-
Hi,
Sorry to hear about the problems with your system. Let's see if we can get that fixed up.
-----------
- Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:
ClearJavaCache::
DDS::
Trusted Zone: gardencitygroup.com
Trusted Zone: gardencitygroup.com\ctx
File::
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
- Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix may request an update; please allow it.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
-
It ran but then it locked up. And I don't think I allowed the update. Never got a log.
Trying again.
Question - what is it doing with the gardencitygroup.com website? My wife needs to VPN to that domain for her job once in a while.
-
Hi,
Yes give it another try and post the log if it is created.
I removed the gardencitygroup.com for the time being to be sure it wasn't causing your system any problems. After we are done she can just allow it again with no problems if she wishes. 
-
OK - it ran successfully. WHere is the log file kept? Tough to search right now - still slow as molasses.
-
found it
ComboFix 12-09-20.02 - Phil 09/22/2012 1:18:21.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1880 [GMT -4:00]
Running from: C:\Users\Phil\Desktop\ComboFix.exe
Command switches used :: C:\Users\Phil\Desktop\CFScript.txt.txt
AV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: GFI Software VIPRE *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FILE ::
"c:\program files (x86)\Ask.com\GenericAskToolbar.dll"
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
((((((((((((((((((((((((( Files Created from 2012-08-22 to 2012-09-22 )))))))))))))))))))))))))))))))
2012-09-22 09:35:19 . 2012-09-22 09:35:19 -------- d-----w- C:\Users\Mcx1-PHILS-HP\AppData\Local\temp
2012-09-22 09:35:19 . 2012-09-22 09:35:19 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-09-21 22:04:28 . 2012-09-21 22:04:28 208216 ----a-w- C:\Windows\system32\drivers\00295725.sys
2012-09-14 04:46:35 . 2012-09-14 04:46:46 -------- d-----w- C:\Program Files (x86)\ERUNT
2012-09-12 07:07:06 . 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\system32\drivers\ndis.sys
2012-09-12 07:07:06 . 2012-07-04 20:26:03 41472 ----a-w- C:\Windows\system32\drivers\RNDISMP.sys
2012-09-12 07:07:04 . 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\system32\d3d10level9.dll
2012-09-12 07:07:04 . 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 07:07:03 . 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2012-09-12 07:07:03 . 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\system32\drivers\netio.sys
2012-09-12 07:07:03 . 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-09-09 12:35:04 . 2012-09-09 12:35:19 -------- d-----w- C:\Program Files\PhotomatixPro4
2012-09-09 12:35:04 . 2012-09-09 12:35:04 -------- d-----w- C:\Users\Phil\AppData\Roaming\HDRsoft
2012-09-09 03:17:00 . 2012-09-09 03:17:00 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-24 03:05:37 . 2012-08-24 03:05:37 -------- d-----w- C:\ProgramData\GFI Software
2012-08-24 03:05:12 . 2012-04-14 01:30:04 61184 ----a-w- C:\Windows\system32\drivers\sbhips.sys
2012-08-24 03:04:57 . 2011-09-29 17:16:18 119416 ----a-w- C:\Windows\system32\drivers\SbFwIm.sys
2012-08-24 03:04:56 . 2012-04-14 01:30:04 258304 ----a-w- C:\Windows\system32\drivers\SbFw.sys
2012-08-24 03:04:55 . 2012-06-22 19:37:42 46472 ----a-w- C:\Windows\system32\sbbd.exe
2012-08-24 03:04:05 . 2012-08-24 03:04:05 -------- d-----w- C:\ProgramData\Downloaded Installations
2012-08-24 03:03:45 . 2012-08-24 03:03:45 -------- d-----w- C:\Program Files (x86)\GFI Software
2012-08-24 03:03:40 . 2012-08-24 03:03:40 -------- d-----w- C:\Users\Phil\AppData\Roaming\GFI Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-09-21 15:48:09 . 2012-04-17 12:31:44 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-21 15:48:09 . 2011-05-26 02:12:20 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 07:01:08 . 2009-12-19 18:18:17 64462936 ----a-w- C:\Windows\system32\MRT.exe
2012-07-18 18:15:06 . 2012-08-14 23:41:02 3148800 ----a-w- C:\Windows\system32\win32k.sys
2012-07-04 22:16:43 . 2012-08-14 23:41:10 73216 ----a-w- C:\Windows\system32\netapi32.dll
2012-07-04 22:13:27 . 2012-08-14 23:41:11 59392 ----a-w- C:\Windows\system32\browcli.dll
2012-07-04 22:13:27 . 2012-08-14 23:41:11 136704 ----a-w- C:\Windows\system32\browser.dll
2012-07-04 21:14:34 . 2012-08-14 23:41:10 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 04:55:23 . 2012-08-15 07:08:05 17809920 ----a-w- C:\Windows\system32\mshtml.dll
2012-06-29 04:09:35 . 2012-08-15 07:08:04 10925568 ----a-w- C:\Windows\system32\ieframe.dll
2012-06-29 03:56:34 . 2012-08-15 07:08:12 2312704 ----a-w- C:\Windows\system32\jscript9.dll
2012-06-29 03:49:57 . 2012-08-15 07:08:14 1346048 ----a-w- C:\Windows\system32\urlmon.dll
2012-06-29 03:49:11 . 2012-08-15 07:08:11 1392128 ----a-w- C:\Windows\system32\wininet.dll
2012-06-29 03:48:07 . 2012-08-15 07:08:12 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl
2012-06-29 03:47:35 . 2012-08-15 07:08:14 237056 ----a-w- C:\Windows\system32\url.dll
2012-06-29 03:45:55 . 2012-08-15 07:08:11 85504 ----a-w- C:\Windows\system32\jsproxy.dll
2012-06-29 03:44:51 . 2012-08-15 07:08:10 816640 ----a-w- C:\Windows\system32\jscript.dll
2012-06-29 03:43:49 . 2012-08-15 07:08:13 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
2012-06-29 03:42:23 . 2012-08-15 07:08:14 2144768 ----a-w- C:\Windows\system32\iertutil.dll
2012-06-29 03:40:11 . 2012-08-15 07:08:15 96768 ----a-w- C:\Windows\system32\mshtmled.dll
2012-06-29 03:39:48 . 2012-08-15 07:08:16 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2012-06-29 03:35:21 . 2012-08-15 07:08:13 248320 ----a-w- C:\Windows\system32\ieui.dll
2012-06-29 00:16:58 . 2012-08-15 07:08:11 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 . 2012-08-15 07:08:12 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 . 2012-08-15 07:08:13 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 . 2012-08-15 07:08:13 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 . 2012-08-15 07:08:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-25 18:58:46 . 2012-07-05 16:03:38 17936 ----a-w- C:\Windows\system32\nitrolocalui2.dll
2012-06-25 18:58:44 . 2012-07-05 16:03:37 29712 ----a-w- C:\Windows\system32\nitrolocalmon2.dll
-
Hi,
Looks like only part of the log is there. Could you check and make sure you were able to copy it completely and then paste it here.
-
-
Will check it out. Thanks.
-
This is the txt file. I can try to run the last step again, but my PC has gotten even slower.
ComboFix 12-09-20.02 - Phil 09/22/2012 1:18:21.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1880 [GMT -4:00]
Running from: C:\Users\Phil\Desktop\ComboFix.exe
Command switches used :: C:\Users\Phil\Desktop\CFScript.txt.txt
AV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: GFI Software VIPRE *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FILE ::
"c:\program files (x86)\Ask.com\GenericAskToolbar.dll"
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
((((((((((((((((((((((((( Files Created from 2012-08-22 to 2012-09-22 )))))))))))))))))))))))))))))))
2012-09-22 09:35:19 . 2012-09-22 09:35:19 -------- d-----w- C:\Users\Mcx1-PHILS-HP\AppData\Local\temp
2012-09-22 09:35:19 . 2012-09-22 09:35:19 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-09-21 22:04:28 . 2012-09-21 22:04:28 208216 ----a-w- C:\Windows\system32\drivers\00295725.sys
2012-09-14 04:46:35 . 2012-09-14 04:46:46 -------- d-----w- C:\Program Files (x86)\ERUNT
2012-09-12 07:07:06 . 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\system32\drivers\ndis.sys
2012-09-12 07:07:06 . 2012-07-04 20:26:03 41472 ----a-w- C:\Windows\system32\drivers\RNDISMP.sys
2012-09-12 07:07:04 . 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\system32\d3d10level9.dll
2012-09-12 07:07:04 . 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 07:07:03 . 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2012-09-12 07:07:03 . 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\system32\drivers\netio.sys
2012-09-12 07:07:03 . 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-09-09 12:35:04 . 2012-09-09 12:35:19 -------- d-----w- C:\Program Files\PhotomatixPro4
2012-09-09 12:35:04 . 2012-09-09 12:35:04 -------- d-----w- C:\Users\Phil\AppData\Roaming\HDRsoft
2012-09-09 03:17:00 . 2012-09-09 03:17:00 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-24 03:05:37 . 2012-08-24 03:05:37 -------- d-----w- C:\ProgramData\GFI Software
2012-08-24 03:05:12 . 2012-04-14 01:30:04 61184 ----a-w- C:\Windows\system32\drivers\sbhips.sys
2012-08-24 03:04:57 . 2011-09-29 17:16:18 119416 ----a-w- C:\Windows\system32\drivers\SbFwIm.sys
2012-08-24 03:04:56 . 2012-04-14 01:30:04 258304 ----a-w- C:\Windows\system32\drivers\SbFw.sys
2012-08-24 03:04:55 . 2012-06-22 19:37:42 46472 ----a-w- C:\Windows\system32\sbbd.exe
2012-08-24 03:04:05 . 2012-08-24 03:04:05 -------- d-----w- C:\ProgramData\Downloaded Installations
2012-08-24 03:03:45 . 2012-08-24 03:03:45 -------- d-----w- C:\Program Files (x86)\GFI Software
2012-08-24 03:03:40 . 2012-08-24 03:03:40 -------- d-----w- C:\Users\Phil\AppData\Roaming\GFI Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-09-21 15:48:09 . 2012-04-17 12:31:44 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-21 15:48:09 . 2011-05-26 02:12:20 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 07:01:08 . 2009-12-19 18:18:17 64462936 ----a-w- C:\Windows\system32\MRT.exe
2012-07-18 18:15:06 . 2012-08-14 23:41:02 3148800 ----a-w- C:\Windows\system32\win32k.sys
2012-07-04 22:16:43 . 2012-08-14 23:41:10 73216 ----a-w- C:\Windows\system32\netapi32.dll
2012-07-04 22:13:27 . 2012-08-14 23:41:11 59392 ----a-w- C:\Windows\system32\browcli.dll
2012-07-04 22:13:27 . 2012-08-14 23:41:11 136704 ----a-w- C:\Windows\system32\browser.dll
2012-07-04 21:14:34 . 2012-08-14 23:41:10 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 04:55:23 . 2012-08-15 07:08:05 17809920 ----a-w- C:\Windows\system32\mshtml.dll
2012-06-29 04:09:35 . 2012-08-15 07:08:04 10925568 ----a-w- C:\Windows\system32\ieframe.dll
2012-06-29 03:56:34 . 2012-08-15 07:08:12 2312704 ----a-w- C:\Windows\system32\jscript9.dll
2012-06-29 03:49:57 . 2012-08-15 07:08:14 1346048 ----a-w- C:\Windows\system32\urlmon.dll
2012-06-29 03:49:11 . 2012-08-15 07:08:11 1392128 ----a-w- C:\Windows\system32\wininet.dll
2012-06-29 03:48:07 . 2012-08-15 07:08:12 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl
2012-06-29 03:47:35 . 2012-08-15 07:08:14 237056 ----a-w- C:\Windows\system32\url.dll
2012-06-29 03:45:55 . 2012-08-15 07:08:11 85504 ----a-w- C:\Windows\system32\jsproxy.dll
2012-06-29 03:44:51 . 2012-08-15 07:08:10 816640 ----a-w- C:\Windows\system32\jscript.dll
2012-06-29 03:43:49 . 2012-08-15 07:08:13 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
2012-06-29 03:42:23 . 2012-08-15 07:08:14 2144768 ----a-w- C:\Windows\system32\iertutil.dll
2012-06-29 03:40:11 . 2012-08-15 07:08:15 96768 ----a-w- C:\Windows\system32\mshtmled.dll
2012-06-29 03:39:48 . 2012-08-15 07:08:16 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2012-06-29 03:35:21 . 2012-08-15 07:08:13 248320 ----a-w- C:\Windows\system32\ieui.dll
2012-06-29 00:16:58 . 2012-08-15 07:08:11 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 . 2012-08-15 07:08:12 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 . 2012-08-15 07:08:13 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 . 2012-08-15 07:08:13 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 . 2012-08-15 07:08:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-25 18:58:46 . 2012-07-05 16:03:38 17936 ----a-w- C:\Windows\system32\nitrolocalui2.dll
2012-06-25 18:58:44 . 2012-07-05 16:03:37 29712 ----a-w- C:\Windows\system32\nitrolocalmon2.dll
-
i got my pc to run a little faster in safe mode.
running combofix again with that script
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
