Software > Virus and spyware removal

Computer runs very very very Slooooow

<< < (3/6) > >>

srose:
I am sorry it is the SysProt antiroot kit that you had me down load to my desk top and do a scan with it.

SuperDave:
Ok. You can delete SysProt AntiRootkit.

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

srose:
Super Dave,
I apologize that it has taken me so long, but here is the log:

Process   PID   CPU   Private Bytes   Working Set   Description   Company Name   Command Line
System Idle Process   0      0 K   16 K         
System   4   49.23   0 K   244 K         
 Interrupts   n/a   < 0.01   0 K   0 K   Hardware Interrupts and DPCs      
 smss.exe   424      176 K   428 K   Windows NT Session Manager   Microsoft Corporation   \SystemRoot\System32\smss.exe
  csrss.exe   508      1,932 K   5,148 K   Client Server Runtime Process   Microsoft Corporation   C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
  winlogon.exe   532      10,504 K   3,096 K   Windows NT Logon Application   Microsoft Corporation   winlogon.exe
   services.exe   576      1,984 K   3,796 K   Services and Controller app   Microsoft Corporation   C:\WINDOWS\system32\services.exe
    ati2evxx.exe   760      592 K   2,472 K   ATI External Event Utility EXE Module   ATI Technologies Inc.   C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe   776      3,424 K   5,644 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe   824      2,120 K   5,048 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k rpcss
    svchost.exe   944   46.92   120,448 K   133,624 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\System32\svchost.exe -k netsvcs
     wuauclt.exe   3000      13,424 K   125,056 K   Windows Update   Microsoft Corporation   "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[3b0]SUSDSf8f17ec3dcad2046b15ff9286110eddc
    svchost.exe   1032      1,980 K   4,296 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\System32\svchost.exe -k NetworkService
    svchost.exe   1108      1,744 K   4,296 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k LocalService
    oacat.exe   1172      2,424 K   2,816 K   Online Armor Component   Tall Emu   "C:\Program Files\Tall Emu\Online Armor\OAcat.exe"
    oasrv.exe   1300      22,312 K   6,428 K   Online Armor Component   Tall Emu   "C:\Program Files\Tall Emu\Online Armor\oasrv.exe"
    spoolsv.exe   1496      4,940 K   8,668 K   Spooler SubSystem App   Microsoft Corporation   C:\WINDOWS\system32\spoolsv.exe
    svchost.exe   1988      2,408 K   5,764 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\System32\svchost.exe -k LocalService
    SASCORE.EXE   656      748 K   2,336 K   Core Service   SUPERAntiSpyware.com   "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE"
    ehsched.exe   1392      892 K   3,124 K   Media Center Scheduler Service   Microsoft Corporation   C:\WINDOWS\ehome\ehSched.exe
    inetinfo.exe   1704      6,604 K   12,460 K   Internet Information Services   Microsoft Corporation   C:\WINDOWS\system32\inetsrv\inetinfo.exe
     davcdata.exe   4060      496 K   1,500 K   HTTP-DAV common data   Microsoft Corporation   "C:\WINDOWS\system32\inetsrv\DavCData.exe"
    IntuitUpdateService.exe   2036      21,388 K   468 K   Intuit Update Service   Intuit Inc.   "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"
    iviRegMgr.exe   1260      708 K   2,460 K   RegMgr Module   InterVideo   "C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe"
    jqs.exe   1216      2,464 K   2,180 K   Java(TM) Quick Starter Service   Sun Microsystems, Inc.   "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
    PsiService_2.exe   652      688 K   2,232 K   PsiService PsiService   Protexis Inc.   "C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"
    snmp.exe   1740      1,628 K   4,124 K   SNMP Service   Microsoft Corporation   C:\WINDOWS\System32\snmp.exe
    svchost.exe   2132      3,660 K   7,624 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\System32\svchost.exe -k imgsvc
    wdfmgr.exe   2460      1,660 K   1,972 K   Windows User Mode Driver Manager   Microsoft Corporation   C:\WINDOWS\system32\wdfmgr.exe
    WLIDSVC.EXE   2736      8,868 K   14,368 K   Microsoft® Windows Live ID Service   Microsoft Corporation   "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
     WLIDSVCM.EXE   2272      716 K   2,232 K   Microsoft® Windows Live ID Service Monitor   Microsoft Corporation   WLIDSvcM.exe 2736
    searchindexer.exe   3092      20,196 K   31,284 K   Microsoft Windows Search Indexer   Microsoft Corporation   C:\WINDOWS\system32\SearchIndexer.exe /Embedding
    alg.exe   3244      1,280 K   3,744 K   Application Layer Gateway Service   Microsoft Corporation   C:\WINDOWS\System32\alg.exe
    MsMpEng.exe   2812      109,040 K   80,692 K   Antimalware Service Executable   Microsoft Corporation   "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
    dllhost.exe   3840      2,368 K   6,420 K   COM Surrogate   Microsoft Corporation   C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
   lsass.exe   588      4,364 K   2,640 K   LSA Shell (Export Version)   Microsoft Corporation   C:\WINDOWS\system32\lsass.exe
   taskmgr.exe   2732   0.77   2,556 K   1,528 K   Windows TaskManager   Microsoft Corporation   taskmgr.exe
explorer.exe   1788   0.77   28,856 K   37,452 K   Windows Explorer   Microsoft Corporation   C:\WINDOWS\Explorer.EXE
 oaui.exe   1088   0.77   6,912 K   8,200 K   Online Armor Component   Tall Emu   "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
  oahlp.exe   3236      5,572 K   1,024 K   Online Armor Component   Tall Emu   "C:\Program Files\Tall Emu\Online Armor\OAhlp.exe"
 msseces.exe   3652      7,576 K   12,356 K   Microsoft Security Client User Interface   Microsoft Corporation   "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
 jusched.exe   1468      1,996 K   4,420 K   Java(TM) Update Scheduler   Sun Microsystems, Inc.   "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 GoogleToolbarNotifier.exe   1992      4,332 K   1,188 K   GoogleToolbarNotifier   Google Inc.   "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 ctfmon.exe   2264      2,048 K   4,748 K   CTF Loader   Microsoft Corporation   "C:\WINDOWS\system32\ctfmon.exe"
 iexplore.exe   220      11,876 K   2,120 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\iexplore.exe"
  iexplore.exe   3540      48,916 K   63,520 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:220 CREDAT:79873
 procexp.exe   2332      13,888 K   7,772 K   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   "C:\Documents and Settings\Sean and Wylene\My Documents\ProcessExplorer\procexp.exe"
 psi.exe   3732   1.54   42,136 K   17,796 K   Secunia PSI   Secunia   "C:\Program Files\Secunia\PSI\psi.exe"



[regaining space - attachment deleted by admin]

SuperDave:
Please download Bootkit Remover by eSage Lab from here.

NOTE: This is a file compressed with Winrar. If you do not have the means to unpack it, you can download and install 7-zip from here.

[*]•Unpack remover.exe from the bootkit_remover.rar archive and save it to your Desktop
[*]•Doubleclick remover.exe to run the tool
[*]•A DOS window will open with the results of the scan
[*]•Rightclick that window and choose Select all
[*]•Simultaneously press [CTRL] + C (copy) and paste the text in your next reply.
[/list]

srose:
Dave,

I hope that I did this right. When I clicked on the link in the post it would give me an error 404 message, so I just went to the esage web site and got what I believe to be the right file. If it isn't right just let me know and I'll do it again.

Here is the copy of what came up when I ran that program:

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`93494000
Boot sector MD5 is: 37ea57b12221900823ef1f8d148ac245

     Size  Device Name          MBR Status
 --------------------------------------------
   186 GB  \\.\PhysicalDrive0   Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version