Computer is S-L-O-W
- Thread starter windowguy
- Start date
Shaba
Security Expert: Emeritus
Download gmer.zip and save to your desktop.
alternate download site
alternate download site
- Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
- When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open. - Double-click on Gmer.exe to start the program.
- Allow the gmer.sys driver to load if asked.
- If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
- Click on the Rootkit tab.
- Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
- Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
- Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. - When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
- Note: If you have any problems, try running GMER in SAFE MODE"
I am unable to run the program either in regular or safe mode.
In regular mode it runs for some time then the computer crashes
and I get a blue screen where I have to restart the computer.
In safe mode it shows a perpetual hour glass when I run it.
I appreciate your help,
Thank you,
Window guy
In regular mode it runs for some time then the computer crashes
and I get a blue screen where I have to restart the computer.
In safe mode it shows a perpetual hour glass when I run it.
I appreciate your help,
Thank you,
Window guy
I changed the name of the short cut on the desktop but it crashed and I got
the blue screen serious error message again. I don't know how to change
the name of the program. I don't know how to reload windows, and I rarely
understand your instructions.
I ran mbam and it removed some things, I know you didn't ask me but I have
to use my computer to get bids done and every 10 seconds I was having a
problem, or my antivirus was sending me a message.
I appreciate your help, sorry for my lack of computer knowledge.
Thank you,
I know you didn't ask for this but here it is anyway. Mbam log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
5/10/2010 15:50:53
mbam-log-2010-05-10 (15-50-53).txt
Scan type: Quick scan
Objects scanned: 143540
Time elapsed: 8 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\edbcicfa (Rogue.AntivirusSuite.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\edbcicfa (Rogue.AntivirusSuite.Gen) -> No action taken.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> No action taken.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Bill\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Bill\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\IEXPLORE.EXE") Good: (iexplore.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Bill\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
5/10/2010 15:50:53
mbam-log-2010-05-10 (15-50-53).txt
Scan type: Quick scan
Objects scanned: 143540
Time elapsed: 8 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\edbcicfa (Rogue.AntivirusSuite.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\edbcicfa (Rogue.AntivirusSuite.Gen) -> No action taken.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> No action taken.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Bill\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Bill\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\IEXPLORE.EXE") Good: (iexplore.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Bill\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I use it for both, I have my own small business selling windows (the kind that
go into houses not on computers) I use this computer for everything. It belongs
to me and not some company I work for.
Neither my son nor I are capable of fixing it by ourselves.
Shaba
Security Expert: Emeritus
Yes but I didn't mean that.
What I meant that you said that you had problems following instructions.
So if you have issues, then another option is to bring it to some computer store for checkup as I can't be physically there.
Of course I can try to give more detailed instructions if you want so.
What I meant that you said that you had problems following instructions.
So if you have issues, then another option is to bring it to some computer store for checkup as I can't be physically there.
Of course I can try to give more detailed instructions if you want so.
I will do the best that I can to follow your instructions. I really do
appreciate your help, I am sure that I am displaying fear of the
unknown and my frustration of not knowing what is going on inside
the black box of my computer.
I was unsuccessful running Gmer, either in safe mode or in regular mode
I renamed the shortcut on my computer desktop and tried to run it again,
it runs for quite some time then I get a blue screen and have to restart my
computer.
Thank you again for your help
window guy
appreciate your help, I am sure that I am displaying fear of the
unknown and my frustration of not knowing what is going on inside
the black box of my computer.
I was unsuccessful running Gmer, either in safe mode or in regular mode
I renamed the shortcut on my computer desktop and tried to run it again,
it runs for quite some time then I get a blue screen and have to restart my
computer.
Thank you again for your help
window guy
