Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System Restore window "PC Performance & Stability analysis rep


  • This topic is locked This topic is locked

#31
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
OK, i got it. But will this scanning really take one day to finish?
  • 0

Advertisements


#32
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It should not tak that long - but if you wish you can stop the scan and go for the system analysis, that takes about ten minutes
  • 0

#33
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Stop scan now and do it later?
If I stop scanning and do the sys analysis, will that not affect the system analysis?

OK. I stopped the scanning. It's just 7% completed after more than 2 hours of scanning.
I'm now running the Manual Disinfection > Gathering system information.

I'll post the result.

Edited by maezhou, 23 October 2011 - 02:25 PM.

  • 0

#34
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No as the system analysis looks at different elements
  • 0

#35
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Attached Manual Disinfection report file
Attached File  avptool_sysinfo.zip   18.17KB   39 downloads

Edited by maezhou, 23 October 2011 - 02:40 PM.

  • 0

#36
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
  • Re-run AVPTool
  • Select the Manual Disinfection tab and press Script execution

    Posted Image
  • Where it states Insert text script in the following box copy the below script and press Run script
    Copy from Begin until End

    Posted Image

    begin
    SetAVZPMStatus(True);
    SetAVZGuardStatus(True);
    SearchRootkit(true, true);
     DelBHO('{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}');
     DeleteFile('C:\ProgramData\6DSS92c31Apgjk.exe');
     BC_DeleteFile('C:\ProgramData\6DSS92c31Apgjk.exe');
     BC_DeleteFile('C:\Users\Owner\AppData\Local\Temp\_uninst_68522918.bat');
     DeleteFile('C:\Users\Owner\AppData\Local\Temp\_uninst_68522918.bat');
     DeleteFile('res:\C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206');
     BC_DeleteFile('res:\C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206');
     DeleteFile('C:\Windows\system32\Drivers\uti1odu0.sys');
     BC_DeleteFile('C:\Windows\system32\Drivers\uti1odu0.sys');
    BC_ImportDeletedList;
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
    

  • Your system will reboot on completion, if it does not please do so yourself
  • On completion please run another analysis scan and attach the zip file

Now retry combofix please
  • 0

#37
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Here's the log for second run of analysis.
Attached File  avptool_sysinfo.zip   19.57KB   37 downloads

I'll run ComboFix now.
  • 0

#38
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
I run ComboFix. After when I thought that it's done, I checked the C drive, but there's no C:\ComboFix.Txt file. I have a file "32788R22FWJFW" instead, which on mouse-over shows "Shows the disk drives and hardware connected to this computer".

And then this alert came up:
BomboFix_Warning_Spyware.gif
But i've already clicked "Exit" on the Webroot icon (taskbar) before I run ComboFix.
Guess that's not the way to turn off Webroot scanning.

Update: I have successfully turned off all the shields on Webroot Antivirus. And clicked "OK" button on the ComboFix warning window. ComboFix continue to run again, and then asked if I want the latest version. I clicked on OK. Then it downloaded the latest version. I was expecting for it to just continue running after it downloads the latest, but it did not. It just brought me back to the desktop after downloading. I checked the ComboFix.exe file on my desktop and it was not updated. It's still the version that was downloaded yesterday.

I run ComboFix again. When I thought that it's done -- after the scanning/fixing window disapperead, I looked into the C drive. But can't find ComboFix.Txt. I now have a ComboFix file that can't be opened. and can't be attached here. It says "Shows the disk drives and hardware connected to this computer" on mouse-over.
ComboFix_file_on_C.gif

Edited by maezhou, 23 October 2011 - 05:42 PM.

  • 0

#39
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Something is not quite right here - have you rebooted ?

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#40
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Thanks. I clicked on gmer.exe from desktop. Then an alert came up with this copy:

LoadDrive("C:\Users\Owners\AppData\Local\Tmep\ugtdapod.sys") errir 0xC000010E. An instance of the service is already running.
[OK button]
  • 0

Advertisements


#41
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you reboot and try again please
  • 0

#42
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
I reboot, tried it again, and still the same alert came up.
I'm not clicking on the [OK] button since it might cause me some issues.

Edited by maezhou, 24 October 2011 - 11:35 AM.

  • 0

#43
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets try another one

Please download Rootkit Revealer (It should be part of the Top 10 Downloads list)
  • Unzip it to your desktop.
  • Open the rootkitrevealer folder and double-click rootkitrevealer.exe
  • Close ALL windows and programs and do nothing on the pc while the scan runs. This includes games, browser windows, email clients, etc.
  • Click the Scan button (bottom right)
  • It may take a while to scan (don't do anything while it's running)
  • When it's done, go up to File > Save. Choose to save it to your desktop.
  • Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here

  • 0

#44
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
OK. So before I try the other solution, I closed the alert window first (clicked on the top right window x) - and gmer run. Didn't have time to see what's on the window (come checkboxes, selections) before it made some sort of scanning. The window with selections and checkboxes just came up for about a sec, then it was replaced by a blank window with a taskbar at the bottom which shows files (being scanned? or something).

But nothing happened after that. The scanning (sort of) happened for just a couple of seconds, 15 seconds max, I guess. And it was done. And it looks like nothing's happening now. It might be running at the back-end?
  • 0

#45
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It should take no longer that 10 minutes and a log will be generated
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP