Resolved Windows acting up - mouse clicks & scrolling

Status
Not open for further replies.
V

Valor

Posts: 65   +0
Since yesterday my Windows XP has been acting up. It mostly has to do with my cursor. Like when I just click once on right mouse it often acts like a double click (opening files, executing things etc). Or I would just highlight a file with right mouse click and then it acts like I want to drag the file somewhere. Or I dont get much reaction from my clicks at all, like I have to click on the X extra hard, three times or so until a window closes. Or the scrolling doesnt properly work, whether in a browser, explorer or task window. This is all driving me nuts!

I figure this could be my mouse driver being corrupt or something but Im also suspecting its a virus because ever since this behavior my full version MalwareBytes keeps blocking IP addresses, reporting "malicious IPs". On the other hand, my PeerGuardian wasn't blocking ANY IPs no more, the windows just kept being blank. But strangely enough when I do all types of scan with MB, plus a combofix run nothing is found! Yet I sit here restarting my computer over and over again just to be faced with the same odd problem. I also ran HijackThis log and couldnt find anything suspicious. CCleaner didn't improve anything either (though it removed quite a chunk). Ive cleaned all my temp files, browser cookies and histories but still, the problem persists. At least I dont seem to be getting those IP "attacks" anymore and PeerGuardian is working fine again too. Could it be just my mouse? crazy.gif

Here are my logs, please tell me if you can find anything that might be causing this. Thanks!

MB Log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4785

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

09.10.2010 17:02:42
mbam-log-2010-10-09 (17-02-42).txt

Scan type: Full scan (D:\|)
Objects scanned: 201432
Time elapsed: 47 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


MB Protection Log:
15:51:45 Dennis IP-BLOCK 222.65.243.157
15:52:20 Dennis IP-BLOCK 218.9.97.145
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
16:04:48 Dennis MESSAGE IP Protection stopped
16:06:25 Dennis MESSAGE Database updated successfully
16:06:30 Dennis MESSAGE IP Protection started successfully
16:07:59 Dennis IP-BLOCK 218.7.195.139
16:10:57 Dennis IP-BLOCK 218.7.195.139
16:13:11 Dennis IP-BLOCK 121.13.127.182
16:13:55 Dennis IP-BLOCK 58.240.39.117
16:19:54 Dennis IP-BLOCK 218.7.195.139
16:23:00 Dennis IP-BLOCK 218.7.195.139
16:28:56 Dennis IP-BLOCK 218.7.195.139
16:31:51 Dennis IP-BLOCK 218.7.195.139
16:34:03 Dennis IP-BLOCK 222.69.5.139
16:34:56 Dennis IP-BLOCK 218.7.195.139
16:37:08 Dennis IP-BLOCK 222.69.14.199
16:37:14 Dennis IP-BLOCK 202.103.221.15
16:46:55 Dennis IP-BLOCK 222.69.214.231
16:46:58 Dennis IP-BLOCK 58.240.212.92
16:52:35 Dennis IP-BLOCK 121.8.235.67
17:02:43 Dennis IP-BLOCK 58.240.244.20
17:09:34 (null) IP-BLOCK 121.8.153.6
17:11:38 Dennis MESSAGE Protection started successfully
17:11:43 Dennis MESSAGE IP Protection started successfully
17:50:26 Dennis MESSAGE Protection started successfully
17:50:42 Dennis MESSAGE IP Protection started successfully
18:37:56 Dennis MESSAGE Protection started successfully
18:38:01 Dennis MESSAGE IP Protection started successfully
20:09:41 Dennis MESSAGE Protection started successfully
20:09:45 Dennis MESSAGE IP Protection started successfully


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:30:01, on 09.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Programme\PeerGuardian2\pg2.exe
D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
D:\Programme\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Programme\Winamp\winamp.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\NOTEPAD.EXE
F:\Temp\TrendMicro\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Programme\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Programme\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [PeerGuardian] D:\Programme\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5711 bytes
 
ComboFix 10-10-08.01 - Dennis 09.10.2010 17:34:52.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1023.535 [GMT 2:00]
ausgeführt von:: d:\dokumente und einstellungen\Dennis\Desktop\Yep.exe


Dateien erstellt von 2010-09-09 bis 2010-10-09


2010-10-07 13:56 . 2010-10-07 13:56 -------- d-----w- d:\dokumente und einstellungen\Dennis\Anwendungsdaten\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2010-10-09 15:33 . 2010-01-23 01:36 -------- d-----w- d:\dokumente und einstellungen\Dennis\Anwendungsdaten\HPAppData
2010-10-09 15:19 . 2008-11-22 00:27 -------- d-----w- d:\programme\PeerGuardian2
2010-10-09 15:07 . 2003-04-02 12:00 70580 ----a-w- d:\windows\system32\perfc007.dat
2010-10-09 15:07 . 2003-04-02 12:00 405118 ----a-w- d:\windows\system32\perfh007.dat
2010-10-09 08:55 . 2008-10-04 17:00 -------- d-----w- d:\programme\eMule
2010-10-04 00:57 . 2009-01-23 17:53 -------- d-----w- d:\dokumente und einstellungen\Dennis\Anwendungsdaten\FileZilla
2010-10-03 10:26 . 2010-04-06 16:15 -------- d-----w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\NOS
2010-09-17 18:45 . 2009-09-10 10:40 -------- d-----w- d:\programme\Firefox
2010-08-28 15:46 . 2008-10-04 21:44 -------- d-----w- d:\dokumente und einstellungen\Dennis\Anwendungsdaten\uTorrent
2010-08-19 22:31 . 2010-08-19 22:31 -------- d-----w- d:\programme\Malwarebytes' Anti-Malware
2010-08-18 02:47 . 2008-10-04 15:57 1324 ----a-w- d:\windows\system32\d3d9caps.dat
2009-09-29 19:38 . 2009-09-29 19:38 18879 ----a-w- d:\programme\Gemeinsame Dateien\ligy._dl
2010-03-30 15:20 . 2010-03-30 15:20 2 --shatr- d:\windows\winstart.bat
.

((((((((((((((((((((((((((((( SnapShot_2010-08-19_03.06.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2003-04-02 12:00 . 2010-03-28 10:54 58596 d:\windows\system32\perfc009.dat
+ 2003-04-02 12:00 . 2010-10-09 15:07 58596 d:\windows\system32\perfc009.dat
- 2009-12-11 02:30 . 2010-04-29 13:39 38224 d:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-08-19 22:31 . 2010-04-29 13:39 38224 d:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-08-19 22:31 . 2010-04-29 13:39 20952 d:\windows\system32\drivers\mbam.sys
- 2009-12-11 02:30 . 2010-04-29 13:39 20952 d:\windows\system32\drivers\mbam.sys
- 2003-04-02 12:00 . 2010-03-28 10:54 392296 d:\windows\system32\perfh009.dat
+ 2003-04-02 12:00 . 2010-10-09 15:07 392296 d:\windows\system32\perfh009.dat
+ 2010-10-03 10:39 . 2010-10-03 10:39 232912 d:\windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe
+ 2010-01-27 01:07 . 2010-10-03 10:39 5969360 d:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-08-22 16:04 . 2010-08-22 16:04 12263936 d:\windows\Installer\e15740e.msp
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="d:\programme\PeerGuardian2\pg2.exe" [2005-09-18 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"Malwarebytes' Anti-Malware"="d:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"Adobe Reader Speed Launcher"="d:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\startupfolder\D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Speed Launch.lnk]
path=d:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk
backup=d:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=d:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\D:^Dokumente und Einstellungen^Dennis^Startmenü^Programme^Autostart^MONSXW32.EXE.del]
path=d:\dokumente und einstellungen\Dennis\Startmenü\Programme\Autostart\MONSXW32.EXE.del
backup=d:\windows\pss\MONSXW32.EXE.delStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSTA.EXE]
PRISMSTA.EXE START [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- d:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- d:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 05:52 15360 ------w- d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- d:\programme\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 16:50 4363504 ----a-w- d:\programme\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 05:52 1695232 --sh--w- d:\programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- d:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-08-17 01:03 13877248 ----a-w- d:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-08-17 01:03 86016 ----a-w- d:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-08-12 21:40 1657376 ----a-w- d:\programme\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Personal ID]
2009-01-15 19:58 1126912 ----a-w- d:\progra~1\COOLSP~1\PERSON~1\pid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2010-03-28 13:24 160328 ----a-w- d:\programme\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- d:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-09-10 08:29 1994480 ----a-w- d:\programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system tool]
2009-03-18 16:50 4363504 ----a-w- d:\programme\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- d:\programme\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programme\\uTorrent\\uTorrent.exe"=
"d:\\WINDOWS\\system32\\winver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"64517:TCP"= 64517:TCP:Services
"2084:TCP"= 2084:TCP:Services
"9708:TCP"= 9708:TCP:Services
"8364:TCP"= 8364:TCP:Services
"7880:TCP"= 7880:TCP:Services
"7817:TCP"= 7817:TCP:Services
"2818:TCP"= 2818:TCP:Services
"8848:TCP"= 8848:TCP:Services

