Malware on my friends comp

Either tomorrow or the day after i am going to have a look at my friends comp. I am certain it has some malware on it. He tells me, that whenever he tries to run Adaware or CounterSpy, it crashes(no BSOD) and restarts. The same happens when he tries to defrag.

He is not connected to the internet at the moment, so i was wondering what the best thing(s) to do were. For example, is it going to be necessary to update his spyware if the malware attached before the software was out of date.

He has Norton AV and firewall, i might suggest that i remove that for him, and replace it with AVG and ZA (free).

Any tips or advice would be greatly appreciated. I will of course follow the standard malware removal instructions. I will keep a close eye on this thread so i can provide more info if necessary.

TIA

 

Great. That is more or less what i thought. Better to be sure.

He did tell me that he ran CCleaner and as he is not that clued up on these matters i have a feeling he has deleted some important files.

I will follow the READ & RUN ME to the letter as much as is possible.

Many thanks.

 

AAAH I've just realised my friends comp has 4 or 5 user accounts for his whole family.

This is gonna be fun ???

 

Unfortunately, despite all my efforts, i left one or two files off the disc i took to my friends comp. So all I have to present to day is, GetRunKey & ShowNew report files. Within the next 5-7 days i 'll go round with all the right software, and get the reports you want.

I was not able to boot to safe mode, some system files have been deleted, don't know which. "sfc /scannow" got 1/3 rd of the way through and requested many files from boot disk, so although the comp has XP Home serial number on the side, the owner doesn't have original disc. Equals missing files not replaced and scan did not indicate what files needed replacing.

However, i replaced the CMOS battery, hoovered the dust out of the inside and fan vents. Ran Adaware, Spybot and System Mechanic 6.

It has stopped restarting, and appears to be significantly improved.

So even though, in my haste i forgot to take HJT round and a couple of other files, these are the two info files i have for you.

View attachment runkeys111.txt

View attachment newfiles111.txt

Can supply more info.

 

Have i uploaded the files wrong?

Should also mention that his comp would not boot into safe mode.

 

Ok.
I uninstalled bearshare for him, i think it was on selective start up because i turned some unneccessary applications off and forgot to leave msconfig on normal. Removing those files and completing(i didn't finish the sfc scan because it was taking a long time and malware removal seemed more important) the sfc scan shouldn't be a problem at all.

Many thanks. Hopefully i won't have to post in this thread again.