it would install with SP2.

    That's one problem with not having SP3 installed - some programs and drivers won't install or update.

    Skip it for now and complete all the other instructions.

    --------------------------------------------------------
     
  8. thelight

    thelight Thread Starter

    Joined:
    Aug 20, 2007
    Messages:
    14
    Malwarebytes Log:
    ==============

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8084

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    04/11/2011 19:59:42
    mbam-log-2011-11-04 (19-59-42).txt

    Scan type: Quick scan
    Objects scanned: 192149
    Time elapsed: 8 minute(s), 37 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\program files\j2res.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\uwfaqwb.dll (Worm.Conficker) -> Delete on reboot.
    c:\documents and settings\HP_Owner\favorites\antivirus scan.url (Rogue.Link) -> Quarantined and deleted successfully.

    Superantispyware Log:
    =================

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/04/2011 at 08:15 PM

    Application Version : 5.0.1134

    Core Rules Database Version : 7900
    Trace Rules Database Version: 5712

    Scan type : Quick Scan
    Total Scan Time : 00:08:40

    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 2 (Build 5.01.2600)
    Administrator

    Memory items scanned : 398
    Memory threats detected : 0
    Registry items scanned : 31002
    Registry threats detected : 0
    File items scanned : 13085
    File threats detected : 71

    Adware.Tracking Cookie
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /ad.yieldmanager ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /adbrite ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /ads.bleepingcomputer ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /adserver.adtechus ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /adserving ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /adtech ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /advertising ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /anrtx.tacoda ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /apmebf ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][3].txt [ /apmebf ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /ar.atwola ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /at.atwola ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /atdmt ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /avanquest.upclick ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /avgtechnologies.112.2o7 ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /avgtechnologies.112.2o7 ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /bs.serving-sys ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /doubleclick ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /eas.apm.emediate ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /fastclick ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /home.mywebsearch ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /in.getclicky ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /invitemedia ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /kontera ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /legolas-media ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /media6degrees ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /mediaplex ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /microsoftwindows.112.2o7 ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /mm.chitika ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /mywebsearch ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /onlineadtracker.co ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /overture ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /pro-market ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /questionmarket ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /revsci ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /serving-sys ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /snapfish.112.2o7 ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /snapfish.112.2o7 ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /specificclick ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /statcounter ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /statsadv.dadapro ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /statse.webtrendslive ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /tacoda.at.atwola ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /tracking.dsmmadvantage ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /tradedoubler ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /trinitymirror.112.2o7 ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /uk.at.atwola ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /upclick ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /www.burstnet ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /yieldmanager ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /imrworldwide.com ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /www.googleadservices.com ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /www.googleadservices.com ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /www.googleadservices.com ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt [ /www.googleadservices.com ]
    C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt [ /www.googleadservices.com ]
    C:\DOCUMENTS AND SETTINGS\HP_OWNER.YOUR-447023AE6B\Cookies\Y4W6H00B.txt [ Cookie:[email protected]/adserving ]
    C:\DOCUMENTS AND SETTINGS\HP_OWNER.YOUR-447023AE6B\Cookies\8DSFZOJ4.txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\HP_OWNER.YOUR-447023AE6B\Cookies\9EQIIKML.txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\HP_OWNER.YOUR-447023AE6B\Cookies\DXDSHXY2.txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\HP_OWNER.YOUR-447023AE6B\Cookies\J2F9E861.txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\HP_OWNER.YOUR-447023AE6B\Cookies\C5PQPQNJ.txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\HP_OWNER.YOUR-447023AE6B\Cookies\PPY5T21R.txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\HP_OWNER.YOUR-447023AE6B\Cookies\SHQH1B2G.txt [ Cookie:[email protected]/ ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WE31IPSS.DEFAULT\COOKIES.SQLITE ]
    .avgtechnologies.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WE31IPSS.DEFAULT\COOKIES.SQLITE ]
    .microsoftwindows.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WE31IPSS.DEFAULT\COOKIES.SQLITE ]
    .snapfish.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WE31IPSS.DEFAULT\COOKIES.SQLITE ]
    .kontera.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WE31IPSS.DEFAULT\COOKIES.SQLITE ]
    .kontera.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WE31IPSS.DEFAULT\COOKIES.SQLITE ]
    .atwola.com [ C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WE31IPSS.DEFAULT\COOKIES.SQLITE ]

    -

    I can confirm that I can now visit Microsoft and other websites

    thanks
     
  9. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,900
    First Name:
    Frank
    Great! :) (y)

    Did you delete the buildup of temp files and run the Norton removal tool?

    If you have, read the previous instructions in post #3 for submitting an uninstall_list.txt.log so you can submit a new updated one.

    I'm going to read the previous one and get a head start.

    Does your friend use Internet Explorer or Firefox or Chrome or some other browser?

    --------------------------------------------------------
     
  10. thelight

    thelight Thread Starter

    Joined:
    Aug 20, 2007
    Messages:
    14
    Yep, Both temp directories emptied and the Norton Removal Tool run.

    Hijackthis log:

    Adobe Flash Player 11 ActiveX
    Adobe Reader 7.0
    Agere Systems PCI-SV92PP Soft Modem
    Customer Experience Enhancement
    Easy Internet Sign-up
    Epson Easy Photo Print 2
    EPSON Scan
    Epson Stylus SX210_SX410_TX210_TX410 Manual
    EPSON SX410 Series Printer Uninstall
    EPSON Web-To-Page
    High Definition Audio Driver Package - KB888111
    HP Deskjet Printer Preload
    HP Document Viewer 5.3
    HP Image Zone 5.3
    HP Imaging Device Functions 5.3
    HP Multimedia Keyboard Software
    HP Photosmart 330,380,420,470,7800,8000,8200 Series
    HP Photosmart Cameras 5.0
    HP PSC & OfficeJet 5.3.A
    HP PSC & OfficeJet 5.3.B
    HP Software Update
    HP Solution Center & Imaging Support Tools 5.3
    Internet Services
    InterVideo WinDVD Player
    J2SE Runtime Environment 5.0 Update 5
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft Office XP Media Content
    Microsoft Office XP Small Business
    NVIDIA Drivers
    RealPlayer
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    SpeedTouch USB Software
    SUPERAntiSpyware
    TalkTalk Assist & Go
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB883667
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888239
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB892050
    Windows XP Hotfix - KB893066

    --

    I can also confirm that an infected file is no longer copied to any removable media inserted into the computer.

    -

    From what I can see he just uses internet explorer.

    thanks
     
  11. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,900
    First Name:
    Frank
    Go to Control Panel - Add Or Remove Programs.

    Make sure that "Show Updates" is NOT checked.

    Make sure that "Sort By - Name" is selected.

    Doing this will reduce a lot of clutter in the list and will sort the names alphabetically.

    After that's done, do the following in the order that I've listed them.

    -------------------------------------------------

    Download and save:

    Adobe Reader 10.1.1

    (This is a necessary add-on for opening and viewing on-line documents and manuals that are in PDF format)

    Java Runtime Environment 1.6.0.29(6 Update 29)

    (This is a necessary add-on for viewing content in websites)

    Microsoft Silverlight 4.0.60831.0

    (This is a necessary add-on for viewing content in websites)

    -------------------------------------------------

    Uninstall:

    Adobe Reader 7.0

    Customer Experience Enhancement

    Easy Internet Sign-up

    HP Software Update

    Internet Services

    InterVideo WinDVD
    (unless it's actually needed and being used)

    J2SE Runtime Environment 5.0 Update 5

    RealPlayer
    (unless it's actually needed and being used)

    After you're done, restart the computer.

    -------------------------------------------------

    Install the 3 saved add-ons.

    If they offer any extras, such as toolbars/homepages, decline to install them.

    After you're done, restart the computer.

    -------------------------------------------------

    Start HiJackThis, then click "Do a system scan and save a log file".

    Save the new log that appears, then submit it here.

    -------------------------------------------------
     
  12. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,900
    First Name:
    Frank
    That HP computer has an AMD processor.

    When the SP3 upgrade was released over 3 years ago, it was discovered that HP computers with an AMD processor had a serious side effect after installing the SP3 upgrade and restarting - the computer went into a continuous restart loop.

    An AMD patch was developed to be installed before installing the SP3 upgrade to prevent this serious side effect, but it didn't always work.

    Because of this, I'm hesitant to encourage you to install the SP3 upgrade.

    You can read about it here.

    If you choose to take the plunge, the link is there to download and install the AMD patch.

    --------------------------------------------------------
     
  13. thelight

    thelight Thread Starter

    Joined:
    Aug 20, 2007
    Messages:
    14
    Here we go:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:24:19, on 04/11/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\TalkTalk\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\svchost.exe
    K:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20111043,16748,0,4,0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{71076F71-A3EF-4F6D-B00F-400D63FC33AF}: NameServer = 194.168.8.100,194.168.4.100
    O17 - HKLM\System\CS1\Services\Tcpip\..\{71076F71-A3EF-4F6D-B00F-400D63FC33AF}: NameServer = 194.168.8.100,194.168.4.100
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
    O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

    --
    End of file - 6462 bytes

    thanks
     
  14. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,900
    First Name:
    Frank
    We're moving right along. (y)

    Let's get the startup load trimmed down next.

    Go to Start - Run - MSCONFIG - OK - "Startup" tab.

    Write down the names in the "Startup Item" that have a checkmark.

    If the column isn't wide enough to see the entire name of any of them, widen it.

    Submit those names here in a vertical list, and spell them exactly as you see them there.

    --------------------------------------------------------

    What external devices does your friend have connected to and use with that desktop?

    ---------------------------------------------------------
     
  15. thelight

    thelight Thread Starter

    Joined:
    Aug 20, 2007
    Messages:
    14
    hpsysdrv
    NvCpl
    nwiz
    ALCXMNTR
    hphupd08
    KBD
    RECGUARD
    HPwuSchd2
    Dragdiag
    dumprep 0 -k
    AdobeARM
    jusched
    ctfmon
    SUPERAntiSpyware
    HP Digital Imaging Monitor
    Microsoft Office

    Sorry, apart from a USB key I have no idea what kind of printer he uses or anything like that.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1025338

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice