Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 30

Thread: Computer has been gut-punched

  1. #11
    Senior Member
    Join Date
    Dec 2005
    Posts
    101

    Default

    I did not install it recently, i've had it for some time. But recently it seemed to be having trouble downloading updates and finally gave me a message that i needed to contact customer support to resolve the download issue. ive tried contacting, but they don't make it easy. no 1-800 number and a lot of link clicking....i gave up until i could invest the time to find out how to reach someone. They don't even make it easy to send them an email.

    i will try the combo fix although your comment is intriguing me as to whether i should uninstall macafee and see what happens??????

    hmm

  2. #12
    Senior Member
    Join Date
    Dec 2005
    Posts
    101

    Default

    Well, I ran combo fix first in safe mode, but i didn't know to run it with networking, so it didn't download the windows recovery console, but it ran the program anyway.

    So the attached log is without the console. Please let me know if i should do more. when i rebooted, computer was still really, really slow.




    ComboFix 10-09-01.02 - Chris 09/01/2010 21:38:37.1.1 - x86 MINIMAL
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.102 [GMT -7:00]
    Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Internet Explorer\SETDF.tmp
    c:\program files\Internet Explorer\SETE0.tmp
    c:\program files\Internet Explorer\SETE2.tmp
    c:\windows\MailSwitch.ocx
    c:\windows\system32\ie.ico
    c:\windows\system32\open.ico

    .
    ((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
    .

    2010-08-28 18:14 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-28 18:14 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-28 18:14 . 2010-08-28 18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-28 05:27 . 2010-08-28 05:27 -------- d-----w- c:\documents and settings\Chris\Application Data\McAfee

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-28 05:28 . 2010-08-28 05:29 300384 ----a-w- c:\documents and settings\Chris\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
    2010-08-28 05:28 . 2010-08-28 05:28 300384 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Supportability\Content\MVT\XMLFiles\detect.dll
    2010-08-28 05:25 . 2009-04-05 03:57 -------- d-----w- c:\program files\McAfee
    2010-08-28 05:25 . 2009-04-05 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2010-08-20 06:56 . 2003-11-15 17:37 -------- d-----w- c:\program files\Common Files\Adobe
    2010-08-15 06:38 . 2004-01-06 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-07-27 05:02 . 2009-03-16 16:25 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
    2010-06-30 12:31 . 2002-08-29 11:00 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:10 . 2004-08-24 03:32 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 12:10 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-06-23 13:44 . 2002-08-29 11:00 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2002-08-29 11:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2002-08-29 11:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2002-08-29 11:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
    2010-06-14 07:41 . 2002-08-29 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
    "MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-08-14 90112]
    "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-06-06 936960]
    "VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
    "Motive SmartBridge"="c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
    "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
    "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-11-5 24576]
    Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

    S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [4/25/2010 10:47 PM 82952]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/4/2009 9:04 PM 88176]
    S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/25/2010 10:47 PM 271480]
    S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/25/2010 10:47 PM 271480]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/25/2010 10:48 PM 188136]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [4/25/2010 10:48 PM 141792]
    S3 ALABULKO;OLYMPUS USB Media Adapter device driver;c:\windows\SYSTEM32\DRIVERS\ALABLK2O.SYS [11/9/2002 10:00 AM 34914]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [4/25/2010 10:47 PM 55456]
    S3 hamachi_oem;PlayLinc Adapter;c:\windows\SYSTEM32\DRIVERS\gan_adapter.sys [10/19/2006 11:11 AM 10664]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [4/25/2010 10:47 PM 312616]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [4/25/2010 10:47 PM 88480]
    S3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [4/25/2010 10:47 PM 88480]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [4/25/2010 10:47 PM 83496]
    S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\SYSTEM32\DRIVERS\netusbxp.sys [3/22/2005 8:27 PM 72576]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://espn.go.com/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = 127.0.0.1;<local>
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} - hxxp://www.schaeffersresearch.com/Download/Cfx4Financial.cab
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-svcWRSSSDK



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-01 21:51
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    MMTray = c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe?w???g?R??V??g?R??SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\TrayApp??????? ?w?????????????\?wp ?w???????w???g ??????????g?????CY????????g?R??2???????????<???? @???X???X???????????????????Y?????F?Q?????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3621805395-2029468314-3655602914-1008\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(212)
    c:\windows\system32\WRLogonNTF.dll
    .
    Completion time: 2010-09-01 22:03:03
    ComboFix-quarantined-files.txt 2010-09-02 05:02

    Pre-Run: 29,975,162,880 bytes free
    Post-Run: 30,012,710,912 bytes free

    - - End Of File - - 4C35B9844EB0E6EEC6FA29EEC7E70753

  3. #13
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    Not much in the combofix log as far as malware goes. Can you update malwarebytes ok? Let get another download to check for malware:

    Please download: RootRepeal

    http://ad13.geekstogo.com/RootRepeal.exe

    Click the icon on your desktop to start.
    Click on the Report tab at the bottom of the window
    Next, Click on the Scan button
    In the Select Scan Window check everything:

    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services

    Click the OK button
    In the next dialog window select all the drives that are listed
    Click OK to start the scan

    May take some time to complete.
    When done click the Save Report button.
    Save the report to your desktop
    To Exit RootRepeal: click File>Exit
    Post the report in your reply

    See if this link is useful, thats assuming its not malware related. Some malware can prevent you from getting to certain websites and/or not let you update or install software.
    How Can I Reduce My Risk?

  4. #14
    Senior Member
    Join Date
    Dec 2005
    Posts
    101

    Default

    Shelf life

    Attached please find a new log for updated malwarebytes and for root repeal.
    Now that i've turned off Macafee (temporarily at least), the computer seems to be running ok. interesting.

    That link you posted is the one I use, but you can't reach a live person easily to resolve the issue. It's really annoying.


    RootRepeal:


    ROOTREPEAL (c) AD, 2007-2009
    ==================================================
    Scan Start Time: 2010/09/02 22:41
    Program Version: Version 1.3.5.0
    Windows Version: Windows XP SP3
    ==================================================

    Drivers
    -------------------
    Name: dump_atapi.sys
    Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
    Address: 0xF2C06000 Size: 98304 File Visible: No Signed: -
    Status: -

    Name: dump_WMILIB.SYS
    Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
    Address: 0xF9786000 Size: 8192 File Visible: No Signed: -
    Status: -

    Name: Fs_Rec.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
    Address: 0xF9792000 Size: 7936 File Visible: - Signed: -
    Status: Hidden from the Windows API!

    Name: Mup.sys
    Image Path: Mup.sys
    Address: 0xF903A000 Size: 105344 File Visible: - Signed: -
    Status: Hidden from the Windows API!

    Name: Ntfs.sys
    Image Path: Ntfs.sys
    Address: 0xF9081000 Size: 574976 File Visible: - Signed: -
    Status: Hidden from the Windows API!

    Name: rootrepeal.sys
    Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
    Address: 0xF1096000 Size: 49152 File Visible: No Signed: -
    Status: -

    Name: tcpip.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
    Address: 0xF2E04000 Size: 361600 File Visible: - Signed: -
    Status: Hidden from the Windows API!

    Name: tfsnifs.sys
    Image Path: C:\WINDOWS\system32\dla\tfsnifs.sys
    Address: 0xF28D8000 Size: 83232 File Visible: - Signed: -
    Status: Hidden from the Windows API!

    Hidden/Locked Files
    -------------------
    Path: C:\hiberfil.sys
    Status: Locked to the Windows API!

    ==EOF==



    New Malwarebytes log:


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4533

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    9/3/2010 12:33:07 AM
    mbam-log-2010-09-03 (00-33-07).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 235839
    Time elapsed: 1 hour(s), 36 minute(s), 53 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  5. #15
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    turned off Macafee (temporarily at least), the computer seems to be running ok
    Ok good. you can attempt to contact Mcafee or just uninstall it and go with another AV, free or otherwise. Have you tried: McAfee Virtual Technician at that link to see if it could find any problems? That rootrepeal log looks ok. In any case you dont want to go to long without a resident updated antivirus on your machine.
    How Can I Reduce My Risk?

  6. #16
    Senior Member
    Join Date
    Dec 2005
    Posts
    101

    Default

    yes, i ran the virtual technician but it didn't seem to solve the problem. I will try contacting macafee directly again, but i am also thinking of just dumping it and maybe running avast or avg? which one do you recommend? this is an older machine.

    Also, i do notice i still get the windows virtual memory warnings still where i am running out of memory even though there are no operations occuring.

    do you think i am clear of any malware?

  7. #17
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    this is an older machine
    Its a Pentium 4 @ 2.6Ghz, thats not that old. Do you know how much RAM you have installed on the machine?