R1 SASDIFSV;SASDIFSV;d:\programme\SUPERAntiSpyware\sasdifsv.sys [05.08.2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;d:\programme\SUPERAntiSpyware\SASKUTIL.SYS [05.08.2009 16:06 74480]
R2 MBAMService;MBAMService;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [20.08.2010 00:31 304464]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [20.08.2010 00:31 20952]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;d:\windows\system32\drivers\PhTVTune.sys [04.10.2008 17:45 24704]
S3 PRISM_A00;PRISM 802.11g Driver;d:\windows\system32\drivers\PRISMA00.sys [04.10.2008 16:26 362688]
S3 SASENUM;SASENUM;d:\programme\SUPERAntiSpyware\SASENUM.SYS [05.08.2009 16:06 7408]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - pgfilter

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.com/
IE: Customize Menu - file://d:\programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://d:\programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: RoboForm Toolbar - file://d:\programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://d:\programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - d:\dokumente und einstellungen\Dennis\Anwendungsdaten\Mozilla\Firefox\Profiles\q9w830qj.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: d:\programme\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: d:\programme\Opera\program\plugins\nppl3260.dll
FF - plugin: d:\programme\Opera\program\plugins\nppl3260.dll
FF - plugin: d:\programme\Opera\program\plugins\nprpjplug.dll
FF - plugin: d:\programme\Opera\program\plugins\nprpjplug.dll

---- FIREFOX Richtlinien ----
d:\programme\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\programme\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\programme\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-WordWeb - d:\programme\WordWeb\wweb32.exe
AddRemove-WordFlood 1.2 - d:\programme\WordFlood 1.2\Uninstall.exe
 
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1645522239-1547161642-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1645522239-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{33F87792-B1F5-3AE6-0EE6-CE658B478259}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1645522239-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{47D9FB2A-2B30-85E1-F322-DEAF4E40E071}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abooppijfmedgddomodkallkhbndphhbpi"=hex:70,61,61,70,62,61,66,65,64,6e,6a,61,
66,63,69,65,62,65,6c,6a,68,65,63,6a,61,65,62,66,6d,66,6c,6c,00,40
"malokpgjibdfgokbndmipojdla"=hex:6f,61,6f,6d,62,6c,62,6c,62,6f,64,68,70,65,65,
69,69,6e,61,67,6c,61,67,6b,66,6b,69,6e,61,62,00,6c

