PDA

View Full Version : Possible multiple malware infection: Sluggish, and other weird behavior



bburt
2009-09-30, 13:11
First of all, I'd like to say thanks to any volunteer who might take the time to respond to this thread. I'm new, but I am doing my best to follow the rules and the etiquette of the forum in order to make this process go as smoothly as possible.

I have read the recommended "Before You Post" topics, and followed the instructions (disabled Teatimer, ran ERUNT, got a HJT log).

I have Windows XP Pro installed.

Over the past year or so, I've occasionally become concerned that I had spyware and/or viruses on my system. Symptoms include:


SYMPTOMS

*** Strange mouse behavior (cursor will occasionally jump to the "start" menu or another seemingly purposeful area on the screen).

*** Increasingly sluggish response from the computer the longer uptime it has.

*** Two "Network Connections" applets in the Control Panel -- they are seemingly identical in that both appear to point to the same LAN connection (the computer's sole network interface, an Ethernet connection. This is cabled directly to a wireless router (so others in the house can share the connection. The router is connected to a cable modem). But the two applets seem to have different security/access settings, and they have different right-click pop-up menu options.

*** When I navigate to C:\Documents and Settings\[My Username], I often receive a strange dialog: "Feature unavailable while offline" and two options: "Connect" or "Stay Offline." I don't think I should need to be online to navigate to a folder on my computer! And, anyway, this happens even when I am online. Sometimes, I'll receive two or three such dialogs in succession; other times, just one.


PREVIOUS AMATEUR ATTEMPTS TO SOLVE THE PROBLEM

Over the months, I've played around with HJT, Spybot, examined the Windows Firewall log, tried to monitor TCP/IP activity with WinPCap, and even poked around a bit in the registry, but I'm not really expert enough to be very effective.

Most recently, I had OSAM disable an entry:

-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)

... in hopes that it would help with the extra Network Connections applet, but it seems to have no effect.

At any rate, I'm pasting my HJT log here. Many thanks to any volunteers who are kind enough to help!


HJT LOG FOLLOWS


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:47 AM, on 9/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Brandon.SALT-4RUS3NAYBT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Brandon.SALT-4RUS3NAYBT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Brandon.SALT-4RUS3NAYBT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Brandon.SALT-4RUS3NAYBT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Brandon.SALT-4RUS3NAYBT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222164938000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222165154515
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 4374 bytes

peku006
2009-10-07, 19:19
Hello and :welcome: to Safer Networking

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:


If you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - download and run RSIT

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log

Thanks peku006

bburt
2009-10-09, 12:59
Dear peku006:

Thank you very much for your response. I'm now working on getting through the instructions you provided, and wanted to provide an update.

Note that, as per the "before you post" instructions, I disabled TeaTimer. However, while I was waiting for a response to my original post, I began to feel vulnerable, and so I enabled it again.

When I read your response, I disabled TeaTimer again, downloaded and installed Malwarebytes' Anti-Malware utility, updated according to your instructions, and started a full scan.

During the scan, I was using my web browser to perform other tasks.

About 20 minutes into the scan, I got a Blue Screen of Death stop error (IRQL_NOT_LESS_OR_EQUAL, 0x0000000A, 0x00000004, 0x00000002, 0x804DBE9B).

According to my system monitor history, there was no CPU overheat at the time.

I felt guilty about using my web browser during the scan, so as soon as I finish posting this, I plan to shut down every application I can and try for another full scan.

In the meantime, I wanted you to know that any delays are due only to technical difficulties. I'm committed to this process and I sincerely appreciate the time you are taking to look into my problem.

Thanks again!

bburt
2009-10-10, 13:59
Hey, peku009:

My second MBAM scan was successful, as was the RSIT scan. Following are the results in the order you requested:

1. log.txt from RSIT
2. info.txt from RSIT
3. the log from MBAM

--



Logfile of random's system information tool 1.06 (written by random/random)
Run by Brandon at 2009-10-10 02:44:27
Microsoft Windows XP Professional Service Pack 3
System drive C: has 523 MB (1%) free of 59 GB
Total RAM: 512 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:29 AM, on 10/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Documents and Settings\Brandon.SALT-4RUS3NAYBT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Brandon.SALT-4RUS3NAYBT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Brandon.SALT-4RUS3NAYBT\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Brandon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222164938000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222165154515
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 4215 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-706699826-725345543-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"ASUS Probe"=C:\Program Files\ASUS\Probe\AsusProb.exe [2002-12-06 617984]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2009-01-21 222592]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Disabled:Microsoft DirectX Diagnostic Tool"
"C:\Documents and Settings\Brandon.SALT-4RUS3NAYBT\Local Settings\Temp\{8DFCBF3D-1389-4B92-BA47-CA9DA5444A84}\{4C78937F-0C8E-11D9-A3EB-0001025FA304}\k_update.exe"="C:\Documents and Settings\Brandon.SALT-4RUS3NAYBT\Local Settings\Temp\{8DFCBF3D-1389-4B92-BA47-CA9DA5444A84}\{4C78937F-0C8E-11D9-A3EB-0001025FA304}\k_update.exe:*:Disabled:Kensington Digital Update of installed software via the Web."
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:LocalSubNet:Enabled:Microsoft Management Console"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-10-10 02:27:50 ----D---- C:\rsit
2009-10-09 03:07:50 ----D---- C:\Documents and Settings\Brandon.SALT-4RUS3NAYBT\Application Data\Malwarebytes
2009-10-09 03:07:39 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-10-09 03:07:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-02 13:13:28 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-10-02 13:13:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-02 13:08:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-02 13:08:39 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-10-02 13:08:23 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-10-02 13:08:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-10-02 13:07:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-10-02 13:07:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-10-02 13:07:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-10-02 13:06:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-10-02 13:06:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-10-02 13:06:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-10-02 13:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-10-02 13:05:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-10-02 13:05:42 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-02 13:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-10-02 13:04:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-30 03:19:36 ----D---- C:\Program Files\Trend Micro
2009-09-30 02:47:16 ----D---- C:\WINDOWS\ERDNT
2009-09-30 02:46:44 ----D---- C:\Program Files\ERUNT
2009-09-29 00:08:44 ----D---- C:\Program Files\Windows Installer Clean Up

======List of files/folders modified in the last 1 months======

2009-10-10 02:40:59 ----D---- C:\WINDOWS\Prefetch
2009-10-10 02:20:16 ----D---- C:\WINDOWS\Temp
2009-10-09 05:36:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-09 03:35:55 ----SHD---- C:\WINDOWS\CSC
2009-10-09 03:35:51 ----D---- C:\WINDOWS
2009-10-09 03:12:28 ----D---- C:\WINDOWS\system32\drivers
2009-10-09 03:07:38 ----RAD---- C:\Program Files
2009-10-07 09:01:22 ----D---- C:\WINDOWS\system32
2009-10-07 08:30:18 ----D---- C:\Program Files\Mozilla Firefox
2009-10-06 02:49:40 ----A---- C:\WINDOWS\win.ini
2009-10-02 17:00:33 ----D---- C:\Config.Msi
2009-10-02 17:00:30 ----SHD---- C:\WINDOWS\Installer
2009-10-02 16:57:30 ----D---- C:\WINDOWS\WinSxS
2009-10-02 15:59:08 ----A---- C:\WINDOWS\maplev5.ini
2009-10-02 13:15:45 ----D---- C:\Program Files\Internet Explorer
2009-10-02 13:13:33 ----HD---- C:\WINDOWS\inf
2009-10-02 13:13:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-02 13:13:19 ----A---- C:\WINDOWS\imsins.BAK
2009-10-02 13:13:07 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-02 13:07:02 ----D---- C:\Program Files\Outlook Express
2009-10-02 13:05:18 ----D---- C:\WINDOWS\system32\en-us
2009-10-02 13:04:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-02 12:33:36 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-01 05:21:43 ----D---- C:\WINDOWS\Help
2009-09-29 06:14:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-29 02:31:09 ----D---- C:\Documents and Settings\Brandon.SALT-4RUS3NAYBT\Application Data\Adobe
2009-09-29 01:19:48 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2009-09-29 01:19:46 ----D---- C:\Program Files\Common Files\Adobe
2009-09-29 00:55:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-29 00:08:27 ----D---- C:\Program Files\MSECache
2009-09-26 22:42:17 ----D---- C:\WINDOWS\network diagnostic
2009-09-13 23:15:21 ----D---- C:\Finale97b

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 bcm4sbxp;ASUSTeK/Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2002-09-10 41728]
R3 G400DH;G400DH; C:\WINDOWS\system32\DRIVERS\g400dhm.sys [2007-04-13 350464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-03-31 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-08-10 204672]
S3 AMDPCI;AMDPCI; \??\C:\DOCUME~1\BRANDO~1.SAL\LOCALS~1\Temp\AMDPCI.sys []
S3 b57w2k;BCM5701 Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2001-08-17 96640]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-12-15 1368000]
S3 G400;G400; C:\WINDOWS\System32\DRIVERS\G400m.sys [2001-08-17 322432]
S3 KMW_KBD;Kensington Input Devices Class filter driver; C:\WINDOWS\System32\DRIVERS\KMW_KBD.sys []
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2008-12-23 50704]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MGABGEXE;MGABGEXE; C:\WINDOWS\system32\mgabg.exe [2007-04-04 87560]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2008-12-23 117264]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-10-10 02:28:10

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Illustrator 8.0\DeIsL1.isu" -c"C:\Program Files\Adobe\Illustrator 8.0\Uninst.dll"
-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.0\DeIsL1.isu" -c"C:\Program Files\Adobe\Photoshop 5.0\Uninst.dll"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 9.04-->MsiExec.exe /I{23170F69-40C1-2701-0904-000001000000}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe PageMaker 6.5-->C:\WINDOWS\uninst.exe -fC:\PM65\DeIsL1.isu
Adobe Photoshop 5.5-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.5\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 5.5\Uninst.dll"
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AMD AGP Driver-->C:\PROGRA~1\AMDAGP\UNWISE.EXE /A C:\PROGRA~1\AMDAGP\INSTALL.LOG
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
ASUS Probe V2.23.08-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL3.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Finale97-->C:\WINDOWS\unvise.exe C:\Finale97b31\uninstal.log
HijackThis 2.0.2-->"C:\Documents and Settings\Brandon.SALT-4RUS3NAYBT\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
K-Lite Mega Codec Pack 4.4.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Machine Check Analysis Tool-->MsiExec.exe /X{B23DD567-8CFF-40FF-A47C-6508D15986A0}
Macromedia Flash 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C93C363-414E-11D4-9756-00C04F8EEB39}\Setup.exe" UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maple V Release 5-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maple V Release 5\Uninst.isu"
Matrox Graphics Software (remove only)-->C:\WINDOWS\system32\PDesk\PDUninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Threats and Countermeasures Guide Tools and Templates-->MsiExec.exe /I{F6A4C8A4-1E9A-48F2-8232-9408B11439A3}
Uniblue DriverScanner 2009-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Resource Kit Tools-->MsiExec.exe /I{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.1 beta5-->C:\Program Files\WinPcap\uninstall.exe
Wireshark 1.2.0-->"C:\Program Files\Wireshark\uninstall.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======System event log======

Computer Name: SALT-4RUS3NAYBT
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 14381
Source Name: Service Control Manager
Time Written: 20090731191117.000000-360
Event Type: error
User:

Computer Name: SALT-4RUS3NAYBT
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 14354
Source Name: Service Control Manager
Time Written: 20090728222304.000000-360
Event Type: error
User:

Computer Name: SALT-4RUS3NAYBT
Event Code: 1002
Message: The IP address lease 192.168.1.2 for the Network Card with network address 00E018D56F31 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 14353
Source Name: Dhcp
Time Written: 20090728222300.000000-360
Event Type: error
User:

Computer Name: SALT-4RUS3NAYBT
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 14328
Source Name: Service Control Manager
Time Written: 20090728001318.000000-360
Event Type: error
User:

Computer Name: SALT-4RUS3NAYBT
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Record Number: 14324
Source Name: DCOM
Time Written: 20090726065818.000000-360
Event Type: error
User: SALT-4RUS3NAYBT\Brandon

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Windows Resource Kits\Tools\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\AMD\MCat\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 4 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------



Malwarebytes' Anti-Malware 1.41
Database version: 2928
Windows 5.1.2600 Service Pack 3

10/9/2009 5:34:57 AM
mbam-log-2009-10-09 (05-34-57).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 221923
Time elapsed: 1 hour(s), 26 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

peku006
2009-10-10, 16:45
Hi bburt

Please download Rootkit Revealer (http://download.sysinternals.com/Files/RootkitRevealer.zip) from Sysinternals and save it to your desktop.

Right click on RootkitRevealer.zip and select Extract All....
Click Next on seeing the Welcome screen.
You will see a screen asking you to select where you want the files to be extracted to. By default, this will be desktop. Click Next again.
Check (tick) Show extracted files box and click Finish.
Double click on RootkitRevealer.exe to run it.
A license agreement will be shown to you. Read through it and click on Agree.
Click on Scan at the bottom right hand corner.
When the scan is done, Rootkit Revealer will say Scan complete: X discrepancies found (X are numbers; message at the bottom left hand corner).
Click on File > Save.
By default, it would save to C:\Windows\System32 folder.
Click on Desktop on the left, then click on the Save button.
A RootkitRevealer.txt will be on your desktop.
Open it, select all the contents, copy and paste the contents in your next reply.

Thanks peku006

bburt
2009-10-11, 10:24
Hi, peku006:

I ran the RootkitRevealer scan, and am posting the log here.

Not sure if it's significant, but when I selected File | Save (the file save dialog was in the C:\Windows\System32 folder as you said), and then selected "Desktop" from the column at the left, I received the following warning dialog:

"Save RootkitRevealer Output ...
"C:\Documents and Settings\LocalService.NT AUTHORITY\Desktop refers to a location that is unavailable. ..."

There was a bit more text in the dialog, but this gives the basic idea. I didn't know whether it was anything to be concerned about but I thought I'd better let you know. (I think most likely, the RootkitRevealer process was running under different user credentials than mine, and so it tried to choose a desktop folder location for a system "user" that doesn't actually have a desktop folder.)

Anyway, here are the results of the scan:

--

HKLM\SECURITY\Policy\Secrets\SAC* 9/23/2008 2:52 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 9/23/2008 2:52 AM 0 bytes Key name contains embedded nulls (*)
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 10/10/2009 10:52 PM 64.00 KB Visible in Windows API, but not in MFT or directory index.

peku006
2009-10-11, 13:12
Hi bburt


Strange mouse behavior (cursor will occasionally jump to the "start" menu or another seemingly purposeful area on the screen).

What is the mouse in question? Brand/Model/Port Type etc

Have you applied all the latest Service Packs and updates? Have you tried the latest mouse drivers for your mouse.


Increasingly sluggish response from the computer the longer uptime it has
System Slow?
You may wish to try StartupLite. (http://www.malwarebytes.org/startuplite.php) Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware (http://www.bleepingcomputer.com/forums/index.php?showtopic=87058&view=findpost&p=487112)


Two "Network Connections" applets in the Control Panel -- they are seemingly identical in that both appear to point to the same LAN connection (the computer's sole network interface, an Ethernet connection. This is cabled directly to a wireless router (so others in the house can share the connection. The router is connected to a cable modem). But the two applets seem to have different security/access settings, and they have different right-click pop-up menu options
what their names are ?..........(Internet Connection,Wireless Network Connection,Local Area Connection)

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt


When I navigate to C:\Documents and Settings\[My Username], I often receive a strange dialog: "Feature unavailable while offline" and two options: "Connect" or "Stay Offline." I don't think I should need to be online to navigate to a folder on my computer! And, anyway, this happens even when I am online. Sometimes, I'll receive two or three such dialogs in succession; other times, just one.

check offline folder settings.

Open up My Computer
Go to Tools --> Folder Options
Click on the Offline Files tab
Uncheck "Enable Offline Files" to turn off the feature.

Thanks peku006

bburt
2009-10-11, 15:59
What is the mouse in question? Brand/Model/Port Type etc

It's a cheap generic: Kensington ValuMouse optical K64381


Have you applied all the latest Service Packs and updates?

I use Windows Update weekly to keep SPs, security updates, etc. up-to-date.


Have you tried the latest mouse drivers for your mouse.

Yes, installed the latest mouse drivers from the manufacturer website.


what their names are ?..........(Internet Connection,Wireless Network Connection,Local Area Connection)

Both of them are "Local Area Connection," and both of these seem to point identically to my machine's single Ethernet LAN port.

There are slight differences between the two, though:

The first:
* Has a tooltip reading "Connects to other computers, networks and the Internet."
* Has a right-click context menu with the options "Open", "Explore", "Scan Using Spybot Search&Destroy", and "Create Shortcut"

The second:
* Has a tooltip reading "Configures network software."
* Has a right-click context menu with the options "Open" and "Create Shortcut"


--

Results of SystemLook scan

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 04:45 on 11/10/2009 by Brandon (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network]
"Config"=00 00 00 00 1e 00 00 00 03 c3 c4 11 bc c3 5f 44 b6 15 d3 4a d0 c1 e9 2f 04 00 00 00 28 00 00 00 6d 00 73 00 5f 00 77 00 7a 00 63 00 73 00 76 00 63 00 00 00 00 00 16 cc 11 a0 43 28 83 46 aa 64 b0 10 a1 e6 df 4d 04 00 00 00 28 00 00 00 6d 00 73 00 5f 00 73 00 74 00 65 00 65 00 6c 00 68 00 65 00 61 00 64 00 00 00 00 00 9a 00 41 94 2b 35 2d 4d ac 33 0b 3f 10 2d f3 63 04 00 00 00 38 00 00 00 6d 00 73 00 5f 00 72 00 61 00 73 00 73 00 72 00 76 00 00 00 00 00 57 7c 17 06 5d 0e 31 42 91 54 5d b0 17 fb 42 95 04 00 00 00 28 00 00 00 6d 00 73 00 5f 00 72 00 61 00 73 00 6d 00 61 00 6e 00 00 00 00 00 ed 1d a0 12 9f 2c f3 49 99 b8 77 67 6c b2 5d 1f 04 00 00 00 38 00 00 00 6d 00 73 00 5f 00 72 00 61 00 73 00 63 00 6c 00 69 00 00 00 00 00 a1 d9 5b 02 dd ad dc 4e 83 a3 52 0c ea 15 24 06 04 00 00 00 00 00 00 00 6d 00 73 00 5f 00 73 00 65 00 72 00 76 00 65 00 72 00 00 00 00 00 9f 3f a0 19 fe 2e 3a 44 bf d5 eb c6 b1 55 00 14 04 00 00 00 28 00 00 00 6d 00 73 00 5f 00 6e 00 65 00 74 00 62 00 69 00 6f 00 73 00 00 00 00 00 08 a5 54 36 44 e8 a0 48 82 90 93 56 f7 c8 f4 b6 04 00 00 00 10 04 00 00 6d 00 73 00 5f 00 70 00 73 00 63 00 68 00 65 00 64 00 00 00 00 00 ac 6a 33 b2 65 9b 36 4d b8 64 52 6e 15 64 9a ff 04 00 00 00 28 00 00 00 6d 00 73 00 5f 00 72 00 73 00 76 00 70 00 00 00 00 00 e1 36 6a e1 86 10 ba 4f b1 8b 5f b7 26 2b 8c b9 04 00 00 00 28 00 00 00 6d 00 73 00 5f 00 67 00 70 00 63 00 00 00 00 00 59 0a 31 22 5a 28 a0 4c a0 e2 5d fb fc 74 99 af 04 00 00 00 28 00 00 00 6d 00 73 00 5f 00 61 00 6c 00 67 00 00 00 00 00 44 7a 4e ef 1d 50 d9 43 bd 2e 20 3d c4 d4 fa d6 03 00 00 00 80 00 00 00 6d 00 73 00 5f 00 6d 00 73 00 63 00 6c 00 69 00 65 00 6e 00 74 00 00 00 00 00 7f a3 06 f3 33 c8 81 40 82 17 d7 6c 3c 48 0a ea 03 00 00 00 08 00 00 00 6d 00 73 00 5f 00 77 00 65 00 62 00 63 00 6c 00 69 00 65 00 6e 00 74 00 00 00 00 00 e7 2c 6e 31 52 de b8 4e 80 4e 4c 06 93 f5 61 d1 02 00 00 00 00 00 00 00 6d 00 73 00 5f 00 6e 00 65 00 74 00 6d 00 6f 00 6e 00 00 00 00 00 00 95 09 7c f6 36 ea 4f 90 35 af 9c e6 ed 03 a0 02 00 00 00 28 00 00 00 6d 00 73 00 5f 00 6e 00 64 00 69 00 73 00 75 00 69 00 6f 00 00 00 00 00 af ee cd 00 10 84 ba 4c a1 4e 9a 09 55 ed 68 7a 02 00 00 00 28 00 00 00 6d 00 73 00 5f 00 70 00 70 00 70 00 6f 00 65 00 00 00 00 00 b2 77 20 bc 95 38 c2 4d ad 93 cf 55 03 8f 44 fc 02 00 00 00 38 00 00 00 6d 00 73 00 5f 00 70 00 70 00 74 00 70 00 00 00 00 00 0c ed 91 a1 dc d4 cc 4e 83 5f f7 0c 4a b0 68 b4 02 00 00 00 38 00 00 00 6d 00 73 00 5f 00 6c 00 32 00 74 00 70 00 00 00 00 00 6c c0 44 8e e7 42 48 45 8e 8e 27 e5 29 98 2f dc 02 00 00 00 28 00 00 00 6d 00 73 00 5f 00 6e 00 64 00 69 00 73 00 77 00 61 00 6e 00 00 00 00 00 b2 4b 93 16 91 9b 44 42 9d 6f 39 c3 d5 89 e4 21 02 00 00 00 38 00 00 00 6d 00 73 00 5f 00 6e 00 65 00 74 00 62 00 74 00 5f 00 73 00 6d 00 62 00 00 00 00 00 91 85 f8 23 6e fd ac 48 8e 18 b4 95 af f7 2e 99 02 00 00 00 28 00 00 00 6d 00 73 00 5f 00 6e 00 65 00 74 00 62 00 74 00 00 00 00 00 b0 cc 5b 77 17 2a 3d 45 a4 cf 33 a4 f3 53 af 2b 02 00 00 00 a0 00 00 00 6d 00 73 00 5f 00 74 00 63 00 70 00 69 00 70 00 00 00 00 00 0c be 72 d0 ac 96 fc 46 aa 27 29 c8 a5 18 0a 6f 00 00 00 00 29 00 00 00 6d 00 73 00 5f 00 6e 00 64 00 69 00 73 00 77 00 61 00 6e 00 62 00 68 00 00 00 52 00 4f 00 4f 00 54 00 5c 00 4d 00 53 00 5f 00 4e 00 44 00 49 00 53 00 57 00 41 00 4e 00 42 00 48 00 5c 00 30 00 30 00 30 00 30 00 00 00 5d d5 c8 99 52 c8 a1 41 85 7e 58 9d 59 57 ea df 00 00 00 00 84 00 00 00 70 00 63 00 69 00 5c 00 76 00 65 00 6e 00 5f 00 31 00 34 00 65 00 34 00 26 00 64 00 65 00 76 00 5f 00 34 00 34 00 30 00 31 00 26 00 73 00 75 00 62 00 73 00 79 00 73 00 5f 00 38 00 30 00 61 00 38 00 31 00 30 00 34 00 33 00 00 00 50 00 43 00 49 00 5c 00 56 00 45 00 4e 00 5f 00 31 00 34 00 45 00 34 00 26 00 44 00 45 00 56 00 5f 00 34 00 34 00 30 00 31 00 26 00 53 00 55 00 42 00 53 00 59 00 53 00 5f 00 38 00 30 00 41 00 38 00 31 00 30 00 34 00 33 00 26 00 52 00 45 00 56 00 5f 00 30 00 31 00 5c 00 33 00 26 00 36 00 31 00 41 00 41 00 41 00 30 00 31 00 26 00 30 00 26 00 34 00 38 00 00 00 4d 9b ca be 68 ab 8e 43 89 d9 fb 3e f6 ac 31 05 00 00 00 00 29 00 00 00 6d 00 73 00 5f 00 6e 00 64 00 69 00 73 00 77 00 61 00 6e 00 69 00 70 00 00 00 52 00 4f 00 4f 00 54 00 5c 00 4d 00 53 00 5f 00 4e 00 44 00 49 00 53 00 57 00 41 00 4e 00 49 00 50 00 5c 00 30 00 30 00 30 00 30 00 00 00 20 0b 10 f4 3b 26 88 42 aa eb 6a d1 e7 cb 92 d0 00 00 00 00 29 00 00 00 6d 00 73 00 5f 00 70 00 74 00 69 00 6d 00 69 00 6e 00 69 00 70 00 6f 00 72 00 74 00 00 00 52 00 4f 00 4f 00 54 00 5c 00 4d 00 53 00 5f 00 50 00 54 00 49 00 4d 00 49 00 4e 00 49 00 50 00 4f 00 52 00 54 00 5c 00 30 00 30 00 30 00 30 00 00 00 0d ee da 67 a2 3d 84 45 b8 81 3b a3 9f ff 88 93 00 00 00 00 29 00 00 00 6d 00 73 00 5f 00 70 00 70 00 