Software > Virus and spyware removal
Computer runs very very very Slooooow
SuperDave:
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/
Unzip it into a folder on your desktop.
[*]Double click Sysprot.exe to start the program.
[*]Click on the Log tab.
[*]In the Write to log box select the following items.
[*] Process << Selected
[*] Kernel Modules << Selected
[*] SSDT << Selected
[*] Kernel Hooks << Selected
[*] IRP Hooks << NOT Selected
[*] Ports << NOT Selected
[*] Hidden Files << Selected
[/list]
[*]At the bottom of the page
[*] Hidden Objects Only << Selected
[/list]
[*]Click on the Create Log button on the bottom right.
[*]After a few seconds a new window should appear.
[*]Select Scan Root Drive. Click on the Start button.
[*]When it is complete a new window will appear to indicate that the scan is finished.
[*]The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
[/list]
srose:
Here is the sysprot log:
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{348C1909-398B-45BE-933E-9F1FC90C47E5}\MpKsl41b40909.sys
Service Name: MpKsl41b40909
Module Base: F777F000
Module End: F7785000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: AB043000
Module End: AB05B000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F79D7000
Module End: F79D9000
Hidden: Yes
Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: AA849000
Module End: AA84B000
Hidden: Yes
Module Name: \??\C:\DOCUME~1\SEANAN~1\LOCALS~1\Temp\catchme.sys
Service Name: catchme
Module Base: F77BF000
Module End: F77C7000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAllocateVirtualMemory
Address: AB274420
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwAssignProcessToJobObject
Address: AB274C60
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwConnectPort
Address: AB272A90
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwCreateFile
Address: AB281CB0
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwCreatePort
Address: AB272740
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwCreateProcess
Address: AB26F320
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwCreateProcessEx
Address: AB26F710
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwCreateSection
Address: AB26EDE0
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwCreateThread
Address: AB270CA0
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwDebugActiveProcess
Address: AB271900
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwDuplicateObject
Address: AB272410
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwLoadDriver
Address: AB273B40
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwOpenFile
Address: AB282420
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwOpenProcess
Address: AB270630
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwOpenSection
Address: AB26F080
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwOpenThread
Address: AB2711C0
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwProtectVirtualMemory
Address: AB2748A0
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwQueryDirectoryFile
Address: AB273FB0
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwQueueApcThread
Address: AB274E00
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwRequestWaitReplyPort
Address: AB273690
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwRestoreKey
Address: AB281940
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwResumeThread
Address: AB272060
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwSecureConnectPort
Address: AB272E80
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwSetContextThread
Address: AB2716E0
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwSetSystemInformation
Address: AB271AA0
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwShutdownSystem
Address: AB273A10
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwSuspendProcess
Address: AB272240
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwSuspendThread
Address: AB271E60
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwSystemDebugControl
Address: AB271C90
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwTerminateProcess
Address: AB270A30
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwTerminateThread
Address: AB2714B0
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwUnloadDriver
Address: AB273D70
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwWriteVirtualMemory
Address: AB274A70
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
******************************************************************************************
******************************************************************************************
SuperDave:
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
[*]Click on to download the ESET Smart Installer. Save it to your desktop.
[*]Double click on the icon on your desktop.
[/list]
•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
srose:
Just FYI my computer seemed to be running better after the mini dump, but since the sprt was installed and ran it is back to running 100% CPU most of the time. I wasn't sure on the removal of the sprt since I didn't see it in the add/remove files or on my ccleaner. Can I just send the file from the desktop to the recycle bin and get rid of it?
Here is my ESET scan Log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=d0ad1eb7936f7049ac389a8d5715c093
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-29 04:20:32
# local_time=2011-08-29 12:20:32 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 107442176 107442176 0 0
# compatibility_mode=1024 16777215 100 0 47417915 47417915 0 0
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776533 42 87 0 10508239 0 0
# compatibility_mode=6401 16777213 66 100 25813302 53641351 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=109414
# found=0
# cleaned=0
# scan_time=14677
Thank You
SuperDave:
--- Quote ---but since the sprt was installed and ran it is back to running 100% CPU most of the time.
--- End quote ---
What is this sprt that you're talking about?
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version