Computer is S-L-O-W

Download gmer.zip and save to your desktop.
alternate download site
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..
 
I am unable to run the program either in regular or safe mode.

In regular mode it runs for some time then the computer crashes
and I get a blue screen where I have to restart the computer.

In safe mode it shows a perpetual hour glass when I run it.

I appreciate your help,

Thank you,

Window guy
 
Then please rename gmer.exe and try again.

I changed the name of the short cut on the desktop but it crashed and I got
the blue screen serious error message again. I don't know how to change
the name of the program. I don't know how to reload windows, and I rarely
understand your instructions.

I ran mbam and it removed some things, I know you didn't ask me but I have
to use my computer to get bids done and every 10 seconds I was having a
problem, or my antivirus was sending me a message.

I appreciate your help, sorry for my lack of computer knowledge.

Thank you,
 
I know you didn't ask for this but here it is anyway. Mbam log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/10/2010 15:50:53
mbam-log-2010-05-10 (15-50-53).txt

Scan type: Quick scan
Objects scanned: 143540
Time elapsed: 8 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\edbcicfa (Rogue.AntivirusSuite.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\edbcicfa (Rogue.AntivirusSuite.Gen) -> No action taken.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> No action taken.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Bill\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Bill\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\IEXPLORE.EXE") Good: (iexplore.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Bill\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
"I know you didn't ask me but I have
to use my computer to get bids done "

So is this computer for personal use only?
 
"I know you didn't ask me but I have
to use my computer to get bids done "

So is this computer for personal use only?

I use it for both, I have my own small business selling windows (the kind that
go into houses not on computers) I use this computer for everything. It belongs
to me and not some company I work for.
 
I use the computer in my home at my home and my son uses it as well.

Are you willing or able to help me? neither my son nor I are capable of
fixing it.

Thank you,

Window guy
 
It depends if you are able to follow instructions. I can't do anything physically from here.

Could your son be more comfortable working with computers?
 
Yes but I didn't mean that.

What I meant that you said that you had problems following instructions.

So if you have issues, then another option is to bring it to some computer store for checkup as I can't be physically there.

Of course I can try to give more detailed instructions if you want so.
 
I will do the best that I can to follow your instructions. I really do
appreciate your help, I am sure that I am displaying fear of the
unknown and my frustration of not knowing what is going on inside
the black box of my computer.

I was unsuccessful running Gmer, either in safe mode or in regular mode
I renamed the shortcut on my computer desktop and tried to run it again,
it runs for quite some time then I get a blue screen and have to restart my
computer.

Thank you again for your help

window guy
 
I don't really know is there a way to tell ? There is a
desktop icon, I right clicked the icon and changed the
name.

I appreciate your help

Thank you,

Window guy
 
Well shortcuts usually have an arrow in lower left corner unless tweaked.

Please a search for gmer.exe and post back locations if any found.
 
The icon didn't have the shortcut arrow that you are
referring to. I changed it previously to Gman.exe after
a search the only references to Gmer were in the
documents and settings downloads.

I appreciate your help

Thank you

Window guy
 
So then please move that gmer.exe from documents and settings downloads to desktop, rename it and try to run it :)
 
I renamed the Gmer file and ran it and it crashes and I get the
blue screen serious error memory dump screen

I appreciate your help

Thank you,
 
Back
Top