    If you right click on my computer icon and select properties, under the general tab it will say how much RAM you have installed.

    Also we will do another scan with rootrepeal.
    Open the rootrepeal icon, at the top click settings then options.
    Click the Ssdt & Shadow Ssdt Tab.
    Make sure the box next to "Only display hooked functions." is checked.
    Click the "X" in the top right corner of the Settings window to close
    Click the Report tab at the bottom.
    Click the Scan button.
    Check all the boxes
    Click Ok
    Check the box for your main drive (Usually C), and press Ok.
    Once the scan completes, click on the Save Report button. Save the log to your desktop and post the log in your reply.
    How Can I Reduce My Risk?

  8. #18
    Senior Member
    Join Date
    Dec 2005
    Posts
    101

    Default

    shelf life -

    It has 256 mb of RAM. I guess i mean older in that RAM is not much and total harddrive space is only 50GB compared to today's machines with 4GB of RAM and 500 GB harddrive.

    I followed your instructions on the updated root repeal and below is the new log:

    ROOTREPEAL (c) AD, 2007-2009
    ==================================================
    Scan Start Time: 2010/09/04 18:54
    Program Version: Version 1.3.5.0
    Windows Version: Windows XP SP3
    ==================================================

    Drivers
    -------------------
    Name: Cdfs.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
    Address: 0xF94B0000 Size: 63744 File Visible: - Signed: -
    Status: Hidden from the Windows API!

    Name: dump_atapi.sys
    Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
    Address: 0xF2C27000 Size: 98304 File Visible: No Signed: -
    Status: -

    Name: dump_WMILIB.SYS
    Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
    Address: 0xF97A8000 Size: 8192 File Visible: No Signed: -
    Status: -

    Name: Fs_Rec.SYS
    Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
    Address: 0xF9790000 Size: 7936 File Visible: - Signed: -
    Status: Hidden from the Windows API!

    Name: mrxsmb.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
    Address: 0xF2CDF000 Size: 455680 File Visible: - Signed: -
    Status: Hidden from the Windows API!

    Name: Mup.sys
    Image Path: Mup.sys
    Address: 0xF903A000 Size: 105344 File Visible: - Signed: -
    Status: Hidden from the Windows API!

    Name: Ntfs.sys
    Image Path: Ntfs.sys
    Address: 0xF9081000 Size: 574976 File Visible: - Signed: -
    Status: Hidden from the Windows API!

    Name: rootrepeal.sys
    Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
    Address: 0xF1929000 Size: 49152 File Visible: No Signed: -
    Status: -

    Name: tcpip.sys
    Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
    Address: 0xF2E25000 Size: 361600 File Visible: - Signed: -
    Status: Hidden from the Windows API!

    Name: tfsnifs.sys
    Image Path: C:\WINDOWS\system32\dla\tfsnifs.sys
    Address: 0xF28D1000 Size: 83232 File Visible: - Signed: -
    Status: Hidden from the Windows API!

    Hidden/Locked Files
    -------------------
    Path: C:\hiberfil.sys
    Status: Locked to the Windows API!

    ==EOF==

  9. #19
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    XP should run ok on 256MB, but the more apps you have running the more bogged down it will get. Mcafee with all its services was probably a resource hog. Adding more memory is one of the easiest things you can do for performance. Have you ever defragged the hard drive?

    If you right click on the my computer icon>properties>Advanced> under performance option>Settings>Advanced Tab>Virtual Memory>Change> click the System managed space if it isnt already checked, then click SET and ok out of the windows and reboot machine.

    As for AV either of those free versions should be ok, download and install one and see how it runs if it tends to bog everything down, uninstall it reboot and try the other.

    If you have alot of icons by the clock this means the app is running and using resources. right/left click on the icons and look for options or settings to have the software not start when windows does. For example iTunes dosnt have to be running, you can start it from the programs panel when you need it.
    How Can I Reduce My Risk?

  10. #20
    Senior Member
    Join Date
    Dec 2005
    Posts
    101

    Default

    Thanks Shelf Life

    The only other icon running by the clock is MusicMatch Jukebox by Dell. I don't even use this as far as i know ( I use itunes)....so do you think i should delete the program?

    I changed the virtual memory setting as you suggested.

    Do you think the machine is pretty clean now of any viruses?

    I may see how macafee continues to run and then if slow, will try AVAST or AVG or other if you recommend it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •