Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 32

Thread: Google search result redirect

  1. #21
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    ComboFix log doesn't seem to be complete. Please run ComboFix again and after that re-run DDS too. Post logs back here.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  2. #22
    Junior Member
    Join Date
    Nov 2010
    Posts
    28

    Default

    That's because I ran combofix, it got to the log generating part and just hung out there for +30 minutes. I eventually quit out and grabbed the log.

    I'll try it again, but this is what has happened every time I've ran it so far.

  3. #23
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Try to give it a run in safe mode if needed.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  4. #24
    Junior Member
    Join Date
    Nov 2010
    Posts
    28

    Default

    Safe mode indeed.

  5. #25
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    DDS::
    dRun: [Update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Adobe\Adobe\klzgc.dll",DllRegisterServer
    dRun: [3gkb] C:\Windows\system32\config\systemprofile\AppData\Roaming\3gkb.exe
    dRun: [modegdi] C:\Windows\system32\config\systemprofile\AppData\Roaming\modegdi.exe
    RegLockDel::
    [HKEY_USERS\S-1-5-21-2055685184-3404046546-893769538-1000_Classes\Wow6432Node\CLSID\{3e925816-e035-4419-a30a-a7536a6a55a0}]
    [HKEY_USERS\S-1-5-21-2055685184-3404046546-893769538-1000_Classes\Wow6432Node\CLSID\{5b4321bc-3d43-4a80-848d-f42a6ce89888}]
    [HKEY_USERS\S-1-5-21-2055685184-3404046546-893769538-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    [HKEY_USERS\S-1-5-21-2055685184-3404046546-893769538-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
    Then post the resultant log + fresh dds logs.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #26
    Junior Member
    Join Date
    Nov 2010
    Posts
    28

    Default

    I ran combofix with that script in safe mode. I had C: open at the time and when the log was generated the entire combofix folder deleted itself. Not to the recycle bin mind you, just flat out vanished.

    I ran a search to make sure it didn't just hide itself somewhere.

  7. #27
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Download fresh copy of ComboFix to your desktop and run it. Post back the log + fresh dds logs.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #28
    Junior Member
    Join Date
    Nov 2010
    Posts
    28

    Default

    Should I run it with the same script?

  9. #29
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Let's try without the script this time.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  10. #30
    Junior Member
    Join Date
    Nov 2010
    Posts
    28

    Default

    Sorry, I know this took a minute but here it is.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •