-
Yes a lot of lag when i type, Chrome crashing a lot, lag when editing my pictures etc etc...
-
That was fast. Looks like you have Defender, Ad-aware, Emisoft and Spybot. Iam not sure if all these have real time protection features. If they do it means they are running in the background, most likely you would see there icon down by the clock. If thats the case, having 4 running is to much. They will chew up systems resources. Its also not necessary because they often over lap in what they provide.
You can check them for the option not to start with Windows. One along with your AV is plenty. You could use the others for on demand scanning.
-
-
Your right those are registry entries, I was working from memory. Those tools you have run are for detecting and removing rootkits which are as you say " deep within" the OS. We can get one more to run:
Please download aswmbr.exe to your desktop.
Nevermind, you've run that already. Log looks ok. Are you getting web page redirection?
Last edited by shelf life; 2012-11-22 at 04:48.
-
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-12 04:50:29
-----------------------------
04:50:29.311 OS Version: Windows 6.0.6002 Service Pack 2
04:50:29.311 Number of processors: 4 586 0xF0B
04:50:29.312 ComputerName: ROMSTER2 UserName: R0M
04:50:30.993 Initialize success
04:50:55.166 AVAST engine defs: 12111101
04:51:00.456 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
04:51:00.457 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
04:51:00.460 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
04:51:00.462 Disk 1 Vendor: ST31000340AS SD1A Size: 953869MB BusType: 3
04:51:00.464 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007a
04:51:00.467 Disk 2 Vendor: Size: 953869MB BusType: 0
04:51:00.469 Disk 3 \Device\Harddisk3\DR3 -> \Device\0000007b
04:51:00.472 Disk 3 Vendor: Size: 953869MB BusType: 0
04:51:00.475 Disk 4 \Device\Harddisk4\DR4 -> \Device\0000007c
04:51:00.478 Disk 4 Vendor: Size: 953869MB BusType: 0
04:51:00.481 Disk 5 \Device\Harddisk5\DR5 -> \Device\0000007d
04:51:00.484 Disk 5 Vendor: Size: 953869MB BusType: 0
04:51:00.488 Disk 6 \Device\Harddisk6\DR6 -> \Device\00000085
04:51:00.493 Disk 6 Vendor: Size: 953869MB BusType: 0
04:51:00.514 Disk 0 MBR read successfully
04:51:00.518 Disk 0 MBR scan
04:51:00.524 Disk 0 Windows VISTA default MBR code
04:51:00.529 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
04:51:00.538 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
04:51:00.553 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461516 MB offset 31586304
04:51:00.571 Disk 0 scanning sectors +976771072
04:51:00.695 Disk 0 scanning C:\Windows\system32\drivers
04:51:11.830 Service scanning
04:51:33.878 Modules scanning
04:51:42.230 Disk 0 trace - called modules:
04:51:42.286 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
04:51:42.290 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860a54c0]
04:51:42.294 3 CLASSPNP.SYS[8ada48b3] -> nt!IofCallDriver -> [0x8522c538]
04:51:42.299 5 acpi.sys[830956bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84ff0b98]
04:51:43.779 AVAST engine scan C:\Windows
04:51:52.920 AVAST engine scan C:\Windows\system32
04:54:22.138 AVAST engine scan C:\Windows\system32\drivers
04:54:33.384 AVAST engine scan C:\Users\R0M
06:19:08.902 AVAST engine scan C:\ProgramData
06:21:16.968 Scan finished successfully
12:35:53.441 Disk 0 MBR has been saved successfully to "C:\Users\R0M\Desktop\MBR.dat"
12:35:53.508 The log file has been saved successfully to "C:\Users\R0M\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-21 21:24:43
-----------------------------
21:24:43.169 OS Version: Windows 6.0.6002 Service Pack 2
21:24:43.169 Number of processors: 4 586 0xF0B
21:24:43.171 ComputerName: ROMSTER2 UserName: R0M
21:25:49.823 Initialize success
22:06:20.818 AVAST engine defs: 12112101
22:07:54.646 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:07:54.648 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
22:07:54.651 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
22:07:54.653 Disk 1 Vendor: ST31000340AS SD1A Size: 953869MB BusType: 3
22:07:54.656 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007c
22:07:54.658 Disk 2 Vendor: Size: 953869MB BusType: 0
22:07:54.660 Disk 3 \Device\Harddisk3\DR3 -> \Device\0000007d
22:07:54.663 Disk 3 Vendor: Size: 953869MB BusType: 0
22:07:54.667 Disk 4 \Device\Harddisk4\DR4 -> \Device\0000007e
22:07:54.670 Disk 4 Vendor: Size: 953869MB BusType: 0
22:07:54.673 Disk 5 \Device\Harddisk5\DR5 -> \Device\0000007f
22:07:54.676 Disk 5 Vendor: Size: 953869MB BusType: 0
22:07:54.680 Disk 6 \Device\Harddisk6\DR6 -> \Device\00000085
22:07:54.685 Disk 6 Vendor: Size: 953869MB BusType: 0
22:07:54.697 Disk 0 MBR read successfully
22:07:54.702 Disk 0 MBR scan
22:07:54.779 Disk 0 Windows VISTA default MBR code
22:07:54.784 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
22:07:54.804 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
22:07:54.818 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461516 MB offset 31586304
22:07:54.826 Disk 0 scanning sectors +976771072
22:07:54.901 Disk 0 scanning C:\Windows\system32\drivers
22:08:05.150 Service scanning
22:08:28.750 Modules scanning
22:08:33.491 Disk 0 trace - called modules:
22:08:33.549 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
22:08:33.554 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860a8770]
22:08:33.558 3 CLASSPNP.SYS[8ada58b3] -> nt!IofCallDriver -> [0x85e67220]
22:08:33.563 5 acpi.sys[8309e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85dcd820]
22:08:35.518 AVAST engine scan C:\Windows
22:08:41.953 AVAST engine scan C:\Windows\system32
22:11:58.077 AVAST engine scan C:\Windows\system32\drivers
22:12:09.505 AVAST engine scan C:\Users\R0M
23:52:50.137 AVAST engine scan C:\ProgramData
23:55:38.871 Scan finished successfully
03:54:34.129 Disk 0 MBR has been saved successfully to "C:\Users\R0M\Desktop\MBR.dat"
03:54:34.894 The log file has been saved successfully to "C:\Users\R0M\Desktop\aswMBR.txt"
-
Very rarely i get redirection, why?
-
I am more concerned about the hidden directories found in my c:\windows\system32 how come we don't get rid of them?
-
hi oyehia,
Redirection could be a sign of a rootkit. Really it would like your browser had a mind of its own ending up at sites you had no intention of going to.
Those files found by rootalyzer, I cant say what the significance is or if they are actual files. Iam not familiar with rootalyzer or its findings. If they had identifiable extensions like .dll or .sys then they most likely would have shown up in the other tools you ran.
-
So what is the next step, and who can help with the rootanalyzer program it seems we are going in a circle here...
-
There is a forum here for rootalyzer help.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules