|
Can anyone explain what might be going on?
Background....The computer started moving very slowly and acting strangely. I ran Superantispyware and Malwarebytes and got rid of a bunch of cookies but that's all. Hijack This and Combofix only deleted an instant messaging program.
Still slow.
I went to All Programs - Accessories - System Tools - Defragmenter and saw a drive I have never seen before. In addition to my main C drive, there was a "B" drive listed as a floppy drive. I explored, and there was an executable on it, password(something).exe.
I am kicking myself for not remembering the name exactly, but it was something like passwordmanagement.exe or passwordcontrol.exe. I didn't write it down, because I thought I could go back and look at it again.
Then I had to do some other things and got distracted.
When I got back to the computer, I forgot all about the B drive and program. I got busy doing Ccleaner scans, including their registry fix. The computer was still going slow but I thought it seemed a tiny bit better.
I convinced myself without evidence that I was dealing with drive issues and not malware, so I put in my operating system CD and did a repair of the existing Windows installation. I am not talking about Recovery Console or the full reinstall. I did the option where you get new system files but don't lose your documents or programs. When it finished I had Service Pack 2 instead of Service Pack 3, and I had to download a bunch of old security updates again. It hung reinstalling SP3, so I am still on SP2 as I type.
I thought having Service Pack 2 automatically after the repair was strange, because the last time I used the "repair an existing Windows installation" option, it made me reinstall Service Pack 2 during the process from a disk. So the process was slightly different than I remembered it.
The computer was still acting slow, but better than at the outset.
Then I remembered about the B drive and tried to go back to look at the program again. However, when I go to All Programs - Accessories - System Tools _Defrag now, I get a message that "MMC cannot open the file...This may be because the file does not exist, is not an MMC console, or was created by a later version of MMC. This may also be because you do not have sufficient access rights to the file."
I can get into the defragmenter by another route: Control Panel - Administrative Tools - Computer Management. However, when I open it, it doesn't show any B drive at all anymore, only the C.
I can't open Local Security Policy. I receive the same error message about MMC that I get when I try to open Defrag from the Start menu.
Finally, please humor my paranoia for this last question. The other thing I noticed is that when I open Computer Management -Shared Folders - Shares and click on the Admin$, C$ or IPC$ entries, I get a message that the share permissions and security cannot be set, and there are comments inside about "remote admin" and "remote IPC." My computer is set to disallow file sharing, so I would just like reassurance that these are normal entries.
So anyway....I think I will end up reinstalling my OS from scratch. But I am wondering what the heck was this B drive I saw with a password program, and why don't I see it anymore? Did it disappear because I did the Windows Repair, or is this something more sinister and it's just not visible opening from somewhere else? When I click on My Computer, there is no sign of any B floppy drive, and I don't remember EVER having seen it before.
Also, why am I unable to open Defrag from the Start Menu, or Security Policies from anywhere?
My fear has to do with a quick Google search I did on some strange log entries in my event log ("A provider, RSOP Planning Mode Provider has been registered in the WMI namespace...to be run using the LocalSystem account." There were similar entries for Providers named "OffProv11" and "CMDTRiggerConsumer." The Google search led me to very scary pages talking about rootkits that may stay on the computer even after reinstallation by using a partition to reinfect the computer. Do I have to worry about this given the mysterious B drive I saw????
Does any of this make any sense? Can anyone give some insight? I don't want to do a clean reinstall until I have figured out if there is something else (like finding and cleaning a partition) that I need to do first.
Thanks in advance for any help or advice you can give.
|
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore
