WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Slow

2 posters

descriptionSlow - Page 1 EmptyRe: Slow28th July 2010, 9:14 pm

more_horiz
GMER

Note about this tool:
  • This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  • This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  • No matter what is in the log, please post all the information/contents of the log.


Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

descriptionSlow - Page 1 EmptyRe: Slow28th July 2010, 10:51 pm

more_horiz
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-28 16:51:04
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\pxtdrpog.sys


---- System - GMER 1.0.15 ----

SSDT F7D029FE ZwCreateKey
SSDT F7D029F4 ZwCreateThread
SSDT F7D02A03 ZwDeleteKey
SSDT F7D02A0D ZwDeleteValueKey
SSDT F7D02A12 ZwLoadKey
SSDT F7D029E0 ZwOpenProcess
SSDT F7D029E5 ZwOpenThread
SSDT F7D02A1C ZwReplaceKey
SSDT F7D02A17 ZwRestoreKey
SSDT F7D02A08 ZwSetValueKey
SSDT F7D029EF ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS.1\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6F25000, 0x1C5D38, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\DNA\btdna.exe[308] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 003F000A
.text C:\WINDOWS.1\system32\ctfmon.exe[476] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 003F000A
.text C:\WINDOWS.1\Explorer.EXE[512] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00CE000A
.text C:\WINDOWS.1\system32\spoolsv.exe[1504] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00F3000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3572] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

descriptionSlow - Page 1 EmptyRe: Slow29th July 2010, 4:31 am

more_horiz
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

descriptionSlow - Page 1 EmptyRe: Slow29th July 2010, 4:38 am

more_horiz
GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:37 on 28/07/2010 (Alexander)
Firefox version 3.6.8 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:52 20/05/2010]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [00:08 07/11/2080]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [23:14 21/12/2008]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [07:09 05/04/2009]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [07:32 07/09/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [05:46 05/11/2009]

C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Profiles\gigk9imp.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [04:41 20/05/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS.1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [23:39 28/01/2010]

-=E.O.F=-

descriptionSlow - Page 1 EmptyRe: Slow29th July 2010, 4:55 am

more_horiz
Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be neutralized then choose the delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.

descriptionSlow - Page 1 EmptyRe: Slow29th July 2010, 5:11 am

more_horiz
This link doesn't work, so I can't download it.

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

descriptionSlow - Page 1 EmptyRe: Slow29th July 2010, 5:19 am

more_horiz
Worked fine for me Let me think

descriptionSlow - Page 1 EmptyRe: Slow29th July 2010, 9:52 am

more_horiz
Something is blocking it on this PC, because it works on my laptop. I'll transfer it to a flash/hard drive in the morning and try it then.

descriptionSlow - Page 1 EmptyRe: Slow

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum