|
|
j_m_uk
new user
Reg'd: Thu
Posts: 3
|
Re: Slow computer - despite all my efforts!
Sat Apr 19 2008 08:10 AM
|
|
|
Bricat, Thank you for your reply.
This morning when I booted up, a warning said: windows\system32\regsvr.exe is trying to gain access to the group security settings for Kaspersky.
After sorting that, I downloaded combofix and here below the results of the combofix run as requested. As you requested, I turned off Kaspersky temporarily - I am not aware of any other security running although windows popped up a warning saying that settings were attempted to be changed so I don't know what was going on there.
I was also a little confused when someone else posted on the forum a message with an identical header to my original post.
My computer sometimes takes ages to refresh the screen and then refreshes it slowly - rewriting the screen memory a line at a time. The hard drive seems to constantly be working - albeit sometimes only pulsing every half a second. Even when the machine is doing 'nothing' the hard drive coninues to 'pulse' and read/write every half a second or second.
Anyway, hope the print below means something to you.
ComboFix 08-04-18.3 - Family Morris 2008-04-19 7:23:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.60 [GMT 1:00]
Running from: C:\Documents and Settings\Family Morris\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Downloaded Program Files\setup.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))
.
2008-04-19 07:14 . 2008-04-19 07:14 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-19 07:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-17 07:02 . 2008-04-17 07:02 <DIR> d-------- C:\Program Files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 06:26 73,649,440 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-19 06:26 2,050,592 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-17 07:42 988,412 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-17 07:42 206,552 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2006-09-02 21:24 96,576 -c--a-w C:\Documents and Settings\Family Morris\Application Data\GDIPFONTCACHEV1.DAT
2006-09-01 06:45 658,829 -c--a-w C:\Program Files\attachment1.php
2006-08-31 16:10 13,736,064 -c--a-w C:\Program Files\GoogleEarthWin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 11:14 57344]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 19:09 139367]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 04:00 99840]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 14:42 77824 C:\WINDOWS\SOUNDMAN.EXE]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 11:06 40960]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 09:51 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 09:50 204800]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52 3770024]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2007-06-11 07:06 901120]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2006-12-15 04:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-07-05 14:33]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 20:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 20:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 20:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 20:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 20:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4aa654f5-59e5-11dc-ab3e-0090d0b38141}]
\Shell\AutoRun\command - F:\LaunchU3.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 07:27:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-19 7:32:17
ComboFix-quarantined-files.txt 2008-04-19 06:32:10
Pre-Run: 29,614,383,104 bytes free
Post-Run: 29,614,747,648 bytes free
95 --- E O F --- 2008-04-09 02:08:57
|
|
|
|
1 registered and 14 anonymous users are browsing this forum.
Moderator: putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate
Print Thread
|
Forum Permissions
You cannot start new topics
You cannot reply to topics
HTML is disabled
Mark-up is enabled
|
Rating:
Thread views: 0
|
|
|
Previous
Index
Next
Flat
Edit
Reply
Quote