[HKEY_USERS\S-1-5-21-1645522239-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{50F48DBB-21EA-CEFD-F978-1E43976C7B96}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1645522239-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{78A5CA21-B976-E898-A01C-AC4E7DEC27A6}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iambacjnfdocjkmdcg"=hex:6a,61,6a,6d,65,70,6a,6a,67,6d,63,68,63,6d,6b,64,6c,65,
64,63,00,00
"hagbkdnkidolclnj"=hex:6a,61,6a,6d,65,70,6a,6a,67,6d,63,68,63,6d,6b,64,6c,65,
64,63,00,1f

[HKEY_USERS\S-1-5-21-1645522239-1547161642-839522115-1004\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1645522239-1547161642-839522115-1004)
@Allowed: (Read) (S-1-5-21-1645522239-1547161642-839522115-1004)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft-Datenträgerkontingent"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer-Zonenzuordnung"
"DllName"=expand:"iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"=expand:"iedkcs32.dll"
@="Internet Explorer-Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Softwareinstallation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="d:\\Programme\\SUPERAntiSpyware\\SASWINLO.dll"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"Hilfeassistent"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"HelpAssistant"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
.
Zeit der Fertigstellung: 2010-10-09 17:41:24

Vor Suchlauf: 998.498.304 Bytes frei
Nach Suchlauf: 1.104.912.384 Bytes frei
 
Btw, I'm using a wired mouse. And it acts up like this even when I disconnect from the internet. The only thing that I find as "weird" is when I run FreeFixer. It reports errors on winlogon. But I believe I had this in previous scans too. Can anyone explain? Here's the log:

FreeFixer v0.54 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 3
Log dated 2010-10-09 21:05


Winlogon Notify
!SASWinLogon - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
crypt32chain - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
cryptnet - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
cscdll - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
dimsntfy - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
ScCertProp - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
Schedule - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
sclgntfy - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
SensLogn - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
termsrv - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
wlballoon - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.

Browser Helper Objects (4 whitelisted)
{724d43a9-0d85-11d4-9908-00400523e39a}, , D:\Programme\Siber Systems\AI RoboForm\roboform.dll

Internet Explorer toolbars (2 whitelisted)
HKLM\..\Toolbar\{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - D:\Programme\Siber Systems\AI RoboForm\roboform.dll

Basic Internet Explorer settings
HKCU\..\Main, Start Page = http://google.com/
HKCU\..\Desktop\General, Wallpaper = D:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

Registry Startups (1 whitelisted)
HKLM\..\Run, NvCplDaemon = RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
HKCU\..\Run, PeerGuardian = D:\Programme\PeerGuardian2\pg2.exe

Processes (26 whitelisted)
D:\WINDOWS\system32\nvsvc32.exe
D:\Programme\PeerGuardian2\pg2.exe
D:\Programme\Winamp\winamp.exe
F:\Temp\FreeFixer\freefixer.exe

Services (39 whitelisted)
nvsvc, NVIDIA Display Driver Service, d:\windows\system32\nvsvc32.exe

Svchost.exe Modules (214 whitelisted)
d:\programme\hp\digital imaging\bin\hpqddsvc.dll
d:\programme\hp\digital imaging\bin\hpqddcmn.dll
d:\programme\hp\digital imaging\bin\hpqcxs08.dll
d:\windows\system32\hpzinw12.dll
d:\windows\system32\hpzipm12.dll

Explorer.exe Modules (109 whitelisted)
D:\Programme\SUPERAntiSpyware\SASSEH.DLL
D:\Programme\WinRAR\rarext.dll
D:\Programme\FileZilla FTP Client\fzshellext.dll
D:\WINDOWS\system32\l3codeca.acm
D:\Programme\SUPERAntiSpyware\SASCTXMN.DLL
D:\Programme\Siber Systems\AI RoboForm\roboform.dll

