System Restore window "PC Performance & Stability analysis rep
Started by
maezhou
, Oct 22 2011 03:20 AM
#31
Posted 23 October 2011 - 01:39 PM
#32
Posted 23 October 2011 - 01:45 PM
It should not tak that long - but if you wish you can stop the scan and go for the system analysis, that takes about ten minutes
#33
Posted 23 October 2011 - 01:59 PM
Stop scan now and do it later?
If I stop scanning and do the sys analysis, will that not affect the system analysis?
OK. I stopped the scanning. It's just 7% completed after more than 2 hours of scanning.
I'm now running the Manual Disinfection > Gathering system information.
I'll post the result.
If I stop scanning and do the sys analysis, will that not affect the system analysis?
OK. I stopped the scanning. It's just 7% completed after more than 2 hours of scanning.
I'm now running the Manual Disinfection > Gathering system information.
I'll post the result.
Edited by maezhou, 23 October 2011 - 02:25 PM.
#34
Posted 23 October 2011 - 02:24 PM
No as the system analysis looks at different elements
#35
Posted 23 October 2011 - 02:40 PM
Attached Manual Disinfection report file
avptool_sysinfo.zip 18.17KB 425 downloads
avptool_sysinfo.zip 18.17KB 425 downloads
Edited by maezhou, 23 October 2011 - 02:40 PM.
#36
Posted 23 October 2011 - 03:14 PM
- Re-run AVPTool
- Select the Manual Disinfection tab and press Script execution
- Where it states Insert text script in the following box copy the below script and press Run script
Copy from Begin until End
begin SetAVZPMStatus(True); SetAVZGuardStatus(True); SearchRootkit(true, true); DelBHO('{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}'); DeleteFile('C:\ProgramData\6DSS92c31Apgjk.exe'); BC_DeleteFile('C:\ProgramData\6DSS92c31Apgjk.exe'); BC_DeleteFile('C:\Users\Owner\AppData\Local\Temp\_uninst_68522918.bat'); DeleteFile('C:\Users\Owner\AppData\Local\Temp\_uninst_68522918.bat'); DeleteFile('res:\C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206'); BC_DeleteFile('res:\C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206'); DeleteFile('C:\Windows\system32\Drivers\uti1odu0.sys'); BC_DeleteFile('C:\Windows\system32\Drivers\uti1odu0.sys'); BC_ImportDeletedList; BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
- Your system will reboot on completion, if it does not please do so yourself
- On completion please run another analysis scan and attach the zip file
Now retry combofix please
#37
Posted 23 October 2011 - 03:48 PM
Here's the log for second run of analysis.
avptool_sysinfo.zip 19.57KB 408 downloads
I'll run ComboFix now.
avptool_sysinfo.zip 19.57KB 408 downloads
I'll run ComboFix now.
#38
Posted 23 October 2011 - 04:02 PM
I run ComboFix. After when I thought that it's done, I checked the C drive, but there's no C:\ComboFix.Txt file. I have a file "32788R22FWJFW" instead, which on mouse-over shows "Shows the disk drives and hardware connected to this computer".
And then this alert came up:
But i've already clicked "Exit" on the Webroot icon (taskbar) before I run ComboFix.
Guess that's not the way to turn off Webroot scanning.
Update: I have successfully turned off all the shields on Webroot Antivirus. And clicked "OK" button on the ComboFix warning window. ComboFix continue to run again, and then asked if I want the latest version. I clicked on OK. Then it downloaded the latest version. I was expecting for it to just continue running after it downloads the latest, but it did not. It just brought me back to the desktop after downloading. I checked the ComboFix.exe file on my desktop and it was not updated. It's still the version that was downloaded yesterday.
I run ComboFix again. When I thought that it's done -- after the scanning/fixing window disapperead, I looked into the C drive. But can't find ComboFix.Txt. I now have a ComboFix file that can't be opened. and can't be attached here. It says "Shows the disk drives and hardware connected to this computer" on mouse-over.
And then this alert came up:
But i've already clicked "Exit" on the Webroot icon (taskbar) before I run ComboFix.
Guess that's not the way to turn off Webroot scanning.
Update: I have successfully turned off all the shields on Webroot Antivirus. And clicked "OK" button on the ComboFix warning window. ComboFix continue to run again, and then asked if I want the latest version. I clicked on OK. Then it downloaded the latest version. I was expecting for it to just continue running after it downloads the latest, but it did not. It just brought me back to the desktop after downloading. I checked the ComboFix.exe file on my desktop and it was not updated. It's still the version that was downloaded yesterday.
I run ComboFix again. When I thought that it's done -- after the scanning/fixing window disapperead, I looked into the C drive. But can't find ComboFix.Txt. I now have a ComboFix file that can't be opened. and can't be attached here. It says "Shows the disk drives and hardware connected to this computer" on mouse-over.
Edited by maezhou, 23 October 2011 - 05:42 PM.
#39
Posted 24 October 2011 - 10:42 AM
Something is not quite right here - have you rebooted ?
Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
- Click NO
- In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
- Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity. - Click OK.
- GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
- Save it where you can easily find it, such as your desktop.
#40
Posted 24 October 2011 - 11:13 AM
Thanks. I clicked on gmer.exe from desktop. Then an alert came up with this copy:
LoadDrive("C:\Users\Owners\AppData\Local\Tmep\ugtdapod.sys") errir 0xC000010E. An instance of the service is already running.
[OK button]
LoadDrive("C:\Users\Owners\AppData\Local\Tmep\ugtdapod.sys") errir 0xC000010E. An instance of the service is already running.
[OK button]
#41
Posted 24 October 2011 - 11:15 AM
Could you reboot and try again please
#42
Posted 24 October 2011 - 11:33 AM
I reboot, tried it again, and still the same alert came up.
I'm not clicking on the [OK] button since it might cause me some issues.
I'm not clicking on the [OK] button since it might cause me some issues.
Edited by maezhou, 24 October 2011 - 11:35 AM.
#43
Posted 24 October 2011 - 11:36 AM
Lets try another one
Please download Rootkit Revealer (It should be part of the Top 10 Downloads list)
Please download Rootkit Revealer (It should be part of the Top 10 Downloads list)
- Unzip it to your desktop.
- Open the rootkitrevealer folder and double-click rootkitrevealer.exe
- Close ALL windows and programs and do nothing on the pc while the scan runs. This includes games, browser windows, email clients, etc.
- Click the Scan button (bottom right)
- It may take a while to scan (don't do anything while it's running)
- When it's done, go up to File > Save. Choose to save it to your desktop.
- Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here
#44
Posted 24 October 2011 - 11:51 AM
OK. So before I try the other solution, I closed the alert window first (clicked on the top right window x) - and gmer run. Didn't have time to see what's on the window (come checkboxes, selections) before it made some sort of scanning. The window with selections and checkboxes just came up for about a sec, then it was replaced by a blank window with a taskbar at the bottom which shows files (being scanned? or something).
But nothing happened after that. The scanning (sort of) happened for just a couple of seconds, 15 seconds max, I guess. And it was done. And it looks like nothing's happening now. It might be running at the back-end?
But nothing happened after that. The scanning (sort of) happened for just a couple of seconds, 15 seconds max, I guess. And it was done. And it looks like nothing's happening now. It might be running at the back-end?
#45
Posted 24 October 2011 - 11:58 AM
It should take no longer that 10 minutes and a log will be generated
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users