Topic: Windows 7 Ultimate PC sluggish
View Single Post
  #6  
Old August 23rd, 2014, 10:16 AM
jonboy123 jonboy123 is offline
Senior Member
  
Join Date: Jan 2009
O/S: Windows 10 Pro
Location: Leicester, UK
Posts: 295
Hi Tom.

Couldn't find either of these files to send to you. Are you able to advise on what the correct DNS settings should be? (I changed them a while ago to just make web browsing more secure for my daughter but not sure if i did it correctly) If Avast is the culprit, would you advise changing to another antivirus program. I installed Avast originally because of its low resource usage and good reviews on CNet, but that was a while ago.

Here is the GMER log

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-08-23 10:06:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-00UU3A0 rev.01.03B01 465.76GB
Running: r9d45imn.exe; Driver: C:\Users\Jon\AppData\Local\Temp\uwldypow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLoo kasideList + 528 fffff80002fa4000 45 bytes [70, 11, 05, 00, 00, 00, 63, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLoo kasideList + 574 fffff80002fa402e 24 bytes [1D, 00, E3, B2, 5D, C0, 13, ...]

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 000000014a2d0460
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 000000014a2d0450
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 000000014a2d0370
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 000000014a2d0470
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 000000014a2d03e0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 000000014a2d0320
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 000000014a2d03b0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 000000014a2d0390
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 000000014a2d02e0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 000000014a2d02d0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 000000014a2d0310
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 000000014a2d03c0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 000000014a2d03f0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 000000014a2d0230
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 000000014a2d0480
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 000000014a2d03a0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 000000014a2d02f0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 000000014a2d0350
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 000000014a2d0290
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 000000014a2d02b0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 000000014a2d03d0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 000000014a2d0330
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 000000014a2d0410
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 000000014a2d0240
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 000000014a2d01e0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 000000014a2d0250
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 000000014a2d0490
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 000000014a2d04a0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 000000014a2d0300
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 000000014a2d0360
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 000000014a2d02a0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 000000014a2d02c0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 000000014a2d0380
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 000000014a2d0340
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 000000014a2d0440
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 000000014a2d0260
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 000000014a2d0270
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 000000014a2d0400
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 000000014a2d01f0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 000000014a2d0210
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 000000014a2d0200
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 000000014a2d0420
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 000000014a2d0430
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 000000014a2d0220
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 000000014a2d0280
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000000776c03f0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 00000000776c0230
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 00000000776c0480
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000000776c03a0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000000776c02f0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 00000000776c0350
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 00000000776c0290
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000000776c02b0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000000776c03d0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 00000000776c0330
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 00000000776c0410
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 00000000776c0240
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000000776c01e0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 00000000776c0250
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 00000000776c0490
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000000776c04a0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 00000000776c0300
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 00000000776c0360
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000000776c02a0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000000776c02c0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 00000000776c0380
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 00000000776c0340
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 00000000776c0440
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 00000000776c0260
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 00000000776c0270
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 00000000776c0400
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000000776c01f0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 00000000776c0210
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 00000000776c0200
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 00000000776c0420
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 00000000776c0430
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 00000000776c0220
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 00000000776c0280
.text C:\Windows\system32\services.exe[580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007744ef8d 1 byte [62]
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread
Reply With Quote