Help in understanding some info from FileAlyzer2

[LoneLurker]

My system is within my sig and it is running slower every time I have restarted. I do NOT do a WARM boot unless something was updated from Microsoft like security software or patches. Only do COLD boots.

I have downloaded and started using the FileAlyzer2 and do like the more extensive info provided, if I may have a little HELP in understanding some of it.

Start with my system has been acting a little strange since about early to mid November, 2008. Closes down my Avira AntiVir (latest version) updated daily, Comodo Firewall Pro until updated to Comodo Internet Security still is closed down unexpectedly, DiamondCS RegProt, TeaTimer, and anything that Vista installs like Volume control, Dell Support Center, and a few other. Also has stopped gone to a Black screen and started to reboot, I immediately press the ON/OFF control to prevent the WARM boot. Depending on my "Honey Does" it may take up to 3 or 4 hours before I am back to continue.

Have done some examinations of some of my dll files and becoming a little concerned. Example: Shell32.dll open in FileAlyzer2 - clicked on Disassembler tab - then Disassemble and find approximately 529 Blank Instruction lines and those that can be seen are not in alphabetical order, very randomized. Can you suggest any file to examine to see if there have been any additional information placed there to maybe ID if there have been any Virus or Trojan software placed there? There is one that has an entry UPX0 but the Hex area has all 0000 0000 in the area that highlites to match the info in the last column to the right.

One last point, ran FileAlyzer2 from within Admin access to Safe Mode Command Line and had several ERROR report requests to send and did not have a WWW connection to accomplish that, so I just selected the Continue Program. One was when I had clicked on the VERSION tab and cannot remember where the others were.

Enough for now, if you have any questions I will do all possible to find an answer,

[PepiMK]

Hmmmm... not sure if I understand... you have UPX0 shown for shell32.dll?
But if so, surely on the PE Sections tab, not the Disassembly tab (disassembling needs quite a lot of understanding of assembler )?

Microsoft does not compress files with UPX, if that file is, than it's not original!

[LoneLurker]

Hmmmm... not sure if I understand... you have UPX0 shown for shell32.dll?
But if so, surely on the PE Sections tab, not the Disassembly tab (disassembling needs quite a lot of understanding of assembler )?

Microsoft does not compress files with UPX, if that file is, than it's not original!

PepiMK,

You think you are not understanding some of this and you know what you are doing, come over to my side and NOT know what "I" am doing and attempting to tell you, Whew!

Please allow me to start over? The UPX0 and UPX1 were in an .exe file from GRC dot Com, I later discovered and NOT within 'shell32.dll,' have removed any files that were within the folders as well as several other folders to remove any possibility of returning of this problem if I am ever able to remove it and if it came from anything that was within those folders. To tell you more of the TRUTH the problem I am having may not be from any of those files I removed. They can be re-downloaded if ever needed.

I have been going through so many problems the last several weeks and months they are beginning to run together. One of those problems is the GMER program, downloaded a copy several months ago and never could get it to install or work. Have read in several forums that is a very good program and should be used. Downloaded a fresh copy about last Tuesday or Wednesday (17 or 18 Feb, 2009) and have better luck in getting this one to work, now just need to LEARN how to use it and what to do with all of the information that is made available by that program. This is not your problem, was just attempting to give some information on the use of your FileAlyzer2 and made you as confused as I am. Hope to clear the FOG soon on my problems as well as what I send to you.

Thank you for reading my rambling Roasted Poster, LATER,