Google search result redirect
- Thread starter crazyapple92
- Start date
crazyapple92
New member
That's because I ran combofix, it got to the log generating part and just hung out there for +30 minutes. I eventually quit out and grabbed the log.
I'll try it again, but this is what has happened every time I've ran it so far.
I'll try it again, but this is what has happened every time I've ran it so far.
crazyapple92
New member
Safe mode indeed.
Open notepad and copy/paste the text in the quotebox below into it:
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log + fresh dds logs.
Code:
DDS::
dRun: [Update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Adobe\Adobe\klzgc.dll",DllRegisterServer
dRun: [3gkb] C:\Windows\system32\config\systemprofile\AppData\Roaming\3gkb.exe
dRun: [modegdi] C:\Windows\system32\config\systemprofile\AppData\Roaming\modegdi.exe
RegLockDel::
[HKEY_USERS\S-1-5-21-2055685184-3404046546-893769538-1000_Classes\Wow6432Node\CLSID\{3e925816-e035-4419-a30a-a7536a6a55a0}]
[HKEY_USERS\S-1-5-21-2055685184-3404046546-893769538-1000_Classes\Wow6432Node\CLSID\{5b4321bc-3d43-4a80-848d-f42a6ce89888}]
[HKEY_USERS\S-1-5-21-2055685184-3404046546-893769538-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_USERS\S-1-5-21-2055685184-3404046546-893769538-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log + fresh dds logs.
crazyapple92
New member
I ran combofix with that script in safe mode. I had C: open at the time and when the log was generated the entire combofix folder deleted itself. Not to the recycle bin mind you, just flat out vanished.
I ran a search to make sure it didn't just hide itself somewhere.
I ran a search to make sure it didn't just hide itself somewhere.
crazyapple92
New member
Should I run it with the same script?
crazyapple92
New member
Sorry, I know this took a minute but here it is.
Hi,
Run ESET online scanner and post back its findings.
Open notepad and copy/paste the text in the quotebox below into it:
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.
Run ESET online scanner and post back its findings.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
File::
C:\Windows\system32\config\systemprofile\AppData\Roaming\Adobe\Adobe\klzgc.dll
C:\Windows\system32\config\systemprofile\AppData\Roaming\3gkb.exe
C:\Windows\system32\config\systemprofile\AppData\Roaming\modegdi.exe
Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Update"=-
"3gkb"=-
"modegdi"=-Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.
Due to inactivity, this thread will now be closed.
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
Last edited by a moderator: