Laptop extremely slow

Hi guys, hope you are well.
My sons laptop is running extremely slow, particularly on start up. Also, kaspersky is detecting a keylogger, however, I am unable to remove it for some reason. HJT log below:-

Logfile of HijackThis v1.99.1
Scan saved at 10:30:27, on 08/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe "
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm594YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jemmaconners.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139423841203
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://online.eversheds.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4825/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: iexplorer - iexplorer.dll (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

Good morning TOG

First how about posting the status of this post:
http://www.windowsbbs.com/showthread.php?t=60810

Please always let us know something.

In that post did you do the cleaners I recommended?

If not at least do this one after downloading, in safe mode.
Xclean_Micro http://www.xblock.com/download/xclean_micro.exe

Then give us the name of the keylogger kaspersky is detecting

Get rid of this entry
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCxdm594YYGB

Then browse to C:\Program Files and find a folder that says Mywebsearch and delete it if it exists.

If it does exist and will not delete then boot to safe mode and do it.

Mike

 

Thanks for the reply, mflynn. Ran all of the cleaners etc & everything was looking good, until now. Ran the windows disk clean up utility & immediately after it finished I had a BSOD. Details are Stop: 0x0000007E (0xc0000005,0xf44fa0cc,0xf797e11c,0xf797de18)
usbkbd.sys (again!) - address f44fa0cc base at f44ef000, datestamp 435f6140

Searched my laptop & found usbkbd.mdm in C:\dell\drivers\R100688. This is strange, when this BSOD was coming up before I was told to search for usbkbd but nothing was found?

 

Hi TOG

First I assume you are now begining my process on the other thread NCASE.

If so then XClean_micro was the first item to run. Can you tell me if it found anything or much?

We will get back to the usbkbd.sys (unless it keeps causing problems) after we finish the cleanups.

So leave Dclean for now and continue the steps from that thread and then continue on this one.

Including the O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCxdm594YYGB

Delete the above in HJT.

Then post new HJT log.

Mike

 

ok, ran the cleaners. Can't recall what Xclean found the first time i ran it, didn't find anything this time.
hjt log below:-

Logfile of HijackThis v1.99.1
Scan saved at 21:21:53, on 18/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jemmaconners.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139423841203
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://online.eversheds.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4825/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

Hello TOG

This looks clean of malware but I see what could be issues.

It looks like you have (or have had) Norton, Mcafee and AVG.

Not recomemended to have multiple Memory resident/online Virus scanners. They can bump heads so to speak.

If you have some kind of Suite that includes a firewall I see you have the Sunbelt Kerio firewall also you may have 2 or 3 firewalls also, not kosher.

Since I can't tell for sure tell us about this.

Do the below to help

Ok lets take a look at your add/remove also.

Here we will use CCleaner to get add/remove list

run CCleaner

Click tools

bottom right click
Save to text file

At filename (top line) add c:\ to the beginning end up with c:\install.txt
exit CClean

Browse to c:\ and dbl click install.txt copy and paste back to us.

Do the same for startup. add c:\

Paste it also.

Mike

 

don't understand how to extract start up. install.txt below:-

Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Reader 6.0.1
Adobe Shockwave Player
ArtMoney SE v7.21
AVG Free Edition
Belarc Advisor 7.2
BitLord 1.1
Broadcom Management Programs 2
Camtasia Studio 4
CCleaner (remove only)
Championship Manager 5
D-Link VGA Webcam
Debugging Tools for Windows
Dell Media Experience
Dell Picture Studio v3.0
Dell ResourceCD
Dell System Restore
Football Manager 2006
Freecorder 2.3 (with Skype Call Recording)
Guild Wars
HijackThis 1.99.1
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
KraMixer DJ Software 1.0.3.3
LimeWire PRO 4.12.3
McAfee VirusScan Professional Bonus Pack
mCore
mDrWiFi
Messenger Plus! Live
mHlpDell
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 1.1
Microsoft Office XP Professional with FrontPage
Microsoft Windows Journal Viewer
Microsoft Works 7.0
mIWA
mIWCA
mLogView
mMHouse
Mozilla Firefox (2.0.0.1)
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
mToolkit
mWlsSafe
mXML
My Screen Recorder 2.60
mZConfig
nBinder 4 LIMITED
NetWaiting
Network Play System (Patching)
Panda ActiveScan
Registry Mechanic 6.0
RK Auttocutter 1.1.0
RollerCoaster Tycoon 3
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB926255)
ShortKeys Lite
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Sunbelt Kerio Personal Firewall
Synacast Plug-in 1.1.0.7
Tiscali Internet
Tvants 1.0
TVUPlayer 2.2.0
Uninstall JL2005A Toy Camera
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
versione 0.4 Beta
VideoEgg Publisher
VideoLAN VLC media player 0.8.2
Virtual DJ - Atomix Productions
WebFldrs XP
whufc crest screensaver
Windows Defender Signatures
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinPatrol
WinRAR archiver

 

As Jed Clampet used to say Wheeee Doggie!

You are correct the Startup does not have a save log.

Download this to the desktop: http://www.silentrunners.org/Silent Runners.vbs

Download http://www.dynawell.com/reskit/micro...000/sclist.zip

Extract sclist.exe then move it to c:\windows\system32

Copy the line below for pasting
sclist c:\allserviceslist.txt

Then
Start-Run
type
cmd
hit enter

paste the above and hit enter
then type exit

Browse c:\ open allserviceslist.txt
and paste this back to the thread.

Now dbl the Silent runners.vbs
It may take a couple of minutes but
It will create a log file copy and paste it here.

Hopefully we will have enough info to sort this out.

While you are getting this I will be preparing a procedure to fix the usbkbd.sys problem.

Mike

 

Hi TOG

The usbkbd.sys was part of Elite KeyLogger malware

We should be able to fix it here.

The reason you are getting this BSOD and message is that it was not completely removed. There are residues in the registry so the below should finally remove it.

Do these steps.

Download and install : http://www.hoverdesk.net/dl/en/RegSeeker.zip
Then run regseeker

clk Find in registry
chk all boxes except Match Whole word

paste the below to the find box one at a time delete all found then do next

SideStep Software
Elite Keylogger
windump.exe
usbkbd.sys

then

Still in Regseeker
left panel clk
Clean the registry
then
autoclean

when finished

then put chk in Invalid services
then clk OK
Delete all found

This should help some with the performance/speed issues you mentioned.
Once we get the info from the last post above then we will finish up on the speed issue.

Mike

 

Just to clarify:

usbkbd.sys is not a legit windows file. It is an invalid registry entry.

It should not exist on your computer, and as you say you could not find a file named usbkbd.sys.

The BSOD referencing usbkbd.sys is a left over registry entry (not a file). From the Elite KeyLogger malware that was not completely cleaned.

A reference to it does exist in the registry, as evidence in the BSOD dump.

There is a whole thread on this BBS Myth busters Reg cleaners that say this should not and cannot happen but here you prove that wrong.

This is probably the cause of most of your problems in most of your other posts and likely in performance issues.

Mike

 

Mike,
I was unable to download from dynawell, something about you must have a licence etc. Also the silent runner link in your post didn't work, but, I was able to download via another method. Log is below. Shall download hoverdesk next while you check out my start up log:-

"Silent Runners.vbs ", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++} "


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = " "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"IntelWireless" = " "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless" [ "Intel Corporation"]
"Windows Defender" = " "C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
"WinPatrol" = "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [ "BillP Studios"]
"RegistryMechanic" = "(empty string)" [file not found]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" [ "GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" [ "Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" [ "Safer Networking Limited"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = "*c" (unwritable string)
-> {HKLM...CLSID} = "DriveLetterAccess "
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" [ "Sonic Solutions"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class "
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" [ "Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension "
-> {HKLM...CLSID} = "Display Panning CPL Extension "
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext "
-> {HKLM...CLSID} = "HyperTerminal Icon Ext "
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" [ "Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class "
-> {HKLM...CLSID} = "DesktopContext Class "
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" [ "NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper "
-> {HKLM...CLSID} = "NVIDIA CPL Extension "
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" [ "NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer "
-> {HKLM...CLSID} = "Desktop Explorer "
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" [ "NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" [ "NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu "
-> {HKLM...CLSID} = "nView Desktop Context Menu "
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" [ "NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler "
-> {HKLM...CLSID} = "Outlook File Icon Extension "
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu "
-> {HKLM...CLSID} = "Portable Media Devices Menu "
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess "
-> {HKLM...CLSID} = "DriveLetterAccess "
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" [ "Sonic Solutions"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders "
-> {HKLM...CLSID} = "My Sharing Folders "
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension "
-> {HKLM...CLSID} = "AVG7 Shell Extension Class "
\InProcServer32\(Default) = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgse.dll" [ "GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension "
-> {HKLM...CLSID} = "AVG7 Find Extension Class "
\InProcServer32\(Default) = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgse.dll" [ "GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook "
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook "
\InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> IntelWireless\DLLName = "C:\Program Files\Intel\Wireless\Bin\LgNotify.dll" [ "Intel Corporation"]
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" [ "Kaspersky Lab"]
<<!>> WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> application/x-internet-signup\CLSID = "{A173B69A-1F9B-4823-9FDA-412F641E65D6} "
-> {HKLM...CLSID} = "INSMimeFilterPP Class "
\InProcServer32\(Default) = "C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "
-> {HKLM...CLSID} = "AVG7 Shell Extension Class "
\InProcServer32\(Default) = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgse.dll" [ "GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "
-> {HKLM...CLSID} = "AVG7 Shell Extension Class "
\InProcServer32\(Default) = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgse.dll" [ "GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoFolderOptions" = (REG_DWORD) hex:0x00000000
{Removes the Folder Options menu item from the Tools menu}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoFolderOptions" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoCDBurning" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp "

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Dafydd\Application Data\Mozilla\Firefox\Desktop Background.bmp "


Enabled Scheduled Tasks:
------------------------

"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 30
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console "
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} "
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_10 "
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" [ "Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_10 "
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" [ "Sun Microsystems, Inc."]

{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8 "
"Exec" = "%windir%\bdoscandel.exe" [null data]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger "
"MenuText" = "Windows Messenger "
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" [ "GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" [ "GRISOFT, s.r.o."]
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" { "C:\WINDOWS\System32\bthserv.dll" [MS]}
EvtEng, EvtEng, "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe" [ "Intel Corporation"]
NICCONFIGSVC, NICCONFIGSVC, "C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe" [ "Dell Inc."]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" [ "NVIDIA Corporation"]
RegSrvc, RegSrvc, "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" [ "Intel Corporation"]
SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\system32\UAService7.exe" [null data]
Spectrum24 Event Monitor, S24EventMonitor, "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe" [ "Intel Corporation "]
Sunbelt Kerio Personal Firewall 4, KPF4, " "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" " [ "Sunbelt Software"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" [ "Symantec Corporation"]
Windows Defender, WinDefend, " "C:\Program Files\Windows Defender\MsMpEng.exe" " [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WLANKEEPER, WLANKEEPER, "C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe" [ "Intel® Corporation"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 38 seconds, including 18 seconds for message boxes)

 

Ran regseeker & searched the registry for these files, however, none were found. Continued with the rest of your reccomendations. Await next move.

Thanks for your help Mike, much appreciated.

Rich.

 

Here is a new link for sclist
http://www.dynawell.com/reskit/microsoft/WinNT/Management/sclist.zip

Get Startup control to handle all thes starting programs easily
http://www.mlin.net/files/StartupCPL_EXE.zip


Mike

 

OK Rich

First when it did not find the specifics, what happend during the Clean the registry? Did it find much?

Run regseeker again and
left panel clk
Clean the registry
then
check all boxes
then
autoclean
then run again and clk the OK. Delete all found!

I need to know if it seems to finds a lot

Also I need the answers here that I asked earlier.

Mike

 

Mike, did as you suggested, however, when I go to paste "sclist c:\allserviceslist.txt" a message appears stating "could not open service manager for c:\allserviceslist.txt "

Am I doing something wrong?

I'm going to download startupcpl while I wait.

 

Mike,
I'll run regseeker again. In answer to your questions:-
First when it did not find the specifics, what happend during the Clean the registry? Did it find much?
Nothing, happened when searching the specifics, it just searched and then stopped. Then I searched the next one & so on. When cleaning the bregistry it did find a lot but no more than it normally does when I run regseeker.

I did have Norton when I bought the machine, then switched to Mcafee & then switched to AVG, which I have now.

As for firewall, again, norton, then mcafee, then AVG & now Sunbelt.

As far as I am aware, I deleted/removed the old anti virus software & firewalls.

 

No!

My mistake

paste this:

sclist >c:\allserviceslist.txt

I left out the redirection symble (>)

Sorry

Mike

 

Ran regseeker again, didn't find a great deal (7 entries), however, it is finding the same entry every time I run it:-
Hkey-classes-root
clsid\{c523f39f-9c83-11d3-9094-00104bd0d535}.
invalid activex/com entry (clsid)

 

There you go:-

--------------------------------------------
- Service list for Local Machine
--------------------------------------------
running Alerter Alerter
running ALG Application Layer Gateway Service
stopped AppMgmt Application Management
stopped aspnet_state ASP.NET State Service
running AudioSrv Windows Audio
running Avg7Alrt AVG7 Alert Manager Server
running Avg7UpdSvc AVG7 Update Service
running BITS Background Intelligent Transfer Service
running Browser Computer Browser
running BthServ Bluetooth Support Service
stopped CiSvc Indexing Service
stopped ClipSrv ClipBook
stopped COMSysApp COM+ System Application
running CryptSvc Cryptographic Services
running DcomLaunch DCOM Server Process Launcher
running Dhcp DHCP Client
stopped dmadmin Logical Disk Manager Administrative Service
stopped dmserver Logical Disk Manager
stopped Dnscache DNS Client
stopped ERSvc Error Reporting Service
running Eventlog Event Log
running EventSystem COM+ Event System
running EvtEng EvtEng
stopped FastUserSwitchingCompatibility Fast User Switching Compatibility
running Fax Fax
running helpsvc Help and Support
running HidServ HID Input Service
stopped HTTPFilter HTTP SSL
stopped IDriverT InstallDriver Table Manager
stopped ImapiService IMAPI CD-Burning COM Service
running KPF4 Sunbelt Kerio Personal Firewall 4
running lanmanserver Server
running lanmanworkstation Workstation
running LmHosts TCP/IP NetBIOS Helper
stopped Messenger Messenger
stopped mnmsrvc NetMeeting Remote Desktop Sharing
stopped MSDTC Distributed Transaction Coordinator
stopped MSIServer Windows Installer
stopped NetDDE Network DDE
stopped NetDDEdsdm Network DDE DSDM
stopped Netlogon Net Logon
running Netman Network Connections
running NICCONFIGSVC NICCONFIGSVC
running Nla Network Location Awareness (NLA)
stopped NtLmSsp NT LM Security Support Provider
stopped NtmsSvc Removable Storage
running NVSvc NVIDIA Display Driver Service
running PlugPlay Plug and Play
running PolicyAgent IPSEC Services
running ProtectedStorage Protected Storage
stopped RasAuto Remote Access Auto Connection Manager
running RasMan Remote Access Connection Manager
stopped RDSessMgr Remote Desktop Help Session Manager
running RegSrvc RegSrvc
stopped RemoteAccess Routing and Remote Access
stopped rpcapd Remote Packet Capture Protocol v.0 (experimental)
stopped RpcLocator Remote Procedure Call (RPC) Locator
running RpcSs Remote Procedure Call (RPC)
stopped RSVP QoS RSVP
running S24EventMonitor Spectrum24 Event Monitor
running SamSs Security Accounts Manager
stopped SCardSvr Smart Card
running Schedule Task Scheduler
running seclogon Secondary Logon
running SENS System Event Notification
running SharedAccess Windows Firewall/Internet Connection Sharing (ICS)
running ShellHWDetection Shell Hardware Detection
running Spooler Print Spooler
stopped spupdsvc Windows Service Pack Installer update service
stopped srservice System Restore Service
running SSDPSRV SSDP Discovery Service
running stisvc Windows Image Acquisition (WIA)
stopped SwPrv MS Software Shadow Copy Provider
running Symantec Core LC Symantec Core LC
stopped SysmonLog Performance Logs and Alerts
running TapiSrv Telephony
running TermService Terminal Services
running Themes Themes
running TrkWks Distributed Link Tracking Client
running UMWdf Windows User Mode Driver Framework
running upnphost Universal Plug and Play Device Host
stopped UPS Uninterruptible Power Supply
running UserAccess7 SecuROM User Access Service (V7)
stopped usnsvc Messenger Sharing USN Journal Reader service
stopped VSS Volume Shadow Copy
running w32time Windows Time
running WebClient WebClient
running WinDefend Windows Defender
running winmgmt Windows Management Instrumentation
running WLANKEEPER WLANKEEPER
stopped WmdmPmSN Portable Media Serial Number Service
stopped WmiApSrv WMI Performance Adapter
running wscsvc Security Center
running wuauserv Automatic Updates
running WZCSVC Wireless Zero Configuration
stopped xmlprov Network Provisioning Service

 

Rich

That explains a lot!

This is where the rest of your instability and performance problems are coming from.

See this link read it all and get an understanding of it then do post #8 and #9

http://www.windowsbbs.com/showthread.php?t=61013

Do it carefully step by step. You already have reseeker and other downloads.

This needs to be done.

After you have done the above.

Reboot

Then do the below.
==============================================

For McAfee

http://www.windowsbbs.com/showthread.php?t=61310&page=2

Do post #21 same as you did for Norton step by step do every thing in the link from McAfee

Read and do the items but do not post message there return here to you own thread to continue.

Lot of work but I believe this will get you mostly back to normal.

After doing this reboot

Send new HJT log.

Mike