Drivers (28 whitelisted)
CDRPDACC, CD-ROM Productions Device Access, d:\programme\cd-rom productions\shared\cdrpdacc.sys
SASDIFSV, SASDIFSV, d:\programme\superantispyware\sasdifsv.sys
SASKUTIL, SASKUTIL, d:\programme\superantispyware\saskutil.sys

Firefox Extensions
NoDoFollow, D:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\Mozilla\Firefox\Profiles\tvi5s7jd.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}\install.rdf
SearchStatus, D:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\Mozilla\Firefox\Profiles\tvi5s7jd.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}\install.rdf
Adobe DLM (powered by getPlus®), D:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\Mozilla\Firefox\Profiles\tvi5s7jd.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\install.rdf
Java Console, D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\install.rdf

Recently created/modified files (3 whitelisted)
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\winamp.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\vis_nsfs.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\vis_milk2.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\vis_avs.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\tagz.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\pmp_usb.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\pmp_p4s.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\pmp_njb.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\pmp_ipod.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\pmp_activesync.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\playlist.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\out_wave.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\out_ds.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\out_disk.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_wire.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_transcode.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_rg.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_pmp.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_plg.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_playlists.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_orb.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_online.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_nowplaying.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_local.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_impex.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_history.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_disc.lng

History
-D:\Dokumente und Einstellungen\Dennis\Startmenü\Programme\Autostart\syspck32.exe (on reboot)
-D:\Dokumente und Einstellungen\Dennis\Startmenü\Programme\Autostart\syspck32.exe (on reboot)
-D:\WINDOWS\system32\msedyu32.exe
+HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit = D:\WINDOWS\system32\userinit.exe,
-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
-HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
-HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser, {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
-HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser, {EF99BD32-C1FB-11D2-892F-0090271D4F88}
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\winamp.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\vis_nsfs.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\vis_milk2.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\vis_avs.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\tagz.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\pmp_usb.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\pmp_p4s.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\pmp_njb.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\pmp_ipod.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\pmp_activesync.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\playlist.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\out_wave.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\out_ds.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\out_disk.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_wire.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_transcode.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_rg.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_pmp.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_plg.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_playlists.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_orb.lng (on reboot)

The following errors occurred during the scan:
Problems opening folder 'c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\SRTSP\Quarantine' to enumerate files. FindFirstFile failed. System error message: Zugriff verweigert Error code: 5.
Problems opening folder 'c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\SRTSP\SrtETmp' to enumerate files. FindFirstFile failed. System error message: Zugriff verweigert Error code: 5.

End of FreeFixer log
 
Malwarebytes stops sites by the dozen. You have an icon down at the bottom right hand side. remove the tick for checking websites and that will stop. You have to do it everytime you retsrt your comp. No idea how you stop it permantly. Thing was driving me mad so I got rid of it.

One of your enter keys isn't stuck in the down position by any chance?
 
Suggest you borrow USB keyboard and mouse to try. Disable or remove wireless devices.

If it seems to be the wireless devices causing the problem, was it battery, interference from nearby equipment, corrupt driver or device failure? Should be possible to find out which.
 
I notice you have also left logs and asked for help here: http://www.bleepingcomputer.com/forums/topic352687.html

You will need to decide where you want to stay for help. Tying multiple malware helpers up fr the same person's problem means their time will be taken away from others.

One thing you need to do is stop running random programs. each forum has a set of steps they want followed. Combofix is not a program that should be run unless your helper instructs you to run it and then it will be with guidance. And to the best of my knowledge, none of us run the FreeFixer program.

When you decide where you want to remain for help, if it is here, I will ask the moderator to move the thread to the Windows Os forum for you to investigate possibly setting problem with the mouse.
 
Status
Not open for further replies.

Similar threads

A
Security experts are using malware's own code to protect potential victims
Replies
1
Views
366
Hooda Thunkett
H
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni
R
Solved Data Hijacking, Help Please
2
Replies
37
Views
5K
Broni
Broni

Latest posts

Back