Software > Virus and spyware removal
Computer runs very very very Slooooow
srose:
I am sorry it is the SysProt antiroot kit that you had me down load to my desk top and do a scan with it.
SuperDave:
Ok. You can delete SysProt AntiRootkit.
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.
srose:
Super Dave,
I apologize that it has taken me so long, but here is the log:
Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 0 K 16 K
System 4 49.23 0 K 244 K
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
smss.exe 424 176 K 428 K Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 508 1,932 K 5,148 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 532 10,504 K 3,096 K Windows NT Logon Application Microsoft Corporation winlogon.exe
services.exe 576 1,984 K 3,796 K Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe
ati2evxx.exe 760 592 K 2,472 K ATI External Event Utility EXE Module ATI Technologies Inc. C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe 776 3,424 K 5,644 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe 824 2,120 K 5,048 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k rpcss
svchost.exe 944 46.92 120,448 K 133,624 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs
wuauclt.exe 3000 13,424 K 125,056 K Windows Update Microsoft Corporation "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[3b0]SUSDSf8f17ec3dcad2046b15ff9286110eddc
svchost.exe 1032 1,980 K 4,296 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k NetworkService
svchost.exe 1108 1,744 K 4,296 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
oacat.exe 1172 2,424 K 2,816 K Online Armor Component Tall Emu "C:\Program Files\Tall Emu\Online Armor\OAcat.exe"
oasrv.exe 1300 22,312 K 6,428 K Online Armor Component Tall Emu "C:\Program Files\Tall Emu\Online Armor\oasrv.exe"
spoolsv.exe 1496 4,940 K 8,668 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
svchost.exe 1988 2,408 K 5,764 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalService
SASCORE.EXE 656 748 K 2,336 K Core Service SUPERAntiSpyware.com "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE"
ehsched.exe 1392 892 K 3,124 K Media Center Scheduler Service Microsoft Corporation C:\WINDOWS\ehome\ehSched.exe
inetinfo.exe 1704 6,604 K 12,460 K Internet Information Services Microsoft Corporation C:\WINDOWS\system32\inetsrv\inetinfo.exe
davcdata.exe 4060 496 K 1,500 K HTTP-DAV common data Microsoft Corporation "C:\WINDOWS\system32\inetsrv\DavCData.exe"
IntuitUpdateService.exe 2036 21,388 K 468 K Intuit Update Service Intuit Inc. "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"
iviRegMgr.exe 1260 708 K 2,460 K RegMgr Module InterVideo "C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe"
jqs.exe 1216 2,464 K 2,180 K Java(TM) Quick Starter Service Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
PsiService_2.exe 652 688 K 2,232 K PsiService PsiService Protexis Inc. "C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"
snmp.exe 1740 1,628 K 4,124 K SNMP Service Microsoft Corporation C:\WINDOWS\System32\snmp.exe
svchost.exe 2132 3,660 K 7,624 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k imgsvc
wdfmgr.exe 2460 1,660 K 1,972 K Windows User Mode Driver Manager Microsoft Corporation C:\WINDOWS\system32\wdfmgr.exe
WLIDSVC.EXE 2736 8,868 K 14,368 K Microsoft® Windows Live ID Service Microsoft Corporation "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSVCM.EXE 2272 716 K 2,232 K Microsoft® Windows Live ID Service Monitor Microsoft Corporation WLIDSvcM.exe 2736
searchindexer.exe 3092 20,196 K 31,284 K Microsoft Windows Search Indexer Microsoft Corporation C:\WINDOWS\system32\SearchIndexer.exe /Embedding
alg.exe 3244 1,280 K 3,744 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe
MsMpEng.exe 2812 109,040 K 80,692 K Antimalware Service Executable Microsoft Corporation "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
dllhost.exe 3840 2,368 K 6,420 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
lsass.exe 588 4,364 K 2,640 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
taskmgr.exe 2732 0.77 2,556 K 1,528 K Windows TaskManager Microsoft Corporation taskmgr.exe
explorer.exe 1788 0.77 28,856 K 37,452 K Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
oaui.exe 1088 0.77 6,912 K 8,200 K Online Armor Component Tall Emu "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
oahlp.exe 3236 5,572 K 1,024 K Online Armor Component Tall Emu "C:\Program Files\Tall Emu\Online Armor\OAhlp.exe"
msseces.exe 3652 7,576 K 12,356 K Microsoft Security Client User Interface Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
jusched.exe 1468 1,996 K 4,420 K Java(TM) Update Scheduler Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
GoogleToolbarNotifier.exe 1992 4,332 K 1,188 K GoogleToolbarNotifier Google Inc. "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ctfmon.exe 2264 2,048 K 4,748 K CTF Loader Microsoft Corporation "C:\WINDOWS\system32\ctfmon.exe"
iexplore.exe 220 11,876 K 2,120 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe"
iexplore.exe 3540 48,916 K 63,520 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:220 CREDAT:79873
procexp.exe 2332 13,888 K 7,772 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\Sean and Wylene\My Documents\ProcessExplorer\procexp.exe"
psi.exe 3732 1.54 42,136 K 17,796 K Secunia PSI Secunia "C:\Program Files\Secunia\PSI\psi.exe"
[regaining space - attachment deleted by admin]
SuperDave:
Please download Bootkit Remover by eSage Lab from here.
NOTE: This is a file compressed with Winrar. If you do not have the means to unpack it, you can download and install 7-zip from here.
[*]•Unpack remover.exe from the bootkit_remover.rar archive and save it to your Desktop
[*]•Doubleclick remover.exe to run the tool
[*]•A DOS window will open with the results of the scan
[*]•Rightclick that window and choose Select all
[*]•Simultaneously press [CTRL] + C (copy) and paste the text in your next reply.
[/list]
srose:
Dave,
I hope that I did this right. When I clicked on the link in the post it would give me an error 404 message, so I just went to the esage web site and got what I believe to be the right file. If it isn't right just let me know and I'll do it again.
Here is the copy of what came up when I ran that program:
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com
Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`93494000
Boot sector MD5 is: 37ea57b12221900823ef1f8d148ac245
Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Unknown boot code
Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
Done;
Press any key to quit...
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version