70 00 6f 00 65 00 6d 00 69 00 6e 00 69 00 70 00 6f 00 72 00 74 00 00 00 52 00 4f 00 4f 00 54 00 5c 00 4d 00 53 00 5f 00 50 00 50 00 50 00 4f 00 45 00 4d 00 49 00 4e 00 49 00 50 00 4f 00 52 00 54 00 5c 00 30 00 30 00 30 00 30 00 00 00 51 53 e9 b3 f2 35 2e 4b a8 ea e6 93 8a ed 49 94 00 00 00 00 29 00 00 00 6d 00 73 00 5f 00 70 00 70 00 74 00 70 00 6d 00 69 00 6e 00 69 00 70 00 6f 00 72 00 74 00 00 00 52 00 4f 00 4f 00 54 00 5c 00 4d 00 53 00 5f 00 50 00 50 00 54 00 50 00 4d 00 49 00 4e 00 49 00 50 00 4f 00 52 00 54 00 5c 00 30 00 30 00 30 00 30 00 00 00 04 5c 15 50 2b fb 92 48 af 9f 97 d1 09 42 30 c4 00 00 00 00 29 00 00 00 6d 00 73 00 5f 00 6c 00 32 00 74 00 70 00 6d 00 69 00 6e 00 69 00 70 00 6f 00 72 00 74 00 00 00 52 00 4f 00 4f 00 54 00 5c 00 4d 00 53 00 5f 00 4c 00 32 00 54 00 50 00 4d 00 49 00 4e 00 49 00 50 00 4f 00 52 00 54 00 5c 00 30 00 30 00 30 00 30 00 00 00 b3 ec 97 09 a4 52 91 46 87 79 9b 7a 04 8f d8 6b 00 00 00 00 2a 00 00 00 73 00 77 00 5c 00 7b 00 65 00 65 00 61 00 62 00 37 00 37 00 39 00 30 00 2d 00 63 00 35 00 31 00 34 00 2d 00 31 00 31 00 64 00 31 00 2d 00 62 00 34 00 32 00 62 00 2d 00 30 00 30 00 38 00 30 00 35 00 66 00 63 00 31 00 32 00 37 00 30 00 65 00 7d 00 00 00 53 00 57 00 5c 00 7b 00 45 00 45 00 41 00 42 00 37 00 37 00 39 00 30 00 2d 00 43 00 35 00 31 00 34 00 2d 00 31 00 31 00 44 00 31 00 2d 00 42 00 34 00 32 00 42 00 2d 00 30 00 30 00 38 00 30 00 35 00 46 00 43 00 31 00 32 00 37 00 30 00 45 00 7d 00 5c 00 41 00 53 00 59 00 4e 00 43 00 4d 00 41 00 43 00 00 00 00 00 00 00 14 00 00 00 07 00 00 00 17 00 00 00 07 00 00 00 18 00 00 00 07 00 00 00 16 00 00 00 05 00 00 00 13 00 00 00 05 00 00 00 14 00 00 00 06 00 00 00 14 00 00 00 0b 00 00 00 13 00 00 00 0b 00 00 00 14 00 00 00 0d 00 00 00 17 00 00 00 0d 00 00 00 16 00 00 00 0f 00 00 00 17 00 00 00 0e 00 00 00 17 00 00 00 15 00 00 00 17 00 00 00 15 00 00 00 18 00 00 00 12 00 00 00 19 00 00 00 12 00 00 00 1a 00 00 00 12 00 00 00 1b 00 00 00 12 00 00 00 1c 00 00 00 12 00 00 00 1d 00 00 00 14 00 00 00 15 00 00 00 01 00 00 00 04 00 00 00 05 00 00 00 14 00 00 00 15 00 00 00 17 00 00 00 16 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 01 00 00 00 12 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 01 00 00 00 0b 00 00 00 00 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 01 00 00 00 15 00 00 00 00 00 00 00 09 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0d 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0e 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0f 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 13 00 00 00 00 00 00 00 01 00 00 00 15 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 01 00 00 00 15 00 00 00 00 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 (REG_BINARY)
"FilterClasses"="scheduler loadbalance failover"
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\Connections]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\SharedAccessConnection]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\Uninstalled]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]


-=End Of File=-



Open up My Computer
Go to Tools --> Folder Options
Click on the Offline Files tab
Uncheck "Enable Offline Files" to turn off the feature.

I acknowledge I have now unchecked the "Enable Offline Files" option.

I am also working through the "Slow computer/browser? ... It may not be malware" procedures.

peku006
2009-10-11, 17:51
Hi bburt

At this stage your machine looks to be clean of malware, so the problems you are experiencing are not likely to be malware related. I think the best and fastest solution for you is to post on a PC troubleshooting forum like the Browsers, Internet & email forum (http://forums.whatthetech.com/Browsers_Internet_and_email_f123.html) at WhatTheTech (http://forums.whatthetech.com/forums.html). They specialize in handling problems like this so you are certain to get expert assistance and a speedy resolution is very likely.

I'm sorry that I could not be of more help to you, and I wish you the best of luck with solving your computer problems. If you have any questions or require any other assistance please let me know.

bburt
2009-10-12, 13:23
Thank you very much for your time! I'm sorry it was a wild goose chase for you, but it is helpful to know that I can look elsewhere for the source of my problems. I will follow your suggestions, and I'm still working that those "it may not be malware" page, too.

Again, your efforts have been much appreciated.

Thanks very much!

peku006
2009-10-17, 09:18
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.