A client brought in a laptop with the following config (Basic):
* Win XP home
* Athalon XP 2600
* 512MB
* ATi Video
* Nav
* Dialup connection to the internet
Upon recipt I noticed that regedit, and taskmgr would not operate.
(open and close after a few seconds.) I Renamed the two files and opened regedit.
I also noticed an extreme amount of outbound traffice on port 445 (microsoft-ds). From a dial up connection to the internet the machine ceases to access the internet. On a Lan connection it is slow (Probably from all of the outbound traffic)
I found nothing in HKLM/Software/Microsoft/Current Version/ RUN (Run Once) (Run Services) that should not be there.
I also checked in HKCU/etc........
I have used Hijackthis, Adaware, and Spybot S @ D to remove all malware
I used NAV, Mcafee, AVG, TRend Micro, and TDS-3 to determine that no viruses were on the system.
To no avail I cannot see a running process that is initiating this flow of traffic, or the changes that prevedt regedit and taskmgr from running.
here is a list of running processes
* smss.exe
* csrss.exe
* winlogon.exe
* services.exe
* lsass.exe
* svchost.exe
* svchost.exe
* spoolsvc.exe
* Explorer.exe
* Ati2evxxx.exe
* navapsvc.exe
* svchost.exe
* AgentSvr.exe
Any help would be great.
Other things that I have tried include:
System file checker
MS info to determine that all loaded modues were from known sources.
I know that the file somehow uses svchost.exe to function, but don;t know what file calls it.
Thanks in advance.
GIZMO
__________________
It is a miracle that curiosity survives formal education. -- Albert Einstein
It said 'Insert disk #3', but only two will fit. -- The average customer.
"There is no need for any individual to have a computer in their home." – Ken Olson, President of Digital Equipment Corp., 1977 …….
tec_star@hotmail.com
Report Post | IP: Logged
* Win XP home
* Athalon XP 2600
* 512MB
* ATi Video
* Nav
* Dialup connection to the internet
Upon recipt I noticed that regedit, and taskmgr would not operate.
(open and close after a few seconds.) I Renamed the two files and opened regedit.
I also noticed an extreme amount of outbound traffice on port 445 (microsoft-ds). From a dial up connection to the internet the machine ceases to access the internet. On a Lan connection it is slow (Probably from all of the outbound traffic)
I found nothing in HKLM/Software/Microsoft/Current Version/ RUN (Run Once) (Run Services) that should not be there.
I also checked in HKCU/etc........
I have used Hijackthis, Adaware, and Spybot S @ D to remove all malware
I used NAV, Mcafee, AVG, TRend Micro, and TDS-3 to determine that no viruses were on the system.
To no avail I cannot see a running process that is initiating this flow of traffic, or the changes that prevedt regedit and taskmgr from running.
here is a list of running processes
* smss.exe
* csrss.exe
* winlogon.exe
* services.exe
* lsass.exe
* svchost.exe
* svchost.exe
* spoolsvc.exe
* Explorer.exe
* Ati2evxxx.exe
* navapsvc.exe
* svchost.exe
* AgentSvr.exe
Any help would be great.
Other things that I have tried include:
System file checker
MS info to determine that all loaded modues were from known sources.
I know that the file somehow uses svchost.exe to function, but don;t know what file calls it.
Thanks in advance.
GIZMO
__________________
It is a miracle that curiosity survives formal education. -- Albert Einstein
It said 'Insert disk #3', but only two will fit. -- The average customer.
"There is no need for any individual to have a computer in their home." – Ken Olson, President of Digital Equipment Corp., 1977 …….
tec_star@hotmail.com
Report Post | IP: Logged
