Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very slow desktop and weird activity


  • This topic is locked This topic is locked
66 replies to this topic

#31 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:57 AM

Posted 23 November 2012 - 06:06 PM

Hi there,


It's been over a week since your last update. Everything ok? Do you still need help?



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

BC AdBot (Login to Remove)

 


#32 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:57 PM

Posted 23 November 2012 - 10:14 PM

Hi
I tried to connect and run the scan today but I could not get any Internet connectivity on the computer. Even after several attempts, no luck. Suggestions?
Thanks
Jim

#33 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:57 AM

Posted 25 November 2012 - 12:59 PM

Hi,



When did your Internet connection stop working?




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#34 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:57 PM

Posted 25 November 2012 - 03:28 PM

It hasn't. It is only when booting on that CD. Windows connectivity is fine as well as other computers in the house.

#35 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:57 AM

Posted 27 November 2012 - 07:38 AM

Hi there,



Can you please copy the file on your CD/USB and upload it to Jotti in Normal Mode or from another PC?




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#36 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:57 PM

Posted 30 November 2012 - 10:50 PM

Trying now.

#37 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:57 PM

Posted 01 December 2012 - 11:17 PM

Hi
Here are the results of the scan. Interesting site!
Thanks!
Jim

Edit: http://virusscan.jotti.org/en-gb/scanresult/56f04a2921d443971aa8f1b84aa1467b152e1e19


Jotti's malware scan
Filename: ibrsqlxl.sys
Status:
Scan finished. 3 out of 19 scanners reported malware.
Scan taken on: Sun 2 Dec 2012 05:14:36 (CET) Permalink

Additional info
File size: 23424 bytes
Filetype: PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5: 51fcf1d279625c39962e85d65952a859
SHA1: d23056b6e4d004410a53f3d3b79870f5a22f0ce2
Packer (Kaspersky): PE_Patch




Scanners
[ArcaVir]
2012-12-01 Found nothing
[F-Secure Anti-Virus]
2012-12-02 Found nothing
[Avast! antivirus]
2012-12-01 Win32:DrvPatch
[G DATA]
2012-12-02 Win32:DrvPatch
[Grisoft AVG Anti-Virus]
2012-12-01 Found nothing
[Ikarus]
2012-12-01 Found nothing
[Avira AntiVir]
2012-12-01 TR/Patched.Gen
[Kaspersky Anti-Virus]
2012-12-02 Found nothing
[Softwin BitDefender]
2012-12-02 Found nothing
[Panda Antivirus]
2012-12-01 Found nothing
[ClamAV]
2012-12-01 Found nothing
[Quick Heal]
2012-12-01 Found nothing
[CPsecure]
2012-12-02 Found nothing
[Sophos]
2012-12-02 Found nothing
[Dr.Web]
2012-12-02 Found nothing
[VirusBlokAda VBA32]
2012-11-30 Found nothing
[ESET]
2012-12-01 Found nothing
[VirusBuster]
2012-12-01 Found nothing
[Frisk F-Prot Antivirus]
2012-12-01 Found nothing

Edited by whatisavailable, 01 December 2012 - 11:21 PM.


#38 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:57 AM

Posted 02 December 2012 - 02:22 PM

Hi there,



You're welcome for the site. :)

I will come back with a reply ASAP.


Thank you for your patience!



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#39 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:57 AM

Posted 04 December 2012 - 07:21 AM

Hi there,

Boot into Normal Mode (change the setting in the BIOS in order to boot from the HDD) follow the next steps:


Firstly, I'd want to make the extensions of the files visible in order to accomplish the next steps.
Please go to My Computer->Tools->Folder Options switch to the View tab.
Look for the "Hide extensions for known file types" option and make sure it unticked (deselected).
Click on Apply and then Ok to exit.



  • Please go to Start and select the Run option.
  • A Run window should pop up. Please type in notepad and that should bring up the notepad window waiting for a text to be introduced.
  • Copy/Paste the following text exactly as it's written:


    REGEDIT /E "C:\Documents and Settings\jim\Desktop\regkey.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\splitter"

  • Then in the Notepad window go to File->Save As and save the file on the desktop under the name of regbatch.bat. (not .txt )
  • You should see the newly created file on your desktop.
  • Double-click the regbatch.bat file and wait for it to finish, it should create a regkey.txt file on the desktop.
  • Open the regkey.txt file and paste the content in your next reply.



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#40 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:57 AM

Posted 09 December 2012 - 02:58 PM

Hi,



Do you still need help? It's been a while since you last replied.




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#41 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:57 PM

Posted 11 December 2012 - 09:46 AM

Hi
I will pull the results off later today.
Thank you for your patience.
Jim

#42 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:57 AM

Posted 15 December 2012 - 06:20 AM

Hi,


Do you still need help? We will close this topic in a day if you do not give some feedback.




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#43 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:57 PM

Posted 15 December 2012 - 01:18 PM

Yes, I do. I will post something tomorrow. Sorry for the delay!

#44 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:57 PM

Posted 17 December 2012 - 11:40 PM

Having issues with getting it posted. Almost done, I hope.

#45 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:57 PM

Posted 18 December 2012 - 12:23 AM

Finally was able to post it. Took the computer about 25 mins to get to a point to allow me to post it. It is still quite slow.
Thanks!
Jim

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\splitter]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,70,00,6c,00,69,00,74,00,74,\
00,65,00,72,00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="Microsoft Kernel Audio Splitter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\splitter\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\splitter\Enum]
"Count"=dword:00000000
"NextInstance"=dword:00000000




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users